EXHIBIT 10.2
Execution Copy
by and between
and
International Business Machines Corporation
Execution Copy
|
|
|
|
|
|
|
|
|
1. |
|
Background, Goals and Objectives |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1.1 |
|
Background, Goals and Objectives |
|
|
1 |
|
|
|
|
|
|
|
|
|
|
|
|
1.2 |
|
Construction |
|
|
2 |
|
|
|
|
|
|
|
|
|
|
2. |
|
Definitions |
|
|
2 |
|
|
|
|
|
|
|
|
|
|
|
|
2.1 |
|
Certain Definitions |
|
|
2 |
|
|
|
|
|
|
|
|
|
|
|
|
2.2 |
|
Inclusion of Affiliates in Definition of ACI and Vendor |
|
|
2 |
|
|
|
|
|
|
|
|
|
|
|
|
2.3 |
|
Other Defined Terms |
|
|
2 |
|
|
|
|
|
|
|
|
|
|
3. |
|
Services |
|
|
3 |
|
|
|
|
|
|
|
|
|
|
|
|
3.1 |
|
General |
|
|
3 |
|
|
|
|
|
|
|
|
|
|
|
|
3.2 |
|
Implied Services |
|
|
3 |
|
|
|
|
|
|
|
|
|
|
|
|
3.3 |
|
Services Evolution |
|
|
4 |
|
|
|
|
|
|
|
|
|
|
|
|
3.4 |
|
Services Variable in Scope and Volume |
|
|
5 |
|
|
|
|
|
|
|
|
|
|
|
|
3.5 |
|
Work Prioritization |
|
|
5 |
|
|
|
|
|
|
|
|
|
|
|
|
3.6 |
|
Services Performed by ACI or Third Parties |
|
|
5 |
|
|
|
|
|
|
|
|
|
|
|
|
3.7 |
|
Existing Equipment and Vendor Supported Software |
|
|
6 |
|
|
|
|
|
|
|
|
|
|
|
|
3.8 |
|
Transition |
|
|
6 |
|
|
|
|
|
|
|
|
|
|
|
|
3.9 |
|
ACI IT Standards |
|
|
6 |
|
|
|
|
|
|
|
|
|
|
|
|
3.10 |
|
End Users of the Services |
|
|
7 |
|
|
|
|
|
|
|
|
|
|
|
|
3.11 |
|
Projects |
|
|
7 |
|
|
|
|
|
|
|
|
|
|
|
|
3.12 |
|
Protection of ACI Information |
|
|
8 |
|
|
|
|
|
|
|
|
|
|
|
|
3.13 |
|
Relocation of the Services |
|
|
8 |
|
|
|
|
|
|
|
|
|
|
|
|
3.14 |
|
Acquisitions and Divestitures |
|
|
8 |
|
|
|
|
|
|
|
|
|
|
|
|
3.15 |
|
ACI Retained Systems and Processes |
|
|
9 |
|
|
|
|
|
|
|
|
|
|
|
|
3.16 |
|
Knowledge Sharing |
|
|
9 |
|
|
|
|
|
|
|
|
|
|
4. |
|
Term of Agreement |
|
|
10 |
|
|
|
|
|
|
|
|
|
|
|
|
4.1 |
|
Term |
|
|
10 |
|
|
|
|
|
|
|
|
|
|
|
|
4.2 |
|
Extension of Term |
|
|
10 |
|
|
|
|
|
|
|
|
|
|
5. |
|
Personnel |
|
|
10 |
|
|
|
|
|
|
|
|
|
|
Page i
Execution Copy
|
|
|
|
|
|
|
|
|
|
|
5.1 |
|
Key Vendor Positions |
|
|
10 |
|
|
|
|
|
|
|
|
|
|
|
|
5.2 |
|
Transitioned Personnel |
|
|
12 |
|
|
|
|
|
|
|
|
|
|
|
|
5.3 |
|
Qualifications, Retention and Removal of Vendor Personnel |
|
|
13 |
|
|
|
|
|
|
|
|
|
|
6. |
|
Responsibility for resources |
|
|
14 |
|
|
|
|
|
|
|
|
|
|
|
|
6.1 |
|
Generally |
|
|
14 |
|
|
|
|
|
|
|
|
|
|
|
|
6.2 |
|
Intentionally left blank |
|
|
14 |
|
|
|
|
|
|
|
|
|
|
|
|
6.3 |
|
Financial Responsibility for Equipment |
|
|
14 |
|
|
|
|
|
|
|
|
|
|
|
|
6.4 |
|
Equipment Access and Operational and Administrative Responsibility |
|
|
14 |
|
|
|
|
|
|
|
|
|
|
|
|
6.5 |
|
Financial Responsibility for Software |
|
|
15 |
|
|
|
|
|
|
|
|
|
|
|
|
6.6 |
|
Third Party Contracts |
|
|
16 |
|
|
|
|
|
|
|
|
|
|
|
|
6.7 |
|
Required Consents |
|
|
16 |
|
|
|
|
|
|
|
|
|
|
|
|
6.8 |
|
Straddle Agreements |
|
|
16 |
|
|
|
|
|
|
|
|
|
|
7. |
|
Software and Proprietary Rights |
|
|
16 |
|
|
|
|
|
|
|
|
|
|
|
|
7.1 |
|
ACI Software |
|
|
16 |
|
|
|
|
|
|
|
|
|
|
|
|
7.2 |
|
Vendor Software |
|
|
17 |
|
|
|
|
|
|
|
|
|
|
|
|
7.3 |
|
ISV Software |
|
|
18 |
|
|
|
|
|
|
|
|
|
|
|
|
7.4 |
|
Rights in Newly Developed Software and Other Materials |
|
|
19 |
|
|
|
|
|
|
|
|
|
|
|
|
7.5 |
|
Export |
|
|
21 |
|
|
|
|
|
|
|
|
|
|
8. |
|
Office Space |
|
|
21 |
|
|
|
|
|
|
|
|
|
|
|
|
8.1 |
|
ACI Obligations |
|
|
21 |
|
|
|
|
|
|
|
|
|
|
|
|
8.2 |
|
Vendor Obligations within ACI Office Space |
|
|
21 |
|
|
|
|
|
|
|
|
|
|
|
|
8.3 |
|
Use of Vendor Facilities by ACI |
|
|
22 |
|
|
|
|
|
|
|
|
|
|
9. |
|
Service Levels |
|
|
22 |
|
|
|
|
|
|
|
|
|
|
|
|
9.1 |
|
General |
|
|
22 |
|
|
|
|
|
|
|
|
|
|
|
|
9.2 |
|
Failure to Perform |
|
|
22 |
|
|
|
|
|
|
|
|
|
|
|
|
9.3 |
|
Critical Service Levels and Service Level Credits |
|
|
23 |
|
|
|
|
|
|
|
|
|
|
|
|
9.4 |
|
Priority of Recovery Following Interruption of Services |
|
|
23 |
|
|
|
|
|
|
|
|
|
|
|
|
9.5 |
|
User Satisfaction |
|
|
23 |
|
|
|
|
|
|
|
|
|
|
Page ii
Execution Copy
|
|
|
|
|
|
|
|
|
|
|
9.6 |
|
Periodic Reviews and Adjustments to Service Levels |
|
|
24 |
|
|
|
|
|
|
|
|
|
|
|
|
9.7 |
|
Measurement and Reporting |
|
|
24 |
|
|
|
|
|
|
|
|
|
|
10. |
|
Project and Contract Management |
|
|
25 |
|
|
|
|
|
|
|
|
|
|
|
|
10.1 |
|
Governance Guidelines and Principles |
|
|
25 |
|
|
|
|
|
|
|
|
|
|
|
|
10.2 |
|
Executive Steering Committee |
|
|
25 |
|
|
|
|
|
|
|
|
|
|
|
|
10.3 |
|
Reports |
|
|
25 |
|
|
|
|
|
|
|
|
|
|
|
|
10.4 |
|
Meetings |
|
|
26 |
|
|
|
|
|
|
|
|
|
|
|
|
10.5 |
|
Procedures Manuals |
|
|
26 |
|
|
|
|
|
|
|
|
|
|
|
|
10.6 |
|
Change Control |
|
|
27 |
|
|
|
|
|
|
|
|
|
|
|
|
10.7 |
|
Subcontracting |
|
|
29 |
|
|
|
|
|
|
|
|
|
|
|
|
10.8 |
|
Technology Planning and Budgeting |
|
|
31 |
|
|
|
|
|
|
|
|
|
|
|
|
10.9 |
|
Quality Assurance and Improvement Programs |
|
|
32 |
|
|
|
|
|
|
|
|
|
|
|
|
10.10 |
|
Management of Issues |
|
|
32 |
|
|
|
|
|
|
|
|
|
|
11. |
|
Audits, Record Retention |
|
|
33 |
|
|
|
|
|
|
|
|
|
|
|
|
11.1 |
|
Intentionally left blank |
|
|
33 |
|
|
|
|
|
|
|
|
|
|
|
|
11.2 |
|
Audit Rights |
|
|
33 |
|
|
|
|
|
|
|
|
|
|
|
|
11.3 |
|
Vendor Internal Controls |
|
|
35 |
|
|
|
|
|
|
|
|
|
|
|
|
11.4 |
|
Audit Follow-up |
|
|
35 |
|
|
|
|
|
|
|
|
|
|
|
|
11.5 |
|
Records Retention |
|
|
36 |
|
|
|
|
|
|
|
|
|
|
|
|
11.6 |
|
Discovery of Overcharge of XXX |
|
|
00 |
|
|
|
|
|
|
|
|
|
|
00. |
|
XXX Xxxxxxxxxxxxxxxx |
|
|
00 |
|
|
|
|
|
|
|
|
|
|
00. |
|
Charges |
|
|
37 |
|
|
|
|
|
|
|
|
|
|
|
|
13.1 |
|
General |
|
|
37 |
|
|
|
|
|
|
|
|
|
|
|
|
13.2 |
|
Pass-Through Expenses |
|
|
37 |
|
|
|
|
|
|
|
|
|
|
|
|
13.3 |
|
Incidental Expenses |
|
|
37 |
|
|
|
|
|
|
|
|
|
|
|
|
13.4 |
|
Taxes |
|
|
37 |
|
|
|
|
|
|
|
|
|
|
|
|
13.5 |
|
Extraordinary Events |
|
|
39 |
|
|
|
|
|
|
|
|
|
|
Page iii
Execution Copy
|
|
|
|
|
|
|
|
|
|
|
13.6 |
|
New Services |
|
|
39 |
|
|
|
|
|
|
|
|
|
|
|
|
13.7 |
|
Benchmarks for Cost of Services |
|
|
40 |
|
|
|
|
|
|
|
|
|
|
14. |
|
Invoicing and Payment |
|
|
42 |
|
|
|
|
|
|
|
|
|
|
|
|
14.1 |
|
Invoicing. |
|
|
42 |
|
|
|
|
|
|
|
|
|
|
|
|
14.2 |
|
Payment Due |
|
|
42 |
|
|
|
|
|
|
|
|
|
|
|
|
14.3 |
|
Accountability |
|
|
43 |
|
|
|
|
|
|
|
|
|
|
|
|
14.4 |
|
Pro-ration |
|
|
43 |
|
|
|
|
|
|
|
|
|
|
|
|
14.5 |
|
Prepaid Amounts |
|
|
43 |
|
|
|
|
|
|
|
|
|
|
|
|
14.6 |
|
Refunds and Credits |
|
|
43 |
|
|
|
|
|
|
|
|
|
|
|
|
14.7 |
|
Deduction |
|
|
43 |
|
|
|
|
|
|
|
|
|
|
|
|
14.8 |
|
Disputed Charges |
|
|
43 |
|
|
|
|
|
|
|
|
|
|
15. |
|
Safeguarding of Data; Confidentiality |
|
|
44 |
|
|
|
|
|
|
|
|
|
|
|
|
15.1 |
|
General |
|
|
44 |
|
|
|
|
|
|
|
|
|
|
|
|
15.2 |
|
Safeguarding ACI Data |
|
|
44 |
|
|
|
|
|
|
|
|
|
|
|
|
15.3 |
|
Confidential Information |
|
|
45 |
|
|
|
|
|
|
|
|
|
|
|
|
15.4 |
|
Corporate Information Risk Controls |
|
|
48 |
|
|
|
|
|
|
|
|
|
|
|
|
15.5 |
|
Step-In Rights |
|
|
49 |
|
|
|
|
|
|
|
|
|
|
16. |
|
Warranty |
|
|
49 |
|
|
|
|
|
|
|
|
|
|
|
|
16.1 |
|
General |
|
|
49 |
|
|
|
|
|
|
|
|
|
|
|
|
16.2 |
|
Work Standards |
|
|
50 |
|
|
|
|
|
|
|
|
|
|
|
|
16.3 |
|
Maintenance |
|
|
50 |
|
|
|
|
|
|
|
|
|
|
|
|
16.4 |
|
Efficiency and Cost Effectiveness |
|
|
50 |
|
|
|
|
|
|
|
|
|
|
|
|
16.5 |
|
Technology |
|
|
50 |
|
|
|
|
|
|
|
|
|
|
|
|
16.6 |
|
Non-Infringement; Licenses |
|
|
50 |
|
|
|
|
|
|
|
|
|
|
|
|
16.7 |
|
Authorization and Other Consents |
|
|
51 |
|
|
|
|
|
|
|
|
|
|
|
|
16.8 |
|
Inducements |
|
|
51 |
|
|
|
|
|
|
|
|
|
|
|
|
16.9 |
|
Viruses |
|
|
51 |
|
|
|
|
|
|
|
|
|
|
Page iv
Execution Copy
|
|
|
|
|
|
|
|
|
|
|
16.10 |
|
Disabling Code |
|
|
52 |
|
|
|
|
|
|
|
|
|
|
|
|
16.11 |
|
Deliverables |
|
|
52 |
|
|
|
|
|
|
|
|
|
|
|
|
16.12 |
|
Software Ownership or Use |
|
|
52 |
|
|
|
|
|
|
|
|
|
|
|
|
16.13 |
|
Other |
|
|
52 |
|
|
|
|
|
|
|
|
|
|
|
|
16.14 |
|
Application |
|
|
53 |
|
|
|
|
|
|
|
|
|
|
|
|
16.15 |
|
Disclaimer |
|
|
53 |
|
|
|
|
|
|
|
|
|
|
17. |
|
Insurance |
|
|
53 |
|
|
|
|
|
|
|
|
|
|
|
|
17.1 |
|
Insurance |
|
|
53 |
|
|
|
|
|
|
|
|
|
|
|
|
17.2 |
|
Insurance Provisions |
|
|
54 |
|
|
|
|
|
|
|
|
|
|
18. |
|
Indemnities |
|
|
55 |
|
|
|
|
|
|
|
|
|
|
|
|
18.1 |
|
Vendor Indemnities |
|
|
55 |
|
|
|
|
|
|
|
|
|
|
|
|
18.2 |
|
ACI Indemnities |
|
|
56 |
|
|
|
|
|
|
|
|
|
|
|
|
18.3 |
|
Infringement |
|
|
58 |
|
|
|
|
|
|
|
|
|
|
|
|
18.4 |
|
Indemnification Procedures |
|
|
59 |
|
|
|
|
|
|
|
|
|
|
19. |
|
Liability |
|
|
59 |
|
|
|
|
|
|
|
|
|
|
|
|
19.1 |
|
General Intent |
|
|
59 |
|
|
|
|
|
|
|
|
|
|
|
|
19.2 |
|
Liability Restrictions |
|
|
59 |
|
|
|
|
|
|
|
|
|
|
|
|
19.3 |
|
Direct Damages |
|
|
61 |
|
|
|
|
|
|
|
|
|
|
|
|
19.4 |
|
Duty to Mitigate |
|
|
61 |
|
|
|
|
|
|
|
|
|
|
|
|
19.5 |
|
Disaster Recovery Plan |
|
|
61 |
|
|
|
|
|
|
|
|
|
|
|
|
19.6 |
|
Force Majeure |
|
|
62 |
|
|
|
|
|
|
|
|
|
|
20. |
|
Dispute Resolution |
|
|
63 |
|
|
|
|
|
|
|
|
|
|
|
|
20.1 |
|
Informal Dispute Resolution Process |
|
|
63 |
|
|
|
|
|
|
|
|
|
|
|
|
20.2 |
|
Litigation |
|
|
64 |
|
|
|
|
|
|
|
|
|
|
|
|
20.3 |
|
Continued Performance |
|
|
64 |
|
|
|
|
|
|
|
|
|
|
|
|
20.4 |
|
Governing Law |
|
|
64 |
|
|
|
|
|
|
|
|
|
|
21. |
|
Termination |
|
|
65 |
|
|
|
|
|
|
|
|
|
|
|
|
21.1 |
|
Termination For Cause By ACI |
|
|
65 |
|
|
|
|
|
|
|
|
|
|
Page v
Execution Copy
|
|
|
|
|
|
|
|
|
|
|
21.2 |
|
Termination by Vendor |
|
|
65 |
|
|
|
|
|
|
|
|
|
|
|
|
21.3 |
|
Termination for Convenience by ACI |
|
|
66 |
|
|
|
|
|
|
|
|
|
|
|
|
21.4 |
|
Termination by ACI for Change of Control |
|
|
66 |
|
|
|
|
|
|
|
|
|
|
|
|
21.5 |
|
Failure to Transition and Other Termination Rights |
|
|
66 |
|
|
|
|
|
|
|
|
|
|
|
|
21.6 |
|
Termination Due To A Party’s Insolvency and Related Events |
|
|
66 |
|
|
|
|
|
|
|
|
|
|
|
|
21.7 |
|
Intentionally left blank |
|
|
67 |
|
|
|
|
|
|
|
|
|
|
|
|
21.8 |
|
Cumulative Termination Rights |
|
|
67 |
|
|
|
|
|
|
|
|
|
|
|
|
21.9 |
|
Termination/Expiration Assistance |
|
|
67 |
|
|
|
|
|
|
|
|
|
|
|
|
21.10 |
|
Bid Assistance |
|
|
69 |
|
|
|
|
|
|
|
|
|
|
|
|
21.11 |
|
Equitable Remedies |
|
|
69 |
|
|
|
|
|
|
|
|
|
|
|
|
21.12 |
|
Charge Adjustment |
|
|
69 |
|
|
|
|
|
|
|
|
|
|
22. |
|
Compliance With Laws |
|
|
69 |
|
|
|
|
|
|
|
|
|
|
|
|
22.1 |
|
Compliance with Laws and Regulations Generally |
|
|
69 |
|
|
|
|
|
|
|
|
|
|
|
|
22.2 |
|
Liens |
|
|
70 |
|
|
|
|
|
|
|
|
|
|
|
|
22.3 |
|
Xxxxxxxx-Xxxxx |
|
|
70 |
|
|
|
|
|
|
|
|
|
|
|
|
22.4 |
|
International Considerations |
|
|
71 |
|
|
|
|
|
|
|
|
|
|
|
|
22.5 |
|
Privacy Laws |
|
|
71 |
|
|
|
|
|
|
|
|
|
|
23. |
|
General |
|
|
72 |
|
|
|
|
|
|
|
|
|
|
|
|
23.1 |
|
Binding Nature and Assignment |
|
|
72 |
|
|
|
|
|
|
|
|
|
|
|
|
23.2 |
|
Mutually Negotiated |
|
|
72 |
|
|
|
|
|
|
|
|
|
|
|
|
23.3 |
|
Joint Verification |
|
|
73 |
|
|
|
|
|
|
|
|
|
|
|
|
23.4 |
|
Notices |
|
|
73 |
|
|
|
|
|
|
|
|
|
|
|
|
23.5 |
|
Counterparts |
|
|
74 |
|
|
|
|
|
|
|
|
|
|
|
|
23.6 |
|
Headings |
|
|
74 |
|
|
|
|
|
|
|
|
|
|
|
|
23.7 |
|
Relationship of Parties |
|
|
74 |
|
|
|
|
|
|
|
|
|
|
|
|
23.8 |
|
Severability |
|
|
74 |
|
|
|
|
|
|
|
|
|
|
|
|
23.9 |
|
Consents and Approvals |
|
|
74 |
|
|
|
|
|
|
|
|
|
|
Page vi
Execution Copy
|
|
|
|
|
|
|
|
|
|
|
23.10 |
|
Waiver of Default |
|
|
74 |
|
|
|
|
|
|
|
|
|
|
|
|
23.11 |
|
Cumulative Remedies |
|
|
74 |
|
|
|
|
|
|
|
|
|
|
|
|
23.12 |
|
Survival |
|
|
75 |
|
|
|
|
|
|
|
|
|
|
|
|
23.13 |
|
Public Disclosures |
|
|
75 |
|
|
|
|
|
|
|
|
|
|
|
|
23.14 |
|
Use of Name |
|
|
75 |
|
|
|
|
|
|
|
|
|
|
|
|
23.15 |
|
365(n) |
|
|
75 |
|
|
|
|
|
|
|
|
|
|
|
|
23.16 |
|
Third Party Beneficiaries |
|
|
75 |
|
|
|
|
|
|
|
|
|
|
|
|
23.17 |
|
Covenant of Good Faith |
|
|
75 |
|
|
|
|
|
|
|
|
|
|
|
|
23.18 |
|
Non-Solicitation |
|
|
75 |
|
|
|
|
|
|
|
|
|
|
|
|
23.19 |
|
Order of Precedent |
|
|
76 |
|
|
|
|
|
|
|
|
|
|
|
|
23.20 |
|
Entire Agreement; Amendment |
|
|
76 |
|
Page vii
Execution Copy
Table of Schedules and Exhibits
|
|
|
Schedule A
|
|
Statement of Work |
Exhibit A-1
|
|
Delivery Management Services (Cross Functional) |
Exhibit A-2
|
|
Asset Services |
Exhibit A-3
|
|
Service Desk Services |
Exhibit A-4
|
|
End User Services |
Exhibit A-5
|
|
Server Systems Management Services (including mainframe) |
Exhibit A-6
|
|
Storage Management Services |
Exhibit A-7
|
|
Data Network Services |
Exhibit A-8
|
|
Enterprise Security Management Services |
Exhibit A-9
|
|
Disaster Recovery and Business Continuity Services |
Schedule B
|
|
Service Levels |
Exhibit B-1
|
|
SLA Matrix |
Exhibit B-2
|
|
Critical Service Levels and Key Measurements |
Exhibit B-3
|
|
Critical Deliverables |
Exhibit B-4
|
|
Severity Levels |
Schedule C
|
|
Charges |
Exhibit C-1
|
|
Base Charges, Baselines, ARC/RRC Rates and Termination Charges |
Exhibit C-2
|
|
Financial Responsibility and Ownership Matrix |
Exhibit C-3
|
|
Form of Invoice |
Exhibit C-4
|
|
Base Case |
Schedule D
|
|
Definitions |
Schedule E
|
|
Intentionally left blank |
Schedule F
|
|
Intentionally left blank |
Schedule G
|
|
Third Party Contracts |
Schedule H
|
|
Existing Equipment |
Exhibit H-1
|
|
ACI US Midrange Inventory |
Exhibit H-2
|
|
ACI Toronto Server Room Inventory |
Exhibit H-3
|
|
EMEA Server Equipment |
Exhibit H-4
|
|
ACI AP Midrange Inventory |
Exhibit H-5
|
|
Network Inventory |
Exhibit H-6
|
|
People Counts by Location |
Schedule I
|
|
Vendor Supported Software |
Exhibit I-1
|
|
Framingham Workstations |
Exhibit I-2
|
|
Xxxxxx Workstations |
Exhibit I-3
|
|
Omaha Workstations |
Page viii
Execution Copy
|
|
|
Schedule J
|
|
ACI Policies and Standards |
Schedule K
|
|
User Satisfaction Survey Guidelines |
Schedule L
|
|
Transition and Transformation |
Schedule M
|
|
Vendor Confidentiality Agreement |
Schedule N
|
|
Approved Subcontractors |
Schedule O
|
|
Approved Benchmarkers |
Schedule P
|
|
Locations |
Schedule R
|
|
Reports |
Schedule S
|
|
Governance |
Schedule T
|
|
Human Resources |
Schedule U
|
|
Change Control Procedure |
Exhibit U-1
|
|
Form of Change Management Document |
Schedule V
|
|
In-Flight Projects |
Page ix
Execution Copy
MASTER SERVICES AGREEMENT (the “
Agreement”), made and effective as of March 17, 2008
(the “
Effective Date”), by and between
ACI Worldwide, Inc., a Delaware corporation with a
principal place of address at 000 Xxxxxxxx, Xxxxx 0000, Xxx Xxxx, XX 00000 (“
ACI”), and
International Business Machines Corporation, a
New York corporation, with its principal place of
business located at Xxxxx 000, Xxxxxx, Xxx Xxxx 00000 (“
Vendor”).
1. BACKGROUND, GOALS AND OBJECTIVES
1.1 Background, Goals and Objectives.
This Agreement is being made and entered into with reference to the following background,
specific goals and objectives, the successful achievement of which are mutually agreed by the
Parties hereto to be in the best business interests of both Parties and the principal purpose of
this Agreement:
(a) ACI is an software company. Currently ACI manages and operates its own information
technology environment.
(b) Vendor is in the business of providing information technology outsourcing services.
(c) ACI desires to enter into an outsourcing arrangement that will meet its business
objectives, which include:
(i) realizing cost savings (by virtue of the performance of this Agreement by the Parties)
both initially and on an ongoing basis;
(ii) restructuring and standardizing ACI’s IT infrastructure and strengthening its IT
governance model;
(iii) delivering to ACI world class, evolving IT outsourcing services;
(iv) enabling ACI to focus on its core competencies and on those activities which provide it
with a competitive advantage, recognizing that ACI’s core business is dependent on ACI being able
to deliver information and related services to its customers;
(v) establishing a flexible framework within which to quickly respond to evolving
technologies, competitive conditions, and changing ACI business needs;
(vi) treating fairly ACI personnel being hired by Vendor and also providing such personnel
with meaningful jobs and a package of total compensation and benefits package that is at current
market rates within Vendor’s industry;
(vii) attaining transparency and variability of Vendor pricing permitting ACI to fully
understand Vendor’s Charges;
(viii) identifying means to improve services and reduce costs to ACI and to enable ACI to
improve and expand its information technology operations;
(ix) providing for an uninterrupted transition of responsibility for performing the Services
from ACI and certain of its contractors to Vendor;
Confidential
Master Services Agreement
Page 1
Execution Copy
(x) ensuring strong data security and disaster recovery capability;
(xi) providing for an uninterrupted transition of responsibility for performing the Services
back to ACI or its designee(s) in connection with termination or expiration of this Agreement; and
(xii) limiting to the extent possible the amount of raised floor space in ACI facilities.
(d) The Parties desire to promote a flexible business relationship between them that allows
for and encourages growth of ACI’s core businesses.
(e) The Parties desire to collaborate for the overall success of this Agreement for both
Parties.
(f) The Parties desire to provide an agreement and pricing structure that, as of the Effective
Date, is intended to establish a mutually beneficial business relationship.
1.2 Construction.
The provisions of this Article 1 are intended to be a general introduction to this Agreement
and are not intended to expand the scope of the Parties’ clearly stated obligations or otherwise
alter the plain meaning of this Agreement’s terms and conditions, as set forth hereinafter.
However, to the extent that any of the terms and conditions of this Agreement do not address a
particular circumstance or otherwise conflict or give rise to ambiguity, such terms or conditions
are to be interpreted and construed so as to give effect to this Agreement as a whole and this
listing of background, goals and objectives.
2. DEFINITIONS
2.1 Certain Definitions.
The terms used with initial capital letters in this Agreement shall have the meanings ascribed
to them in Schedule D (Definitions).
2.2 Inclusion of Affiliates in Definition of ACI and Vendor.
(a) References to “ACI” in this Agreement include Affiliates of ACI as defined in Schedule
D (Definitions).
(b) References to “Vendor” in this Agreement include Affiliates of Vendor but only those
Vendor Affiliates previously approved in writing by ACI.
2.3 Other Defined Terms.
Other terms used in this Agreement are defined where they are used and have the meanings there
indicated. Those terms, acronyms, and phrases utilized in the IT outsourcing services industry, as
applicable, or other pertinent business context which are not otherwise defined herein shall be
interpreted in accordance with their then-generally understood meaning in such industry or business
context.
Confidential
Master Services Agreement
Page 2
Execution Copy
3. SERVICES
3.1 General.
Beginning on the Effective Date (if required pursuant to the Transition Plan) and thereafter
on each applicable Service Tower Commencement Date, Vendor shall provide the following services,
functions and responsibilities, as they may evolve or be modified by mutual agreement of the
Parties during the Term and as they may be supplemented, enhanced, modified or replaced
(“Services”):
(a) The Services described in this Agreement, its Schedules, Exhibits and related documents,
including (i) Termination/Expiration Assistance, (ii) Projects, (iii) New Services, (iv)
Enhancement Activities, (v) Vendor Applications Software Operational Support Services, and (vi)
performance of the Transition; and
(b) The information technology services, functions and responsibilities that are reasonably
related to the Services described in this Agreement, to the extent
(i) performed on a consistent or routine basis during the twelve (12) months preceding the
Effective Date by Affected Employees and ACI Contractor Personnel who are (A) transitioned to
Vendor, or (B) displaced or whose tasks were displaced as a result of this Agreement, even if the
service, tasks or responsibility so performed is not specifically described in this Agreement.
Notwithstanding the foregoing, services, functions or responsibilities that are specifically
excluded from the scope of Services under this Agreement (such as responsibilities retained by ACI)
shall not be deemed to be within the scope of the Services; or
(ii) reflected in those categories in Exhibit C-4 (Base Case) that Vendor is assuming
pursuant to this Agreement.
3.2 Implied Services.
(a) If any information technology services, functions, or responsibilities are required for
the proper performance and provision of the Services, regardless of whether they are specifically
described in this Agreement, they shall be deemed to be implied by and included within the scope of
the Services to be provided by Vendor to the same extent and in the same manner as if specifically
described in this Agreement. Vendor shall be compensated for the provision of such Services in
accordance with the payment provisions of this Agreement. Notwithstanding the foregoing, services,
functions or responsibilities that are specifically excluded from the scope of Services under this
Agreement (such as responsibilities retained by ACI) shall not be deemed to be within the scope of
the Services.
(b) For the avoidance of doubt, the following is a non-exclusive listing of services, tasks
and responsibilities that are deemed to be included within the Monthly Base Charges and, therefore,
will not result in additional Charges under the Change Control Procedure.
(i) Invoicing activities, including support of and providing information for charge-back or
allocation of Charges to individual business units, ACI customers or costs centers in accordance
with this Agreement. With the exception of charge-back for testing and other ACI customer services
that are supported by the Services provided by Vendor (and will be addressed by the Parties
pursuant to Section 10.6), ACI agrees that such charge-back or allocation processes are being
followed by ACI as of the Effective Date;
Confidential
Master Services Agreement
Page 3
Execution Copy
(ii) All services, tasks and responsibilities that this Agreement expressly provides are to be
performed at no additional Charge;
(iii) Vendor’s internal functions and responsibilities needed to support the Services,
including management reporting, staff planning, quality assurance programs, Vendor Personnel
training and development and maintenance of project management methodologies;
(iv) the development and implementation of action plans to remedy any deficient Services;
(v) compliance with this Agreement’s security requirements and security-related audit
requirements, including monitoring, executing and coordinating Sarbanes Oxley testing of logical
security, assistance with vulnerability scans, and management and administration of user IDs and
passwords;
(vi) reasonable cooperation with respect to software use audits by providers of Third-Party
Software performed with reasonable advance notice and to the extent such cooperation does not
materially affect Vendor’s ability to provide the Services using existing resources;
(vii) any training for ACI personnel required as a result of Changes requested by Vendor;
(viii) services, tasks and responsibilities necessary for or incidental to the Transition of
the Services;
(ix) monitoring, measurement, analysis and reporting of performance against Service Levels;
and
(x) services, tasks and responsibilities preliminary to or incidental to Projects or Changes,
including the preparation of change management documents, SOWs, scoping SOWs and other similar
deliverables, pursuant to Schedule V (In-Flight Projects) and/or Schedule U (Change
Control Procedure).
3.3 Services Evolution.
(a) Vendor and ACI shall cause the Services to evolve and to be modified, enhanced,
supplemented and replaced as necessary for the Services to keep pace with technological advances
and advances in the methods of delivering services, where such advances are at the time in general
use within the IT outsourcing services industry, as applicable, or otherwise among ACI’s
competitors, including as practices evolve to comply with new or modified Applicable Laws. Such
evolution shall, at a minimum, be made so as to cause the Services to conform with the requirements
for continuous improvement of Service Levels as set forth in Schedule B (Service Levels).
As an example, Services evolution shall include the addition of functionality by Vendor as is made
possible with new Equipment and Software utilized by Vendor during the Term. Adjustments in
Services in accordance with this Section 3.3 shall be deemed to be included within the scope of the
Services to the same extent and in the same manner as if expressly described in this Agreement.
Notwithstanding anything to the contrary in this Section 3.3, the foregoing statement is not
intended to enlarge Vendor’s obligations where evolutions in technology are specified in this
Agreement (e.g., standards, configurations and Service Levels). To the extent necessary and
appropriate, the Parties shall equitably modify and adjust the Resource Units to be measured and
the Baselines associated with such Resource Units to be consistent with such evolution in
technology.
Confidential
Master Services Agreement
Page 4
Execution Copy
Adjustments to the Services under this Section may also constitute New Services. Adjustments
to the Services pursuant to this subparagraph shall be at no charge (unless they are New Services)
and are subject to the technical change control procedure set forth in the Procedures Manual.
(b) The Parties acknowledge that, from time to time, Vendor may make modifications to its
shared services centers for the benefit of a number of customers including ACI as a part of
Vendor’s normal course of business, including modifications that are necessary to comply with new
or modified Vendor Laws, as defined in Section 22.1. As such modifications are made by Vendor,
although ACI would enjoy the benefit of the specific modifications at no additional charge, there
may be some planning and testing that needs to occur for the ACI information technology environment
which may result in some additional internal costs to ACI or would otherwise have a negative impact
to ACI. Vendor will give ACI forty five (45) days’ advance written notice if Vendor intends to
make such modifications to a shared service center, shall advise ACI in such notice what internal
planning and testing it believes ACI will have to perform in connection with Vendor’s
implementation of such modifications and shall not make any such changes unless it (i) reimburses
ACI for the costs ACI may incur as the result of the changes and (ii) takes all reasonable steps to
mitigate any other negative impact to ACI and its customers. Any such proposed modification shall
be subject to the technical change control procedure set forth in the Procedures Manual.
3.4 Services Variable in Scope and Volume.
The Services are variable in scope and volume to the extent specified in the pricing
mechanisms set forth in Schedule C (Charges) and its Exhibits, or as may otherwise be set
forth in this Agreement. Vendor shall not be entitled to receive an adjustment to the Charges
except as set forth in this Agreement.
3.5 Work Prioritization.
ACI may identify new or additional work activities to be performed by Vendor Personnel
(including work activities that would otherwise be treated as New Services or a Project) or
reprioritize or reset the schedule for existing work activities to be performed by such Vendor
Personnel. Unless otherwise agreed, ACI shall incur no additional Charges for the performance of
such work activities by such Vendor Personnel to the extent then assigned to ACI. Vendor shall use
Commercially Reasonable Efforts to perform such work activities without impacting the established
schedule for other tasks or the performance of the Services in accordance with the Service Levels.
If after using such efforts it is not possible to avoid such an impact, Vendor shall notify ACI of
the anticipated impact and obtain its consent prior to proceeding with such work activities. ACI,
in its sole discretion, may forego or delay such work activities or temporarily adjust the work to
be performed by Vendor, the schedules associated therewith or the Service Levels to permit the
performance by Vendor of such work activities.
3.6 Services Performed by ACI or Third Parties.
(a) Subject to Sections 13.5, 13.6 and 21.3 (provided that ACI’s adjustments to the Services
pursuant to this Section 3.6 constitute a termination for convenience) and any adjustments to
Charges provided for in Schedule C (Charges), ACI retains the right to perform itself, or
retain third parties to perform, any of the Services. Notwithstanding anything to the contrary,
the total Charges payable by ACI under the Agreement shall not be less than the annual dollar
amounts shown in the Minimum Revenue Commitment Table in the Pricing Tables, Exhibit C-1, Tab VII.
(Minimum Revenue Commitment and Inflation Sensitivity) in Schedule C (Charges) (the
“Minimum Revenue Commitment” or “MRC”), as adjusted pursuant to the following. The
MRC shall be equitably reduced as further described in this Section 3.6 to the extent that the
total Charges payable by ACI fall below the MRC as a result of any material breach of the Agreement
resulting in removal of Services pursuant to Section 21.1 (Termination
Confidential
Master Services Agreement
Page 5
Execution Copy
for Cause by ACI) or a partial termination for convenience by ACI pursuant to Section 21.3
(Termination for Convenience) of the Agreement, or reduction in Service volume pursuant to Section
13.5 (Extraordinary Event) or Section 19.6 (Force Majeure). The Minimum Revenue Commitment will
not be in effect during the Termination/Expiration Assistance Period.
(b) In the case of ACI’s withdrawal of Services under this Section 3.6, the Charges for the
remaining Services shall be as reflected in Exhibit C-1 (Base Charges, Baselines, ARC/RRC
Rates and Termination Charges) or if not addressed in such Exhibit C-1 (Base Charges,
Baselines, ARC/RRC Rates and Termination Charges), the Charges shall be equitably adjusted to
reflect those Services that are no longer required. If, within thirty (30) days following ACI’s
notice, the Parties have not agreed on the Charges for the remaining Services, then the pricing
will be determined under Section 20.1(a).
(c) To the extent ACI performs any of the Services itself, or retains third parties to do so,
Vendor shall cooperate with ACI or such third parties in accordance with Section 21.9.
3.7 Existing Equipment and Vendor Supported Software.
Schedule H (Existing Equipment) includes a listing of the Equipment that is, as of the
Effective Date, used by ACI in providing the Services internally, and that will be used and managed
by Vendor in providing the Services from and after the Effective Date. Schedule I (Vendor
Supported Software) identifies the Software that is, as of the Effective Date, used by ACI in
providing the Services internally, and that will be used and managed by Vendor in providing the
Services from and after the Effective Date.
3.8 Transition.
Vendor will perform all functions and services necessary to accomplish the transition to
Vendor of ACI’s information technology operations embodied in the Services described in
Schedule A (Statement of Work) (other than those specified in the Agreement as ACI’s
responsibility (the “Transition”)) in accordance with the initial, high level, transition
plan (as revised and supplemented by the Parties under the Changes Control Procedure from time to
time, the “Transition Plan”) attached as Schedule L (Transition and
Transformation). Within the timeframes set forth in the Schedule L (Transition and
Transformation), the Parties shall mutually agree on a more detailed plan, which, upon such mutual
agreement, shall supersede and replace Schedule L (Transition and Transformation). Vendor
will perform the Transition without causing material disruption to ACI’s business or that of its
customers or Affiliates. No functionality of the information technology operations being
Transitioned shall be disabled until Vendor demonstrates to ACI’s reasonable satisfaction that it
has fully tested and implemented equivalent capabilities for such functionality. ACI may monitor,
test and otherwise participate in the Transition in its discretion.
3.9 ACI IT Standards.
As requested by ACI from time to time, Vendor shall assist ACI in defining and developing, and
integrating with Vendor’s information technology standards, ACI’s information technology
architectures and standards applicable to the Services on an ongoing basis (collectively, the
“ACI IT Standards”). ACI will retain primary responsibility for determining the ACI IT
Standards. The ACI IT Standards as of the Effective Date are set forth in Schedule J (ACI
Policies and Standards). Subject to the Change Control Procedure, Vendor will comply with changes
from time to time in the ACI IT Standards. The assistance to be provided by Vendor shall include:
(a) active participation with ACI representatives on permanent and ad-hoc committees and
working groups addressing such issues;
Confidential
Master Services Agreement
Page 6
Execution Copy
(b) assessments of the then-current ACI IT Standards at a level of detail sufficient to permit
ACI to make informed business decisions;
(c) analyses of the appropriate direction for such ACI IT Standards in light of business
priorities, business strategies, competitive market forces and changes in technology;
(d) the provision of information to ACI regarding Vendor’s information technology strategies
for its own business to the extent not considered proprietary to Vendor’s business;
(e) recommendations regarding then current and available information technology architectures
and platforms, software and hardware products, information technology strategies, standards and
directions, and other enabling technologies (which may or may not be reflected in the Technology
Plans); and
(f) recommending then current and available appropriate information technology services
(including platforms comprising various hardware and software combinations) that support Service
Level requirements, exploiting industry trends in production capabilities and provide potential
price and performance improvement opportunities.
Without limiting the foregoing, ACI IT Standards shall include the then-current ACI technical
architecture and product standards, as such standards may be modified by ACI from time to time.
3.10 End Users of the Services.
(a) Subject to Section 3.10(b) hereof, the Services may be used by ACI and, as directed by
ACI, (i) its Affiliates and those third parties (such as suppliers, service providers and joint
venturers) with whom, at any point during the Term, ACI or any Affiliate has a commercial
relationship; and (ii) those persons and entities that, as determined by ACI, access ACI’s or any
of its Affiliates’ IT infrastructure (for example, these who are registered/authorized users of
ACI’s website and who are made known to Vendor) at any time during the Term through standard
operating procedures (the parties in Sections 3.10(a)(i) and 3.11(a)(ii) will collectively be
referred to as “End Users”). Vendor acknowledges that such access is ongoing as of the
Effective Date. Services provided to End Users shall be deemed to be Services provided to ACI.
(b) In accordance with Schedule A (Statement of Work), Vendor shall perform the
Services at the Service Locations set forth in Schedule P (Locations), which include ACI
facilities and non-ACI facilities as designated on Schedule P (Locations). If ACI requests
that Vendor provide Services in or from a new Service Location, then Charges set forth in
Schedule C (Charges) shall apply and ACI shall pay the applicable labor rate(s) for
additional personnel reasonably required by Vendor and for the incremental Out-of-Pocket Expenses
reasonably incurred by Vendor in physically relocating to such new Service Location, and for any
additional ongoing costs incurred by Vendor that would not have been incurred but for the
requirement that the Services be provided from or in a new Service Location and only to the extent
those ongoing costs are disclosed in a written plan approved by ACI. All such changes and any
additional payments will be determined through the contractual Change Control Procedure, as
appropriate (collectively, the “Change Control Procedure”). Notwithstanding the foregoing,
if ACI changes a location at which Vendor Personnel are performing Services, and the relocation is
50 miles or less in distance, ACI will not be responsible for any Vendor employee relocation costs,
including reimbursement of relocation costs or changes in employee compensation related to any
local labor market conditions.
Confidential
Master Services Agreement
Page 7
Execution Copy
At ACI’s request and upon mutual agreement, Vendor shall perform Projects. Charges for such
Projects shall be determined in accordance with Schedule C (Charges). Projects shall be
proposed and implemented in accordance with Schedule C (Charges), Schedule V
(In-Flight Projects) (which contains procedures regarding initiation and management of Projects)
and Schedule U (Change Control Procedure).
3.12 Protection of ACI Information.
If any information of ACI is processed in any facility used by Vendor to perform services for
any ACI Competitor, Vendor will take such steps as are reasonably necessary to prevent ACI’s
information from being disclosed.
3.13 Relocation of the Services.
For a relocation of substantially all of the Services under a Service Tower to a new or
different Service Location, Vendor shall give ACI at least ninety (90) days prior notice; for any
other relocation of Services to a new or different Service Location, Vendor shall give ACI
reasonable notice under the circumstances which shall in no event be less than thirty (30) days (in
either case, the “Relocation Notice”). Notwithstanding the foregoing, if a relocation is required
to obtain critical skills, is required for Vendor to meet Service Levels or as otherwise agreed by
the Parties, then such thirty (30) days notice shall not be required but Vendor will provide as
much notice to ACI as is reasonably possible. If the relocation would result in one or more of the
following impacts, then Vendor shall obtain ACI’s prior approval, and such approval shall not be
unreasonably withheld, for such relocation proposed by Vendor, its Affiliates or subcontractors;
(i) if the relocation of the Services would prevent ACI or its Affiliates from being in
compliance with any ACI Laws, or results in a material administrative burden for ACI or its
Affiliates to comply with any ACI Law;
(ii) if the relocation of the Services would result in a negative regulatory or financial
impact on a customer of ACI or its Affiliates, or would cause ACI or its Affiliates to be in breach
of its contract with a customer of ACI or its Affiliates; or
(iii) if the relocation involves the movement of Equipment to a new or different Service
Location.
If ACI determines within the period of the Relocation Notice that one of the above criteria is
met, ACI shall provide written notice of such to Vendor. ACI and Vendor shall then meet in good
faith to review alternatives to mitigate the impact of the proposed relocation. If the impact
cannot be mitigated using the Parties’ Commercially Reasonable Efforts, ACI may withhold its
consent. Any incremental expenses incurred by ACI as a result of such a relocation (or a
relocation as a result of Vendor’s failure to perform its obligations in accordance with this
Agreement) will be paid or reimbursed by Vendor.
3.14 Acquisitions and Divestitures.
(a) If, as a result of a Restructure, an entity that was not an Affiliate of ACI on the
Effective Date becomes an Affiliate of ACI during the Term (a “New Entity”), then, at ACI’s
option and to the extent such New Entity is not a Vendor Competitor and in accordance with ACI’s
directions, Vendor will provide the Services designated by ACI to the End Users of the New Entity.
In such case, the Parties will utilize the Change Control Procedure to address any integration
services requested by ACI with respect to the integration required for the New Entity to receive
the Services and any associated Charges.
Confidential
Master Services Agreement
Page 8
Execution Copy
(b) If at any time during the Term, ACI divests or otherwise transfers ownership of a business
unit or entity receiving Services from Vendor, then, if requested by ACI, Vendor shall continue to
provide the Services to such entity on the terms and conditions set forth in this Agreement for
such period as specified by ACI, not to exceed twelve (12) months after the effective date of the
divestiture or transfer. In such case, the Parties will utilize the Change Control Procedure to
address any required Changes or additions to the Services and the associated Charges.
(c) Where ACI indicates that it is considering or intends a Restructure, Vendor will, at no
additional cost to ACI to the extent the then-existing Vendor Personnel have the skill set and
availability without causing a materially negative impact on the Services, provide to ACI
reasonable assistance and information as may be reasonably necessary to facilitate the Restructure,
including:
(i) working with ACI to develop a plan to adequately staff any Projects specific to the
Restructure and meet volume increases resulting from the Restructure;
(ii) responding promptly to requests for information relating to the Services and Charges for
the Services;
(iii) if requested by ACI, assisting in discussions with third parties relating to any
Equipment, licenses or contracts relevant to any proposed New Entity;
(iv) cooperating in good faith with ACI in relation to the Restructure; and
(v) performing any Termination / Expiration Assistance which may be necessary under the
circumstances.
Any incremental effort required of Vendor (beyond the above obligations) to support a Restructure,
whether such Restructure is an acquisition or a divestiture, will be reviewed by the Parties in
accordance with the Change Control Procedure. The staffing process generally applicable to the
Services will also apply in the context of a Restructure to staffing for the in-scope Services.
3.15 ACI Retained Systems and Processes.
Vendor will use Commercially Reasonable Efforts to ensure that, in providing the Services, it
does not, without the consent of ACI, adversely affect or alter (a) the operation, functionality or
technical environment of the software and hardware used by or on behalf of ACI in connection with
ACI’s business other than the Vendor Equipment (the “Retained Systems”); and (b) the
processes used by ACI in connection with ACI’s business (the “Retained Processes”). Vendor
will be proactive in keeping itself informed about Retained Systems and Retained Processes as
necessary to provide the Services. ACI will inform Vendor about all aspects of the existing and
future Retained Systems and the Retained Processes that are reasonably likely to have a material
impact on Vendor’s ability to perform the Services. ACI will provide documentation, information
and other cooperation regarding any existing and future Retained Systems and Retained Processes, as
reasonably necessary for Vendor to perform the Services. ACI will also provide training with
respect to any ACI System and Retained Process that is proprietary to ACI that is reasonably
required by Vendor to perform the Services. At ACI’s request, Vendor will coordinate with ACI to
evaluate the impact of any alterations to Retained Systems and Retained Processes to the extent
such alterations may impact the Services.
Confidential
Master Services Agreement
Page 9
Execution Copy
(a) At least once every twelve (12) months during the Term, Vendor will meet with ACI account
leaders (such meetings to occur in the United States, EMEA or Asia Pacific as designated by ACI),
at no additional charge, in order to (i) provide an overview of how the Services are provided, (ii)
provide an overview of how the Vendor Software and Equipment work and should be operated and (iii)
provide such training and documentation necessary for ACI to (A) provide the Retained Systems,
Retained Processes or other services that relate to or interface with the Services and (B) provide
an outline of such training and documentation necessary for ACI to understand and operate the
interfaces to the Vendor Software and Equipment and understand and provide the Services for itself
and the other End Users after the expiration or termination of this Agreement. The Parties will
document the training and documentation to be provided in subsection (iii) of the preceding
sentence.
(b) As further specified pursuant to the Change Control Procedure, ACI may assign ACI
personnel (excluding any third parties) on a rotational basis to Vendor’s operating environment
(subject to appropriate safeguards to protect the data and proprietary information of other Vendor
customers and Vendors security policies) as reasonably required in order to (i) maintain visibility
and understanding regarding Services and how they are performed and (ii) provide assistance to
Vendor personnel in connection with a Transition or a modification to an existing Service.
(c) Upon ACI’s request from time to time, but no more often than once every twelve (12) months
during the Term, Vendor will provide to ACI a full description of the environmental configuration
in respect of the Services, including information regarding Vendor Software and Equipment, staffing
relative to Projects, operating environment, systems constraints, protocols, interfaces,
architecture and other operating parameters.
4. TERM OF AGREEMENT
4.1 Term.
The term (“Term”) of this Agreement shall begin on the Effective Date and shall expire
on the seventh anniversary of the Effective Date, unless terminated earlier or extended in
accordance with this Agreement.
4.2 Extension of Term.
Vendor shall provide ACI written notice not less than nine (9) months prior to the
then-existing expiration date of this Agreement of such upcoming expiration. No less than three
(3) months prior to such upcoming expiration, ACI shall have the right to extend the Term of this
Agreement for up one (1) year on the terms and conditions then in effect by delivering written
notice to Vendor.
5. PERSONNEL
5.1 Key Vendor Positions.
(a) “Key Vendor Positions” are the Vendor Transition Manager (as defined below), the
Vendor Project Executive, Vendor Delivery Project Executive and Vendor Tower Leads for each Service
Tower. Vendor shall cause each of the Vendor Personnel filling the Key Vendor Positions to devote
substantial time and effort to the provision of Services to ACI. Except with respect to the Vendor
representative assigned primary responsibility for Transition Services (the “Vendor Transition
Manager”), once assigned to a Key Vendor Position, these individuals shall remain on the ACI
account in such position for a period of at least two (2) years (or if assigned during Transition,
during the Transition and for two (2) years after the Transition). In the event of the voluntary
resignation, involuntary termination
Confidential
Master Services Agreement
Page 10
Execution Copy
for cause, illness, disability or death of one of its Vendor Personnel filling a Key Vendor
Position during or after the specified period, Vendor shall (i) give ACI as much notice as
reasonably possible of such development, and (ii) expeditiously identify and a suitable
replacement. If an employee of an Approved Subcontractor is assigned to a Key Vendor Position,
Vendor shall obtain commitments from that Approved Subcontractor to comply with the requirements of
this Section 5.1 with respect to such position. Upon providing Vendor 30 days prior notice, ACI
may from time to time change the positions designated as Key Vendor Positions. ACI shall have the
right, in its sole discretion, to change any position from a non-Key Vendor Position to a Key
Vendor Position; provided that in no event will the aggregate number of Key Vendor Positions
increase by more than five from the number of Key Vendor Positions as of the Effective Date.
(b) Vendor shall designate an individual to serve as “Vendor Delivery Project
Executive.” The Vendor Delivery Project Executive shall:
(i) be one of the Key Vendor Positions;
(ii) serve as the single point of accountability for Vendor for the Services;
(iii) have day-to-day authority for undertaking to ensure customer satisfaction;
(iv) be located at ACI’s offices in Omaha, Nebraska or other location reasonably designated by
ACI from time to time;
(v) be willing to travel to other ACI locations as reasonably requested by ACI from time to
time.
(c) Without limiting Vendor’s obligation to obtain the approvals required by this Section 5.1
for changes in Key Vendor Positions:
(i) Vendor shall implement and maintain a retention strategy designed to retain Vendor
Personnel assigned to Key Vendor Positions for the prescribed period;
(ii) Vendor shall also maintain active succession plans for each of the Key Vendor Positions;
and
(iii) At least once each year during the Term, Vendor shall review with ACI the retention
strategies and succession plans for the Key Vendor Positions. Such review shall include a status
review of the current risk profile for each of the Vendor Personnel currently assigned to such
positions. The risk profile will include the unique technical, account or process skills needed
for the Key Vendor Position, and an assessment of the risk that such Vendor Personnel might leave
Vendor, and any actions, including the execution of appropriate retention strategies to assure ACI
that Vendor will be able to continue to perform its obligations under this Agreement.
(d) Before assigning an individual to a Key Vendor Position, whether as an initial assignment
or a subsequent assignment, Vendor shall advise ACI of the proposed assignment and introduce the
individual to the appropriate ACI representatives. ACI shall have the right to require Vendor to
remove from ACI’s account and replace such individual at any time, in its sole discretion, provided
that ACI does not request the removal of any individual for reasons prohibited by Applicable Law,
and provided that reasonable notice (which may be immediate, depending on the circumstances
surrounding the removal) is
Confidential
Master Services Agreement
Page 11
Execution Copy
given. Upon such request from ACI, Vendor will investigate the request and reasons for it and
take appropriate action.
(e) If ACI objects in good faith to the proposed Key Vendor Position assignment, the Parties
shall attempt to resolve ACI’s concerns on a mutually agreeable basis. If the Parties have not
been able to resolve ACI’s concerns within five (5) Business Days, Vendor shall not assign the
individual to that position and shall propose to ACI the assignment of another individual of
suitable ability and qualifications. Except with ACI’s consent, individuals filling Key Vendor
Positions may not be transferred or re-assigned to other positions with Vendor or its Affiliates
until a suitable replacement has been approved by ACI, and no such transfer shall occur at a time
or in a manner that would have an adverse impact on delivery of the Services. Vendor shall
establish and maintain an up to date succession plan for the replacement of individuals serving in
Key Vendor Positions.
(f) Except with respect to the Vendor Transition Manager, so long as an individual is assigned
to a Key Vendor Position, is one of the Vendor employees that is substantially or fully dedicated
to providing Services to ACI or otherwise has regular access to view or manipulate ACI Confidential
Information that is either identified by ACI as competitively sensitive or a reasonable person
would understand is competitively sensitive for ACI based upon the content of such information, and
for twelve (12) months, thereafter, Vendor shall not assign such individual to perform services for
the benefit of any ACI Competitor, unless such assignment is approved by ACI, in advance and in
writing.
(g) A meaningful portion of the annual variable compensation for the Vendor Delivery Project
Executive and Vendor Personnel in the other Key Vendor Positions shall be based upon: (i) the level
of ACI satisfaction reflected in the periodic customer satisfaction surveys; (ii) the extent to
which Vendor has met Vendor’s responsibilities and obligations under this Agreement; (iii) Vendor’s
achievement of the objectives relating to ACI and its businesses set forth in Section 1.1, and (iv)
Vendor’s determination in consultation with ACI as to whether Vendor has met the technical and
business objectives set by ACI. Vendor maintains the final responsibility and decisions for
determining the compensation levels of all Vendor employees as well as recognizing and rewarding
them.
5.2 Transitioned Personnel.
(a) Promptly after the Effective Date, Vendor will offer employment to “Potentially Rebadged
Employees” identified in Schedule T (Human Resources). “Rebadged Employees” shall
mean those Affected Employees who receive and accept such offers and become employed by Vendor
effective as of such Service Tower Commencement Date or such other date as to which the Parties
agree. The provisions of Schedule T (Human Resources) shall apply to all Affected
Employees.
(b) ACI believes that the Rebadged Employees are critical in providing the Services (“Key
Rebadged Employees”). During the term stated in Section 5.1(a), following the hire date for
any Key Rebadged Employee (the “Mandatory Employment Period”), without ACI’s prior written
approval Vendor may not transfer or re-assign a Key Rebadged Employee from performing the Services
for ACI for a period of at least one (1) years.
(c) ACI has contracted for the services of non-employee personnel who immediately prior to the
Effective Date were performing services similar to the Services (“ACI Contractor
Personnel”). With regard to the agreements for ACI Contractor Personnel (“ACI Contractor
Agreements”), such ACI Contractor Agreements shall be terminated or, subject to obtaining
Required Consents in the manner provided in Section 6.7, assigned to Vendor. The action of
termination or assignment for particular ACI Contractor Agreements shall be in accordance with a
plan prepared by Vendor within ninety (90) days
Confidential
Master Services Agreement
Page 12
Execution Copy
after the Effective Date and approved by ACI. Vendor shall be responsible for the costs,
charges and fees associated with such actions.
5.3 Qualifications, Retention and Removal of Vendor Personnel.
(a) Vendor shall assign an adequate number of Vendor Personnel to perform the Services.
Vendor Personnel shall be properly educated, trained and fully qualified for the Services they are
to perform. If any portion of the Services of Vendor Personnel are a separately charged resource,
Vendor shall not charge ACI for the costs of training Vendor Personnel, including the time
necessary for such Vendor Personnel to become familiar with ACI’s account or business.
(b) ACI and Vendor agree that it is in their best interests to keep the turnover rate of
Vendor Personnel to a low level. Vendor shall use Commercially Reasonable Efforts to keep the
turnover rate to a low level and remains obligated to perform the Services, regardless of turnover,
without degradation and in accordance with this Agreement.
(c) While at ACI’s premises (or the premises of others receiving the Services under this
Agreement), Vendor Personnel shall (i) comply with all reasonable requests, and all rules and
regulations, regarding personal and professional conduct (including the wearing of an
identification badge and adhering to regulations and general safety, dress, behavior and security
practices or procedures) generally applicable to such premises to the extent that such requests,
and rules and regulations have been provided to Vendor in writing in advance; and (ii) otherwise
conduct themselves in a businesslike and professional manner.
(d) Vendor, in performing the Services, shall comply, and cause its employees, agents and
subcontractors to comply, with:
(i) All applicable local, state and federal laws and regulations relating to the workplace and
the performance of its obligations, including OSHA and other laws regarding workplace safety.
(ii) The ACI policies and procedures set forth in Schedule J (ACI Policies and
Standards) (to the extent that ACI is in compliance as of the Effective Date) and as provided to
the Vendor in writing from time to time;
(iii) Any of ACI’s policies and procedures as, from time to time, are communicated in writing
to Vendor.
(e) If ACI reasonably determines that the continued assignment to ACI’s account of any of
Vendor Personnel is not in the best interests of ACI, then, upon reasonable notice from ACI, Vendor
shall replace that person with another person of equal or superior ability and qualifications.
Vendor shall ensure that such replacement has received sufficient and necessary information to
accomplish a satisfactory knowledge transfer from the Vendor Personnel being replaced and is
sufficiently trained so as to assure continuity of the Services without adverse impact.
Notwithstanding the foregoing, where ACI notifies Vendor that ACI has determined that the concern
is of such a nature that such Vendor Personnel should be removed immediately (albeit possibly
temporarily) from ACI’s account, Vendor shall immediately remove such individual(s) from ACI’s
account. In any event, any request by ACI to remove an individual from ACI’s account shall not be
deemed to constitute a termination of such individual’s employment by Vendor and in no event shall
ACI be deemed an employer of any such person. Notwithstanding the above or any other provision in
this Agreement to the contrary, the rights of ACI in
Confidential
Master Services Agreement
Page 13
Execution Copy
this Section 5.3(e) shall be restricted to those Vendor Personnel that either (i) are located
at a ACI facility, or (ii) have direct contact with ACI or an End User (including any ACI clients).
(f) Vendor shall be responsible for conducting at its expense a background investigation of
all Vendor’s employees, contractors, agents and subcontractors assigned to provide Services to ACI.
Vendor agrees that the review period and information gathered will be in accordance with Vendor’s
standard policies. Vendor shall exercise reasonable care and diligence to ensure that it does not
assign employees, agents or subcontractors to ACI who, based on the results of their background
investigation, are likely to present a threat to the safety or security of people or other assets
on ACI’s premises.
(g) Vendor shall maintain documentation evidencing that the background investigations required
in Section 5.3(f) have been completed.
6. RESPONSIBILITY FOR RESOURCES
6.1 Generally.
Except to the extent specifically provided otherwise in this Agreement, Vendor shall be
responsible for providing all resources (including Equipment, Software, facilities and personnel)
necessary or desirable to provide the Services, and shall be responsible for all costs associated
with those resources, and shall only recover such costs through the corresponding Charges specified
in this Agreement. Vendor shall permit ACI, or any third-party provider of services to ACI,
(provided Vendor receives reasonable advance notification and subject to execution by such third
party of a confidentiality agreement in the form of Schedule M (Vendor Confidentiality
Agreement)) to establish and maintain uninterrupted remote access to the Applications Software and
any software running on Equipment and used to provide the Services, and, upon request, on-site
access to any Vendor facility at which Services are performed as may be reasonably required by ACI.
6.2 Intentionally left blank.
6.3 Financial Responsibility for Equipment.
As identified in Exhibit C-2 (Financial Responsibility and Ownership Matrix), Vendor
shall have full financial responsibility for all such Equipment. This includes responsibility for
all upgrades, enhancements, growth and technology refreshments to and for the Equipment not owned
or leased by ACI, and all costs and expenses related to operational support, including
installation, support, maintenance, disaster recovery, and Service Levels with respect to the
Equipment. Vendor shall refresh the Equipment in accordance with Exhibit C-2 (Financial
Responsibility and Ownership Matrix).
6.4 Equipment Access and Operational and Administrative Responsibility.
(a) Access. ACI shall grant Vendor the same rights of access and use, at no cost to
Vendor, that ACI has to Equipment used by ACI immediately prior to the Effective Date to provide
services to itself (subject to the Parties’ having obtained any Required Consents therefore and
solely to the extent necessary to provide the Services).
(b) No Warranties. All Equipment transferred or made available to Vendor and Approved
Subcontractors under this Agreement by ACI is provided or made available on an “AS IS, WHERE IS”
basis, with no warranties whatsoever. Notwithstanding anything to the contrary contained in this
Agreement, ACI and its Affiliates shall not be responsible for any breach of any of such
manufacturers’
Confidential
Master Services Agreement
Page 14
Execution Copy
warranties and indemnities, and no breach thereof shall affect the limitation on liabilities,
rights and obligations of the Parties set forth in this Agreement.
(c) Hardware and Software Purchases. If and as requested by ACI from time to time and
agreed by the Vendor, Vendor will offer to acquire hardware or software for re-sale to ACI at
Vendor’s charges plus a reasonable xxxx-up through Vendor’s contracts with third-party suppliers.
(d) Disposal of Equipment Owned or Leased by ACI. Vendor shall, as a part of the
Services included in the Monthly Base Charges, dispose of Equipment owned or leased (in accordance
with Schedule A (Statement of Work)) by ACI and no longer needed for the provision of the Services.
Vendor is entitled to retain any salvage value of such Equipment that is owned by ACI without
accounting to ACI.
(e) Disposal of Equipment Not Owned by ACI. Vendor shall be responsible for any
disposal of Equipment provided or otherwise used by Vendor or its subcontractors. Vendor shall be
responsible for all costs, charges or fees associated with the disposal of such Equipment.
(f) Refresh of Equipment. Vendor is responsible for acquiring, as a part of the
Hardware Services Charge (as defined in Schedule C (Charges)), such Equipment for refresh and
growth as indicated in Exhibit C-2 (Financial Responsibility and Ownership Matrix). The
Equipment to be acquired by Vendor pursuant to such Equipment refresh is based on the expected
volume identified in the Resource Volume Baseline and in Exhibit C-1. The Parties
acknowledge that the actual refresh of Equipment will be based on ACI’s changing business needs and
Vendor’s requirements to perform the Services and meet the Service Levels. Within thirty (30) days
after the each anniversary of the Effective Date, ACI and Vendor will review the then-current
refresh schedule, make any required revisions to the schedule and estimate by month for the
upcoming year the timing such refresh is required.
6.5 Financial Responsibility for Software.
(a) All licenses to Software in ACI’s name as of the Effective Date shall be retained in the
name of ACI as licensee. Subject to Section 6.5(c), financial, administrative and operational
responsibility for Software, including (i) all costs for current and future packages, new releases,
expanded license rights, growth and technology refreshment (“Software Capital Costs”) and
(ii) all costs and expenses related to operational support, including installation, support,
software maintenance, and achieving Service Levels (“Software Operational Support Costs”)
shall be allocated between the Parties as provided in Exhibit C-2 (Financial Responsibility
and Ownership Matrix). For that Software for which Vendor has financial responsibility, Vendor
shall pay directly, or promptly reimburse ACI if ACI (or any of its Affiliates) has paid, all such
costs that are attributable to periods from and after the assumption of such responsibility.
(b) Licenses. Vendor shall obtain all licenses for any new Systems Software acquired
during the Term for Equipment that Vendor is financially responsible for refreshing as specified in
Exhibit C-2 (Financial Responsibility and Ownership Matrix). Any negotiation of software
licenses on behalf of ACI will be in consultation with the ACI legal and procurement departments.
(c) ISV Software. Except as otherwise provided herein or in Exhibit C-2
(Financial Responsibility and Ownership Matrix), Vendor’s financial responsibility for Software
Capital Costs shall not extend to ISV Software. Notwithstanding the foregoing, (i) Vendor shall be
responsible for providing Vendor Applications Software Operational Support Services with respect to
all ISV Software; and (ii) if Vendor elects to operate any Applications Software on a shared
platform, and such election results in any
Confidential
Master Services Agreement
Page 15
Execution Copy
increase in the Software Capital Costs or Software Operational Support Costs in relation to
such Applications Software, Vendor shall be solely responsible for such incremental costs.
6.6 Third Party Contracts.
Vendor has financial, administrative and operational responsibility for those Third Party Contracts
set forth in Schedule G (Third Party Contracts). Vendor shall pay directly, or promptly
reimburse ACI, if ACI (or any of its Affiliates) has paid, all such costs that are attributable to
periods from and after the assumption of such responsibility.
6.7 Required Consents.
Vendor and its Affiliates shall be administratively responsible, with ACI’s and its
Affiliates’ reasonable cooperation and subject to the provisions of Section 6.6, for performing all
administrative activities necessary for obtaining the Required Consents for Software, Equipment,
facility leases/subleases and Third Party Contracts as necessary to perform the Services and other
obligations under this Agreement, upon mutually acceptable terms and conditions. ACI acknowledges
that, in those instances where ACI is the contracting party or licensee, ACI will be the party that
must seek the Required Consents and Vendor will provide assistance and the administrative
activities in seeking such Required Consents. Vendor will pay any and all fees (including transfer
or upgrade fees, additional licenses, sublicenses and maintenance fees) required to obtain such
Required Consents and will invoice ACI (as part of Vendor’s normal monthly invoice) such fees on a
Pass-Through Expenses basis. The Parties shall cooperate with each other so as to minimize such
costs and ensure that mutual agreement exists as to acceptable terms and conditions for the
provision of any such Required Consent. As and to the extent consent is obtained for Vendor and
its Affiliates to manage and utilize the Software or a contract but the relevant license or such
contract remains in ACI’s or an Affiliate’s name, ACI and its Affiliates shall exercise permissible
termination, extension and other rights thereunder as Vendor, after consultation with ACI,
reasonably directs. If a Required Consent is not obtained, then, unless and until such Required
Consent is obtained, the Parties shall determine and promptly adopt, such alternative approaches as
are necessary and sufficient to provide the Services without such Required Consents (including
modifications to the Transition Plan) and, subject to consultation with and agreement by ACI, an
applicable Service Tower Commencement Date affected by such unavailable Required Consents shall be
adjusted accordingly.
6.8 Straddle Agreements.
If a Straddle Agreement is discovered by the Parties after the Effective Date, within ninety
(90) days of the date of discovery, the Parties shall undertake to establish the most appropriate,
including the most cost effective, method of leveraging such Straddle Agreement for the benefit of
both Parties and if necessary, shall negotiate in good faith to determine an alternative to Vendor
using the Straddle Agreement to perform the Services.
7. SOFTWARE AND PROPRIETARY RIGHTS
7.1 ACI Software.
(a) ACI retains all right, title and interest in and to ACI Software, including all
modifications, enhancements and derivative works relating thereto. ACI grants to Vendor (and its
Approved Subcontractors if and to the extent required to provide the Services) a worldwide, fully
paid-up, nonexclusive license during the Term to use ACI Software solely to the extent necessary
for performing the Services for the benefit of ACI, ACI’s Affiliates and other End Users as
directed by ACI. ACI
Confidential
Master Services Agreement
Page 16
Execution Copy
Software shall be made available to Vendor in such form and on such media as exists on the
Effective Date or as is later obtained by ACI, together with available documentation and any other
related materials.
(b) Vendor shall not modify, decompile, reverse engineer, reverse assemble or reverse compile
any ACI Software or any Software licensed to ACI; distribute, rent, lease, sublicense or transfer
any ACI Software to any third party; use the ACI Software in a service bureau or time-sharing
arrangement; or otherwise allow direct or indirect use of any ACI Software by any third party other
Approved Subcontractors to the extent necessary for Vendor to perform the Services without the
prior written consent of ACI, which may be withheld at ACI’s sole discretion. Vendor shall not use
ACI Software for the benefit of any entities other than ACI, ACI’s Affiliates and other End Users,
without the prior written consent of ACI, which may be withheld at ACI’s sole discretion. Except
as otherwise requested or approved by ACI, Vendor shall cease all use of ACI Software upon
expiration or termination of this Agreement and deliver to ACI or destroy any copies of such ACI
Software.
7.2 Vendor Software.
(a) Subject to Section 7.4, Vendor retains all right, title and interest in and to Vendor
Software, including all modifications, enhancements and derivative works relating thereto. In
providing the Services, Vendor shall not use any Vendor Software without ACI’s prior written
approval, which approval shall not be unreasonably withheld; provided, however that Vendor may use
any Vendor Software to be used as Shared Software without approval from ACI. Vendor shall be
responsible for installing, operating and maintaining Vendor Software at its own expense.
(b) As and to the extent necessary for ACI to receive the Services and otherwise obtain the
benefits as specified this Agreement, Vendor grants to ACI a worldwide, fully paid-up, nonexclusive
license during the Term to use Vendor Software as it exists from time to time during the Term to
receive the Services during the Term and otherwise obtain the benefits as specified this Agreement.
Subject to the execution of reasonable confidentiality agreements with the third party, Vendor
also grants to ACI the right to sublicense Vendor Software to a third party for such third party to
perform work as permitted under Section 21.9 of this Agreement solely for the benefit of ACI, ACI’s
Affiliates and End Users.
(c) For generally commercially available Vendor Software which on the date of expiration or
termination of this Agreement Vendor, ACI and ACI Affiliates are using:
(i) solely to provide the Services to ACI:
(A) which Vendor licenses from a third party, subject to the consent of the third party,
Vendor will assign its license, if any, to such software to ACI or its designee upon ACI’s
reimbursement to Vendor of any transfer fees imposed by a third party for ISV Software, and any
one-time license or purchase charges in an amount equal to the remaining unamortized value, if any,
for the software, depreciated over a period beginning on the date such charges were incurred and
ending on the Termination/Expiration Date (as of the date such charges were incurred); and
(B) which is Vendor Software, Vendor will provide ACI under Vendor’s standard terms and
conditions, a license to such Software upon ACI’s reimbursement to Vendor of any one-time license
fees in an amount equal to the lower of (a) Vendor’s commercially available price at the time or
(b) the discount generally applicable to ACI based on the discount it generally receives at the
time the Agreement is terminated, in each case of (a) and (b) prorated over a period starting on
the date the cost was incurred and ending on the Termination/Expiration Date; and
Confidential
Master Services Agreement
Page 17
Execution Copy
(C) for all Software subject to clauses (A) and (B) of this subsection, ACI will reimburse
Vendor for any recurring periodic license, maintenance, support or other charges applicable to
periods after the date of transfer or license to ACI, and ACI will be responsible for any
additional recurring charges applicable to periods after such date of transfer or license; and
(D) to provide Services to ACI and other customers in a shared environment, Vendor will use
Commercially Reasonable Efforts to assist ACI in obtaining licenses for such software at ACI’s
expense.
(d) For non-commercially available Vendor Software which on the date of expiration or
termination of this Agreement Vendor is using to provide the Services, Vendor grants to ACI a
worldwide, fully paid-up, nonexclusive license during the Termination/Expiration Assistance Period
to use such non-commercially available Vendor Software solely to provide Services to ACI. Subject
to the execution of reasonable confidentiality agreements with the third party, Vendor also grants
to ACI the right to sublicense such non-commercially available Vendor Software to a third party for
such third party to perform work during the Termination/Expiration Transition Period solely for the
benefit of ACI, ACI Affiliates and End Users.
(e) As of the Effective Date, the Parties do not intend for Vendor to use any Vendor
Application Software other than for Vendor’s own internal or administrative use. If during the
Term the Parties agree that the scope of the Services should be expanded such that Vendor should
use Vendor Application Software, they shall enter into a separate written agreement governing such
use. Absent such agreement, ACI shall have no express or implied right to use Vendor Application
Software.
7.3 ISV Software.
(a) Grant of Rights. With respect to the ISV Software licensed by ACI, subject to the
Parties having obtained any Required Consents for such ISV Software, ACI grants to Vendor to the
extent necessary for performing the Services, the rights of use of such Software that ACI has as of
the Effective Date or later obtains during the Term with respect to such Software. Vendor shall
comply with the duties, including use and non-disclosure restrictions imposed on ACI by the
licenses for such ISV Software, and Vendor shall not seek to modify or otherwise revoke the terms
of such licenses without ACI’s prior written consent to the extent that such duties and/or licenses
have been provided in writing to Vendor prior to such compliance obligation. Except as otherwise
requested or approved by ACI, or with respect to operating system Software that (i) is licensed for
use on Equipment that ACI does not elect to purchase or assume the lease pursuant to Section 21.9
and (ii) may not be transferred to ACI for use on other Equipment, Vendor shall cease all use of
such Software upon expiration or termination of this Agreement.
(b) Third Party Applications Software. Vendor shall not use or introduce, nor seek
compensation or reimbursement for, any Third Party Applications Software in providing the Services
without ACI’s prior written approval, which will not be unreasonably withheld.
(c) Third Party Systems Software Acquired During the Term. With respect to any Third
Party Systems Software acquisitions that are made in Vendor’s name, prior to the introduction of
such Software, Vendor shall comply with the following:
(i) Vendor shall use Commercially Reasonable Efforts to obtain for ACI, ACI Affiliates and End
Users a perpetual, non-exclusive license to Use such Software at the expiration or termination of
this Agreement and at no additional charge to ACI; or
Confidential
Master Services Agreement
Page 18
Execution Copy
(ii) If Vendor is unable to obtain such license, Vendor shall notify ACI of its inability to
obtain such a license and of the cost and viability of any other software that can perform the
requisite functions and with respect to which Vendor has the ability to obtain such a license.
Such notice shall contain the proposed third-party vendor’s then-current terms and conditions, if
any, for licensing the software to ACI in accordance with Section 7.3(c)(i). With ACI’s prior
approval, Vendor may introduce such software in providing the Services. Moreover, if Vendor
desires to introduce Software, the rights to which have been acquired by Vendor as part of an
enterprise agreement, then Vendor shall notify ACI of the relevant terms of such agreement and
shall obtain ACI’s written consent prior to using such Software to provide the Services.
(d) Exercise of Rights. To the extent Vendor has financial responsibility for
licenses for Third Party Systems Software, but such licenses remain in ACI’s name, ACI shall
exercise termination or extension rights thereunder, as Vendor, after consultation with ACI,
reasonably directs with respect to such Software; provided that Vendor shall be responsible for the
costs, charges and fees associated with the exercise of such rights.
7.4 Rights in Newly Developed Software and Other Materials.
(a) Newly Developed Software.
(i) “Developed ACI Software” As between ACI and Vendor, all developed Software that is
(a) a modification, enhancement or derivative work of the ACI Software (called “Developed ACI
Software”) (b) newly developed software that Vendor develops for ACI on a project basis; and
(c) modifications to, or upgrades or enhancements or derivative works of, ISV Software provided by
ACI under this Agreement shall be owned by ACI. ACI shall have all right, title and interest,
including worldwide ownership of trade secret, copyright, patent and other proprietary rights in
and to the Developed ACI Software and all copies made therefrom. To the extent that any of the
Developed ACI Software is not deemed a “work made for hire” by operation of law, Vendor hereby
irrevocably assigns, transfers and conveys, and shall cause Vendor Personnel to assign, transfer
and convey, to ACI, without further consideration, all of its or their right, title and interest in
and to such Developed ACI Software, including all rights of patent, copyright, trade secret or
other proprietary rights in such Developed ACI Software. Vendor acknowledges, and shall cause
Vendor Personnel to acknowledge, that ACI and the successors and permitted assigns of ACI shall
have the right to obtain and hold in their own names any Intellectual Property Rights in and to the
Developed ACI Software. Vendor agrees to execute, and shall cause Vendor Personnel to execute, any
documents or take any other actions as may reasonably be necessary, or as ACI may reasonably
request, at ACI’s expense, to perfect ACI’s ownership of any such Developed ACI Software. ACI
hereby grants Vendor a fully paid-up, non-exclusive, worldwide license to use Developed ACI
Software solely to provide the Services during the Term and the Termination/Expiration Assistance
Period, which includes the right to sublicense and otherwise permit Vendor subcontractors to do any
of the foregoing. Vendor shall not be permitted to use Developed ACI Software for the benefit of
any entities other than ACI, ACI’s Affiliates, and other End Users, without the prior written
consent of ACI, which may be withheld at ACI’s sole discretion. Except as otherwise requested or
approved by ACI, Vendor shall cease all use of Developed ACI Software upon expiration or
termination of this Agreement and deliver to ACI or destroy any copies in its possession. No
further license is granted to Vendor with respect to Developed ACI Software. However, both Parties
are free to use any ideas, concepts, know-how, or techniques which are developed or provided by the
other or jointly by both Parties during a Project. Both Parties are free to enter into similar
agreements with others and to develop and provide materials or Services which are similar to those
provided under this Agreement.
(ii) “Developed Vendor Software” shall mean: (a) modifications to, or upgrades or
enhancements or derivative works of, Vendor Software; (b) newly developed software for which Vendor
Confidential
Master Services Agreement
Page 19
Execution Copy
does not charge ACI on a project basis; and (c) modifications to, or enhancements or
derivative works of, ISV Software provided by Vendor under this Agreement. Developed Vendor
Software shall also include methods of providing the Services, such as a work-flow, where such
methods were developed under this Agreement. As between the Parties, Vendor shall have all rights,
title and interest in and to Developed Vendor Software and all copies made from it. Vendor hereby
grants to ACI a perpetual, fully paid-up, non-exclusive, worldwide license to: (i) use all
Developed Vendor Software (other than with respect to the Software which Vendor is not entitled to
license to ACI under Vendor’s license with the third party and which ACI is not entitled to use
under its own license agreements with the third party) solely to provide services similar to the
Services for itself or services for the processing of approximately the volume of ACI’s business
that existed during the Term; and (ii) permit third parties to use all Developed Vendor Software
(other than with respect to the ISV Software that Vendor is not entitled under its license
agreement with the ISV Software vendor to license to third parties unless such third parties are
entitled to use under their own license agreements with the third party) solely to provide services
similar to the Services for ACI.
(b) Non-Software Materials. All literary works or other works of authorship including
manuals, training materials and documentation developed or created by Vendor or any Vendor
Personnel in accordance with this Agreement or Schedule A (Statement of Work) specifically
and exclusively for ACI, or at the written request of and specifically for ACI or its Affiliates
pursuant to a Project or the Change Control Procedures under this Agreement, but excluding
Developed ACI Software, Developed Vendor Software and any Vendor Preexisting IP incorporated into
any of the foregoing (collectively herein referred to as “Work Product”) shall be
exclusively owned by ACI. ACI shall have all right, title and interest, including worldwide
ownership of copyright, in and to the Work Product and all copies made from them. To the extent
any of the Work Product is not deemed a “work made for hire” by-operation of law, Vendor hereby
irrevocably assigns, transfers and conveys, and shall cause Vendor Personnel to assign, transfer
and convey, to ACI without further consideration all, of its or their right, title and interest in
and to such Work Product, including all rights of copyright in such materials. Vendor
acknowledges, and shall cause Vendor Personnel to acknowledge, that ACI and the successors and
permitted assigns of ACI shall have the right to obtain and hold in their own name any copyrights
in and to such Work Product. Vendor agrees to execute, and shall cause Vendor Personnel to
execute, any documents or take any other actions as may reasonably be necessary, or as ACI may
reasonably request, at ACI’s expense, to perfect ACI’s ownership of any such Work Product. Nothing
in Section 7.4 will be interpreted or construed to assign to ACI (and, except as licensed to the
ACI under this Agreement, Vendor reserves all right, title and interest that Vendor may have or
acquire in) any proprietary software, tools, utilities, methodologies, processes, documentation and
other items (i) that are developed by or on behalf of Vendor in performance of the Services
(including all modifications, enhancements, and derivative works of the Vendor Software and/or
tools made by or on behalf of ACI under Section 7.4 excluding all Work Product, Developed ACI
Software and any ACI Data or other materials or information provided by ACI to Vendor for use in
connection with such development (“Vendor Developed IP”), or (ii) that were created or
acquired by Vendor prior to the Effective Date, or was developed or acquired by Vendor outside the
scope of this Agreement (and without the use of ACI Confidential Information), and inserted or
incorporated within any Work Product or Developed Vendor Software with the prior written consent
of ACI (“Vendor Preexisting IP”). To the extent: (i) any Work Product or Developed Vendor
Software contains any Vendor Preexisting IP, or (ii) Vendor Developed IP has been provided to ACI
under this Agreement or has been used to provide Services to ACI under this Agreement, or (iii) use
of any Work Product or Developed Vendor Software requires any Vendor Developed IP or Vendor
Preexisting IP, Vendor grants to ACI a royalty-free, worldwide, non-exclusive copyright license to
such Vendor Developed IP or Vendor Preexisting IP, during the Term and the Termination/Expiration
Assistance Period solely in connection with internal use of the Work Product, Developed Vendor
Software or Vendor Developed IP that is actually provided to ACI under this Agreement or is
actually used to provide Services to ACI under this Agreement. ACI hereby grants Vendor an
irrevocable, fully paid-up, non-
Confidential
Master Services Agreement
Page 20
Execution Copy
exclusive, worldwide license to use the Work Product solely to provide the Services during the
Term and the Termination/Expiration Assistance Period, which includes the right to sublicense and
otherwise permit third parties to do any of the foregoing.
7.5 Export.
The Parties acknowledge that certain Software and technical data to be provided under this
Agreement and certain transactions under this Agreement may be subject to export controls under the
laws and regulations of the United States of America and other countries. Neither Party shall
export or re-export any such items or any direct product thereof or undertake any transaction in
violation of any such laws or regulations.
8. OFFICE SPACE
8.1 ACI Obligations.
(a) Subject to Section 8.2(a), below, ACI shall provide to Vendor the office space reasonably
needed and comparable to similarly situated employees of ACI to accommodate Vendor Personnel who
are on site at the End User Locations (the “ACI Office Space”), as the same may be changed
by ACI from time to time throughout the Term. With respect to such ACI Office Space, except as
otherwise provided in this Article 8, Vendor shall have the same privileges regarding use thereof
(such as heating, lights, air conditioning systems, use of cafeteria, etc. (excluding parking
privileges)) as do any other similarly situated employees of ACI. Furthermore, those Vendor
employees who are performing Services or any portion of the Services from ACI Office Space, shall
be free to use and consume, at no cost to Vendor, a reasonable amount of office supplies (such as
pencils, pens, pads, copy machines and facsimile machines) that are ordinarily furnished by ACI to
its personnel, and in accordance with the same policies and procedures regarding the use of office
supplies and services as are applicable to similarly-situated ACI employees, as such policies and
procedures may be modified from time to time to the extent such policies are provided to Vendor in
writing. Vendor shall be responsible for providing all other facilities required to perform the
Services.
(b) ACI shall retain the costs of applicable facilities leases and related leasehold
improvements with respect to the ACI Office Space to the extent required by the applicable
facilities leases and related documents.
(c) The ACI Office Space shall be made available to Vendor on an “AS IS” basis, with no
warranties whatsoever.
(d) ACI shall inform Vendor of any plans or determination to relocate the ACI Office Space so
that Vendor shall have a reasonable amount of time to prepare for and implement such change or
relocation as it impacts Vendor. ACI shall reimburse Vendor for Vendor’s Out-of-Pocket Expenses
incurred in connection with such relocation in accordance with Section 3.10.
8.2 Vendor Obligations within ACI Office Space.
(a) Vendor shall use the ACI Office Space for the sole and exclusive purpose of providing the
Services, unless in its sole discretion ACI approves another use in advance and in writing.
Accordingly, Vendor and its agents may not provide or market services to a third party from the ACI
Office Space. The use of ACI Office Space by Vendor shall not constitute a leasehold, a usufruct
or other property interest in favor of Vendor. Notwithstanding any provision in this Agreement to
the contrary, in no event may Vendor file a notice of lease or comparable instrument on the
applicable land.
Confidential
Master Services Agreement
Page 21
Execution Copy
(b) Vendor shall use the ACI Office Space in an efficient manner and in a manner that is
coordinated, and does not interfere, with ACI’s other business operations. To the extent that
Vendor operates the space in a manner that unnecessarily or unreasonably increases facility or
other costs incurred by ACI, ACI reserves the right to deduct such costs pursuant to Section 14.7
of this Agreement.
(c) Vendor shall be responsible for any damage to the ACI Office Space resulting from the
abuse, misuse, neglect or negligence of Vendor or other failure to comply with the obligations
respecting the ACI Office Space.
(d) Vendor shall keep the ACI Office Space in good order, not commit or permit waste or damage
to ACI Office Space or use ACI Office Space for any unlawful purpose or act, and shall comply with
ACI’s standard policies and procedures and with applicable leases regarding access to and use of
the ACI Office Space, including procedures for the physical security of the ACI Office Space to the
extent such policies, procedures and lease information has been provided to Vendor in writing.
(e) Subject to compliance with Vendor’s reasonable security requirements and reasonable
advance notice (where practical given the nature of access required), Vendor shall permit ACI and
its agents and representatives to enter into those portions of the ACI Office Space occupied by
Vendor staff at any time to (i) inspect the premises; (ii) show the premises; and (iii) perform
facilities-related services.
(f) Vendor shall not make improvements or changes involving structural, mechanical or
electrical alterations to the ACI Office Space without ACI’s prior written approval. At ACI’s
option, any improvements or fixtures to the ACI Office Space shall become the property of ACI. If
ACI does not elect to take title thereto Vendor shall remove the same at the end of the use of the
ACI Office Space and shall repair any damage caused by the installation or removal of such
improvements or fixtures.
(g) Vendor will comply with the physical safety and security procedures that are applicable to
the ACI Office Space from time to time to the extent such procedures are provided to Vendor in
writing.
(h) When the ACI Office Space is no longer required for performance of the Services, Vendor
shall return them to ACI in substantially the same condition as when Vendor began use of them,
subject to reasonable wear and tear.
8.3 Use of Vendor Facilities by ACI.
Vendor will make available to ACI reasonable office space and office facilities when ACI
personnel are onsite at Vendor facilities, including desks, telephones and internet connectivity.
9. SERVICE LEVELS
9.1 General.
Vendor shall perform the Services that are subject to Service Levels in a manner that meets or
exceeds the service levels set forth in Schedule B (Service Levels) (“Service
Levels”). Vendor will provide all Services without expressly defined Service Levels with at
least the same degree of accuracy, quality, completeness, timeliness, responsiveness and efficiency
as the greater of (i) the level provided by or for ACI prior to the Effective Date, or (ii) at
levels consistent with the warranty provided in Section 16.2.
Confidential
Master Services Agreement
Page 22
Execution Copy
If Vendor fails to meet any Service Level twice consecutively or any Critical Service Level,
Vendor shall promptly (taking into consideration the severity of the failure): (a) investigate,
assemble and preserve pertinent information with respect to, and report to ACI on the causes of,
the problem causing the Service Level failure, including performing a root cause analysis of the
problem; (b) advise ACI, as and to the extent requested by ACI, of the status of remedial efforts
being undertaken with respect to such problem; (c) minimize the impact of and correct such problem
to begin meeting the Service Level; and (d) take appropriate preventive measures to minimize the
recurrence of the problem. Vendor shall correct any such failure, whether or not material, as soon
as possible after Vendor becomes aware of such failure; provided, however, that, in the event the
root cause analysis demonstrates that Vendor was not at fault in failing to meet the Service Level
or if such failure is due to an exception to Service Level performance expressly set forth in
Schedule B (Service Levels), and Vendor is unable to perform remediation efforts without
incurring additional expense or adding significant additional resources, ACI may elect to either
(i) reprioritize the Services, in which event Vendor will perform the activities reflected in (b),
(c) or (d) above, or (ii) authorize Vendor to perform the remediation as a Project.
9.3 Critical Service Levels and Service Level Credits.
Vendor recognizes that its failure to meet those Service Levels identified in Schedule
B (Service Levels) as critical Service Levels (“Critical Service Levels”) may have a
material adverse impact on the business and operations of ACI and that the damage from Vendor’s
failure to meet a Critical Service Level is not susceptible to precise determination. Accordingly,
if Vendor fails to meet Critical Service Levels, then in addition to any other remedies available
to ACI under this Agreement, Vendor shall pay or credit to ACI the performance credits specified in
Schedule B (Service Levels) (“Service Level Credits”) in recognition of the
diminished value of the Services resulting from Vendor’s failure to meet the agreed upon level of
performance, and not as a penalty. The methodology for calculating such Service Level Credits is
set forth in Schedule B (Service Levels). ACI may from time to time, in accordance with
the limitations set forth in Schedule B (Service Levels), change the Allocation of Pool
Percentage and/or Service Level Credit Allocation Percentage, each as defined in and subject to the
limitations set forth in Schedule B (Service Levels). This Section 9.3 or the Service
Level Credits shall not limit ACI’s rights to terminate this Agreement for cause or pursue other
damages.
9.4 Priority of Recovery Following Interruption of Services.
If a Force Majeure Event or other occurrence creates an interruption in Vendor’s rendition of
the Services, Vendor shall give the recovery of its capabilities to perform the Services and the
resumption of its actual performance of the Services the same or greater priority it gives to
recovering its capabilities to perform services and resuming its performance of those services for
any other similarly situated customer of Vendor (and Vendor’s own operations).
9.5 User Satisfaction.
Vendor and ACI shall conduct satisfaction surveys in accordance with Schedule K (User
Satisfaction Survey Guidelines). The surveys shall be designed to determine the level of user
satisfaction and areas where user satisfaction can be improved. Such surveys shall include
representative samples of each major category of user within ACI and may include a number of
in-depth face-to-face or telephone interviews. Vendor and ACI shall mutually agree on the form and
content of the surveys, which shall be no less thorough than Vendor’s customary user satisfaction
program as set forth in Schedule K (User Satisfaction Survey Guidelines). The Parties
shall jointly review the results of the surveys, and Vendor shall develop and implement a plan to
improve user satisfaction in areas where user satisfaction is low. ACI’s satisfaction as indicated
in the survey results will be a factor in determining the compensation for all individuals holding
Key Vendor Positions.
Confidential
Master Services Agreement
Page 23
Execution Copy
9.6 Periodic Reviews and Adjustments to Service Levels.
(a) Without limitation of Schedule B (Service Levels), every six (6) months (or as
otherwise mutually agreed by the Parties) starting twelve (12) months after the Effective Date, ACI
and Vendor shall review the Service Levels. During such reviews, Vendor shall work with ACI to
identify possible cost/Service Level tradeoffs (but any resulting changes in the Service Levels
shall be implemented only if approved by ACI in its sole discretion). Upon such review, ACI may,
in accordance with Schedule B (Service Levels), adjust the applicable Service Levels.
(b) In accordance with Schedule B, ACI may change (i) the Service Levels to reflect
its changing business needs, including by adding or removing a Service Level, or (ii) one or more
of the calculation metrics and other mechanisms used to determine the Service Level (a “Changed
Service Level”). Except as otherwise specified in Schedule B (Service Levels), Changed
Service Level will take effect sixty (60) days after ACI gives Vendor a notice specifying the
Changed Service Level. Notwithstanding the foregoing, Vendor acknowledges that ACI customers may
from time to time require faster implementation of new or revised Service Levels that pertain to
the On Demand environment, and Vendor will use all Commercially Reasonable Efforts to implement
such new Service Levels or modifications as quickly as possible. If Vendor can demonstrate to
ACI’s reasonable satisfaction that such Changed Service Level or On Demand Service Levels will
materially increase Vendor’s cost of performing the Services in accordance with the Changed Service
Level, ACI may only add that Changed Service Level or On Demand Service Level if:
(i) Vendor agrees; or
(ii) Vendor does not agree, but: (a) ACI removes an existing Service Level at the same time as
introducing a Changed Service Level and the cost of providing the Services in accordance with the
Changed Service Level and the cost of achieving, measuring and reporting on such Changed Service
Level is not materially higher than the cost of providing the Services under the existing Service
Level and the cost of achieving, measuring and reporting on the existing Service Level; or (b) ACI
agrees to pay Vendor for its incremental cost of providing the Services under the Changed Service
Level and the cost of achieving, measuring and reporting on the Changed Service Level.
(c) Any disputes in respect of such incremental cost will be subject to the dispute resolution
provisions of this Agreement. If the Changed Service Level has associated Service Level Credits,
ACI will adjust the then-current aggregate percentage allowed, subject to any limitations set forth
in Schedule B (Service Levels).
(d) The Parties expect and understand that the Service Levels shall be improved over time.
Therefore, each Service Level will be reset annually in accordance with the terms of Schedule
B (Service Levels) governing continuous improvement of Service Levels.
(e) As new technologies and processes are introduced, subject to Section 9.6(b) above, the
Parties shall establish additional Service Levels reflecting industry best practices for those
technologies and processes. Vendor will, on a regular basis, attempt to identify ways to improve
the Service Levels. Vendor will, from time to time, include updates with respect to such
improvements in the reports provided to ACI in connection with such Service Levels.
9.7 |
|
Measurement and Reporting. |
Confidential
Master Services Agreement
Page 24
Execution Copy
(a) In addition to Critical Service Levels, Schedule B (Service Levels) also sets
forth certain key measurements with associated service level expectations (“Key
Measurements”). Vendor will measure its performance of the Services against such Key
Measurements, will report such performance to ACI on a monthly basis and will strive to improve its
performance related to such Key Measurements over the course of the Term. For each Key
Measurement, Vendor will either use ACI’s existing methodology for measuring and reporting the Key
Measurement or (if no such methodology exists) Vendor will formulate and propose to ACI a
comprehensive, accurate and sufficiently detailed, measurement scope, calculation and reporting
methodology.
(b) Vendor shall utilize the necessary measurement and monitoring tools and procedures
required to measure and report Vendor’s performance of the Services against the applicable Service
Levels. Such measurement and monitoring shall permit reporting at a level of detail sufficient to
verify compliance with the Service Levels, and shall be subject to audit by ACI. Vendor shall
provide ACI with (i) performance and measurement data, for purposes of verification, project and
contract management; (ii) problem management data and other data regarding the status of incidents,
problems, Service Requests and Authorized User inquiries; and (iii) access to the data used by
Vendor to calculate its performance against the Service Levels and procedures utilized by Vendor to
generate such data for purposes of audit and verification. ACI shall not be required to pay any
amount in addition to the Charges for such measurement and monitoring tools or the resource
utilization associated with their use.
(c) The raw data, the detailed supporting information, and the reports delivered to ACI under
this Agreement relating to Service Levels and performance under this Agreement (“Performance
Information”) will be ACI Data for the purposes of this Agreement. Vendor may only use
Performance Information in the course of providing the Services and for its internal business
purposes and will provide material containing that Performance Information to ACI promptly on
request. Vendor may also use aggregated data derived from Performance Information for external
purposes provided that such aggregated data is not identifiable as relating to ACI.
10. PROJECT AND CONTRACT MANAGEMENT
10.1 Governance Guidelines and Principles.
Governance of the Parties’ relationship pursuant to this Agreement will follow the guidelines
and principles set out in Schedule S (Governance), as such guidelines and principles are
amended or supplemented by the Parties from time to time during the Term.
10.2 Executive Steering Committee.
The Parties shall form a steering committee to facilitate communications between them (the
“Executive Steering Committee”). The members, activities and responsibilities of the
Executive Steering Committee are set forth in Schedule S (Governance).
10.3 Reports.
(a) Prior to an applicable Service Tower Commencement Date, the Parties shall determine an
appropriate set of periodic reports to be issued by Vendor to ACI with respect to such Service
Tower. For reports that relate to Services provided across multiple Service Towers, such reports
shall be established prior to the first Service Tower Commencement Date for the Service Towers the
report is intended to cover. Such reports shall be issued at the frequency set forth in
Schedule R (Reports). An initial list of all such reports (including a description of the
frequency of such reports) is set forth in Schedule R
Confidential
Master Services Agreement
Page 25
Execution Copy
(Reports). Vendor shall provide ACI with suggested formats for such reports for ACI’s review
and approval.
(b) Vendor’s reports shall include, at a minimum, (i) reports consistent with ACI’s practice
prior to the applicable Service Tower Commencement Date; and (ii) a monthly performance report,
which shall be delivered to ACI within ten (10) Business Days after the end of each month,
describing Vendor’s performance of the Services in such month (the “Monthly Performance
Report”).
(c) Vendor shall enable ACI to (i) access reports (both management and operational reports)
online; (ii) access supporting information for reports; and (iii) compile such reports and
supporting information in order to generate new reports.
10.4 Meetings.
(a) The Parties shall conduct periodic meetings that shall, at a minimum, include the
following:
(i) a weekly meeting of the ACI Project Office Executive and the Vendor Delivery Project
Executive to discuss day-to-day operations and such other matters as appropriate;
(ii) a monthly meeting among operational personnel representing ACI and Vendor to discuss the
Monthly Performance Report, daily performance, planned or anticipated activities and changes that
might adversely affect performance, and otherwise to address, review and discuss matters specific
to ACI;
(iii) a quarterly management meeting of the Steering Committee to review the reports for the
quarter (including the Monthly Performance Reports), review Vendor’s overall performance under this
Agreement, review progress on the resolution of issues, provide a strategic outlook for ACI’s
service requirements, and discuss such other matters as appropriate;
(iv) a semi-annual senior management meeting by the Parties to review relevant contract and
performance issues; and
(v) such other meetings between ACI representatives and Vendor Personnel reasonably requested
by either Party as necessary to address performance of the Services.
(b) Vendor shall prepare and circulate an agenda sufficiently in advance of each such meeting
to give participants an opportunity to prepare for the meeting. Vendor shall incorporate into such
agenda items that ACI desires to discuss. For each meeting held between representatives of Vendor
and ACI, Vendor shall prepare and circulate detailed, precise, complete and accurate minutes
reporting, at a minimum all decisions reached during the meeting and for each such decision, which
Party representative raised the issue, a summary of the major points for and in opposition of each
issue and the results or actions agreed upon, promptly after a meeting, although ACI shall not be
bound thereto and shall be under no obligation to correct or object to any errors therein.
10.5 Procedures Manuals.
(a) The “Procedures Manual” shall describe the method that Vendor will use to perform
and deliver the Services under this Agreement, the Equipment and Software being used, and the
documentation (e.g., operations manuals, user guides, specifications) which provide further details of
Confidential
Master Services Agreement
Page 26
Execution Copy
such activities. Procedures Manuals shall also describe the activities Vendor will undertake
in order to provide the Services, including those direction, supervision, monitoring, reporting,
planning and oversight activities normally undertaken to provide services of the type Vendor is to
provide under this Agreement. Procedures Manuals also shall include descriptions of the acceptance
testing and quality assurance procedures approved by ACI, Vendor’s problem management and
escalation procedures, and the other standards and procedures of Vendor pertinent to ACI’s
interaction with Vendor in obtaining the Services. Procedures Manuals shall be written explicitly
and comprehensively enough to describe how the Services will be performed. Vendor will make all
Procedures Manuals available for access by ACI on-line as well as in hard copy.
(b) Vendor will provide for ACI’s review and consent an outline of the Procedures Manual
applicable to that Service Tower on the dates specified in Exhibit B-3 (Critical
Deliverables). Within forty-five (45) days after such dates, Vendor shall deliver a draft
Procedures Manual with respect to such Service Tower to ACI for ACI’s comments and review. Vendor
shall incorporate comments or suggestions of ACI and shall finalize the Procedures Manual thirty
(30) days after receiving ACI’s comments on the Procedures Manual. The final Procedures Manual
shall be subject to the approval of ACI. Vendor shall periodically, but no less than
semi-annually, update Procedures Manuals for all Service Towers to reflect changes in the
operations or procedures described therein. Updates of the Procedures Manuals shall be provided to
ACI for review, comment and approval. Vendor shall perform the Services in accordance with the
Procedures Manuals. In the event of a conflict between the provisions of this Agreement and the
Procedures Manuals, the provisions of this Agreement shall control. Until the Parties agree upon a
Procedures Manual pursuant to this Section 10.5, Vendor will follow the ACI procedures which were
in effect on the applicable Service Tower Commencement Date to the extent that such procedures have
been provided to Vendor in writing.
10.6 Change Control.
(a) Technical Change Control.
(i) At all times ACI shall be responsible for establishing ACI’s IT architecture, standards
and strategic direction; provided, however, that Vendor shall actively participate in and provide
subject matter expertise to ACI as it establishes such IT architecture, standards and strategic
direction. In performing the Services, Vendor shall conform with and shall support such
architecture, standards and strategic direction in accordance with the technical change control
procedures defined in this Section 10.6 and in the Procedures Manual.
(ii) Vendor shall be responsible for all Changes to ACI’s IT environment pertaining to the
Services, including Changes to programs, Procedures Manuals, job control language statements,
distribution parameters and schedules. Vendor shall comply with the following Change control
requirements:
(A) Prior to using any new Systems Software or new Equipment to provide the Services, Vendor
shall have verified that the item is (1) consistent with the IT architecture, standards and
strategic direction specified by ACI, (2) has been properly installed, is operating in accordance
with its specifications, (3) is performing its intended functions in a reliable manner, and (4) has
been thoroughly tested and been proven compatible with and within ACI’s then-existing IT
infrastructure environment.
(B) Vendor may make temporary Changes required by an emergency if, after making Commercially
Reasonable Efforts, Vendor has been unable to contact an appropriate ACI
Confidential
Master Services Agreement
Page 27
Execution Copy
manager to discuss Vendor’s proposed actions. Vendor shall document and promptly report such
emergency Changes to ACI, which Changes shall then be subject to ACI’s approval.
(C) Vendor shall not make the following Changes, including implementing a Change in
technology, without first obtaining ACI’s approval, which such approval ACI may withhold in its
discretion:
(1) a Change adversely affecting the function or performance of, or decreasing to any significant
degree the resource efficiency of, the Services;
(2) a Change increasing ACI’s Charges under this Agreement or other costs or fees of ACI;
(3) a Change inconsistent with ACI’s physical or information security policies or procedures to the
extent such policies or procedures have been provided to Vendor in writing and in advance;
(4) a Change impacting the safety or security of ACI personnel, resources or information;
(5) a Change inconsistent with the IT architecture, standards or strategic direction specified by
ACI; or
(6) a Change impacting the way in which ACI conducts its business or operations which impact ACI
considers to be adverse.
(D) Vendor shall move programs from development and test environments to production
environments in a controlled, documented and auditable manner, so that no Changes are introduced
into the programs during such activity, and with the full capability of restoring to the prior
state until the programs have been established as fully operational.
(iii) Within ninety (90) days after the Effective Date, Vendor shall propose a detailed
technical change control procedure, to be set forth in the Procedures Manual, detailing how Vendor
will comply with the requirements set forth in this Section 10.6 and otherwise control Changes to
ACI’s IT environment pertaining to the Services throughout the Term. Vendor shall incorporate
comments or suggestions of ACI and shall finalize the technical change control procedure thirty
(30) days after receiving ACI’s comments. The technical change control procedure may be used to
identify the need for the Parties to amend this Agreement. ACI shall have the right to approve in
advance any action or decision of Vendor materially affecting the provision of Services, including
Equipment, Software and systems configuration. ACI shall have the right to set priorities in
scheduling work. If, in accordance with the Procedures Manual, ACI requests a change in
priorities, Vendor shall strive to accommodate the change without negatively impacting the Service
Levels; if the Service Levels shall be impacted, Vendor shall notify ACI of the anticipated impact
and the Parties shall agree on the approach to be taken.
(b) Contractual Change Control. In addition to the technical change control
procedure, the Parties shall also implement a process for documenting and mutually agreeing to
Changes to this Agreement that are intended to be minor, non-material modifications to this
Agreement. To institute and implement such a process (the “Contractual Change Control
Procedure”), the Parties shall use that procedure reflected in Schedule U (Change
Control Procedure). Any modifications to this Agreement made pursuant to the Contractual Change
Control Procedure shall (i) be by mutual agreement of the Parties, (ii) require appropriate
executions by the Parties to evidence such agreement, and (iii) be deemed amendments to this
Agreement.
Confidential
Master Services Agreement
Page 28
Execution Copy
(c) In determining whether the Charges should be adjusted as a result of a Change implemented
pursuant to this Section 10.6, the Parties shall be guided by the following principles:
(i) To the extent and for so long as such a Change can be performed in accordance with the
Service Levels without a material increase in the resources then being utilized by Vendor therefore
and is not a New Service, there will be no adjustment to the Charges.
(ii) In the event such increase cannot reasonably be accommodated without a change in
priorities or a material increase in the resources then being utilized by Vendor for the
performance of the Services (and ACI so requests), Vendor and ACI will work together to adjust the
Service Levels and priorities with respect to other Services being performed by Vendor so as to
permit such Change to be implemented without an increase in Vendor’s Charges.
(iii) A Change that is required to cure a defective Deliverable or other Service default
resulting from Vendors action or inaction will be provided at no additional Charge.
(iv) If such a Change cannot be implemented without an increase in the Charges, and ACI agrees
to implement the Change, then, if such Change can be reasonably performed on a time and material
basis, the increase in Charges shall be calculated using the applicable time and materials rates
set forth in Exhibit C-1 (Base Charges, Baselines, ARC/RRC Rates and Termination Charges).
If such work cannot be reasonably performed on a time and material basis, then the Change shall be
implemented at a price to be mutually agreed to by the Parties in writing.
(v) To the extent that such a Change causes a reduction in the scope of the Services or
priority of the Services that does not also cause a reduction in the Vendor resources then being
utilized therefore, there will be no adjustment to the Charges.
(vi) If such a Change results in a reduction of the resources required by Vendor to perform
the Services and that reduction is not reflected in the Charges through the Charges mechanism set
forth in Schedule C (Charges), the Charges will be equitably adjusted by mutual written
agreement of the Parties.
(d) Notwithstanding anything to the contrary contained herein, including this Section 10.6, no
Change that would result in an increase to ACI’s Charges under this Agreement or to other costs or
fees of ACI shall be implemented unless it has been approved, in advance and in writing, in
accordance with Schedule U (Change Control Procedure).
10.7 Subcontracting.
(a) Except as and to the extent ACI may agree otherwise in writing, Vendor may subcontract its
obligations under this Agreement only in accordance with the following:
(i) Except as set forth below, Vendor may not delegate or subcontract any of its
responsibilities under this Agreement (including to Affiliates) without prior written approval of
ACI, which ACI may withhold in its sole discretion. Prior to entering into a subcontract with a
third party, Vendor shall give ACI not less than ten (10) Business Days’ prior written notice
specifying the components of the Services affected, the scope of the proposed subcontract, and the
identity and qualifications of the proposed subcontractor. Notwithstanding the foregoing or any
other provision in this Agreement to the contrary, Vendor may, in the ordinary course of business
and without notice to ACI, subcontract for any third-party service and/or product that (1) is not
material to any function constituting a
Confidential
Master Services Agreement
Page 29
Execution Copy
part of the Services, and (2) does not result in a material change in the way Vendor conducts
its business, provided such subcontract does not adversely affect ACI, whether in performance of or
Charges for the Services or otherwise. Without limitation of the provisions set forth in Section
5.3, if ACI expresses concerns to Vendor about a subcontract covered by this Section 10.7(a)(i),
Vendor shall discuss such concerns with ACI and work in good faith to resolve ACI’s concerns on a
mutually acceptable basis.
(ii) ACI may request that Vendor use a particular subcontractor in certain limited
circumstances in which case Vendor will attempt to use such proposed subcontractor unless Vendor
persuades ACI that the use of such subcontractor would impair Vendor’s ability to satisfy the
Service Levels or such use would cause a Vendor to breach an agreement. For purposes of clarity,
Vendor Charges shall be equitably adjusted should the use of such ACI requested subcontractor cause
Vendors costs to increase.
(iii) ACI shall have the right to revoke its prior approval of a subcontractor and direct
Vendor to replace such subcontractor if the subcontractor’s performance is materially deficient, or
there have been material misrepresentations by or concerning the subcontractor, or a subcontractor
which at the time approved is a majority owned Affiliate of Vendor ceases to be such an Affiliate.
(b) Vendor shall remain responsible for obligations, services and functions performed by
subcontractors to the same extent as if such obligations, services and functions were performed by
Vendor employees (including requiring subcontractors to adhere to the standards applicable to
Vendor and the policies and procedures then in effect, whether promulgated by ACI or Vendor) and
for purposes of this Agreement such work shall be deemed Services performed by Vendor. Vendor
shall be ACI’s sole point of contact regarding the Services performed by Vendor’s subcontractors,
including with respect to payment. It is understood and agreed that, as between the Parties,
Vendor shall be solely liable for all costs and payment obligations owed by Vendor to its
subcontractors and third parties in connection with the Services.
(c) In addition to any other restrictions in this Agreement regarding confidentiality, Vendor
shall not disclose ACI Confidential Information to a subcontractor unless and until such
subcontractor has agreed in writing to protect the confidentiality of such Confidential Information
in a manner substantially equivalent to that required of Vendor under this Agreement, and then only
on a need-to-know basis.
(d) To the extent subcontractors, agents, representatives or other entities perform the
Services, Vendor shall cause such entities to comply with the obligations and restrictions
associated with the services, functions and responsibilities performed by such subcontractors,
agents, representatives and other entities that are applicable to Vendor under this Agreement In
addition, Vendor shall include in its subcontracts, as “flow-down” provisions, provisions
substantially similar to the provisions of this Agreement relating to compliance with Applicable
Laws; audit; confidentiality, security and Intellectual Property Rights of ACI; and each other
provision which is necessary to assure that Vendor will fulfill its obligations under this
Agreement. In addition, all documents (e.g., contracts) between Vendor and its subcontractors or
other third parties relating to creative services shall contain a provision whereby the
subcontractor transfers intellectual property rights to customer-developed materials to Vendor or
Vendor’s customers.
(e) Vendor will, at ACI’s request, enforce the subcontracts as necessary to cause the
subcontracted obligations to be fulfilled on Vendor’s behalf in accordance with this Agreement.
(f) Vendor shall exercise prudence and good business judgment in the selection and monitoring
of performance of subcontractors. In the event of loss resulting from such failure of
Confidential
Master Services Agreement
Page 30
Execution Copy
performance by any subcontractor, the burden shall be on Vendor to show that it complied with
the aforesaid standard of selection and monitoring of the subcontractor.
(g) ACI may request at any time, and Vendor shall provide within thirty (30) calendar days of
such request, a listing of all Vendor employees, agents and subcontractors who are then performing
Services under this Agreement, such listing to include basic information about each person
including name, job title and basic job function with respect to the Services.
(h) Subcontractors as to which ACI has, as of the Effective Date, given the approvals required
by this Section 10.7 are identified in Schedule N (Approved Subcontractors).
10.8 Technology Planning and Budgeting.
(a) Technology Plan. The Parties shall annually jointly prepare a technology plan in
accordance with the provisions of this Section 10.8 (“Technology Plan”). The Technology
Plan shall address the IT requirements of ACI’s activities and future opportunities to enhance
delivery of Services and to reduce the costs of the Services through introduction of tools,
procedures and other improvements into ACI’s IT environment (“Enhancement Activities”).
Each Technology Plan after the first shall review and assess the immediately preceding Technology
Plan. The Technology Plan shall consist of a three-year plan and an annual implementation plan as
described below.
(b) Targeted Cost Savings. In addition to cost savings opportunities that apply
generally to the Services to be discussed as a part of annual knowledge sharing and technology
planning processes, the Parties intend to more closely examine on an annual basis specific aspects
of the Services for cost savings opportunities. The Parties will identify cost saving
opportunities for a selected Service Tower each year of the Term. The resulting plan shall outline
the activities to undertake in order for ACI to realize the anticipated cost savings if ACI chooses
to pursue such opportunity and any gainsharing by the Parties related to such anticipated cost
savings. In each subsequent Contract Year, the Parties will undertake a similar process for
another Service Tower (one Service Tower per Contract Year).
(c) Three-Year Plan. The Technology Plan shall include a comprehensive assessment and
strategic analysis of ACI’s then-current IT systems related to the Services including the ACI IT
Standards and an assessment of the appropriate direction for such systems and services for the next
three (3) years in light of ACI’s business priorities and strategies and competitive market forces
(to the extent such business information is provided by ACI to Vendor). The Technology Plan shall
include:
(i) a specific identification of proposed software and hardware strategies and direction;
(ii) a cost/benefit analysis of any proposed Changes;
(iii) a general plan and a projected time schedule for developing and achieving the
recommended elements;
(iv) the resulting impact on ACI information technology costs;
(v) a description of the types of personnel skills and abilities needed to respond to any
recommended Changes or upgrades in technology;
Confidential
Master Services Agreement
Page 31
Execution Copy
(vi) the changes, if any, in the personnel and other resources required to operate and support
the changed environment;
(vii) the expected performance, quality, responsiveness, efficiency, reliability, security
risks and other service levels to be achieved based on the recommended strategies and directions;
and
(viii) Any Enhancement Activities generally known within the information technology industry
at the time of the particular Technology Plan which could be implemented into the Services on a
long-term basis (i.e., during the term of the three-year Technology Plan) and an initial high-level
benefits analysis with regard to such Enhancement Activities and the implementation of same.
(d) Annual Implementation Plan. As necessary to support the overall objectives and
directions of the three-year plan, the annual implementation plan shall include information
services requirements, plans, projects (which may include Projects) for the upcoming year,
including details on operations, maintenance backlog and development activities. The annual
implementation plan shall include a summary review of Vendor’s performance of the Services in the
year then concluding, and shall provide updates and revisions of the three-year plan as
appropriate. The annual implementation plan will also include any Enhancement Activities generally
known within the information technology industry at the time of the particular annual technology
plan which could be implemented into the Services on a short-term basis (i.e., during the term of
the annual technology plan) and an initial benefits analysis with regard to such Enhancement
Activities and the implementation of same. An annual implementation plan shall be prepared for
each year of the Term. As part of the process for preparing the annual implementation plan, the
Parties shall review the overall operation of this Agreement with regard to a determination of
whether the Services are meeting ACI’s strategic IT requirements.
(e) Drafting Responsibility. Vendor shall submit to ACI a draft of the Technology
Plan for ACI’s review and comment, which draft shall have been developed with input from key
business users of ACI. Vendor shall submit the final Technology Plan to ACI for its approval
within thirty (30) days of receiving ACI’s comments. The draft of the first Technology Plan shall
be provided within six (6) months of the completion of Transition.
(f) Technology Plan Timing and Update. The schedule for developing and delivering
each Technology Plan shall be coordinated to support ACI’s annual business planning cycle and the
semi-annual senior management meeting described in Section 10.4(a)(iv). Vendor shall recommend
modifications to the Technology Plan as it deems appropriate, and shall revise the Technology Plan
as requested or approved by ACI. During Transition, an outline and the contents of the Technology
Plan will be jointly developed by the Parties.
10.9 Quality Assurance and Improvement Programs.
As part of its total quality management process, Vendor shall provide continuous quality
assurance and quality improvement through: (a) the identification and application of proven
techniques and tools from other installations within its operations (i.e., “best practices”) that
would benefit ACI either operationally or financially or ensure continued compliance with
Applicable Vendor Laws; and (b) the implementation of concrete programs, practices and measures
designed to improve Service Levels. Such procedures shall include checkpoint reviews, testing,
acceptance and other procedures for ACI to confirm the quality of Vendor’s performance, and shall
be included in the Procedures Manuals. Vendor shall utilize project management tools, including
productivity aids and project management systems, as appropriate in performing the Services.
10.10 |
|
Management of Issues. |
Confidential
Master Services Agreement
Page 32
Execution Copy
(a) Notwithstanding anything to the contrary contained in this Section 10.10, Vendor will
proactively manage issues in a manner such that tasks required to be performed under this Agreement
are performed in a timely manner. Each member of the Vendor Personnel is expected to promptly
escalate an issue if the performance of any such Vendor Personnel member’s obligation is directly
impacted by the failure of ACI or an ACI agent to perform a prerequisite task. Vendor will not
have met its obligation with respect to the hindered task unless and until the ACI Contract
Executive has been notified of such failure to perform, but only to the extent ACI’s ability to
cure its failure is prejudiced by Vendor’s delay or failure in escalating the applicable issue.
(b) If ACI, a ACI Affiliate or a ACI agent fails to perform any of its responsibilities set
forth in Schedule L (Transition and Transformation), Schedule A (Statement of Work)
or operational responsibility set forth in connection with a Project, Vendor will be excused from
the performance of Vendor’s obligation that is adversely affected by such failure to the extent and
only for so long as ACI’s failure is the direct cause of Vendor’s non-performance, but only (i) if
Vendor promptly notifies the ACI Contract Executive of such failure, (ii) if, after notifying the
ACI Contract Executive, ACI fails to promptly rectify such failure; and (iii) with respect to such
specific obligations for which no reasonable workaround exists.
11. AUDITS, RECORD RETENTION
11.1 Intentionally left blank.
11.2 Audit Rights.
(a) Vendor shall maintain a complete record of all financial transactions and customary
records of non-financial transactions resulting from this Agreement. Vendor shall provide to ACI
and ACI’s Affiliates and its and their auditors (including the internal audit staff of ACI and
ACI’s external auditors), inspectors, regulators and other representatives who are not Vendor
Competitors as ACI may from time to time designate in writing and who agree in writing to
substantially the terms and conditions set forth in Schedule M (Vendor Confidentiality
Agreement), access at all reasonable times (and in the case of regulators at any time required by
such regulators), and upon at least five (5) Business Days notice (or a shorter period of time as
may be required by Applicable Law or entities that regulate ACI), to any facility or part of a
facility at which either Vendor or any of its subcontractors is providing any portion of the
Services (subject to Vendor’s and its subcontractors standard security rules for such facility), to
Vendor Personnel, and to data and records relating to the Services excluding: (x) attorney-client
privileged information; (y) Vendor internal audit reports of Vendor’s activities (provided that
Vendor shall provide summaries of such audits that are prepared by the person that produced the
original audit report); and (z) cost data (other than where the Agreements specifies that cost or
cost plus is the basis for determining the Charges), for the purpose of performing audits and
inspections of either Vendor or any of its subcontractors during the Term and for the period Vendor
is required to maintain records hereunder. The purpose of such audits will be to:
(i) verify the accuracy of Charges and invoices, and the inventory of ACI supplies and other
ACI assets, if any;
(ii) verify the confidentiality, integrity and accessibility of ACI Data and examine the
systems that process, store, support and transmit that data;
(iii) verify that Vendor and ACI are in compliance with their respective obligations under
Article 22; and
Confidential
Master Services Agreement
Page 33
Execution Copy
(iv) examine Vendor’s performance of the Services and conformance to the terms of this
Agreement including, to the extent applicable to the Services and to the Charges therefore,
performing audits:
(A) of practices and procedures;
(B) of systems, Equipment and Software;
(C) of supporting information and calculations regarding compliance with Service Levels;
(D) of general controls and security practices and procedures;
(E) of disaster recovery and back-up procedures;
(F) of the efficiency of Vendor in performing the Services; and
(G) as necessary to enable ACI to meet, or to confirm that Vendor is meeting, applicable
regulatory and other legal requirements.
ACI shall not use auditors engaged on a contingency fee basis to perform audits under this Section
11.2. If an audit by or on behalf of ACI hereunder shows any matter that may adversely affect ACI,
ACI shall notify Vendor of such matter and Vendor shall provide ACI with a detailed plan to remedy
such matter within ten (10) Business Days after Vendor’s receipt from ACI of the final audit
report. Vendor will then immediately proceed to implement the remediation plan and correct such
matters.
(b) If, as required by Section 10.7(d), Vendor is unable to include substantially similar
audit-related provisions in a subcontract, or audit provisions that are at least as protective of
ACI, Vendor shall disclose such inability in connection with requesting ACI’s consent to use such
subcontractor. Without limiting the generality of the foregoing, the audit rights with respect to
contracts assigned by ACI to Vendor shall be as set forth in such contracts.
(c) In addition but subject to the procedures described in (a) above, Vendor shall provide
information sufficient to allow ACI or a designated third party who is not a Vendor Competitor to
ensure that current server packs, patches and firmware are in place for Equipment Vendor has
refresh responsibility. Vendor will also permit ACI or its Affiliates (or its and their auditors
who are not Vendor Competitors) to audit compliance with laws and regulations and any IT general
controls, including the Change Control Procedure, Network security, logical security, computer
operations, backup and recovery and disaster recovery.
(d) Vendor and ACI shall meet and review each audit report promptly after its issuance, and,
as part of such meeting, Vendor shall provide responses to ACI on the issues in such audit report.
Vendor shall provide to ACI’s auditors, inspectors, regulators and representatives the reasonable
assistance they require, including installing and operating audit software to the extent such
assistance is during Business Hours and does not materially interfere with Vendors ability to
perform its obligations under the Agreement. Vendor shall notify ACI if the assistance required,
including installation of any audit software would materially and adversely affect Vendor’s ability
to meet the Service Levels. After receiving such notice, ACI shall either alter its request or
temporarily waive the Service Levels that would be adversely affected. Vendor shall cooperate
fully with ACI and its designees in connection with audit functions and with regard to examinations
by regulatory authorities.
Confidential
Master Services Agreement
Page 34
Execution Copy
(e) Vendor agrees to promptly provide ACI and its auditors with all reasonable cooperation and
information that may be required in connection with any audits conducted by ACI’s or its
Affiliates’ customers that pertain to the Services.
(f) With respect to any change management or benchmarking adjustment proposed by Vendor, or
any proposed adjustment offered by Vendor in connection with an Extraordinary Event, New Service or
ACI’s withdrawal of Services under Section 3.6(b) (each, an “Adjustment”), if ACI disputes
such Adjustment, in addition to any other rights that ACI has under this Agreement, ACI may retain
an independent third party (which may include ACI’s internal auditors or outside auditors) to audit
Vendor’s or any of its subcontractor’s charges and costs (where the Agreement specifies that cost
or cost plus is the basis for determining the charges) associated with such Adjustment; provided
(i) such independent third party shall execute a nondisclosure agreement with both Parties
containing confidentiality and nondisclosure terms substantially similar to those set forth in this
Agreement, and (ii) such independent third party may not disclose Vendor’s or any of its
subcontractor’s charges and costs (where the Agreement specifies that cost or cost plus is the
basis for determining the charges) associated with such Adjustment to ACI, but may provide
sufficient information to ACI to enable ACI to assess the validity of such Adjustment. Vendor
shall maintain, and shall cause its subcontractors to maintain, sufficient records to permit such
independent third party to conduct such audits, and shall provide such independent third party with
reasonable access to its and each of its subcontractor’s records for the purpose of performing such
audits. Vendor shall provide its full cooperation and assistance as is reasonably requested by
such independent third party.
11.3 Vendor Internal Controls.
(a) Vendor agrees that, beginning no sooner than eight (8) months following completion of
Transition, each calendar year during the Term, it will have one of the “big four” accounting firms
(“Auditors”) conduct, at Vendor’s expense, at least one SAS 70 Type II Audit in Vendor’s
shared delivery center in North America at or from which the Services are provided. Vendor shall
provide ACI with one copy of each applicable audit report resulting from such SAS 70 Type II Audit
(“SAS 70 Type II Report”) at no charge. To the extent ACI provides reasonable notice and
requests that, in addition to the SAS 70 Type II Audit described in the preceding sentence, Vendor
conducts a ACI-specific SAS 70 Type II Audit, Vendor shall do so at ACI’s expense (provided, Vendor
notifies ACI of such expense, obtains ACI’s approval and uses Commercially Reasonable Efforts to
minimize such expense).
(b) Vendor or an independent third party shall perform a security and controls audit at least
annually. This audit shall test the compliance to the agreed-upon security standards, procedures
as reflected in Schedule A (Statement of Work) and the other requirements in this
Agreement. If the audit shows any material matter that may adversely affect ACI, Vendor shall
disclose such matter to ACI and prepare a detailed plan to remedy such matter within thirty (30)
Business Days of completion of the audit. If the audit does not show any matter that may adversely
affect ACI, Vendor shall provide the audit or a reasonable summary thereof within ten (10) Business
Days of audit completion to ACI. Any such summary may be limited to the extent necessary to avoid
a breach of Vendor’s security by virtue of providing such summary. ACI may use a third party or
its internal staff for an independent audit. If ACI chooses to conduct its own security audit,
such audit shall be at ACI’s expense.
11.4 Audit Follow-up.
(a) Following an audit or examination, ACI may conduct (in the case of an internal audit), or
request its external auditors or examiners to conduct, an exit conference with Vendor to obtain
factual concurrence with issues identified in the review.
Confidential
Master Services Agreement
Page 35
Execution Copy
(b) Vendor shall promptly make available to ACI SAS 70 Type II Reports to the extent such
reports are performed or available as reflected in Section 11.3(a).
(c) Vendor will promptly remediate any audit issues arising in SAS 70 Type II Reports that
impact or are reasonably likely to impact ACI or the Services in accordance with the remediation
process described in Section 11.2(a).
11.5 Records Retention.
Until the latest of (a) seven (7) years after expiration or termination of this Agreement; (b)
all pending matters relating to this Agreement (e.g., disputes) are closed; or (c) the information
is no longer required to meet ACI’s records retention policy as such policy may be adjusted from
time to time and communicated in writing to Vendor, Vendor shall maintain and provide access upon
reasonable request to the records, documents, and other information required to meet ACI’s audit
rights under this Agreement. Before destroying or otherwise disposing of such information, Vendor
shall provide ACI with not less than sixty (60) days prior written notice and offer ACI the
opportunity to recover such information or to request Vendor to deliver such information to ACI.
11.6 Discovery of Overcharge of ACI.
If an audit shows that Vendor has overcharged ACI in the current contract year and/or previous
calendar year, at ACI’s option, Vendor shall either credit to ACI’s account or pay to ACI directly
an amount equal to the amount of the overcharge plus interest at the prime rate calculated from the
date the overcharge was paid by ACI to Vendor. For the purposes of this Section 11.6, the prime
rate shall be the rate set forth in the Wall Street Journal,
New York edition, “Money Rates”
section (or any successor thereto) at the time of such audit. If an audit shows that Vendor
overcharged ACI by more than five (5) percent of the Charges, net of any undercharges identified in
the audit, then Vendor shall also pay ACI an amount equal to the cost of the portion of the audit
related to such overcharges discovery. If any such audit reveals an undercharge by Vendor in the
Charges for a particular Charges category, ACI shall promptly pay to Vendor the amount of such
undercharge plus interest at the prime rate calculated from the date the undercharge should have
been paid to Vendor.
12. ACI RESPONSIBILITIES
ACI shall have no other responsibilities than those expressly set forth in this Agreement
(including any reflected in any Schedules, Exhibits or Attachments to this Agreement). Those
responsibilities include the following:
(a) ACI shall designate one (1) individual to whom Vendor may address all Vendor
communications concerning this Agreement and all activities pursuant to it (the “ACI Contract
Executive”).
(b) ACI shall cooperate with Vendor, including by making available management decisions,
information, approvals and acceptances, as reasonably requested by Vendor so that Vendor may
accomplish its obligations and responsibilities under this Agreement. The ACI Contract Executive
or its designee shall be the principal point of contact for obtaining such decisions, information,
approvals and acceptances. Only personnel as expressly so designated by the ACI Contract Executive
shall be authorized to make commitments on the part of ACI that amend this Agreement or commit
resources that are subject to a Resource Volume Baseline. To the extent Vendor relies on the
apparent authority of other personnel, it does so at its own risk and without obligation on ACI’s
part.
Confidential
Master Services Agreement
Page 36
Execution Copy
13. CHARGES
13.1 General.
The charges for the Services (“Charges”) are set forth in this Agreement. ACI shall
not be required to pay Vendor any amounts for the Services in addition to those set forth in this
Agreement.
13.2 Pass-Through Expenses.
(a) “Pass-Through Expenses” shall mean third-party charges paid by Vendor and
reimbursed (without markup or administrative charge of any kind) by ACI. Pass-Through Expenses
agreed by the Parties as of the Effective Date are set forth in Schedule C (Charges).
Additional Pass-Through Expenses may be agreed by the Parties through the Change Control Procedure.
(b) Vendor shall use Commercially Reasonable Efforts to minimize the amount of any particular
Pass-Through Expense. With respect to services or materials paid for on a Pass-Through Expenses
basis, ACI reserves the right to:
(i) obtain such services or materials directly from one or more third parties;
(ii) subject to Section 10.6, designate the third-party source for such services or materials;
(iii) designate the particular services or materials (e.g., equipment make and model) Vendor
shall obtain (although if Vendor demonstrates to ACI that such designation shall have an adverse
impact on Vendor’s ability to meet the Service Levels, such designation shall be subject to
Vendor’s reasonable approval);
(iv) designate the terms for obtaining such services or materials (e.g., purchase or lease and
lump sum payment or payment over time);
(v) require Vendor to identify and consider multiple sources for such services or materials or
to conduct a competitive procurement; and
(vi) review and approve the applicable Pass-Through Expenses before entering into a new
contract for particular services or materials.
13.3 Incidental Expenses.
Except as may be otherwise provided in this Agreement, expenses that Vendor expects to incur
in performing the Services (including travel and lodging, document reproduction and shipping, and
long-distance telephone) are included in Vendor’s Charges and rates set forth in this Agreement.
Accordingly, such Vendor expenses are not separately reimbursable by ACI unless, on a case-by-case
basis for unusual expenses, ACI has agreed in advance and in writing to reimburse Vendor for the
expense. Notwithstanding the above or any other provision in this Agreement to the contrary,
Vendor shall use Commercially Reasonable Efforts to minimize any expenses that ACI is required or
elects to pay under this Agreement. Vendor agrees that any such expenses will be invoiced to ACI
without markup.
13.4 Taxes.
Confidential
Master Services Agreement
Page 37
Execution Copy
(a) Each Party shall be responsible for any personal property taxes on property it owns or
leases, for franchise and privilege taxes on its business, and for taxes based on its net income or
corporate level gross receipts.
(b) Vendor shall be responsible for any sales, use, excise, value-added, services, consumption
or other taxes and duties payable by Vendor on the goods or services used or consumed by Vendor in
providing the Services where the tax is imposed on Vendor’s acquisition or use of such goods or
services and the amount of tax is measured by Vendor’s costs in acquiring such goods or services.
ACI shall be responsible to pay to Vendor, or reimburse Vendor for the payment of, and Vendor shall
be responsible for the collection and remittance of, any and all sales, use, excise, value-added,
services, consumption and other taxes imposed or assessed on the Charges or the provision of the
Services provided by the Vendor after the Effective Date. Vendor and ACI shall agree on the
appropriate method for invoicing the Services to be certain to capture only those Services subject
to tax and the appropriate tax rate. If and to the extent any such tax is increased, reduced or
eliminated during the Term, Vendor shall adjust the amounts invoiced to ACI to fully reflect the
increase, reduction or elimination of such tax. If new or higher taxes thereafter become
applicable to the Services as a result of Vendor moving all or part of its operations to a
different Service Location (for example, Vendor relocating performance of Services to a shared
service center or subcontracting any portion of the Services), Vendor shall (i) specify the tax
rate that applies to the new Service Location on all subsequent invoices, and (ii) reimburse ACI
for any incremental taxes that arise from the move to the new Service Location.
(c) If any sales, use, excise, value added, services, consumption or other tax is assessed on
the provision of any of the Services, the Parties shall work together to segregate the payments of
such taxes under this Agreement into three (3) payment streams:
(i) those for taxable Services;
(ii) those for which Vendor functions merely as a payment agent for ACI in receiving goods,
supplies or services (including leasing and licensing arrangements); and
(iii) those for other nontaxable Services, including those Services and related Equipment
sales that qualify under the exemption of outsourcing.
(d) Each Party shall provide and make available to the other any direct pay or resale
certificates, information regarding out-of-state or out-of-country sales or use of Equipment,
materials or services, and other exemption certificates or information reasonably requested by the
other Party.
(e) The Parties agree to cooperate with each other to enable each to more accurately determine
its own tax liability and to minimize such liability to the maximum extent legally permissible.
Unless ACI has provided Vendor with tax-exemption, direct pay or resale certificates, Vendor’s
invoices shall separately state the amounts of any taxes Vendor is collecting from ACI, and Vendor
shall remit such taxes to the appropriate authorities.
(f) Each Party shall promptly notify the other Party of, and cooperate with, such other Party
regarding the response to and settlement of, any claim for taxes asserted by applicable taxing
authorities for which it is responsible hereunder.
(g) If ACI reasonably requests Vendor, timely and in writing, and with appropriate legal
authority, to challenge the imposition of any tax, Vendor shall do so in a timely manner and ACI
shall reimburse Vendor for the reasonable legal fees and expenses it incurs.
Confidential
Master Services Agreement
Page 38
Execution Copy
(h) Each Party shall be entitled to any tax refunds or rebates (and related interest) granted
to the extent such refunds or rebates are of taxes that were paid by such Party.
13.5 Extraordinary Events.
(a) An “Extraordinary Event” means a circumstance in which ACI experiences a
significant change in the scope or nature of its business (e.g. changes to the locations where the
ACI operates, changes in the ACI’s products or markets, mergers, acquisitions or divestitures
involving ACI, changes in the ACI’s method of service delivery, changes in the ACI’s market
priorities) that is expected by ACI to vary from the applicable Charges at applicable Resource
Volumes Baselines for at least three (3) consecutive months by more than plus or minus thirty-five
percent (+/-35%) provided that any such decrease is not due to ACI resuming provision of the
Services itself or transferring provision of the Services to another service provider.
(b) Upon the occurrence of an Extraordinary Event, and at ACI’s request, the Parties shall
negotiate in good faith with regard to the adjustment of Vendor’s Charges and resources (including
Baselines, Monthly Base Charges, ARCs, RRCs and other rates as appropriate) as well as any other
impacted terms and conditions of this Agreement. For the avoidance of doubt, either Party may
notify the other that an Extraordinary Event has occurred.
(c) If within thirty (30) days following a Party’s notice of the occurrence of an
Extraordinary Event, the Parties have not agreed upon the foregoing, then either Party may submit
the issue to dispute resolution under Article 20. Unless and until the Parties have agreed on the
adjustment contemplated in paragraph (b) above, Vendor will continue to perform, and ACI will
continue to pay, in accordance with the terms and conditions of this Agreement as applicable before
the Extraordinary Event.
13.6 New Services.
Services that are materially different from, or in addition to, the Services, but for which
there is no charging methodology, or which the existing charging methodology was not intended to
cover (e.g., start-up expenses) shall be considered “New Services.” The Parties’
obligations with respect to New Services shall be as follows:
(a) If the performance of the New Services can be reflected in a change in the volume of
chargeable resource usage, and the net change in the resources and expenses required to perform the
New Services would not be disproportionately different from the corresponding change in the volume
or composition of such chargeable resource usage from performing such New Services, then the
charge, if any, for such New Services shall be determined pursuant to Schedule C (Charges),
this Section 13.6 and the other Sections of this Agreement relating to New Services. The New
Services shall then be considered Services and shall be subject to the provisions of this
Agreement. In addition, the Parties may work together to re-prioritize certain then existing
Services and/or Service Levels in order to determine if, by such re-prioritization of existing work
or Service Levels, Vendor could accommodate the ACI requested New Services with the then current
account staff, Equipment, Software and other related items. If Vendor determines, in its
reasonable discretion, that it could accommodate such New Services, such New Services shall become
Services without the necessity of an added charge so long as such accommodation does not jeopardize
the performance by Vendor of any other of the Services at the Service Levels.
(b) If the performance of the New Services cannot be reflected in a change in the volume of
chargeable resource usage, or if the net change in the resources and expenses required to perform
the New
Confidential
Master Services Agreement
Page 39
Execution Copy
Services would be disproportionately different from the corresponding change in the volume or
composition of chargeable resource usage from performing such New Services, then:
(i) Vendor shall quote to ACI a charge (which may be variable) for such New Services that is
competitive with the charge Vendor provides for similar services to its other customers. Such
charges shall take into account, as applicable, resources and expenses of Vendor for then-existing
portions of the Services that would no longer be required if the New Services would be performed by
Vendor; and
(ii) upon receipt of such quote, ACI may then elect to have Vendor perform the New Services,
and the Charges under this Agreement shall be adjusted, if appropriate, to reflect such New
Services. If ACI so elects, such New Services shall be subject to the provisions of this
Agreement.
(c) If the Parties cannot agree upon the pricing applicable to a New Service that, although
materially different from the Services, is still closely related to the Services then being
provided by Vendor, ACI nonetheless desires Vendor to perform such New Service, then upon ACI’s
written instruction to proceed, Vendor shall begin performance of such New Service and, until that
time when ACI and Vendor can agree on the applicable charge for the New Service, Vendor will
provide such New Service at the applicable time and materials rates reflected in Exhibit
C-1 (Base Charges, Baselines, ARC/RRC Rates and Termination Charges). If within sixty (60)
days following ACI’s written instruction to proceed, the Parties have not agreed on the applicable
charges for the New Service, then the Charges will be determined as provided under Section 20.1(a).
(d) ACI may in its discretion elect to solicit and receive bids from, or otherwise enter into
agreements with, third parties to perform or to perform itself any New Services. If ACI so elects,
Vendor shall cooperate at no charge with ACI and the third parties with respect to the provision of
such New Services.
(e) Evolution, supplements, modifications, enhancements and replacements of the Services
required by Section 3.3 above shall not be deemed to be New Services.
(f) With regard to Production Mainframe and Hosting Services which may be required by ACI in
the future to provide market competitive service offerings to their external clients, the Parties
agree that Vendor will provide market competitive pricing.
13.7 Benchmarks for Cost of Services.
(a) Beginning in the second Contract Year and up to once in each Contract Year thereafter, ACI
may benchmark the Services within a Services Tower. If ACI notifies Vendor in writing that it
elects not to exercise its right to perform a benchmarking within the twelve (12) month period
following such notice, ACI will receive a credit of $200,000.00 on the next invoice following the
notice. Once such a credit has been paid, a benchmark may not be initiated during the applicable
twelve (12) month period.
(b) A benchmarking under this Section 13.7 shall be conducted by an independent
industry-recognized benchmarking service provider designated by ACI from the list of approved
benchmarkers attached hereto as Schedule O (Approved Benchmarkers) (the
“Benchmarker”), which list the Parties will update under the Contract Change Control
Procedure from time to time as necessary to reflect changes in the industry. The Parties shall be
jointly responsible for the fees of the Benchmarker. The Benchmarker shall execute a
confidentiality agreement in substantially the form set forth in Schedule M (Vendor
Confidentiality Agreement). The Benchmarker’s compensation shall not be contingency fee based.
The Parties shall cooperate with the Benchmarker, including, as appropriate, making available
knowledgeable
Confidential
Master Services Agreement
Page 40
Execution Copy
personnel and pertinent documents and records. Notwithstanding the preceding sentence, the
Benchmarker shall not have access to any proprietary data other than pricing information, or data
related to another Vendor customer. The Benchmarker may not use any information provided by either
Vendor or ACI for any purpose other than conducting the benchmark study hereunder, unless such use
is expressly agreed to in writing by Vendor and ACI.
(c) The Benchmarker shall perform the benchmarking in accordance with Benchmarker’s documented
procedures, which shall be provided to the Parties prior to the start of the benchmarking process.
The Benchmarker shall, separately as to each Service Tower benchmarked, compare the aggregate
Charges under this Agreement for the Services being benchmarked to the aggregate charges (for
services similar to those in that Service Tower) being incurred in a representative sample of
outsourced IT operations by or for other entities. The Benchmarker shall select the representative
sample from entities (i) identified by the Benchmarker and approved by the Parties, or (ii)
identified by a Party and approved by the Benchmarker. The following conditions apply to the
representative sample: (A) it shall include no more than eight (8) entities and no less than four
(4) entities and (B) it may include entities that are outsourcing customers of Vendor.
(d) The Benchmarker is to conduct a benchmarking as promptly as is prudent in the
circumstances. In conducting the benchmarking, the Benchmarker shall normalize the data used to
perform the benchmarking to accommodate, as appropriate, differences in volume of services, scope
of services, service levels, financing or payment streams, service window coverage, geographic
scope, Vendor’s upfront costs, the overall financial structure of the agreement, sophistication of
the underlying technology, contract terms and conditions (to the extent available), other factors
unique to ACI’s and the comparison contract’s requirements, and other factors the Benchmarker views
to be pertinent. Each Party shall be provided a reasonable opportunity to review, comment on and
request changes in the Benchmarker’s preliminary findings. Following such review and comment, the
Benchmarker shall issue a final report of its findings and conclusions.
(e) If in the final report of the Benchmarker, the Charges to ACI under this Agreement for the
benchmarked Services are in the aggregate within five (5) percent of the average of the
representative sample then no adjustment shall be made to Vendor’s Charges. If in the final report
of the Benchmarker, the Charges to ACI under this Agreement for the benchmarked Services are in the
aggregate between five (5) percent and (10) percent higher than the average of the representative
sample, then the relevant Charges for the Services shall be reduced to the average of the
representative sample for each percent above five (5) percent, effective thirty (30) days after the
initial date of delivery of the benchmark results provided however, the Vendor’s Charges shall not
be reduced by more than five (5) percent of the Charges payable for the particular Service Tower
benchmarked. For example, if in the final report of the Benchmarker, the Charges to ACI under this
Agreement for the benchmarked Services are in the aggregate seven (7) percent higher than the
average of the representative sample, then the Vendor Charges payable for the particular Service
Tower would be reduced by two (2) percent. If in the final report of the Benchmarker, the Charges
to ACI under this Agreement for the benchmarked Services are in the aggregate more than ten percent
(10%) greater than the average of the representative sample then (A) the relevant Vendor Charges
payable for the particular Service Tower would be reduced by five (5) percent effective thirty (30)
days after the initial date of delivery of the benchmark results and (B) the Vendor shall promptly
offer an alternative proposal for the ACI’s consideration for further adjustments to either the
scope of the Services, Service Levels or Charges.
(f) Without limiting the generality of the foregoing, the foregoing proposal may include
Changes to the method, manner or quality of the Services to the extent Vendor can demonstrate the
Changes were not already reflected in the benchmark. Vendor then shall implement the agreed plan
for the benchmarked Services in the designated period of time.
Confidential
Master Services Agreement
Page 41
Execution Copy
(g) If Vendor (A) fails to develop promptly and implement a plan to adjust its Charges in
accordance with paragraph (i) above, or (B) fails to adjust its Charges in accordance with the plan
in the required time period, then ACI may terminate the benchmarked Services or any portion thereof
without the payment of any Termination Charges, other than payment of the Wind Down Expenses for
the affected Services, by giving Vendor at least sixty (60) days’ prior notice. In the case of
termination by ACI of Services in accordance with this Section 13.7, the Charges payable under this
Agreement for continuing Services shall be equitably adjusted to reflect the removal of the
Services that are terminated.
(h) In no event shall Charges be increased based on the results of a benchmarking process.
14. INVOICING AND PAYMENT
14.1 Invoicing.
(a) Vendor shall invoice ACI for all Charges due under this Agreement in the manner reflected
in this Section 14.1. Monthly Base Charges, as defined in Schedule C (Charges), shall be
invoiced on or before the tenth (10th) day of each month in which the Services which are
the subject of the Monthly Base Charges are performed with payment due to Vendor on or before the
last day of the month; provided however, if such invoice is received after the tenth
(10th) day of the month, payment for such invoice shall be due to Vendor within thirty
(30) days of the invoice receipt date. ARCs, RRCs and any other variable Charges that are in
addition to the Monthly Base Charges for a month will be invoiced on a monthly basis but will be
invoiced on the following month’s invoice.
(b) To the extent a credit is due ACI pursuant to this Agreement, Vendor shall provide ACI
with an appropriate credit against Charges then due and owing in the next monthly invoice; if no
further payments are due to Vendor, Vendor shall pay such amounts to ACI within thirty (30) days.
(c) Vendor shall render a single, consolidated, monthly invoice for each month’s Charges,
showing the details specified in Exhibit C-3 (Form of Invoice) including details necessary
to satisfy ACI’s accounting and chargeback requirements in accordance with Section 3.2(b). Such
invoice shall separately identify Pass-Through Expenses for the month (if any), Charges prepaid by
ACI, the number of hours allocated to Projects, broken out by Project and indicating, as
applicable, (i) where Project pool resources are drawn down (as described in Schedule C
(Charges)) and (ii) where additional Charges (other than the Monthly Base Charges) have been
incurred, and the amounts of any taxes Vendor is collecting from ACI. Vendor shall include with
the invoice the calculations utilized to establish the charges in sufficient detail to enable ACI
to confirm the accuracy of the Charges included in the invoice. The form of invoice is included as
Exhibit C-3 (Form of Invoice). If Vendor fails to provide an invoice to ACI for any amount
within one calendar year after the date on which the Services in question are rendered or the
expense incurred, Vendor shall waive any right it may otherwise have to invoice for and collect
such amount.
14.2 Payment Due.
Subject to the other Sections of this Agreement, undisputed Charges on invoices submitted to
ACI shall be due and payable by ACI as specified in 14.1(a). Such payments will be made by ACI by
electronic funds transfer. If a due date does not fall on a Business Day, payments must be
received by Vendor on or before one (1) Business Day after such date. Subject to Section 14.8, any
undisputed Charges not paid within five (5) days of when they are due will bear interest until paid
at a rate of interest equal to the lesser of: (i) one percent per month of such outstanding amount
per every thirty days or portion thereof or; (2) the maximum rate of interest allowed by Applicable
Law calculated from the date payment was due.
Confidential
Master Services Agreement
Page 42
Execution Copy
14.3 Accountability.
Vendor shall maintain complete and accurate records of and supporting documentation for the
Charges billable to and payments made by ACI under this Agreement in accordance with generally
accepted accounting principles applied on a consistent basis. Vendor shall provide ACI with
documentation and other information with respect to each invoice as may be reasonably requested by
ACI to verify accuracy and compliance with the provisions of this Agreement.
14.4 Pro-ration.
Charges occurring on a periodic basis under this Agreement are to be computed on a calendar
month basis, and shall be prorated for any partial month.
14.5 Prepaid Amounts.
Where ACI has prepaid for a service or function for which Vendor is assuming financial
responsibility under this Agreement, upon either Party identifying the prepayment, Vendor shall
refund to ACI that portion of such prepaid expense that is attributable to periods on and after the
applicable Service Tower Commencement Date on the next monthly invoice. Upon Vendor’s request and
as a condition to Vendor’s obligation, ACI shall provide substantiation and documentation of any
prepaid expense for which it believes it is entitled to credit hereunder.
14.6 Refunds and Credits.
If Vendor receives a refund, credit or other rebate for goods or services previously paid for
by ACI, Vendor shall promptly notify ACI of such refund, credit or rebate and shall promptly credit
the full amount of such refund, credit or rebate, as the case may be, to ACI on the next monthly
invoice; provided that Vendor will make payment in lieu of such a credit if requested by ACI.
14.7 Deduction.
ACI shall have the right to deduct from Charges owed by ACI to Vendor under this Agreement any
amount (i) not in dispute between the Parties, (ii) that ACI has notified Vendor in writing of, on
or before the payment due date, and (iii) that Vendor is obligated to pay to or credit to ACI.
14.8 Disputed Charges.
Subject to ACI’s right of deduction under Section 14.7, ACI shall pay undisputed Charges when
those payments are due. ACI may withhold invoiced amounts that ACI disputes in good faith subject
to the limits specified herein and pursuant to the following procedures:
(i) After receipt of an invoice from Vendor, but prior to the date on which payment for such
invoice is due, ACI shall give written notice to Vendor of its intent to dispute and reasons for
disputing such invoice.
(ii) Unless Vendor gives ACI written notice of Vendor’s agreement as to ACI’s position by the
payment date for such invoice, ACI shall pay the disputed invoice upon the due date.
(iii) Vendor shall have thirty (30) days from the date of ACI’s notice to cure any breach or
otherwise resolve the issue related to the dispute. If Vendor is unable to cure the breach or
otherwise
Confidential
Master Services Agreement
Page 43
Execution Copy
resolve the issue within thirty days, ACI may withhold the disputed amount from the next
month’s payment
If any portion of an invoice is subject to a bona fide dispute between the Parties, ACI may
withhold the amount ACI disputes in good faith, directly attributable to such dispute, up to twenty
(20) percent of the Monthly Base Charge each month, not to exceed, in the aggregate, the Monthly
Base Charge for one months. ACI’s payment of invoiced amounts shall not constitute a waiver by ACI
of any right or remedy available to it at law or equity or this Agreement, including any right ACI
may have to dispute (or recover) such amounts. Any dispute regarding payment shall be resolved in
accordance with the Dispute Resolution Process in Section 20 below. In the event the dispute is
resolved in Vendor’s favor, interest (at the rate reflected in Section 14.2) will be due and owing
accruing back to the date that is five (5) days after the date such amount would have been due as
an undisputed amount.
15. SAFEGUARDING OF DATA; CONFIDENTIALITY
15.1 General.
(a) ACI Confidential Information shall be and remain, as between the Parties, the property of
ACI. Vendor shall not possess or assert any lien or other right against or to ACI Confidential
Information. ACI Confidential Information shall not be:
(i) used by Vendor other than in connection with providing the Services;
(ii) disclosed, sold, assigned, leased or otherwise provided to third parties by Vendor, other
than as permitted in this Agreement; or
(iii) commercially exploited by or on behalf of Vendor.
(b) ACI Confidential Information shall not be utilized by Vendor for any purpose other than
that of rendering the Services under this Agreement.
15.2 Safeguarding ACI Data.
Vendor shall establish and maintain safeguards against the destruction, loss or alteration of
ACI Data in the possession of Vendor which are no less rigorous than those implemented and in use
by ACI as of the Effective Date, to the extent such safeguards are made known to Vendor, either
through documented security policies provided by ACI (“ACI Information Security
Requirements”) and in no event less rigorous than the safeguards employed by Vendor to protect
its own confidential information. Vendor will comply with Changes in the ACI Information Security
Requirements as soon as reasonably practicable after such Changes have been provided to Vendor,
subject to ACI’s payment of additional Charges, if any, determined to be payable with respect to
such Change under the Change Control Procedure. Vendor shall make no Changes to ACI’s safeguards
unless agreed by ACI. Vendor shall maintain such safeguards until the Security Plan (as defined
below) becomes effective.
(a) Within three (3) months of the completion of Transition, and annually thereafter as part
of the technology planning process described in Section 10.8, Vendor shall provide ACI with a
security plan (the “Security Plan”) describing upgrades to ACI’s data security procedures
and the related infrastructure for ACI Data in the possession of Vendor necessary to bring such
procedures and infrastructure into compliance with the standards the Parties agree are appropriate
for ACI, which at a minimum will include any then-current ACI Information Security Requirements.
Vendor shall implement the initial Security Plan and each annual plan thereafter. Any Changes to
the Services as a result of
Confidential
Master Services Agreement
Page 44
Execution Copy
upgrades to the Security Plan shall be implemented by Vendor, subject to ACI’s payment of any
Charges therefore agreed by the Parties in accordance with the Change Control Procedure.
(b) If ACI requests enhancements that are not necessary to satisfy either the safeguards
maintained by ACI as of the Effective Date, or the requirements of any Security Plan agreed upon by
the Parties, Vendor shall implement such improvements as a New Service, except that any additional
disaster recovery measures or safeguards reasonably deemed by ACI to be necessary to protect any
Personally Identifiable Information shall be subject to the Change Control Procedure. ACI shall
have the right to establish backup security for data and to keep backup data and data files in its
possession if it chooses.
(c) Vendor Personnel shall not attempt to access, or allow access to, any ACI Data which they
are not permitted to access under this Agreement. If such access is attained (or is reasonably
suspected), Vendor shall promptly report such incident to ACI, describe in detail the accessed ACI
Data, and if applicable return to ACI any copied or removed ACI Data.
(d) The systems security measures required under Sections 15.2(a) and 15.2(b) shall include,
any System Software which:
(i) requires all users to enter a user identification and password prior to gaining access to
the information systems;
(ii) controls and tracks the addition and deletion of users; and
(iii) controls and tracks user access to areas and features of the information systems.
(e) ACI Data (i) shall not be used by Vendor other than pursuant to this Agreement; (ii) shall
not be disclosed, sold, assigned, leased or otherwise provided to third parties by Vendor, except
as required by any court or administrative agency under Applicable Law; (iii) shall not be
commercially exploited by or on behalf of Vendor, its employees or agents; and (iv) shall not be
stored or co-mingled with Vendor’s data or any data from any other Vendor client except as
permitted by ACI’s Risk Control Requirements.
15.3 Confidential Information.
(a) Vendor and ACI each acknowledge that they may be furnished with, receive or otherwise have
access to information of or concerning the other Party that such Party considers to be
confidential, a trade secret or otherwise restricted. “Confidential Information” shall
mean all information, in any form, furnished or made available directly or indirectly by one Party
to the other that is marked confidential, restricted or with a similar designation. The terms and
conditions of this Agreement shall be deemed Confidential Information of each Party. In the case
of ACI, Confidential Information also shall include, whether or not marked confidential, restricted
or with a similar designation: (i) ACI Data; (ii) the specifications, designs, documents, software,
documentation, data and other materials and work products owned by ACI pursuant to this Agreement;
(iii) all information concerning the operations, employees, assets, customers, affairs or
businesses of ACI, the financial affairs of ACI or the relations of ACI with its customers,
employees and service providers (including customer lists, customer information, account
information, analyses, compilations, forecasts, studies and consumer market information); (iv) ACI
Software or ISV Software licensed in the name of ACI or a ACI Affiliate, provided to Vendor by or
through ACI; and (v) information that a reasonable person would deem confidential under the context
of disclosure or due to the nature of the information (collectively, the “ACI Confidential
Information”). In the case of Vendor, Confidential Information also shall include, whether or
not marked confidential, restricted or with a similar designation, Vendor’s financial information,
personnel records, information
Confidential
Master Services Agreement
Page 45
Execution Copy
regarding Vendor’s, its Affiliates’ or its subcontractors’ business plans and operations, and
software, tools and methodologies owned or used by Vendor, its Affiliates or its subcontractors,
and information that a reasonable person would deem confidential under the context of disclosure or
due to the nature of the information.
(b) Obligations in Connection with Confidential Information.
(i) Each Party shall use at least the same degree of care as it employs to avoid unauthorized
disclosure of its own information, but in any event no less than Commercially Reasonable Efforts
(except that the case of ACI Data, the degree of care required of Vendor shall be that degree of
care specified under Section 15.2), to prevent disclosing to unauthorized parties the Confidential
Information of the other Party, provided that Vendor may disclose such information to properly
authorized entities as and to the extent necessary for performance of the Services, and ACI may
disclose such information to third parties as and to the extent necessary for the conduct of its
business, where in each such case:
(A) the receiving entity first agrees in writing to terms and conditions substantially the
same as the confidentiality provisions set forth in this Agreement;
(B) use of such entity is authorized under this Agreement;
(C) such disclosure is necessary or otherwise naturally occurs in that entity’s scope of
responsibility; and
(D) the receiving Party assumes full responsibility for the acts and omissions of such third
party.
(ii) As requested by ACI during the Term, or upon expiration or any termination of this
Agreement, or completion of Vendor’s obligations under this Agreement, Vendor shall return or
destroy, as ACI may direct, all material in any medium that contains, refers to or relates to ACI
Confidential Information, in the form reasonably requested by ACI, and retain no copies.
(iii) Each Party shall ensure that its personnel comply with these confidentiality provisions.
(iv) In the event of any actual or suspected misuse, unauthorized disclosure or loss of, or
inability to account for, any Confidential Information of the furnishing Party, the receiving Party
promptly shall:
(A) notify the furnishing Party upon becoming aware thereof;
(B) promptly furnish to the other Party full details of the unauthorized possession, use or
knowledge or attempt thereof, and use reasonable efforts to assist the other Party in investigating
or preventing the reoccurrence of any unauthorized possession, use or knowledge or attempt thereof,
of Confidential Information;
(C) take such actions as may be necessary or reasonably requested by the furnishing Party to
minimize the violation; and
Confidential
Master Services Agreement
Page 46
Execution Copy
(D) cooperate in all reasonable respects with the furnishing Party to minimize the violation
and any damage resulting therefrom.
(c) The Parties’ obligations with respect to Confidential Information (other than Personally
Identifiable Information) shall not apply to any particular information which Vendor or ACI can
demonstrate:
(i) was, at the time of disclosure to it, public knowledge;
(ii) after disclosure to it, is published or otherwise becomes part of the public knowledge
through no breach of this Agreement or any other confidentiality agreement;
(iii) was in the possession of the receiving Party at the time of disclosure to it without
obligation of confidentiality herein;
(iv) was received after disclosure to it from a third party who had a lawful right to disclose
such information to it without any obligation to restrict its further use or disclosure; or
(v) was independently developed by the receiving Party without reference to Confidential
Information of the furnishing Party.
(d) In addition, a Party shall not be considered to have breached its obligations by:
(i) disclosing Confidential Information of the other Party (including Personally Identifiable
Information) as required to satisfy any legal requirement of a competent government body provided
that, immediately upon receiving any such request and to the extent that it may legally do so, such
Party advises the other Party of the request prior to making such disclosure in order that the
other Party may interpose an objection to such disclosure, take action to assure confidential
handling of the Confidential Information, or take such other action as it deems appropriate to
protect the Confidential Information; or
(ii) disclosing Confidential Information of the other Party (other than Personally
Identifiable Information) to its attorneys, auditors and other professional advisors in connection
with services rendered by such advisors, provided that such Party has confidentiality agreements
with such professional advisors and/or such advisors owe professional confidentiality obligations
to the Party.
(e) Except in emergency situations, prior to a Party commencing any legal action or proceeding
in respect of any unauthorized possession, use or knowledge or attempt thereof, of Confidential
Information by any person or entity which action or proceeding identifies the other Party or its
Confidential Information, such Party shall seek such other Party’s consent. If a Party withholds
its consent, the other Party’s performance shall be excused to the extent such lack of consent
prohibits the performance of its obligations under this Agreement.
(f) Each Party’s Confidential Information shall remain the property of that Party. Nothing
contained in the Parties’ obligations with respect to Confidential Information shall be construed
as obligating a Party to disclose its Confidential Information to the other Party, or as granting
to or conferring on a Party, expressly or impliedly, any rights or license to the Confidential
Information of the other Party, and any such obligation or grant shall only be as provided by other
provisions of this Agreement.
Confidential
Master Services Agreement
Page 47
Execution Copy
15.4 Corporate Information Risk Controls.
(a) Vendor shall support and adhere to ACI’s corporate information, rules, policies,
standards, procedures and applicable regulatory requirements as provided to Vendor in writing by
ACI (collectively, “ACI Risk Control Requirements”). Vendor will comply with any
modifications to the ACI Risk Control Requirements, subject to clause (ii) of this Section 15.4(a).
Vendor shall implement and administer effective solutions as necessary to implement the ACI Risk
Control Requirements, or as otherwise directed by ACI (subject to clause (ii) of this Section
15.4(a)), and shall cause the systems used to provide the Services to comply with such
requirements. ACI confirms that ACI is solely responsible for interpreting the applicable
regulatory requirements (including the Federal Financial Institutions Examination Council
regulations and the Payment Card Industry Data Security Standard) and ensuring that the ACI Risk
Control Requirements and other instructions provided to Vendor comply with both the ACI Risk
Control Requirements and ACI Laws. Immediately prior to the Effective Date, Vendor received from
ACI copies of the FFIEC and PCI regulations and standards with which Vendor will comply, subject to
the following:
(i) At no additional charge (A) beginning on the first Service Tower Commencement Date, Vendor
shall maintain compliance with the ACI Risk Control Requirements (to the extent that ACI was in
compliance with such requirements as of the Effective Date), and (B) within six (6) months of the
last Service Tower Commencement Date, Vendor shall upgrade its facilities and otherwise begin
performing the Services in a manner necessary to comply with Vendor’s own requirements of a similar
nature. Notwithstanding the foregoing, if at any time Vendor provides the Services from a shared
data center at which Vendor provides services to more than one Vendor customer, Vendor shall at all
times also comply with Vendor’s own risk rules, policies, procedures, standards and guidelines.
(ii) If ACI changes any ACI Risk Control Requirements after the first Service Tower
Commencement Date, or requests that Vendor comply with any such requirements with which ACI was not
in compliance as of the first Service Tower Commencement Date, and such requirements exceed
Vendor’s own requirements of a similar nature, and Vendor is unable to perform the new requirements
without adding substantial additional resources, Vendor will so notify ACI. ACI may elect to
either (A) reprioritize the Services in a manner which allows Vendor to expend the effort necessary
to bring the in scope infrastructure into compliance with such requirements at no additional
charge; or (B) authorize Vendor to expend the effort necessary to bring the in scope infrastructure
into compliance with such requirements as a New Service, a Project or otherwise pursuant to the
Change Control Procedure. If at any time ACI requests additional security, Vendor may make such
security available, but shall first notify ACI of the incremental charges (if any) for such
security and such Changes shall be subject to the Change Control Procedure. Each Party shall
designate an individual who shall serve as the primary contact for security-related issues.
(b) If control deficiencies are identified in systems or procedures used to provide the
Services, Vendor shall take immediate and concerted action to correct the deficiency, and shall
conduct a post-incident assessment and institute measures to prevent reoccurrence. On an
event-occurrence basis, Vendor shall inform ACI of any significant known issues surrounding the
control environment caused by system or procedural changes or errors and track the status of such
issues as they are resolved. Controls in modified or reengineered systems shall be tested against
those of the previous system versions to ensure desired levels of control are in place. Vendor
shall update ACI on the status of those system or procedural control improvements identified during
audits and agreed to by ACI.
(c) Suspected or actual incidents of non-compliance with ACI rules, policies and procedures
shall be managed to resolution by Vendor’s compliance team, in cooperation and consultation with
ACI,
Confidential
Master Services Agreement
Page 48
Execution Copy
and reports shall be provided to ACI on an event-occurrence basis. If Vendor Personnel are
responsible for such incidents, appropriate disciplinary action shall be taken in accordance with
the appropriate Vendor personnel policies. Additionally, ACI shall have the right to direct Vendor
to remove any Vendor Personnel from performing Services pursuant to this Agreement connected with
such incidents.
(d) Vendor shall conduct benchmarks or provide assessments by third parties, at ACI’s request
and expense, of Vendor’s compliance with the ACI corporate information risk control requirements
set forth in this Agreement. Vendor shall perform self-assessments of such compliance and make
results of such engagement-related self-assessments available to ACI for review. In developing new
systems, Vendor shall interface with ACI so that ACI may understand the associated controls
required. This shall include informing ACI of Vendor’s methodology for developing control
specifications and providing ACI with the ability to request changes to controls early in the
systems development process.
15.5 Step-In Rights.
(a) The Parties acknowledge that, upon the occurrence of any Step-In Event, and at ACI’s
option, ACI will have a reasonable opportunity to identify, and assist Vendor in remedying, the
causes underlying the Step-In Event so that Vendor may perform its obligations in respect of the
affected Services in accordance with this Agreement.
(b) Accordingly, upon the occurrence of a Step-In Event and upon ACI’s request, Vendor will
meet with ACI as promptly as possible in order to discuss the actions that ACI may take in order
for ACI to have such a reasonable opportunity. Such actions may include providing a ACI management
team to work closely with Vendor’s management team at the affected Service Locations or hiring (at
ACI’s expense) a third-party expert to do so, or both. ACI and Vendor will expedite such
discussions to agree upon such actions as quickly as possible, but in no event later than ten (10)
days after ACI’s request.
(c) Vendor will cooperate with ACI, the ACI management team and any third-party expert as
reasonably necessary for ACI to have such a reasonable opportunity and to take such agreed actions
at the affected locations from which the Services are provided, including:
(i) giving the ACI management team or such third-party expert, or both, reasonable access to
relevant Vendor management personnel at the affected Service Locations subject to Vendor’s security
policies that otherwise apply pursuant to the other provisions of this Agreement;
(ii) working with ACI to identify the causes underlying the Step-In Event and to develop a
plan for Vendor to remedy the Step-In Event, which, if appropriate, will include a root cause
analysis. The plan will describe the objective criteria upon the satisfaction of which ACI will
consider such Step-In Event remedied; and
(iii) subject to Section 10.5 (solely for purposes of documenting the plan and specifying the
timeframe), promptly implementing the plan approved by ACI.
The Parties agree that the period during which ACI will have such a reasonable opportunity and take
such actions will not exceed ninety (90) days after the Parties agree upon such actions. Nothing
in this Section 15.5 limits ACI’s rights with respect to any default or non-performance by Vendor
under this Agreement.
16. WARRANTY
Confidential
Master Services Agreement
Page 49
Execution Copy
Vendor represents, warrants and covenants that: (a) it has successfully provided and performed
services that are substantially equivalent to the Services for other major customers of Vendor; (b)
it has performed all necessary due diligence on ACI’s environment (including systems, Software and
personnel) to provide the Services in accordance with this Agreement; and (c) its financial
condition is, and during the Term shall remain, sufficient to enable Vendor to provide the Services
in accordance with this Agreement.
16.2 Work Standards.
Vendor warrants that the Services shall be rendered with promptness and diligence and shall be
executed in a workmanlike manner, in accordance with Section 9.1. Vendor warrants that it shall
use adequate numbers of qualified individuals with suitable training, education, qualifications,
rights, resources, experience and skill to perform the Services.
16.3 Maintenance.
Vendor warrants that it shall maintain the Equipment and Software for which Vendor has
maintenance responsibility as identified in Exhibit C-2 (Financial Responsibility and
Ownership Matrix) so that they operate in accordance with their specifications, including:
(a) maintaining Equipment in good operating condition, subject to normal wear and tear;
(b) undertaking repairs and preventive maintenance on Equipment in accordance with the
applicable Equipment manufacturer’s recommendations; and
(c) performing Software maintenance in accordance with the applicable Software vendor’s
documentation and recommendations; and
(d) using Software in accordance with any and all applicable licensing agreements and
associated user manuals.
16.4 Efficiency and Cost Effectiveness.
Vendor warrants that with respect to chargeable resources it shall perform the Services in a
cost-effective manner consistent with the required level of quality and performance.
16.5 Technology.
Vendor warrants that it shall provide the Services using, consistent with the Procedures
Manual and refresh obligations referenced in this Agreement, proven, then-current technology that
will enable ACI to take advantage of technological advancements in its industry and support ACI’s
efforts to maintain competitiveness in the markets in which it competes throughout the Term.
16.6 Non-Infringement; Licenses.
(a) Vendor warrants that (i) Vendor will perform the Services and its other responsibilities
under this Agreement in a manner that does not infringe or misappropriate any Intellectual Property
Rights of any third party; (ii) the Vendor Provided Technology will not infringe upon or
misappropriate the Intellectual Property Rights of any third party; and (iii) there is no claim or
proceeding pending or, to Vendor’s knowledge, threatened alleging that the Services or any of the
Vendor Provided Technology infringes or misappropriates the Intellectual Property Rights of any
third party.
Confidential
Master Services Agreement
Page 50
Execution Copy
(b) Vendor warrants that it has obtained all requisite licenses and permits necessary to
perform the Services and grant the licenses to be granted by Vendor under this Agreement.
(c) To the extent capable, Vendor will pass through any warranties and indemnities for any
Vendor provided ISV Software, Equipment or other products purchased or licensed from third parties
and provided to ACI or used by Vendor or its Affiliates in connection with the Services.
16.7 Authorization and Other Consents.
Each Party represents, warrants and covenants to the other that:
(a) It has the requisite corporate power and authority to enter into this Agreement and to
carry out the transactions contemplated by this Agreement;
(b) The execution, delivery and performance of this Agreement and the consummation of the
transactions contemplated by this Agreement have been duly authorized by the requisite corporate
action on the part of such Party and shall not constitute a violation of any judgment, order or
decree;
(c) The execution, delivery and performance of this Agreement and the consummation of the
transactions contemplated by this Agreement shall not constitute a material default under any
material contract by which it or any of its material assets are bound, or an event that would, with
notice or lapse of time or both, constitute such a default;
(d) As to Vendor, Vendor is duly licensed, authorized or qualified to do business and is in
good standing in every jurisdiction in which a license, authorization or qualification is required
for the ownership or leasing of its assets or the transaction of business of the character
transacted by it, except where the failure to be so licensed, authorized or qualified would not
have a material adverse effect on Vendor’s ability to fulfill its obligations under this Agreement;
and
(e) As to Vendor, there is no outstanding proceeding pending nor, to the knowledge of Vendor,
threatened, to which Vendor is a party that Vendor, without predicting the outcome of such matter,
reasonably expects to have a material adverse affect on the ability of Vendor to fulfill its
obligations under this Agreement or the transactions contemplated by this Agreement. As to ACI,
there is no outstanding proceeding pending nor, to the knowledge of ACI, threatened, to which ACI
is a party that ACI, without predicting the outcome of such matter, reasonably expects to have a
material adverse affect on the ability of ACI to fulfill its obligations under this Agreement or
the transactions contemplated by this Agreement.
16.8 Inducements.
Vendor represents, warrants and covenants to ACI that it has not violated, and will not
violate, any the U.S. Foreign Corrupt Practices Act or any other Applicable Laws regarding the
offering of unlawful inducements in connection with this Agreement or the Services. If at any time
during the Term, the foregoing warranty is inaccurate, then, in addition to any other rights ACI
may have at law or in equity, ACI shall have the right to terminate this Agreement immediately for
cause without paying any Termination Charge and without affording Vendor an opportunity to cure.
16.9 Viruses.
Vendor shall use Commercially Reasonable Efforts to reduce the likelihood that Viruses are
coded or introduced into the Software, Equipment or any expressly specified deliverable delivered
under
Confidential
Master Services Agreement
Page 51
Execution Copy
this Agreement. If a Virus is found in the Software, Equipment or deliverable, Vendor shall
use Commercially Reasonable Efforts to assist ACI in reducing the effects of the Virus and, if the
Virus causes a loss of operational efficiency or loss of data, to assist ACI to the same extent to
mitigate and restore such losses; provided that, if it is ultimately determined such Virus was
introduced by ACI, an ACI subcontractor or vendor or an ACI Affiliate or other third party, such
assistance will be at Charges determined under the Change Control Procedure. Vendor shall
immediately notify ACI of any existing or anticipated Virus.
16.10 Disabling Code.
Each Party covenants that, without the prior written consent of the other Party, it shall not
insert into the Software any code designed to disable or otherwise shut down all or any portion of
the Services. Notwithstanding the foregoing, both Parties acknowledge that certain third-party and
or Vendor, commercial off-the-shelf Software may include passwords, software keys, trial-period
software and similar programming code that are distributed as part of hardware or Software to
automatically ensure that the purchaser or licensee uses the product in accordance with the
acquisition or license agreement. Each Party shall inform the other Party of all such disabling
code in the Software of which such Party has knowledge. Vendor further covenants that, with
respect to any disabling code that may be part of the Software, Vendor shall not knowingly invoke
such disabling code at any time, including upon expiration or termination of this Agreement for any
reason, without ACI’s prior written consent.
16.11 Deliverables.
Unless otherwise agreed in writing by the Parties, Vendor warrants that during the Term each
expressly specified deliverable provided to ACI under this Agreement will conform in all material
respects to the stated requirements and specifications set forth in the relevant documents with
respect to such deliverable.
16.12 Software Ownership or Use.
Vendor represents and warrants that it will be, at the applicable time and after obtaining the
applicable Required Consents, either the owner of, or authorized to distribute, provide and use the
Software provided by, licensed or developed by Vendor under this Agreement or in connection with
the provision of Services hereunder.
16.13 Other.
Vendor represents, warrants and covenants, as applicable, that:
(a) Neither Vendor nor any of its employees, agents or subcontractors (including any Approved
Subcontractors and Vendor Personnel) that will perform Services or provide other services to the
ACI account (i) have ever been convicted of a felony or, within a seven (7) year period (three (3)
years for Vendor agents and subcontractors) preceding that employee’s, agent’s or subcontractor’s
date of hire or use by Vendor, been convicted of a criminal offense in connection with obtaining,
attempting to obtain or performing a public (federal, state or local) transaction or contract under
a public transaction, or for violation of federal or state antitrust statutes or commission of
embezzlement, theft, forgery, bribery, falsification or destruction of records, making false
statements or receiving stolen property; or (ii) are presently indicted for, or other criminally
charged by a governmental entity (U.S. or non-U.S. federal, state or local) with commission of any
of the offenses enumerated in clause (i) of this paragraph. Nothing in this Agreement shall be
interpreted as requiring Vendor to conduct background checks in jurisdictions where it is legally
prohibited from conducting such checks.
Confidential
Master Services Agreement
Page 52
Execution Copy
(b) Vendor will maintain at Vendor’s expense all of the necessary certification and
documentation such as I-9’s (or the locally equivalent work permits or other documents) as well as
all necessary insurance for its employees, including workers’ compensation and unemployment
insurance, and that, with respect to contractors, Vendor has a written agreement with each and
every contractor which specifically provides that the contractor shall not be entitled to any
benefits or payments from any company such as ACI for which Vendor will provide services, and that
each and every contractor shall maintain current employment eligibility verification (DOJ, INS, I-9
(“I-9”)) and other necessary certification and documentation or insurance for all its
employees provided under this Agreement. Vendor will be solely responsible for the withholding and
payment, if any, of employment taxes, all benefits and workers’ compensation insurance.
(c) In the event that a Vendor contractor is in the United States on work authorization
documents, such contractor has an F-1, TN, or H-1B or an L-1 visa, provided, however, in the case
of an H-1B or L-1 visa, contractor has a presence or office in the United States. Vendor covenants
that all work authorization documents issued to contractors shall be valid at the time of issuance
and shall remain valid and in full force and effect during the entire period of the contractors’
assignment(s) under any SOW. ACI shall have the right to perform a background check on such
contractor. The acceptable forms of identification are as set forth on the current I-9.
16.14 Application.
For the avoidance of doubt, each of the covenants set forth in this Article 16 shall remain in
effect continually throughout the Term of this Agreement and those referenced in Section 23.11
shall remain in effect after the expiration or termination of this Agreement.
16.15 Disclaimer.
THE WARRANTIES SET FORTH IN THIS AGREEMENT, INCLUDING THOSE SPECIFIED AS APPLYING, IF ANY, TO
ANY LICENSES GRANTED OR TO BE GRANTED UNDER THIS AGREEMENT, ARE EXCLUSIVE. THERE ARE NO IMPLIED
WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
SOFTWARE MADE AVAILABLE BY ACI TO VENDOR IS MADE AVAILABLE ON AN “AS IS” BASIS.
17. INSURANCE
17.1 Insurance.
Vendor covenants that as of the Effective Date it shall have, and agrees that during the Term
it shall maintain in force, at least the following insurance coverages:
(a) Employer’s Liability Insurance (Coverage B) and Worker’s Compensation Insurance (Coverage
A), including coverage for occupational injury, illness and disease, and other similar social
insurance in accordance with the laws of the country, state or territory exercising jurisdiction
over the employee with Statutory Limits (Coverage A) and minimum limits (Coverage B) per employee
and per event of $2,000,000 or the minimum limit required by law, whichever limit is greater.
(b) Comprehensive General Liability Insurance, including Products, Completed Operations,
Premises Operations, Bodily Injury, Personal and Advertising Injury, on an occurrence basis, with a
minimum combined single limit per occurrence of $3,000,000 and a minimum combined single aggregate
limit of $5,000,000. This coverage shall include ACI and its Affiliates as Additional Insureds.
Confidential
Master Services Agreement
Page 53
Execution Copy
(c) Property Insurance and Business Income coverage, for all risks of physical loss of or
damage to buildings, tangible business personal property or other tangible property that is owned
or leased and supplied by Vendor pursuant to this Agreement or otherwise. Such insurance shall
have a minimum limit adequate to cover risks on a replacement costs basis.
(d) Automotive Liability Insurance covering use of all owned, non-owned and hired automobiles
for bodily injury, property damage liability with a minimum combined single limit per accident of
$3,000,000 or the minimum limit required by law, whichever limit is greater. This coverage shall
include ACI and its Affiliates as Additional Insureds.
(e) Commercial Crime Insurance, including blanket coverage for Employee Dishonesty for loss or
damage to tangible property arising out of or in connection with any fraudulent or dishonest acts
committed by the employees of Vendor, acting alone or in collusion with others, including the
property and funds of others in Vendor’s or its employees’ possession, care, custody or control,
with a minimum limit per event of $1,000,000.00. ACI shall be designated as a “loss payee” as its
interest may appear under this policy. However, loss payments hereunder shall not include any loss
to the extent such loss results from the dishonest acts of the employees of ACI.
Errors and Omissions Liability Insurance covering liability for loss or damage due to an act,
error, omission or negligence, with a minimum limit per event of $5,000,000.
17.2 Insurance Provisions.
(a) The insurance coverages described above that include ACI as an additional insured (i.e.
the Commercial General Liability and Automobile Liability policies) shall be primary, and all
coverage shall be non-contributing with respect to any other insurance or self insurance which may
be maintained by ACI and is primary and non-contributory with respect to liability arising out of
Vendor’s negligence and as respects this Agreement only. All coverages described above shall
contain the standard separation of insureds provisions regarding ACI. To the extent any coverage
is written on a claims-made basis, it shall have a retroactive date no later than the Effective
Date and shall be maintained for a period of two (2) years after the expiration or premature
termination of this Agreement.
(b) Vendor shall provide certificates of insurance evidencing that the coverages and policy
endorsements required under this Agreement are in force and should any of the policies described
herein be cancelled before the expiration date thereof, the insurer affording coverage will
endeavor to mail 30 days written notice to the certificate holder named herein, but failure to mail
such notice shall impose no obligation of liability of any kind upon the insurer affording
coverage, its agents or representatives. The insurers selected by Vendor shall have an A.M. Best
rating of A-, Size VII or better, or, if such ratings are no longer available, with a comparable
rating from a recognized insurance rating agency. Vendor shall assure that all Approved
Subcontractors, if any, maintain insurance coverages described above naming Vendor as an additional
insured where relevant.
(c) In the case of loss or damage or other event that requires notice or other action under
the terms of any insurance coverage described above, Vendor shall be solely responsible to take
such action. Vendor shall provide ACI with contemporaneous notice and with such other information
as ACI may request regarding the event.
(d) Vendor’s obligation to maintain insurance coverage in specified amounts shall not act as a
limitation or expansion on any other liability or obligation which Vendor would otherwise have
under this Agreement.
Confidential
Master Services Agreement
Page 54
Execution Copy
18. INDEMNITIES
18.1 Vendor Indemnities.
Vendor shall defend, indemnify and hold harmless ACI and ACI’s Affiliates and their respective
officers, directors, employees, agents, successors and assigns (collectively, “ACI
Indemnitees”) against any and all Losses and threatened Losses payable to third parties, to the
extent arising from, in connection with, or based on allegations whenever made of, any of the
following:
(a) Claims arising out of Vendor’s failure to observe or perform any duties or obligations to
be observed or performed by Vendor under any of the contracts, including Software licenses,
Equipment leases and Third Party Services Contracts (including the terms of any Required Consents
with respect to any of the foregoing): (i) assigned to Vendor, if any; or (ii) for which Vendor has
assumed financial, administrative or operational responsibility, all to the extent such duties or
obligations were required by this Agreement to be observed or performed by Vendor on or after the
date of such assignment or assumption;
(b) Any claims of infringement that would amount to a breach by Vendor of the warranties set
forth in Section 16.6; provided that (i) the claim is not caused by improper acts or omissions of
ACI (such as use of more copies of an item than that for which a license was to have been
obtained); (ii) the claim does not result from ACI’s failure to fulfill its obligation to provide
reasonable cooperation under Section 6.7 in connection with Vendor’s efforts to obtain Required
Consents; and (iii) Vendor’s obligations under this Section 18.1(b) shall not apply to the extent
that (A) the claim of infringement is based upon ACI’s use of Vendor Provided Technology (1) in
combination with equipment, devices or software not specified or approved in writing by Vendor,
contemplated by this Agreement, or otherwise used by Vendor to provide the Services or (2) in a
manner that violates any license grant or other term or condition of this Agreement; (B) a ACI
Indemnitee modifies the software provided by Vendor hereunder without Vendor’s written approval and
such infringement would not have occurred but for such modification; or (C) the claim of
infringement arises out of designs or specifications provided by a ACI Indemnitee that necessarily
caused such infringement claim and that describe detailed, non-discretionary methods of processes
for meeting a business requirement of achieving a required outcome (as opposed to just describing
business requirements of expected outcomes);
(c) Any claim or action by, on behalf of, or related to, any employee of Vendor or its
Affiliates, or any of their subcontractors (which, if made by a Rebadged Employee arises out of
acts, incidents or omissions occurring on or after, or out of events occurring on or after, the
date such employee is transferred to Vendor or acts or omissions specifically requested by Vendor
or its Affiliates or their subcontractors at any time), including claims asserting liens or other
encumbrances on assets of ACI or ACI Affiliates and claims arising under occupational health and
safety, ERISA, worker’s compensation or other Applicable Laws;
(d) Any claim or action asserted against an ACI Indemnitee but resulting from an act or
omission of Vendor or its Affiliates or its or their respective officers, directors, employees,
subcontractors or agents;
(e) The material inaccuracy or untruthfulness of the representations or warranties made by
Vendor in Sections 16.7 and 16.12;
(f) Any claim or action by Vendor’s subcontractors arising out of Vendor’s breach or violation
of Vendor’s subcontracting arrangements;
Confidential
Master Services Agreement
Page 55
Execution Copy
(g) Any claim or action arising out of acts or omissions of Vendor which result in, arise from
or relate to:
(i) a violation of Applicable Laws for the protection of persons or members of a protected
class or category of persons by Vendor or its employees, subcontractors or agents;
(ii) discrimination or harassment by Vendor, its employees, subcontractors or agents;
(iii) vested employee benefits of any kind expressly assumed by Vendor;
(iv) representations (oral or written) to ACI personnel by Vendor, Vendor Affiliates (or their
respective officers, directors, employees, representatives, subcontractors or agents), or other
acts or omissions with respect to ACI personnel by such persons or entities, including any act,
omission or representation made in connection with the interview, selection, hiring and/or
transition process (other than any representations to the Affected Employees based on information
or direction provided by ACI), any offers of employment made to such employees, the failure to make
offers to any such employees required hereunder or the terms and conditions of such offers
(including compensation and employee benefits).
(h) Any breach of Vendor’s obligations under Article 15 (Safeguarding of Data;
Confidentiality) as a result of Vendor’s or Vendor’s subcontractors’ misappropriation;
(i) Any claim or action by any employee or contractor of Vendor or its subcontractors that ACI
is liable to such person as the employer or joint employer of such person, including and any claim
for employee benefits as a result thereof, other than claims by Rebadged Employees arising out of
events, acts, incidents or omissions occurring prior to the date such Rebadged Employees are
transferred to Vendor;
(j) Any claim or action arising out of or relating to Vendor’s failure to comply with the
obligations provided in Section 13.4, provided that Vendor shall not be responsible for interest or
penalties occasioned by ACI’s failure to timely remit taxes to Vendor which ACI is responsible to
pay except to the extent that such failure is due to Vendor’s failure to timely notify or charge
ACI for taxes which Vendor is responsible to collect and remit (i) for which Vendor had failed to
timely request all necessary tax information from ACI or (ii) for which ACI had previously provided
all required necessary tax related information previously requested by Vendor on a timely basis;
(k) Any failure to obtain or maintain the Required Consents as contemplated under Section 6.7;
(l) Any failure to comply with any Vendor Laws resulting in claims by government regulators or
agencies for fines, penalties, sanctions, underpayments or other remedies to the extent such fines,
penalties, sanctions, underpayments or other remedies are caused by Vendor’s failure to comply with
any Vendor Laws; or
(m) Any physical injury, death or real or tangible property loss caused by Vendor or Vendor
Personnel as a result of the provision of the Services.
Confidential
Master Services Agreement
Page 56
Execution Copy
ACI shall defend, indemnify and hold harmless Vendor and Vendor’s Affiliates and their
respective officers, directors, employees, agents, successors and assigns (collectively,
“Vendor Indemnitees”) against any and all Losses and threatened Losses payable to third
parties, to the extent arising from, in connection with, or based on allegations whenever made, of
the following:
(a) Claims arising out of ACI’s failure to observe or perform any duties or obligations to be
observed or performed by ACI under any of the contracts, including Software licenses, Equipment
leases, if any, and Third Party Services Contracts: (i) assigned to Vendor, if any; or (ii) for
which (and to the extent) ACI has retained financial, administrative or operational responsibility,
all to the extent such duties or obligations were required to be observed or performed by ACI
before the date of such assignment or assumption;
(b) Any claim by a third party of infringement of such third party’s Intellectual Property
Rights directly arising from (i) designs or specifications provided by ACI to Vendor under this
Agreement that necessarily caused such infringement claim and that describe detailed,
non-discretionary methods of processes for meeting a business requirement of achieving a required
outcome (as opposed to just describing business requirements of expected outcomes), or (ii) data,
documents, code or other technology or materials that have been provided by ACI to Vendor for
Vendor to provide Services to ACI under this Agreement (collectively, the “ACI Provided
Technology”); provided that (A) the infringement claim is not caused by improper acts or
omissions of Vendor; (B) the claim does not result from Vendor’s failure to fulfill its obligation
to provide reasonable cooperation under Section 6.7 in connection with efforts to obtain Required
Consents; and (C) ACI’s obligations under this Section 18.2(b) shall not apply to the extent that:
(1) the claim of infringement is based upon Vendor’s use of ACI Provided Technology: (x) in
combination with equipment, devices or software not approved, specified or reasonably anticipated
by ACI, contemplated by this Agreement or otherwise used by ACI prior to the Effective Date, or (y)
in a manner that violates any license grant or other term or condition of this Agreement, (2)
Vendor modifies the ACI Provided Technology and such infringement would not have occurred but for
such modification, or (3) the claim of infringement arises out of designs or specifications
provided by a Vendor Indemnitee that necessarily caused such infringement claim and that describe
detailed, non-discretionary methods of processes for providing the Service. The indemnities in
this Section 18.2(b) are Vendor’s sole and exclusive remedies for infringement claims related to
any Software or other technology provided by ACI;
(c) Any claim or action by, on behalf of, or related to, any employee of ACI or any of its
subcontractors (which, if made by a Rebadged Employee arises out of acts, incidents, events or
omissions occurring before the date such employee is transferred to Vendor), or acts or omissions
specifically requested by ACI or its Affiliates at any time, including claims arising under
occupational health and safety, ERISA, worker’s compensation or other applicable federal, state or
local laws or regulations, except where such claim arises out of acts or omissions specifically
requested by Vendor or its Affiliates;
(d) Any claim or action arising out of or relating to ACI’s failure to comply with the
obligations provided in Section 13.4, provided that ACI shall not be responsible for interest or
penalties occasioned by Vendor’s failure to notify or charge ACI for taxes which Vendor is
responsible to collect except to extent that such failure is due to ACI’s failure to provide
necessary tax related information previously requested by Vendor on a timely basis;
(e) Any claim or action by subcontractors arising out of ACI’s breach or violation of ACI’s
subcontracting arrangements;
(f) Any breach of ACI’s obligations under Article 15 (Safeguarding of Data; Confidentiality)
as a result of misappropriation by ACI;
Confidential
Master Services Agreement
Page 57
Execution Copy
(g) Any failure to obtain or maintain the Required Consents as contemplated under Section 6.7;
(h) Vendor and ACI agree that in the United Kingdom, the Transfer of Undertakings (Protection
of Employment) Regulations 2006 (the “Regulations”) do not apply to service transfers and
that other than the one employee specified below (the “ACI Employee”), no employee of ACI
or any of its subcontractors will transfer employment from ACI to Vendor as a result of the service
transfer. In the event that the contract of employment of any other ACI employee or the employee
of any ACI subcontractor or any collective agreement shall have effect or is alleged to have effect
as if originally made between Vendor and such person or trade union pursuant to the Regulations,
unless Vendor should make a decision to take any such person into employment or such person is the
ACI Employee, Vendor may, within one month of becoming aware of the application or alleged
application of the Regulations to any such contract or collective agreement (having promptly
communicated such awareness to Vendor) terminate (or purport to terminate) such contract of
employment or collective agreement. ACI shall indemnify, keep indemnified and hold harmless Vendor
against any claims, losses, proceedings, costs, demands, liabilities and expenses (including
without limitation all legal expenses and other professional fees together with any valued added
tax thereon) suffered or incurred by Vendor arising out of or in connection with:
(i) any termination of any contract of employment or collective agreement in accordance as
set forth above;
(ii) in the event the Regulations are found to apply, any failure by ACI to comply with its
obligations pursuant to the Regulations, including any failure by ACI to provide the information
which it is obliged to provide to employee representatives in accordance with the Regulations; or
(iii) anything done or omitted to be done by ACI or its subcontractors in respect of the ACI
Employee before the service transfer, including without limitation, any claim by the ACI Employee
that ACI or its subcontractors violated any Applicable Law in connection with the employment of the
ACI Employee.
Vendor agrees that on or before May 15, 2008, it shall make or shall procure that its subcontractor
shall make an offer to employ Xxxxx Xxxxxxx (being the ACI Employee) at its or its subcontractor’s
location at Watford in the United Kingdom on substantially equivalent or better terms than such
employee enjoys with ACI, without reference to occupational retirement plans and that upon such
acceptance, Vendor or its subcontractors shall employ the ACI Employee in accordance with such
offer. ACI shall render all reasonable assistance to Vendor or its subcontractor so that the ACI
Employee accepts such employment and shall waive any notice of termination of employment that such
employee is required to give ACI.
(i) Except to the extent covered by another provision of this Article 18, claims by any
individual or entity, other than ACI, that uses or receives the benefits of the Services by or
through ACI or by virtue of this Agreement (as the Parties intend that only ACI shall be permitted
to enforce rights against Vendor under this Agreement or related to the Services); or
(j) Any physical injury, death or real or tangible property loss caused by ACI.
18.3 Infringement.
If any item provided by either Party that is used in the provision of the Services becomes, or
in the providing Party’s reasonable opinion is likely to become, the subject of an infringement or
misappropriation claim, in addition to indemnifying the other Party to the extent required in
Section
Confidential
Master Services Agreement
Page 58
Execution Copy
18.1(b) and 18.2(b), and in addition to such Party’s other rights, the providing Party shall
promptly take the following actions, at no charge to the other Party, in the listed order of
priority:
(a) promptly secure the right to continue using the item;
(b) replace or modify the item to make it non-infringing or without misappropriation, provided
that any such replacement or modification must not degrade the performance or quality of the
affected component of the Services, as reasonably determined by the Parties; or
(c) remove the item from the Services, in which case Vendor’s Charges shall be equitably
adjusted to reflect such removal; provided that (i) such removal and adjustment does not limit
Vendor’s liability for any failure of the remaining Services to fully comply with the requirements
of this Agreement, whether such failure is due to the absence of the removed item or the removal’s
impact on the remaining Services and (ii) any resulting failure of the Services to comply with this
Agreement may constitute a material breach entitling ACI to terminate this Agreement under Section
21.1, in which case ACI will not be required to observe the otherwise applicable cure period.
18.4 Indemnification Procedures.
With respect to third-party claims the following procedures shall apply:
(a) Notice. Promptly after receipt by a ACI Indemnitee or Vendor Indemnitee, as
applicable, of notice of the assertion or the commencement of any action, proceeding or other claim
by a third party in respect of which the indemnitee will seek indemnification pursuant to this
Article 18, the indemnitee shall promptly notify the indemnitor of such claim in writing. No
failure to so notify an indemnitor shall relieve it of its obligations under this Agreement except
to the extent that it can demonstrate that such failure has increased the indemnifying Party’s
costs or liability. Within fifteen (15) days following receipt of written notice from the
indemnitee relating to any claim, but no later than ten (10) days before the date on which any
response to a complaint, claim, action or summons is due, the indemnitor shall notify the
indemnitee in writing if the indemnitor acknowledges its indemnification obligation and elects to
assume control of the defense and settlement of that claim (a “Notice of Election”);
provided, however, that such acknowledgement and election shall not be, or deemed to be, a waiver
of any defense that the indemnitor may have with respect to the underlying action, proceeding or
claim.
(b) Procedure Following Notice of Election. If the indemnitor delivers a Notice of
Election relating to any claim within the required notice period, the indemnitor shall be entitled
to have sole control over the defense and settlement of such claim; provided that the indemnitee
shall be entitled, at its own expense, to participate in the defense of such claim and to employ
counsel to assist in the handling of such claim. If the indemnitor has delivered a Notice of
Election relating to any claim in accordance with the preceding subsection, the indemnitor shall
not be liable to the indemnitee for any legal expenses incurred by the indemnitee in connection
with the defense of that claim. In addition, the indemnitor shall not be required to indemnify the
indemnitee for any amount paid or payable by the indemnitee in the settlement of any claim for
which the indemnitor has delivered a timely Notice of Election if such amount was agreed to without
the written consent of the indemnitor.
(c) Procedure Where No Notice of Election Is Delivered. If the indemnitor does not
deliver a Notice of Election relating to a claim, or otherwise fails to acknowledge its
indemnification obligation or to assume the defense of a claim, within the required notice period
or fails to diligently defend the claim, the indemnitee shall have the right to defend the claim in
such manner as it may deem appropriate, at the cost, expense and risk of the indemnitor, including
payment of any judgment or award, indemnitee’s attorneys’ fees and expenses and the costs of
settlement or compromise of the claim. The
Confidential
Master Services Agreement
Page 59
Execution Copy
indemnitor shall promptly reimburse the indemnitee for all such costs and expenses, including
payment of any judgment or award and the costs of settlement or compromise of the claim. If it is
determined that the indemnitor failed to defend a claim for which it was liable, the indemnitor
shall not be entitled to challenge the amount of any settlement or compromise paid by the
indemnitee.
19. LIABILITY
19.1 General Intent.
Subject to the liability restrictions below, it is the intent of the Parties that each Party
shall be liable to the other Party for any actual damages incurred by the non-breaching Party as a
result of the breaching Party’s failure to perform its obligations in the manner required by this
Agreement.
19.2 Liability Restrictions.
(a) SUBJECT TO SECTION 19.2(c) BELOW, IN NO EVENT, WHETHER IN CONTRACT OR IN TORT (INCLUDING
NEGLIGENCE), BREACH OF WARRANTY, STRICT LIABILITY, OR OTHERWISE, SHALL A PARTY BE LIABLE FOR
INDIRECT, CONSEQUENTIAL, EXEMPLARY, PUNITIVE, INCIDENTAL, OR SPECIAL DAMAGES, OR LOST PROFITS, EVEN
IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES IN ADVANCE.
(b) Subject to Section 19.2(c) and Section 19.2(d) below, each of the Parties will be liable
to the other for any direct damages arising out of or relating to its performance or failure to
perform under this Agreement; provided, however, that the liability of a Party to the other Party,
whether based on an action or claim in contract, equity, negligence, tort or otherwise, will not in
the aggregate exceed an amount equal to the greater of: (i) $5,000,000 or (ii) the amount of
Charges paid or payable by ACI under this Agreement during the twelve (12) months immediately
preceding the occurrence of the first event, act or omission on which such liability is based;
provided, however, that however, that (1) if twelve (12) months has not elapsed since the Effective
Date, the amount for this subsection (ii) will be equal to twelve (12) times the average monthly
Charges for the elapsed period of the Term or (2) if the event, act or omission occurred after the
expiration or termination of this Agreement, the amount for this subsection (ii) will be equal to
the aggregate amount of Charges paid or payable by ACI during the last twelve (12)-month-period of
time during the Term.
(c) The limitations set forth in Section 19.2(a) and Section 19.2(b) above shall not apply
with respect to:
(i) claims that are the subject of indemnification pursuant to Sections 18.1 and 18.2;
provided, however that damages payable for indemnification claims set forth in Section 18.1(l)
(relating to violations of Vendor Laws) shall (i) be included in the damages cap set forth in
Section 19.2(b) and (ii) not exceed $1,000,000; and
(ii) damages occasioned by infringement of a Party’s Intellectual Property Rights or
misappropriation of its Confidential Information.
(d) The limitations set forth in Section 19.2(b) above shall not apply with respect to:
(i) damages occasioned by the willful misconduct or gross negligence of a Party; in which
case each of the Parties will be liable to the other for any direct damages arising out of or
relating to its performance or failure to perform under this Agreement; provided, however, that the
liability of a
Confidential
Master Services Agreement
Page 60
Execution Copy
Party to the other Party, whether based on an action or claim in contract, equity, negligence,
tort or otherwise, will not in the aggregate exceed an amount equal to the greater of: (i)
$7,000,000 or (ii) the amount of Charges paid or payable by ACI under this Agreement during the
fifteen (15) months immediately preceding the occurrence of the first event, act or omission on
which such liability is based; provided, however, that however, that (1) if fifteen (15) months has
not elapsed since the Effective Date, the amount for this subsection (ii) will be equal to fifteen
(15) times the average monthly Charges for the elapsed period of the Term or (2) if the event, act
or omission occurred after the expiration or termination of this Agreement, the amount for this
subsection (ii) will be equal to the aggregate amount of Charges paid or payable by ACI during the
last fifteen (15)-month-period of time during the Term.
(ii) damages occasioned by abandonment of all or substantially all of the work required to
perform the Services in which case the limitations will be the same as those set forth in Section
19.2(d)(i) above.
In addition, for Vendor’s breaches of its obligations under Section 15.3 (Confidential
Information) resulting in a release of Personally Identifiable Information, in addition to the
direct damages limited by Section 19.2(b) above and ACI’s other rights under the Agreement, Vendor
shall pay for (i) legally required notifications to ACI’s customers and (ii) credit monitoring
services for ACI’s customers up to an amount not to exceed $1,000,000.
19.3 Direct Damages.
For purposes of this Agreement, direct damages shall include, but not be limited to, the
following, which shall not be considered consequential damages to the extent they result from a
Party’s failure to fulfill its obligations in accordance with this Agreement:
(a) Reasonable costs of recreating or reloading any of ACI’s information that is lost or
damaged to the last available back-up; provided, however, that if Vendor has the responsibility
under this Agreement to back up ACI’s data, and fails to fulfill its obligation to do so with
respect to the lost or damaged data, Vendor shall pay for the costs of recreating or reloading such
data up to the limit of liability in Section 19(b);
(b) Reasonable costs of implementing a workaround or fix in respect of a failure to provide
the Services;
(c) Reasonable costs of replacing lost or damaged equipment and software and materials;
(d) Reasonable costs and expenses incurred to correct errors in software maintenance and
enhancements provided as part of the Services;
(e) Reasonable costs and expenses incurred to procure the Services from an alternate source;
or
(f) Reasonable straight time, overtime or related expenses incurred by ACI or its Affiliates,
including overhead allocations for employees, wages and salaries of additional personnel, travel
expenses, telecommunication and similar charges incurred due to the direct failure of Vendor to
provide the Services or incurred in connection with (a) through (e) above in strict accordance with
the standards of performance specified in this Agreement.
Notwithstanding the foregoing, to the extent damages payable by ACI under this Article 19 consist
of compensation to Vendor for work performed by Vendor Personnel, such compensation shall be
calculated
Confidential
Master Services Agreement
Page 61
Execution Copy
using the time and material rates provided in Exhibit C-1 (Base Charges, Baselines, ARC/RRC
Rates and Termination Charges).
19.4 Duty to Mitigate.
Each Party shall have a duty to mitigate damages for which the other Party is responsible.
19.5 Disaster Recovery Plan.
(a) Vendor will implement and maintain disaster recovery plans and business continuity plans
for Service Locations and Vendor’s business (collectively, “DR/BC Plans”) as set forth in
Exhibit A-9 (Disaster Recovery / Business Continuity Plans) and provide reasonable
cooperation and support with the then-current resources being applied by Vendor to ACI’s account
for ACI’s implementation of its internal disaster recovery and business continuity plans. Vendor
will (1) update and test the operability of the DR/BC Plans annually, (2) verify for ACI upon each
such test that the DR/BC Plans are fully operational and provide ACI with a summary of any report
regarding the results of such test and (3) implement the DR/BC Plans upon the occurrence of a
disaster. Subject to the Change Control Procedure, ACI may request and Vendor will perform
additional testing and support for such testing as may be requested by ACI customers.
(b) Upon the occurrence of a disaster, Vendor will reinstate the Services within the time
periods set forth in Exhibit A-9 (Disaster Recovery / Business Continuity Plans) or, if not
set forth in Exhibit A-9 (Disaster Recovery / Business Continuity Plans), the recovery time
periods set forth in the DR/BC Plans.
19.6 Force Majeure.
(a) Provided that Vendor has fully complied with its obligations to provide disaster
recovery-related Services hereunder, to the extent that the Vendor facilities intended to be used
for such disaster recover Services are not impacted by the event, neither Party shall be liable for
any default or delay in the performance of its obligations under this Agreement:
(i) if and to the extent such default or delay is caused, directly or indirectly, by fire,
flood, earthquake, elements of nature or acts of God, acts of terrorism, riots, labor disputes
(other than labor disputes of a Party or its subcontractors, and its employees), civil disorders or
any other similar cause beyond the reasonable control of such Party;
(ii) provided the non-performing Party is without fault in causing such default or delay, and
such default or delay could not have been prevented by reasonable precautions and could not
reasonably be circumvented by the non-performing Party through the use of alternate sources,
workaround plans or other means (including, with respect to Vendor, by Vendor meeting its
obligations for performing disaster recovery services as provided in this Agreement) (each such
event, a “Force Majeure Event”).
(b) The non-performing Party shall be excused from further performance or observance of the
obligations affected by a Force Majeure Event for as long as such circumstances prevail and such
Party continues to use Commercially Reasonable Efforts to recommence performance or observance
without delay. Any Party so delayed in its performance shall immediately notify the Party to whom
performance is due by telephone (to be confirmed in writing within twenty-four (24) hours of the
inception of such delay) and describe at a reasonable level of detail (1) the circumstances causing
such delay and (2) the steps the non-performing Party intends to take to mitigate the effect of the
Force
Confidential
Master Services Agreement
Page 62
Execution Copy
Majeure Event, including the use of resources available to such non-performing Party through
its DR Plan. Except as set forth in Section 19.6(c) below, to the extent a Force Majeure Event
relieves Vendor of its obligations to perform the Services impacted by such event and Vendor does
not perform due to such Force Majeure Event, ACI’s obligation to pay for such Services shall also
be relieved.
(c) If any Force Majeure Event affecting facilities, personnel or other resources under the
control of Vendor or any of its Affiliates or subcontractors substantially prevents, hinders or
delays performance of the Services necessary for the performance of functions identified by ACI as
critical for more than three (3) consecutive days or any material portion of the Services for more
than five (5) Business Days, then, at ACI’s option, ACI may procure such Services from an alternate
source, and Vendor shall be liable for payment for such Services from the alternate source for up
to ninety (90) days of such alternate services based upon the number of days that ACI receives such
alternate services. ACI will continue to pay Vendor undisputed Charges for the impacted Services
during such ninety (90) day period for so long as ACI continues to receive the alternate Services.
Vendor’s reimbursement obligation pursuant to this Section 19.6 is limited to reimbursement for the
alternate services that are substantially similar to the Services impacted by the Force Majeure
Event, and does not extend to any additional services that ACI may elect to procure from the
alternate source. If ACI returns to Vendor facilities after use of the alternate source, Vendor
will reimburse ACI for all reasonable out of pocket costs of returning to the Vendor facility. If
the alternate source provides services for longer than fifteen (15) days, then ACI may, within five
(5) days after the end of such fifteen (15) day period and upon payment to Vendor for: (i) any
unrecovered startup expenses, (ii) unamortized assets, and (iii) other reasonable out-of-pocket
expenses associated with ramp-down, terminate the affected portion of the Services upon notice to
Vendor, such termination to be effective at any time within ninety (90) days after such five (5)
day period. However, if the impacted Services are within the scope of Exhibit A-9 and Vendor does
not provide Services pursuant to the DR / BC Plan, ACI may terminate without payment of the
expenses described in the foregoing sentence. ACI agrees to use Commercially Reasonable Efforts to
mitigate damages arising pursuant to this Section 19.6.
(d) Vendor shall not have the right to any additional payments from ACI for costs or expenses
incurred by Vendor as a result of any Force Majeure Event.
20. DISPUTE RESOLUTION
Any dispute between the Parties arising out of or relating to this Agreement, including with
respect to the interpretation of any provision of this Agreement and with respect to the
performance by Vendor or ACI, shall be resolved as provided in this Article 20.
20.1 Informal Dispute Resolution Process.
(a) Subject to Sections 20.1(b) and 20.1(c), the Parties initially shall attempt to resolve
their dispute informally, in accordance with the following:
(i) Upon the written notice by a Party to the other Party of a dispute (“Dispute
Date”), each Party shall appoint a designated representative whose task it will be to meet for
the purpose of endeavoring to resolve such dispute. The designated representatives of a Party
shall have the authority to resolve the dispute on behalf of such Party.
(ii) The designated representatives shall meet as often as the Parties reasonably deem
necessary in order to gather and furnish to the other all information with respect to the matter in
issue which the Parties believe to be appropriate and germane in connection with its resolution.
The
Confidential
Master Services Agreement
Page 63
Execution Copy
representatives shall discuss the problem and attempt to resolve the dispute without the
necessity of any formal proceeding.
(iii) During the course of discussion, all reasonable requests made by a Party to the other
for non-privileged information, reasonably related to this Agreement, shall be honored in order
that a Party may be fully advised of the other’s position.
(iv) The specific format for the discussions shall be left to the discretion of the designated
representatives.
(b) After ten (10) Business Days or such other period as the Parties may agree, following the
Dispute Date and prior to commencement of any litigation as permitted under Section 20.1(c), both
Parties may agree to initiate non-binding mediation of the dispute by submitting to the American
Arbitration Association (the dispute mediation entity, “
DM”) a written request for
mediation under the Commercial Mediation rules of such organization, setting forth the subject of
the dispute and the relief requested. The Parties shall cooperate with DM and each other in the
mediation process, and any such mediation shall be held in
New York,
New York. The mediation shall
be conducted in accordance with the applicable practices and procedures of DM. Either Party, upon
notice to DM and to the other Party, may terminate the mediation process. Each Party shall bear
its own expenses in the mediation process and shall share equally the charges of DM.
(c) Litigation of a dispute may be commenced by either Party upon the earlier to occur of any
of the following:
(i) the designated representatives mutually conclude that amicable resolution through
continued negotiation of the matter does not appear likely; or
(ii) forty-five (45) days have elapsed from the Dispute Date.
(d) Notwithstanding the above, either Party may commence litigation if it is deemed
appropriate by a Party to avoid the expiration of an applicable limitations period or to preserve a
superior position with respect to other creditors, or a Party makes a good faith determination,
including as provided in Section 21.10 respecting ACI, that a breach of this Agreement by the other
Party is such that a temporary restraining order or other injunctive relief is necessary.
(e) No resolution or attempted resolution of any dispute or disagreement pursuant to this
Section 20.1 shall be deemed to be a waiver of any term or provision of this Agreement or consent
to any breach unless such waiver or consent shall be in writing and signed by the Party claimed to
have waived or consented.
20.2 Litigation.
For all litigation which may arise with respect to this Agreement, the Parties irrevocably and
unconditionally submit to the jurisdiction and venue (and waive any claim of forum nonconveniens
and any objections as to laying of venue) of the
New York state and federal courts located in
New
York,
New York in connection with any action, suit or proceeding arising out of or relating to this
Agreement. Each Party further waives personal service of any summons, complaint or other process
and agrees that the service thereof may be made by certified or registered mail directed to such
Party at such Party’s address provided in Section 23.3 for purposes of notices under this
Agreement, provided that service occurs upon actual receipt of the notice and that no other
applicable state or federal rule of civil procedure regarding jurisdiction or service of process is
waived or otherwise altered.
Confidential
Master Services Agreement
Page 64
Execution Copy
20.3 Continued Performance.
Each Party agrees to continue performing its obligations (subject to ACI’s rights to withhold
disputed Charges under Section 14.8) under this Agreement while any dispute is being resolved,
regardless of the nature and extent of the dispute, unless and until such obligations are
terminated by the termination or expiration of this Agreement or by and in accordance with the
final determination of the dispute resolution procedures.
20.4 Governing Law.
This Agreement and performance under it shall be governed by and construed in accordance with
the laws of the State of
New York without regard to any portion of its choice of law principles
that might provide for application of a different jurisdiction’s law. The United Nations
Convention on the International Sale of Goods shall not apply to this Agreement.
21. TERMINATION
21.1 Termination For Cause By ACI.
(a) ACI may terminate this Agreement, either in whole or by affected Service Tower, if Vendor:
(i) commits a material breach of this Agreement and fails to cure such breach within thirty
(30) days after notice of breach from ACI to Vendor;
(ii) commits a material breach of this Agreement which Vendor demonstrates, during the thirty
(30) day cure period, is not capable of being cured within such period and fails to (A) proceed
promptly and diligently to correct the breach; (B) within thirty (30) days following such notice
provide ACI with a written plan for curing the breach; and (C) cure the breach within thirty (30)
days after such notice;
(iii) commits numerous breaches of the same duty or obligation which collectively constitute a
material breach of this Agreement which is not cured within thirty (30) days after notice of breach
from ACI; or
(iv) fails to meet the Minimum Service Level value for the same Critical Service Level for
three (3) consecutive months or six (6) months during any rolling twelve (12) month period;
provided that for purposes of this subsection (iv) only ACI agrees to pay Vendor for: (x) any
unrecovered startup expenses, (y) unamortized assets, and (z) other reasonable out-of-pocket
expenses associated with ramp-down.
(b) ACI may terminate a Service (and any other Service that is integrally related to such
terminated Service) if Vendor (i) commits a material breach of this Agreement with respect to such
Service and fails to cure such breach within thirty (30) days after notice of breach from ACI to
Vendor, or (ii) commits a material breach of this Agreement with respect to such Service which
Vendor demonstrates, during the thirty (30) day cure period, is not capable of being cured within
such period and fails to (A) proceed promptly and diligently to correct the breach; (B) within
thirty (30) days following such notice provide ACI with a written plan for curing the breach; and
(C) cure the breach within thirty (30) days after such notice. The reductions of Services
resulting from any such termination will not give rise to payment of any Termination Charges.
Confidential
Master Services Agreement
Page 65
Execution Copy
(c) For the purposes of this Section 21.1 payment of monetary damages by Vendor shall not be
deemed to cure a material breach by Vendor of its obligations under this Agreement.
21.2 Termination by Vendor.
(a) Due to the impact any termination of this Agreement would have on ACI’s business, ACI’s
failure to perform its responsibilities set forth in this Agreement (other than as provided in this
Section 21.2) shall not be grounds for termination by Vendor, notwithstanding any provision in this
Agreement to the contrary. Vendor acknowledges that ACI would not be willing to enter into this
Agreement without assurance that it may not be terminated by Vendor and that Vendor may not suspend
performance except, and only to the extent, provided under this Agreement.
(b) If and only if ACI fails to pay Vendor as set forth in Section 14.2 and Section 14.8
undisputed Charges under the Agreement totaling at least $50,000.00 within fourteen (14) days after
the due date for such Charges, Vendor may by giving written notice to ACI terminate this Agreement
as of a date specified in the notice of termination which is at least ten (10) days after the date
on which such notice is received by ACI, unless ACI has cured within such timeframe.
21.3 Termination for Convenience by ACI.
At any time during the Term, ACI may terminate this entire Agreement or any one or more of the
Service Towers for convenience and without cause by giving Vendor at least six (6) months’ prior
written notice designating the effective termination date. In that event, on the effective date of
the termination, ACI will pay to Vendor an amount calculated in accordance with Exhibit C-1
(Base Charges, Baselines, ARC/RRC Rates and Termination Charges) consisting of the sum of (A) the
applicable Termination for Convenience Fee and (B) Wind Down Expenses.
21.4 Termination by ACI for Change of Control.
(a) If (i) another entity not currently an Affiliate of ACI, directly or indirectly, in a
single transaction or series of related transactions, acquires either Control of ACI or all or
substantially all of the assets of ACI; or (ii) ACI is merged with or into another entity, then, at
any time within nine (9) months after the last to occur of such events, ACI may terminate this
Agreement by (A) giving Vendor at least six (6) month’s prior written notice and designating a date
upon which such termination shall be effective, and (B) by the payment of 90% of the
then-applicable Termination Charge specified in Exhibit C-1 (Base Charges, Baselines,
ARC/RRC Rates and Termination Charges), and Wind Down Expenses.
(b) If (i) another entity not currently an Affiliate of Vendor, directly or indirectly, in a
single transaction or series of related transactions, acquires either Control of Vendor or all or
substantially all of the assets of Vendor; or (ii) Vendor is merged with or into another entity
that results in a change of Control of Vendor, then, at any time within nine (9) months after the
last to occur of such events, ACI may terminate this Agreement by (A) giving Vendor at least six
(6) months’ prior written notice and designating a date upon which such termination shall be
effective, and (B) by the payment of 50% of the then-applicable Termination Charge specified in
Exhibit C-1 (Base Charges, Baselines, ARC/RRC Rates and Termination Charges), and Wind Down
Expenses.
21.5 Failure to Transition and Other Termination Rights.
(a) This Agreement may be terminated by ACI in whole or in part as provided in Section
13.7(e)(ii), Section 16.8, Section 18.3(c) or Section 19.6(c).
Confidential
Master Services Agreement
Page 66
Execution Copy
(b) ACI may terminate this Agreement without liability, except for payment for Services
already performed, by paying 50% of the then-applicable Termination Charge specified in Exhibit C-1
(Base Charges, Baselines, ARC/RRC Rates and Termination Charges), and by paying Wind Down Expenses,
if there is a change in Applicable Law that makes receiving the Services illegal. ACI may
terminate this Agreement, by paying 75% of the then-applicable Termination Charge specified in
Exhibit C-1 (Base Charges, Baselines, ARC/RRC Rates and Termination Charges), and by paying Wind
Down Expenses, if there is a change in Applicable Law that makes receiving the Service impractical
or would significantly increase the Charges for the Services.
21.6 Termination Due To A Party’s Insolvency and Related Events.
Either Party may terminate this Agreement without liability to the other Party, if the other
Party (a) files any petition in bankruptcy; (b) has an involuntary petition in bankruptcy filed
against it which is not challenged in forty (40) days and not dismissed within one hundred twenty
(120) days of the filing of such involuntary petition; (c) makes a general assignment for the
benefit of creditors; (d) admits in writing its inability to pay its debts as they mature; or (e)
has a receiver appointed for a substantial portion its assets and the receivership is not released
within sixty (60) days.
21.7 Intentionally left blank.
21.8 Cumulative Termination Rights.
Rights of termination under this Article 21 are cumulative. Circumstances that are relevant
to one Section of this Article 21, but do not entitle the Party to terminate this Agreement under
that Section, may nonetheless entitle the Party to terminate under another Section of this Article
21.
21.9 Termination/Expiration Assistance.
(a) During the Termination/Expiration Assistance Period, Vendor shall provide to ACI or, at
ACI’s request, to ACI’s designee the reasonable termination/expiration assistance requested by ACI
to allow the Services to continue without interruption or adverse effect and to facilitate the
orderly transfer of the Services to ACI or its designee (including a competitor of Vendor)
(“Termination/Expiration Assistance”).
(b) Charges for Termination/Expiration Assistance constituting continuance of the Services
covered by the Monthly Base Charges will be invoiced and paid in the same manner as prior to the
Termination/Expiration Assistance Period. Termination/Expiration Assistance Services outside the
scope of the Monthly Base Charges that require resources beyond those account resources required to
perform such in-scope Services, will be compensated on a time and materials basis at the rates set
forth in Schedule C (Charges). In the event of a termination by Vendor pursuant to
Section 21.2, ACI shall pay monthly in advance for such Termination/Expiration Assistance and any
other Services that ACI requests Vendor to provide. Notwithstanding the foregoing, Vendor agrees
that it will provide, at no additional cost to ACI, data extracts, electronic copies of all
documentation pertaining to the Services (to the extent available prior to notice of termination),
incident histories pertaining to the Services and copies of knowledge databases specific to ACI
that are prepared by Vendor in connection with the Services.
(c) Termination/Expiration Assistance shall include the following, provided,
Termination/Expiration Assistance can be performed without unreasonably interfering with the
Vendor’s ability to perform the Services (unless the ACI provides Vendor in advance with the
appropriate written relief from any Service or Service Level commitments or reprioritizes the
Services):
Confidential
Master Services Agreement
Page 67
Execution Copy
(i) Vendor shall provide all reasonable information and assistance necessary to permit the
smooth transition of Services and functions being performed by Vendor or its subcontractors to ACI
or to ACI’s designee; provided, however, that if any of such information is to be disclosed to
ACI’s designee, such designee must first execute Schedule M (Vendor Confidentiality
Agreement) prior to receiving such information;
(ii) ACI or its designee shall be permitted to undertake, without interference from Vendor or
Vendor subcontractors, to hire any Vendor Personnel primarily performing the Services as of the
date of notice of termination, or, in the case of expiration, within the six (6) month period
prior to expiration. Vendor shall waive, and shall cause its subcontractors to waive, their
rights, if any, under contracts with such personnel restricting the ability of such personnel to be
recruited or hired by ACI or ACI’s designee. ACI or its designee shall have reasonable access to
such personnel for interviews and recruitment and Vendor and its subcontractors shall not interfere
with any such hiring efforts;
(iii) except where the Parties have agreed otherwise in writing with respect to a specific
circumstance:
(A) Vendor shall provide ACI will all licenses, sublicenses, and other rights to use any
Software to which ACI is entitled pursuant to this Agreement;
(B) Vendor shall (1) obtain any Required Consents pursuant to Section 6.7 from third parties
and thereafter assign to ACI or its designee leases for the Equipment that was necessary as of the
date of termination or expiration of this Agreement primarily for providing the Services to the
extent permitted by such leases, and ACI shall assume the obligations under such leases that relate
to periods after such date or buy out the remainder of such lease; and (2) sell to ACI or its
designee, at fair market value, all of the Equipment owned by Vendor that, as of the date of
termination/expiration of this Agreement, was primarily used for providing the Services; and (3) to
the extent assignable, assign to ACI, and ACI shall have and be entitled to, the benefits of any
manufacturers’ warranties and indemnities issued with any Equipment sold (or leases to Equipment
assigned) to ACI under this subsection 21.9(c)(iii)(B). Vendor shall also provide all user and
other documentation relevant to such Equipment which is in Vendor’s possession. ACI shall assume
responsibility under any maintenance agreements for such Equipment to the extent such
responsibilities relate to periods after the date of termination or expiration of this Agreement;
and
(C) Vendor shall obtain any necessary rights and thereafter make available to ACI or its
designee, pursuant to reasonable terms and conditions, any third-party services then being utilized
by Vendor in the performance of the Services including services being provided through third-party
service or maintenance contracts on Equipment and Software. To the extent Vendor has prepaid for
third party services, the benefit of which shall be received by ACI after the effective date of
termination or expiration of this Agreement, ACI shall reimburse Vendor for the portion of
prepayment amount attributable to ACI after such date. Vendor shall be entitled to retain the
right to utilize any such third-party services in connection with the performance of services for
any other Vendor customer; and
(iv) Vendor shall, within the first thirty (30) days of the Termination/Expiration Assistance
Period, begin to provide and thereafter promptly provide capacity planning, consulting services,
facilities planning, telecommunications planning, Software configuration, reviewing all System
Software with a new service provider, generating machine readable/listings of source code to which
ACI is otherwise entitled pursuant to this Agreement, uploading production databases, providing
parallel processing, providing application software maintenance and support, providing testing
services, and providing Equipment where practical; provided that such services are provided by the
then assigned Vendor Personnel.
Confidential
Master Services Agreement
Page 68
Execution Copy
(d) “Termination/Expiration Assistance Period” means the period beginning (i) as
applicable, upon ACI’s notice of termination, ACI’s notice of non-renewal, or six (6) months before
the expiration of, this Agreement, or upon notice of termination of the applicable Service Tower,
and ending (ii) at a time designated by ACI, which may not be later than eighteen (18) months after
the expiration of the Agreement.
(e) As reasonably requested by ACI, Vendor shall provide Termination/Expiration Assistance for
any Services that ACI reduces or terminates, or otherwise withdrawals from Vendor’s scope, under
this Agreement.
(f) If Vendor has incorporated ACI’s Network into a Vendor proprietary telecommunications
Network, or has incorporated proprietary Software, Equipment or other materials into ACI’s Network,
then, at ACI’s request, Vendor will provide up to two (2) years’ continued Network services at the
then current contract rates for such service.
21.10 Bid Assistance.
In the process of evaluating whether to undertake or allow termination/expiration or renewal
of this Agreement, ACI may consider obtaining, or determine to obtain, offers for performance of
services similar to the Services following termination or expiration of this Agreement. As and
when reasonably requested by ACI for use in such a process, Vendor shall provide to ACI such
information and other cooperation regarding performance of the Services as would be reasonably
necessary for a third party to prepare an informed, non-qualified offer for such services, and for
a third party not to be disadvantaged compared to Vendor if Vendor were to be invited by ACI to
submit a proposal. The types of information and level of cooperation to be provided by Vendor
shall be no less than those initially provided by ACI to Vendor prior to commencement of this
Agreement. Vendor’s support in this respect shall include providing information regarding
Equipment, Software, staffing and other matters that Vendor would otherwise provide as part of
Termination/Expiration Assistance. Subject to Section 3.5, Vendor shall provide such support at no
additional charge.
21.11 Equitable Remedies.
The Parties acknowledge that, if either Party breaches (or attempts or threatens to breach) an
obligation related to confidentiality, Intellectual Property Rights, data security or to provide
Termination/Expiration Assistance, the other Party may be irreparably harmed. In such a
circumstance, the non-breaching Party may proceed directly to court. Nothing contained in this
Section 21.11 shall be deemed to prevent a court from imposing substantive provisions or
requirements, such as requiring payment for services rendered.
21.12 Charge Adjustment.
Unless otherwise expressly set forth herein, if ACI chooses to terminate this Agreement in
part, the Charges payable under this Agreement shall be equitably reduced to reflect those Services
which are terminated.
22. COMPLIANCE WITH LAWS
22.1 Compliance with Laws and Regulations Generally.
(a) Each Party shall perform its obligations in a manner that complies with all Applicable
Laws that apply to the Parties’ businesses or, in Vendor’s case, those which also directly impact
the
Confidential
Master Services Agreement
Page 69
Execution Copy
performance and use by ACI of the Services (including identifying and procuring required
certificates, approvals and inspections). If a claim of non-compliance is made against a Party
related to any Applicable Laws, the Party against which the claim is made shall promptly notify the
other Party of such charges in writing.
(b) Without limitation to the above, Vendor warrants that it shall comply with those laws that
are applicable to Vendor or Vendor’s performance of the Services as a provider of information
technology services, including IT Laws, Privacy Laws, U.S. Foreign Corrupt Practices Act, data
protection laws, rules and regulations, in connection with the Services and otherwise under this
Agreement, including Schedule A (Statement of Work) (together Applicable Laws for which
Vendor is responsible under Section 22.1(a), “Vendor Laws”).
(c) Vendor and ACI will work together to identify the effect of changes in Applicable Laws on
the provision and receipt of the Services and will promptly discuss the Changes to the Services, if
any, required to comply with all Applicable Laws. Vendor will provide all support reasonably
required by ACI to comply with Applicable Law, and ACI’s internal audit requirements, which may be
more stringent than those imposed by Applicable Law. “ACI Laws” means all laws (i)
applicable to ACI’s operation of its business activities or (ii) applicable to corporations
generally (i.e., environmental laws) as they may relate to ACI. If there is a change to Vendor
Laws or ACI Laws or other Applicable Laws during the Term, and such change impacts the provision
of, or ACI’s receipt of the Services, Vendor will work with ACI to determine the appropriate Change
in the Services. Any such Change (i) in Vendor Laws increasing the cost of Vendor’s performance of
its obligations will be implemented at Vendor’s sole expense and will not impact the Charges paid
by ACI under this Agreement and (ii) in other Applicable Laws increasing the cost of Vendor’s
performance of its obligations will be implemented at ACI’s request subject to ACI’s payment of
such additional Charges as determined to be payable under the Change Control Procedure. Vendor
will be responsible for any fines and/or penalties incurred by ACI arising from Vendor’s
noncompliance with Vendor Laws, and ACI will be responsible for any fines and/or penalties incurred
by Vendor arising from ACI’s noncompliance with ACI Laws.
22.2 Liens.
(a) Vendor hereby waives and forever releases ACI and its Affiliates and their real and
personal property (whether owned or leased) from any past, present or future lien notices, lien
claims, liens, encumbrances, security interests or other lien rights of any kind based, in whole or
in part, on any Services provided of under this Agreement except for any judgment liens obtained by
Vendor against ACI in a court of competent jurisdiction. Vendor shall obtain and provide to ACI
similar waivers from all of Vendor’s subcontractors and suppliers. Nothing in this Section 22.2
shall apply to, or in any way be deemed to encumber, any of the rights Vendor and its
subcontractors have in their own tangible personal and intellectual property, nor act as a release
of the underlying debt, if any.
(b) Except for any judgment liens obtained by Vendor against ACI in a court of competent
jurisdiction, if any lien claims or liens are filed against ACI or its Affiliates or its or their
real or personal property (whether owned or leased) by any of Vendor’s subcontractors or suppliers
at any tier, which are based on any work, Services, materials or Equipment provided or to be
provided hereunder, then at no cost or expense to ACI, Vendor shall take actions which may be
necessary to resolve and discharge as of record any lien claims or liens, including paying the
claimant if necessary. If Vendor fails to take such actions in a timely manner, without waiving
the breach ACI may do so without notice to Vendor and Vendor shall be responsible for all costs
(including attorney’s fees) incurred by ACI in connection therewith.
Confidential
Master Services Agreement
Page 70
Execution Copy
Notwithstanding anything to the contrary set forth in this Agreement, at all times during the
Term and continuing thereafter until the completion of the audit of ACI’s financial statements for
the fiscal year during which this Agreement expires or is terminated, as directed by ACI, Vendor
shall, and shall cause each of its Affiliates to:
(a) maintain in effect and comply with the controls, operations and systems reflected in
Schedule A (Statement of Work). Any Changes in the Services from the Effective Date which
ACI would require (as ACI may determine) to comply with SOX and Section 404 thereunder shall be
subject to the Change Control Procedure;
(b) Comply with the audit and reporting obligations set forth in Article 11;
(c) Promptly cooperate with ACI and its auditors in any other way that ACI and/or its auditors
may reasonably request in order to: (i) enable ACI to comply with, and ACI and its auditors to
evaluate whether ACI complies with the SOX as it relates to the Services; and (ii) ACI’s auditors
to provide the Auditor Attestation; and
(d) generally cooperate with ACI and its auditors in any other way that ACI and/or its
auditors may reasonably request in order to enable: (i) ACI to comply with, and ACI and its
auditors to evaluate whether ACI complies with the SOX as it relates to the Services; and (ii)
ACI’s auditors to provide the Auditor Attestation.
22.4 International Considerations.
If Vendor provides Services from outside of the United States, without limiting any of
Vendor’s other obligations set forth in this Agreement and notwithstanding anything to the contrary
contained in this Agreement:
(a) Vendor shall be responsible for compliance with all Applicable Laws governing the Services
in the location from which the Services will be provided and shall be responsible for compliance
with United States export laws and import laws of the location from which Services will be
performed;
(b) to the extent that the responsibilities of ACI pertaining to the Services provided
hereunder are modified by new or modified ACI Laws (and not to Applicable Laws that apply to Vendor
as service provider) Vendor shall modify its performance of the Services, to the extent directed by
ACI, as necessary for ACI to comply with such ACI Laws, as so modified or added; and
(c) implementation of the foregoing Services (described in Sections 22.4(a) and 22.4(b)) shall
be subject to the Change Control Procedure and may give rise to a Project, as appropriate, and may
(in the case new or modified laws arising under Section 22.4(b)) result in additional Charges to
ACI and may (in the case new or modified laws arising under Section 22.4(b)) draw on any “pool” of
hours or other allocation of Services included in the Charges.
22.5 Privacy Laws.
Without limitation to the provisions of Article 15 and subject to Section 22.4:
(a) Vendor shall comply, as to its performance of the Services, with all Applicable Laws that
apply to Vendor as a provider of Services under this Agreement, and as otherwise provided in this
Agreement. Subject to the foregoing, with respect to Applicable Laws relating to the confidential
information and privacy rights and obligations of ACI to its Affiliates, and/or their customers and
Confidential
Master Services Agreement
Page 71
Execution Copy
consumers, including Title V of the Xxxxx-Xxxxx-Xxxxxx Act, 15 USC §6801 et. seq. and the
Economic Espionage Act, 18 USC §1831 et. seq., it shall be the obligation of ACI to assure
compliance to the extent that any action of ACI that is required for compliance is not included as
an express part of the Services described in Schedule A (Statement of Work). Vendor may
receive any Personally Identifiable Information. Subject to the foregoing, but notwithstanding any
provisions in this Agreement to the contrary, the Parties agree that, if ACI has certain
requirements as to its business as a result of such regulated status and Applicable Laws, including
Privacy Laws or Privacy Rules, compliance shall be and remain the responsibility of ACI, and the
responsibility of Vendor shall be to perform any acts or actions in support of such compliance by
ACI as are expressly specified in Schedule A (Statement of Work).
(b) Vendor shall comply with any other Applicable Laws relating to privacy not referred to
directly or indirectly in Section 22.5(a) to the extent such laws are applicable to Vendor as a
provider of information technology services.
(c) For purposes of this Agreement the term “Data Owner” shall mean the Party having
ownership of the data and, as a result, the authority to direct the purposes for which any item of
data is processed or used, and the term “Service Provider” shall mean the Party providing
services to the Data Owner, including the processing of the data on behalf and upon instruction of
the Data Owner. ACI will be and remain the Data Owner of the ACI Data for purposes of this
Agreement and all Applicable Laws relating to data privacy, personal data, transborder data flow
and data protection, with rights under such laws and under this Agreement to determine the purposes
for which the ACI Data is processed. As Data Owner, ACI is directing Vendor to process the ACI
Data in accordance with the terms of this Agreement and is consenting to Vendor’s access to the ACI
Data solely for such purpose. Vendor agrees to process the ACI Data in accordance with the terms
of this Agreement and, in doing so Vendor will be and remain the Service Provider under this
Agreement, in addition to complying with its contractual obligations hereunder, and will comply
with all responsibilities of a Service Provider under Applicable Law as of the Effective Date. To
the extent that such responsibilities of a Service Provider are subsequently modified by new or
modified Applicable Laws applying to Vendor in its capacity as a provider of service, such new or
modified responsibilities will be considered to be a part of the Services to be provided by Vendor
under this Agreement. To the extent that such responsibilities of a Service Provider are
subsequently modified by new or modified Applicable Laws applying to the Data Owner and not to the
Service Provider in its capacity as a provider of services, Vendor shall perform Services, to the
extent directed by Data Owner, as necessary for Data Owner to comply with such Applicable Laws, as
so modified or added, but such activities will be subject to the Change Control Procedure.
23. GENERAL
23.1 Binding Nature and Assignment.
This Agreement shall be binding on the Parties and their respective permitted successors and
assigns. Neither Party may, or shall have the power to, assign this Agreement without the prior
written consent of the other Party, except that ACI may assign its rights and obligations under
this Agreement without the approval of Vendor to (a) an entity that acquires all or substantially
all of the assets of ACI’s line of business to which the Services relate; (b) any ACI Affiliate; or
(c) the successor in a merger or acquisition of ACI; provided that, (i) the assignee assumes and
agrees in writing to be bound by the obligations set forth in this Agreement, (ii) is not a Vendor
Competitor and (iii) has a credit rating equal to or higher than ACI. Vendor may without approval
from ACI elect to assign to a third party the right to receive payment for the performance of the
Services. Any Party assigning its rights or obligations to an Affiliate in accordance with this
Agreement shall, within ten (10) Business Days after such assignment, provide notice thereof to the
other Party together with a copy any relevant provisions of the assignment document. Subject to
the foregoing, any assignment by operation of law, order of any court, or pursuant
Confidential
Master Services Agreement
Page 72
Execution Copy
to any plan of merger, consolidation or liquidation, shall be deemed an assignment for which
prior consent is required and any assignment made without such consent shall be void and of no
effect as between the Parties.
23.2 Mutually Negotiated.
Each Party acknowledges that the limitations and exclusions contained in this Agreement have
been the subject of active and complete negotiation between the Parties and represent the Parties’
agreement based upon the level of risk to ACI and Vendor associated with their respective
obligations under this Agreement and the payments to be made to Vendor and credits to be issued to
ACI pursuant to this Agreement. The Parties agree that the terms and conditions of this Agreement
(including any perceived ambiguity in this Agreement) shall not be construed in favor for or
against any Party by reason of the extent to which any Party or its professional advisors
participated in the preparation of the original or any further drafts of this Agreement as each
Party has been represented by counsel in its negotiation of this Agreement and it represents their
mutual efforts.
23.3 Joint Verification
During the ninety (90) day period after the final Service Tower Commencement Date (the
“Joint Verification Period”), ACI and Vendor may inventory and validate any information
that is reflected in or omitted from the Agreement which is based on the information provided by
ACI, such as the Third Party Contracts (including leases, and licenses). If, during such Joint
Verification Period, ACI or Vendor discovers inaccuracies in such information contained in the
Agreement or inaccuracies because of an omission from the Agreement pertaining to such information,
Vendor and ACI will amend the Agreement to provide for an equitable adjustment to the Charges,
Baselines, Service Levels and other terms of the Agreement affected by such inaccuracies. If ACI
or Vendor disputes the inaccuracy or the equitable adjustment, ACI and Vendor will submit the
matter to in accordance with Section 20.1.
23.4 Notices.
All notices, requests, demands and determinations under this Agreement (other than routine
operational communications), shall be in writing and shall be deemed duly given: (a) when delivered
by hand, (b) on the designated day of delivery after being timely given to an express overnight
courier with a reliable system for tracking delivery, (c) when sent by confirmed facsimile or
electronic mail with a copy sent by another means specified in this Section 23.3, or (d) six (6)
days after the day of mailing, when mailed by United States mail, registered or certified mail,
return receipt requested and postage prepaid, and addressed as follows:
|
|
|
In the case of ACI:
|
|
with copies to: |
|
|
|
|
|
ACI Worldwide, Inc. |
Attention: Chief Administrative Officer
|
|
Attention: General Counsel |
000 Xxxxxxxx, Xxxxx 0000
|
|
0000 Xxxxxxxx Xxxxx |
Xxx Xxxx, XX 00000
|
|
Xxxxx, XX 00000 |
|
|
|
In the case of Vendor to:
|
|
with copies to: |
|
|
|
International Business Machines Corporation
|
|
International Business Machines Corporation |
Attention: Vendor Project Executive
|
|
Office of Associate General Counsel |
0000 Xxxx Xxxxxx
|
|
MD4202, Route 000 |
Xxxxxx Xxxxx, XX 00000
|
|
Xxxxxx, XX 00000 |
Confidential
Master Services Agreement
Page 73
Execution Copy
A Party may from time to time change its address or designee for notification purposes by giving
the other prior written notice of the new address or designee and the date upon which it will
become effective. Because facsimile numbers and email addresses may change over time and facsimile
transmissions and emails may not be treated with the same degree of seriousness as more formal
communications, notices given by facsimile or email shall only be deemed effective if responded to
by the intended recipient (or his or her successor).
23.5 Counterparts.
This Agreement may be executed in several counterparts, all of which taken together shall
constitute but one single agreement between the Parties.
23.6 Headings.
The section headings and the table of contents used in this Agreement are for reference and
convenience only and shall not enter into the interpretation of this Agreement.
23.7 Relationship of Parties.
The Parties are acting as independent contractors. Each Party has the sole right and
obligation to supervise, manage, contract, direct, procure, perform or cause to be performed, all
work to be performed by it under this Agreement. No contract of agency and no joint venture is
intended to be created hereby. Neither Party is an agent of the other and has no authority to
represent the other Party as to any matters, except as expressly authorized in this Agreement.
None of either Party’s employees shall be deemed employees of the other and ACI and Vendor shall be
responsible for reporting and payment of all wages, unemployment, social security and other payroll
taxes, including contributions from them when required by law for their respective employees.
Neither Party shall have actual, potential or any other control over the other Party or its
employees.
23.8 Severability.
If any provision of this Agreement conflicts with the law under which this Agreement is to be
construed or if any such provision is held invalid by a competent authority, such provision shall
be deemed to be restated to reflect as nearly as possible the original intentions of the Parties in
accordance with Applicable Law. The remainder of this Agreement shall remain in full force and
effect.
23.9 Consents and Approvals.
Where approval, acceptance, consent or similar action by either Party is required under this
Agreement, all such consents and approvals will be in writing and shall not be unreasonably delayed
or, except where expressly provided as being in the discretion of a Party, withheld. Each Party
shall, at the request of the other Party, perform those actions, including executing additional
documents and instruments, reasonably necessary to give full effect to the terms of this Agreement.
23.10 Waiver of Default.
A delay or omission by either Party in any one or more instances to exercise any right or
power under this Agreement shall not be construed to be a waiver thereof. A waiver by either of
the Parties of any of the covenants to be performed by the other or any breach thereof shall not be
construed to be a
Confidential
Master Services Agreement
Page 74
Execution Copy
waiver of any succeeding breach thereof or of any other representation, warranty or covenant
contained herein.
23.11 Cumulative Remedies.
Except as otherwise expressly provided in this Agreement, no remedy provided for in this
Agreement shall be exclusive of any other remedy and all remedies shall be cumulative and in
addition to and not in lieu of any other remedies available to either Party at law or in equity.
23.12 Survival.
Sections 1.2, 2, 3.12, 5.3(g), 7, 11.2, 11.5, 11.6, 13.4, 14.2, 14.3, 14.5, 14.6, 14.7, 14.8,
15.1 through 15.4, 16.6, 16.8, 16.12, 16.14, 16.15, 18, 19.1 through 19.4, 20, 21.8, 21.9, 21.10,
21.11 and this Section 23 (except Section 23.3) and any other provision that by its terms is
intended to survive termination or expiration of this Agreement, shall survive any expiration or
termination of this Agreement.
23.13 Public Disclosures.
All media releases, public announcements and public disclosures by either Party relating to
this Agreement or the subject matter of this Agreement, including promotional or marketing
material, but not including announcements intended solely for internal distribution or disclosures
to the extent required to meet legal or regulatory requirements beyond the reasonable control of
the disclosing Party, shall be coordinated with and approved by the other Party in writing prior to
release, and be subject to Section 23.13 below.
23.14 Use of Name.
Each Party agrees that it will not directly or indirectly, without the prior written consent
of the other’s corporate communications department, use for the purposes of advertising, promotion
or publicity or otherwise, the name of the other Party or any of its divisions, subsidiaries or
Affiliates, or any trademarks, trade names, service marks, symbols or any abbreviation or
permutation thereof, of or associated with the other Party or of any of its divisions, subsidiaries
or Affiliates.
23.15 365(n).
All licenses granted under or pursuant to this Agreement by Vendor to ACI and ACI Affiliates
are, and shall otherwise be deemed to be, for purposes of Section 365(n) of the United States
Bankruptcy Code (the “Code”), licenses to rights to “intellectual property” as defined in
the Code. ACI and ACI Affiliates, as licensee of such rights under this Agreement, shall retain
and may fully exercise all of its rights and elections under the Code. In the event of the
commencement of bankruptcy proceedings by or against Vendor under the Code, ACI and ACI Affiliates
shall be entitled to retain all of its rights under the licenses granted hereunder.
23.16 Third Party Beneficiaries.
This Agreement is entered into solely between, and may be enforced only by, ACI and Vendor,
and this Agreement shall not be deemed to create any rights in third parties, including suppliers
and customers of a Party, or to create any obligations of a Party to any such third parties.
23.17 |
|
Covenant of Good Faith. |
Confidential
Master Services Agreement
Page 75
Execution Copy
Each Party in its respective dealings with the other Party under or in connection with this
Agreement, shall act reasonably and in good faith.
23.18 Non-Solicitation.
Except as contemplated under Section 5.2 and Section 21.9(c)(ii), during the Term and for a
period of one (1) year thereafter, neither Party will solicit or hire any individual while that
individual is an employee or dedicated consultant of the other Party and involved in the provision
or management or receipt of the Services. This Section 23.17 will not restrict the right of either
Party to solicit or recruit generally in the media or prohibit either Party from hiring an employee
of the other who answers any advertisement or who otherwise voluntarily applies for hire by the
hiring Party, provided that the hiring Party has not taken any action to intentionally solicit or
recruit such employee of the other prior to such employee answering such advertisement or
voluntarily applying.
23.19 Order of Precedent.
If there is a conflict among the terms in the various documents within this Agreement to the
extent the conflicting provisions can reasonably be interpreted so that such provisions are
consistent with each other, such consistent interpretation will prevail. To the extent that
consistent interpretations cannot reasonably be derived, then (a) this Agreement (exclusive of its
Schedules) will prevail over a conflicting term in its Schedules, (b) a Schedule (exclusive of its
Exhibits) will prevail over a conflicting term in the Exhibits to such Schedule and an Exhibit
(exclusive of its Attachments) will prevail over a conflicting term in the Attachments to such
Exhibit.
23.20 Entire Agreement; Amendment.
This Agreement, including any Schedules and Exhibits referred to in this Agreement and
attached to this Agreement, each of which is incorporated in this Agreement for all purposes,
constitutes the entire agreement between the Parties with respect to the subject matter contained
in this Agreement and supersedes all prior agreements, whether written or oral, with respect to
such subject matter. Neither the course of dealings between the Parties nor trade practices shall
act to modify, vary, supplement, explain or amend this Agreement. If either Party issues any
purchase order, terms or conditions, or other form, it shall be deemed solely for the
administrative convenience of that Party and not binding on the other Party, even if acknowledged
or acted upon. No change, waiver or discharge hereof shall be valid unless in writing and signed
by an authorized representative of the Party against which such change, waiver or discharge is
sought to be enforced. There are no promises, representations, warrantees or other commitments
relied upon by either Party which are not expressly set forth in this Agreement.
[Signature Page to Follow]
Confidential
Master Services Agreement
Page 76
Execution Copy
IN WITNESS WHEREOF, the Parties have each caused this Master Services Agreement to be signed
and delivered by its duly authorized officer as of the Effective Date.
|
|
|
|
|
|
|
INTERNATIONAL BUSINESS MACHINES
CORPORATION |
|
ACI WORLDWIDE, INC. |
|
|
|
|
|
|
|
By:
|
|
/s/ Xxxxxx X. Xxxxxxx
|
|
By:
|
|
/s/ Xxxxx X. Xxxxx |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Name:
|
|
Xxxxxx X. Xxxxxxx
|
|
Name:
|
|
Xxxxx X. Xxxxx |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Title:
|
|
Director of Services- GTS
|
|
Title:
|
|
SVP, Global Business Operations |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Date:
|
|
March 17, 2008
|
|
Date:
|
|
March 17, 2008 |
|
|
|
|
|
|
|
Confidential
Master Services Agreement
Page 77
SCHEDULE A
STATEMENT OF WORK
1.0 |
|
INTRODUCTION |
|
|
|
The following documents comprise the entire Statement of Work (SOW) in the Agreement; |
|
1. |
|
Exhibit A-1 — Delivery Management Services (Cross Functional) |
|
1.1. |
|
Attachment A-1 — Services Definitions |
|
2. |
|
Exhibit A-2 — Asset Services |
|
|
3. |
|
Exhibit A-3 — Service Desk Services |
|
|
4. |
|
Exhibit A-4 — End User Services |
|
|
5. |
|
Exhibit A-5 — Server Systems Management Services (including Mainframe) |
|
|
6. |
|
Exhibit A-6 — Storage Management Services |
|
|
7. |
|
Exhibit A-7 — Data Network Services |
|
|
8. |
|
Exhibit A-8 — Enterprise Security Management Services |
|
|
9. |
|
Exhibit A-9 — Disaster Recovery and Business Continuity Services |
Confidential
Schedule A — Statement of Work
Page 1 of 1
Execution Copy
EXHIBIT A-1
DELIVERY MANAGEMENT SERVICES (CROSS FUNCTIONAL)
This Exhibit describes the duties and responsibilities of Vendor and ACI related to
Vendor’s provision of the Services.
Requirements for New Services will be handled through the Contractual Change Control
Procedure and Vendor will work with ACI to assess the impact of these requirements on ACI’s
operating environment.
This Exhibit sets forth the Delivery Management Services that the Vendor will provide, as
of the Service Tower Commencement Date unless otherwise specified, for all Services that
affect multiple Service Towers described in this Exhibit.
ACI is working towards basing its Service Management practices on the Information
Technology Infrastructure Library (ITIL V3.0), a world’s best-practice framework for the
delivery of IT services. Accordingly, ACI requires that Vendor Service Management
practices, which are used to support the Services, also be based on the ITIL V3.0
framework.
Vendor responsibilities include the following:
|
a. |
|
Deploy a set of service support processes (ITIL V3.0-based) to enable
consistent management of process-driven IT services seamlessly across a variable
number of vendors. |
|
(1) |
|
Design processes to enable the effective monitoring and
reporting of the IT services in a multi-vendor environment through the
appropriate deployment of the relevant tools and procedures globally. |
|
(a) |
|
The deployment of tools across Vendor and third-party
vendor(s) will go through the change management process. |
|
b. |
|
Coordinate the execution of all the processes across Vendor and all
third-party vendor(s) in order that all the individual components that make up the IT
services are managed in an end-to-end manner. |
|
c. |
|
Integrate any systems supporting these processes to provide a seamless view
of Service delivery to ACI. |
2.1 |
|
Process Interface Manual |
|
a. |
|
The Process Interface Manual will: |
|
(1) |
|
Document detailed processes requiring interface between the
Vendor and ACI (for example, change management process, Problem
Management/Incident Management, Asset Management). |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 1 of 41
|
(2) |
|
Be used by Vendor to provide the Services. |
|
|
(3) |
|
Identify the process interfaces. |
|
|
(4) |
|
Describe how ACI and Vendor will interact during the Term. |
|
(5) |
|
Document all operations procedures, Services, Equipment, and
Software for which Vendor is responsible. |
|
(6) |
|
Document, using ACI-provided information Application
requirements that affect Operations, along with procedural information and
contact information for each Application. |
|
(7) |
|
Document procedures to be utilized by End Users for the
correct use of the Services, Equipment, Software, connectivity, security, and
Service Desk. |
Until such time as ACI and Vendor complete and ACI approve the Vendor Process
Interface Manual, Vendor will use ACI’s current processes and procedures existing as
of, and delivered to Vendor prior to, the Effective Date to the extent that such
processes and procedures are applicable to the new operating environment. In the
event that ACI does not have existing processes and procedures as of the Effective
Date or such processes and procedures do not apply to the new operating environment,
Vendor will document the processes and procedures for ACI’s environment existing
prior to the Effective Date as required by Vendor to perform the Services. The final
Vendor Process Interface Manual will supersede all prior processes and procedures
unless otherwise specified.
|
b. |
|
Vendor Responsibilities |
Vendor will:
|
(1) |
|
Assign an individual to be the single point of contact to ACI
for the Process Interface Manual development and maintenance. |
|
(2) |
|
Provide ACI the proposed table of contents and format for the
Process Interface Manual for ACI’s review and approval. |
|
(3) |
|
Develop and provide ACI the draft Process Interface Manual,
which will be customized by Vendor to reflect the process interfaces between
ACI and Vendor. |
|
(4) |
|
Review ACI feedback and revise the draft Process Interface
Manual to incorporate mutually agreed changes. |
|
(5) |
|
Provide the final version of the Process Interface Manual to
ACI. |
|
(6) |
|
Conduct joint annual process maturity assessments, identify
process inhibitors, and propose process improvements to ACI. |
|
(7) |
|
Jointly review the Process Interface Manual on an annual
basis or more frequently, as required, and update and maintain the Process
Interface Manual accordingly. |
|
(8) |
|
Provide appropriate Vendor employees with access to the
Process Interface Manual, as required, with electronic copies provided to ACI. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 2 of 41
ACI will:
|
(1) |
|
Assign an individual to be the single point of contact to
Vendor for the Process Interface Manual development and maintenance. |
|
(2) |
|
Review and approve the proposed table of contents and format
for the Process Interface Manual. |
|
(3) |
|
Review and provide to Vendor, in writing, ACI’s comments,
questions and proposed changes to the draft Process Interface Manual. |
|
(4) |
|
Acknowledge ACI’s receipt of the final version of the Process
Interface Manual. |
|
(5) |
|
Identify process inhibitors and propose process improvements
to Vendor, as appropriate. |
|
(6) |
|
Jointly review the Process Interface Manual on an annual
basis or more frequently, as required. |
|
(7) |
|
Provide appropriate ACI employees with access to the Process
Interface Manual, as required. |
Vendor will provide to ACI, and the Parties will mutually agree on and use, the following
processes for managing the Services. The Service Management Processes and Service Delivery
Processes, set forth below and further defined in the Process Interface Manual, will apply,
in some combination, to all the Services and will be implemented, as described in this
Exhibit.
The following Service Management Processes will be used by ACI and Vendor for managing the
Vendor Services:
Change management process is the process for planning, testing, coordinating, implementing
and monitoring changes affecting service delivery and the operating environments without
adversely impacting service delivery.
Change management will protect the production environment and its services.
|
a. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Provide development, implementation, and ongoing management
of the necessary ACI approved processes, procedures, and management discipline
necessary to fulfill the Agreement’s change management process requirements. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 3 of 41
|
(2) |
|
Communicate the change management process within Vendor’s own
organization and to each third-party vendor(s). |
|
(3) |
|
Verify that the effective execution of the change management
process, as well as an appropriate review of planned changes, takes place with
due consideration of the business and technology risk of planned changes,
taking into consideration all defined criteria (such as complexity of change,
the skill level of the individual(s) executing the change, the planned change
execution timeframe, the change slot timeframe, the back-out timeframe, and
the relevant business processing criticality). |
|
(4) |
|
With proper authorization, stop any planned changes that, in
the professional view of the person(s) performing the Services, would
compromise the continuation of Services to ACI, and act as the gatekeeper to
production, unless expressly overridden by the ACI’s Operations Manager in
accordance with the approved Change Advisory Board escalation process. |
|
(a) |
|
Assume responsibility for escalating any issues
arising from the decision to stop a planned change. |
|
(5) |
|
Manage and conduct the review of any change failures, and
provide a strong interlock between change and Incident Management and Problem
Management processes so that post-change issues can be linked to the change
activity where relevant. |
|
(6) |
|
Manage to resolution any deviation from effective change
management process, ensuring the purposeful review and closure of failed
changes. |
|
(7) |
|
Facilitate and lead information exchange between and among
Vendor and the third-party vendors in order to drive an effective end-to-end
change management process. |
|
(8) |
|
Do not make changes that (i) may adversely affect the
function or performance of, or decrease the resource efficiency of the
Services, (ii) increase ACI’s costs or fees, (iii) impact its customers or
(iv) impact the way in which ACI conducts its business or operations, without
obtaining prior ACI approval following ACI procedures. |
|
b. |
|
ACI will provide Vendor with contact information related to change management
process procedures. |
Change Management General
|
a. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Receive and record changes. |
|
|
(2) |
|
Assess the impact and risk of the proposed changes. |
|
(3) |
|
Provide and maintain compliance with ACI policies. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 4 of 41
|
(4) |
|
Perform all changes in ACI’s IT environment pertaining to the
Services, including changes to individual components and coordination of
changes across all components. |
|
(5) |
|
Make all changes in accordance with change management process
procedures approved by ACI. |
|
|
(6) |
|
Monitor and report on the change implementation. |
|
|
(7) |
|
Review and close all changes. |
|
(8) |
|
Integrate the Vendor change management process with ACI’s
change management process and systems, as well as with the third-party
vendor(s)’ change management process processes, and with where the processes
interact. Cooperate with the Service Desk and third-party vendor(s) for
changes across all applications, system components, and parties. |
|
(9) |
|
Integrate the change management process with other Service
Management processes, especially Incident Management, Problem Management,
Configuration Management, and IT Service Continuity Management. |
|
(10) |
|
Deploy workflow-based tools to automate the process of
scheduling, describing, authorizing, tracking, and reporting on changes. |
|
|
(11) |
|
Collect data on every change attempted, including: |
|
(a) |
|
The reason for change. |
|
|
(b) |
|
Detailed description of change. |
|
(c) |
|
Whether the change was successful from the
perspective of the authorized users of the system. |
|
(12) |
|
Summarize the changes made each week, and report the
information to ACI on a weekly basis. |
|
(13) |
|
Capture all ACI change data centrally, and make it available
to ACI. |
|
(14) |
|
Provide an audit trail of any and all changes to the
production environment in order to determine the change made and the
authorization to make the change. |
|
(15) |
|
Conduct post implementation reviews (PIR) on failed changes
as requested by ACI. |
|
(16) |
|
Confirm that all changes are performed to ACI’s
specifications provided to Vendor as ACI determines necessary to conform to
regulations (i.e., Sarbanes/Oxley Act) or requirements. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 5 of 41
|
(17) |
|
Work diligently to ensure that the change management process
achieves: |
|
(a) |
|
Efficient implementation of changes. |
|
|
(b) |
|
Clear accountability. |
|
|
(c) |
|
Minimization of risk. |
|
|
(d) |
|
Minimization of business disruption. |
|
|
(e) |
|
Effective coordination and communication. |
|
(1) |
|
Record changes in the change management process tool for
Applications changes. |
|
(2) |
|
Provide to Vendor the ACI specifications for conformance to
regulations as set forth in the Sarbanes/Oxley Act. |
|
(3) |
|
Conduct Post Implementation Reviews (PIR) on failed changes
as requested by ACI for Applications changes. |
|
(4) |
|
Provide lead personnel to lead, drive and respond to
Application Incidents and Problems. |
Management
|
a. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Develop and implement a standardized method and procedure for
the efficient and effective handling of all changes (an overall change
management process process), including the Change Advisory Boards (CAB) to
manage changes to the Services, subject to approval from ACI, in a way that
minimizes risk exposure and maximizes availability of the Services. |
|
(2) |
|
Coordinate change management process activities across all
functions, ACI Locations, regions, and third-party vendor(s) that provide
services to ACI. |
|
(3) |
|
Perform the function of promoting code to production
(sometimes called, “move to production”), as requested. |
|
(4) |
|
Deploy tools to automate the process of scheduling,
describing, tracking, and reporting on changes to the environment. |
|
(5) |
|
Integrate change management process processes with Tivoli
Configuration Manager. |
|
(6) |
|
Make any changes necessary to provide the Services and to
meet all required Service Levels, based on ACI-approved change management
process procedures. |
|
(7) |
|
In an emergency, gain approvals from ACI according to change
management process procedures. |
|
(8) |
|
Designate and maintain clear ownership for individual changes
throughout the process. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 6 of 41
|
b. |
|
ACI will manage the control of the Application production libraries. |
Process and Procedures
|
a. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Document the change management process and procedures in
accordance with the requirements in the Process Interface Manual and as stated
in the Exhibit. |
|
(2) |
|
On a weekly basis, participate in change management process
meetings with ACI’s change manager or designee. |
|
(3) |
|
Submit proposed changes, based on the impact and risk
associated with a change, with non-emergency changes submitted, on average 2
weeks in advance to ACI. At a minimum, each submitted proposed change will
include: |
|
(a) |
|
A description of the change. |
|
(b) |
|
The purpose and justification for the change,
including any corresponding service request, or Incident, or Problem
identifiers. |
|
(c) |
|
A list of Service(s), internal or external
customer(s), and third-party vendor(s) potentially affected by the change. |
|
(d) |
|
The proposed schedule, including implementation
date(s) and approximate time(s) for determination of any existing conflict
with business events. |
|
|
(e) |
|
The proposed implementation procedures. |
|
|
(f) |
|
A rating of the potential risk, business impact,
and/or complexity of the change. |
|
(g) |
|
Where a proposed change represents a potentially high
risk or high impact to ACI’s operations or business, or at the request of
ACI, Vendor will also: |
|
(i) |
|
Include a comprehensive end-to-end test
plan (including clear change acceptance criteria), notification and
escalation lists, and work-around plans. |
|
(ii) |
|
Include a comprehensive contingency plan,
including a back-out plan and procedures (with specific criteria to
initiate the execution of the back-out plan). |
|
(4) |
|
Verify, with ACI’s change manager, compliance with ACI
policies. |
|
(5) |
|
Review proposed changes and schedules with ACI, and obtain
all necessary approvals for proposed changes. |
|
(6) |
|
Coordinate with ACI all affected third parties and designated
representatives at Locations potentially affected by a change in order to
minimize disruption of normal business processes. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 7 of 41
|
(7) |
|
Manage system changes and activities required by moves,
upgrades, replacements, and migrations for those changes originating from a
responsibility of Vendor. |
|
(8) |
|
Include rollout, testing, and roll-back plans for every
request for change. |
|
(9) |
|
Provide information to ACI in accordance with ACI’s change
management process on the outcome of any Request for change and the updated
status after each change is implemented. |
|
(10) |
|
Update all operational and other documentation affected by
the change. |
|
(11) |
|
Report the status of scheduled changes, including maintaining
a comprehensive list of projects and dates. |
|
(12) |
|
Collect data on every change attempted, which includes the
following: |
|
(a) |
|
Include the cause of any Incidents, measures taken to
prevent recurrence, and whether the change was successful from the
perspective of the End User or Third Party affected by the change. |
|
(b) |
|
Summarize and report this data to ACI on a weekly
basis. |
|
(13) |
|
Provide an audit trail of any and all changes to all
environments, which should include a record of the change made and the
authorization to make the change. |
|
(14) |
|
Conduct Post Implementation Reviews (PIR) on failed changes,
if requested by ACI. |
|
(15) |
|
Provide ACI with the ability to pre-approve certain types of
routine operational changes (Standard Changes). Such approvals shall be
documented in the Process Interface Manual. |
|
(16) |
|
Assist ACI in developing test plans and contingency plans for
Application changes. |
|
b. |
|
For Application changes, ACI will: |
|
(1) |
|
Include a comprehensive end-to-end test plan (including clear
change acceptance criteria), notification and escalation lists, and
work-around plans. |
|
(2) |
|
Include a comprehensive contingency plan, including a
back-out plan and procedures (with specific criteria to initiate the execution
of the back-out plan). |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 8 of 41
Maintenance Periods
|
a. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Perform routine maintenance during regular periods scheduled
in advance and approved by ACI. |
|
(2) |
|
Validate that systems will be unavailable during maintenance
windows only to the extent necessary for systems maintenance purposes. |
|
(3) |
|
Provide at least thirty (30) days prior notice to ACI of the
maintenance to be performed during scheduled maintenance windows. |
|
(a) |
|
Change scheduled maintenance windows at ACI’s request
and upon reasonable notice. |
|
(4) |
|
Schedule Outages for maintenance, expansions, and
modifications during hours that meet ACI’s business needs and external
contractual obligations. |
|
(a) |
|
Allow ACI, at any time at its discretion, to specify
“freeze” periods during which Vendor will not make any changes. |
|
(5) |
|
If there is a need for emergency systems maintenance, provide
ACI with as much notice as reasonably practicable (ACI has the final change
authorization), and perform such maintenance so as to minimize interference
with the business and operational needs of ACI. |
|
(6) |
|
Fully test changes to the IT environment and resolve faults,
if possible, prior to production startup, including inter-operability testing. |
Change Management Reporting
|
b. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Create and maintain a Forward Schedule of change (FSC) of
upcoming releases and changes as part of ACI’s change management process
process. |
|
|
(2) |
|
Provide monthly reports in a format agreed with ACI. |
|
(3) |
|
Provide a weekly report in a format agreed with ACI that, at
a minimum, includes: |
|
(a) |
|
The status of all changes active at the beginning of
the week and all changes raised during the week. |
|
|
(b) |
|
The changes to be implemented the following week. |
|
|
(c) |
|
The changes submitted for approval. |
|
(4) |
|
Participate in or lead regularly scheduled change meetings
with ACI and third-party vendor(s). |
|
(5) |
|
Review proposed changes and schedules through a formal
walk-through process with ACI and third-party vendor(s), and obtain all
necessary approvals for proposed changes. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 9 of 41
2.2.2 |
|
Escalation Management |
Escalation Management is the process for escalating and resolving issues associated with
requests (for example, change requests, incident resolution requests, problem resolutions).
|
a. |
|
Vendor responsibilities include: |
|
(1) |
|
Escalate unresolved Incidents, problems and requests
according to procedures approved by ACI, and automatically prioritize
high-impact Applications, Software and Equipment so that, when outages occur,
they are treated with the highest priority. |
|
(2) |
|
Define, with ACI, and obtain ACI approval on Escalation
procedures that reflect and describe: |
|
(a) |
|
The Severity Level of the Incident. |
|
(b) |
|
The Location of the Incident and the name and/or
number of affected End User. |
|
(c) |
|
The elapsed time before a Incident is escalated to
the next higher Severity Level. |
|
(d) |
|
The levels of involvement (and notification) of
Vendor management and ACI management at each Severity Level. |
|
b. |
|
ACI will provide Vendor with definition of high-impact Applications, Software
and Equipment. |
|
c. |
|
Vendor will provide a process for escalating to ACI, or the Vendor
management, Incidents not resolved in the time frames appropriate to the severity of
the Incident and the priority of the user. |
The Vendor responsibilities include the following:
|
(1) |
|
Escalate unresolved Incidents according to procedures
approved by ACI, and automatically prioritize high-impact Applications,
Software, and Equipment, such that they are treated with the highest priority. |
|
(2) |
|
Implement escalation procedures that reflect and describe the
following items: |
|
(a) |
|
Severity Level of the Incident. |
|
(b) |
|
Location of the Incident and the name and/or number
of affected internal or external customers. |
|
(c) |
|
Elapsed time before an Incident is escalated to the
next higher Severity Level. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 10 of 41
|
(d) |
|
The levels of involvement (and notification) of
Vendor management and ACI management at each Severity Level. |
|
(e) |
|
Investigative and diagnostic activities to identify
workarounds for each Incident. |
|
(f) |
|
Incident resolution activities to restore normal
service in compliance with the Service Levels. |
|
(g) |
|
Ability to resolve Incidents by matching Incidents to
known errors that are stored in a known error database. |
|
(h) |
|
Ability to resolve Incidents by implementing
workarounds that are stored in a knowledge base. |
|
(i) |
|
Escalation process used to escalate Incidents to
appropriate support teams when necessary. |
|
(j) |
|
Escalation process used to escalate Incidents to
Vendor and/or ACI’s management team. |
|
(k) |
|
Ability to generate change requests where necessary
for the implementation of workarounds. |
|
(l) |
|
Ability to record all information on the details of
the Incident and the corrective action for later statistical analysis. |
|
(3) |
|
Create an audit trail of all activity that creates, changes,
or deletes data and user access to systems that contain ACI data. |
2.2.3 |
|
Incident Management |
|
|
|
Incident Management is the process for minimizing the impact of Incidents affecting the
availability of the Services and the timely recovery of service delivery, which is
accomplished through analysis, tracking, and prevention of Incidents. |
|
|
|
General |
|
a. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Provide an Incident Management process that will restore
service operation as quickly as possible with minimum disruption to the
business, thus enabling the best achievable levels of availability and service
quality to be maintained to promote internal or external customer
satisfaction. |
|
(2) |
|
Manage the effective execution of Incident Management to
achieve its primary purpose to restore service as quickly as possible with
minimal business impact. |
|
(3) |
|
Implement an Incident Management process that is flexible and
facilitates effective communication and coordination across functions, ACI
Locations, regions and third-party vendor(s). |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 11 of 41
|
(4) |
|
Integrate the Vendor Incident Management process with the
other Service Management processes, especially Problem Management,
Configuration Management, and change management process. |
|
(5) |
|
Validate that the Incident Management process provides an
audit trail. |
|
(a) |
|
It is essential that detailed audit information be
recorded of all activity that creates, changes, or deletes data and user
access to systems that contain ACI data. |
|
(b) |
|
Audit information should be comprehensive spanning
multiple applications, systems components, or parties, if applicable. |
|
(6) |
|
Vendor will communicate the Incident Management process to
the Vendor organization, ACI, and each third-party vendor(s) involved in the
delivery of IT services. |
|
(7) |
|
Facilitate and lead information exchange between and among
Vendor, ACI, and/or third-party vendor(s) to improve end-to-end Incident
Management. |
|
(8) |
|
Develop and document processes regarding interfaces,
interaction, and responsibilities between Level 1 support personnel, Level 2
support personnel, and any other internal or external persons or entities that
may either raise an Incident, or receive an Incident. |
|
(9) |
|
Wherever possible, designate end-to-end responsibility and
ownership for each Incident to a single Vendor Service Desk staff member, thus
minimizing redundant contacts with End Users. |
|
(10) |
|
Provide a mechanism for expedited handling of Incidents that
are of high business priority to ACI and third-party vendor(s), based on the
assigned Severity Level, as per escalation processes described in the Incident
and Problem Management Procedures. |
|
(11) |
|
Develop and maintain a process to promote Incidents into the
Incident Management process based on the Severity Level of the Incident. |
|
b. |
|
ACI will validate that the Incident Management process provides an audit trail that
meets the mandatory legislative and policy requirements to which ACI must comply. |
All Incidents
a. The Vendor responsibilities include the following:
|
(1) |
|
Receive and log all Incidents (including submissions received
by telephone or electronically) and open an Incident Record. |
|
(2) |
|
Provide Incident detection, reporting, recording, and initial
support. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 12 of 41
|
(3) |
|
For Incidents other then Application Incidents, provide
Incident investigation, diagnosis, impact analysis, and reclassification, (as
agreed to by ACI) as reasonably required. For Application Incidents, provide
tracking, logging, reporting, Escalation Management, analysis and
determination to escalate to ACI, and overall tracking until the Incident is
closed. |
|
(4) |
|
Utilize and update the Incident Management System with all
relevant information relating to an Incident. |
|
|
(5) |
|
Make an initial determination of the potential resolution. |
|
(6) |
|
Link multiple contacts pertaining to the same Incident to the
associated Incident Record. |
|
(7) |
|
Resolve as many Incidents as possible during the End User’s
contact with the Service Desk, without transferring the call or using any
escalation. |
|
(8) |
|
Resolve Incidents requiring Level 1 support and close the
Incident after receiving confirmation from the affected End User that the
Incident has been resolved. |
|
(9) |
|
Resolve Incidents arising from or related to the Services,
including break/fix Equipment and Software support. |
|
(10) |
|
Act proactively, and coordinate with all other internal and
external third parties to resolve Incidents. |
|
(11) |
|
Transfer Incidents within specified time limits to the
appropriate party without compromising Service Levels or security
requirements. |
|
|
(12) |
|
Provide or coordinate the final resolution. |
|
(13) |
|
Escalate issues to the appropriate levels for resolution in
accordance with escalation procedures approved by ACI. |
|
(14) |
|
Escalate an Incident where the Incident cannot be resolved
within the relevant Service Levels or agreed timeframe. |
|
(15) |
|
Close an Incident either, after receiving confirmation from
the affected End User that the Incident has been resolved, or after 3
unsuccessful attempts to contact the End User. |
|
(16) |
|
Restore normal service operations as quickly as possible
following an Incident, with minimum disruption to ACI’s business operations,
and in compliance with Service Levels. |
|
(17) |
|
Retain overall responsibility and ownership of all Incidents
(including monitoring and escalation) until the Incident is closed subject to
ACI approval. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 13 of 41
|
(18) |
|
Track and report the progress of resolution efforts and the
status of all Incidents, including: |
|
(a) |
|
Review the proposed resolution time for each Incident
with the appropriate party and update the status accordingly. |
|
(b) |
|
Coordinate Incident tracking efforts, and provide and
maintain regular communications between all parties and internal or
external customers until Incident resolution. |
|
(c) |
|
Keep ACI informed of changes in Incident status
throughout the Incident life cycle in accordance with agreed Service
Levels. |
|
(d) |
|
Keep ACI informed of anticipated resolution times for
active Incidents. |
|
(19) |
|
Leverage a knowledge base to assist with the resolution of
Incidents, including: |
|
(a) |
|
Make the knowledge base available online to End Users
for user self help. |
|
(b) |
|
Track the use of the knowledge base and report usage
statistics to ACI on a monthly basis, or as requested by ACI (i.e., the
number of Incidents resolved using the knowledge base). |
Incident Management Reporting
|
b. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Provide regular progress notifications to ACI on current
Severity Level 1 Incidents. The frequency of such notification is determined
by the severity of the Incident as defined in the Process Interface Manual
(every hour for Severity Level 1). |
|
(2) |
|
Provide prompt notification via methods to be agreed upon by
the Parties of system outages on critical systems; and otherwise provide
affected internal or external customers with regular and timely progress
updates that clearly indicate the following: |
|
(a) |
|
Nature of the Incident. |
|
|
(b) |
|
Estimated time to completion. |
|
|
(c) |
|
Potential short-term alternatives. |
|
(3) |
|
Maintain communications and provide reports to ACI, Service
Desk and, as necessary, third-party vendor(s) from the time an Incident is
identified through resolution, and, as necessary, through any follow-up
communication and work required post-resolution. |
|
(4) |
|
Provide the monthly report in electronic copy in a format
agreed to with ACI, which at a minimum includes: |
|
(a) |
|
Key issues relating to Incident Management. |
|
(b) |
|
Number of Incidents during the month, grouped by
severity, service, region, and classification. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 14 of 41
|
(c) |
|
List of Incidents, short description, reference
number, and a shortcut to detailed description. |
|
|
(d) |
|
Detailed description, including timing of activities. |
|
(e) |
|
Trend analysis of the Incidents reported for the past
13 months in accordance with Schedule R (Reports), for reporting as
needed. |
|
(f) |
|
Calculate statistics and provide monthly and annual
reports and electronic data to ACI, which include: |
|
(i) |
|
The number of Incidents. |
|
|
(ii) |
|
Sources of the Incidents. |
|
(iii) |
|
Frequency regarding the types or
categories of Incidents. |
|
(iv) |
|
The duration of open Incident (average and
quantities by age). |
|
(v) |
|
Number of Incidents resolved upon first
contact. |
|
|
(vi) |
|
The Service Desk call-abandoned rate. |
|
(vii) |
|
Other pertinent information regarding
Incident resolution, including Service Level measurement reporting. |
|
(5) |
|
Track and report any backlog of unresolved Incidents on at
least a daily basis, or more frequently as requested by ACI. |
|
(6) |
|
If Vendor believes an Incident cannot be resolved,
communicate the nature of the Incident to the appropriate level within ACI as
directed by ACI, which includes: |
|
(a) |
|
Communicate the reasons why Vendor believes the
Incident cannot be resolved, and supply ACI with suggested alternatives. |
|
|
(b) |
|
Obtain ACI approval before closing the Incident. |
|
(7) |
|
In the event there is a recurrent Incident, at ACI’s request,
conduct meetings to address the Vendor Incident Management activities. |
|
c. |
|
The Measurements and Reporting process provides measurements to management
and other service delivery processes to satisfy measurement requirements and comply
with strategies, business needs, and key directions (in terms of quality, cost,
performance, and resource control). This process is used to deliver contractually
required service delivery, contractually required reports and support measurements
associated with the Service Levels and includes management and control of the
computation, storage, and delivery of formatted data, indicators and reports to the
users of such measurements. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 15 of 41
The Vendor responsibilities include the following:
|
(1) |
|
Perform the same functions and assume the same
responsibilities for Service Requests as required for Incident Management,
including: |
|
(a) |
|
Enter all Service Requests. |
|
|
(b) |
|
Track and manage all Service Requests from End Users. |
|
(c) |
|
Resolve Service Requests by working with service
management teams, business owners, and third-party vendor(s). |
|
(d) |
|
Provide liaison with change management process to
confirm that Service Requests follow the change management process as
appropriate. |
2.2.5 |
|
Recovery Management |
|
a. |
|
Recovery Management is the process for planning, establishing and testing the
recovery procedures required to re-establish the functionality of systems included in
the Services in the event of a system failure. This process also addresses the
monitoring, assessing, and reporting of the test results to management. The intent of
this process is to anticipate and minimize the impact of systems resource failure
through the development of predefined, documented procedures and software/Equipment
recovery capabilities. ACI and Vendor will agree on the procedures for recovery.
Disaster Recovery Management is described more fully in Disaster Recovery SOW. |
2.2.6 |
|
Availability Management |
|
a. |
|
Availability Management is the process for coordinating the appropriate
skills, information, tools and procedures required to manage the Services including,
the availability of interactive networks and their supporting Equipment and software
components. |
|
|
|
|
Availability Management will optimize the capability of ACI’s IT infrastructure and
the supporting organization to deliver a cost-effective and sustained level of
Service. |
General
|
b. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Optimize availability by collecting, monitoring, analyzing,
and reporting on all key elements of availability. |
|
(2) |
|
Predict and design for expected levels of availability based
on ACI’ requirements. |
|
|
(3) |
|
Continuously review and improve availability. |
|
(4) |
|
Operate and maintain an Availability Management process to
plan, implement, measure, and manage the availability and reliability of the
Services to confirm that the levels of availability and reliability
consistently meet the Service Levels. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 16 of 41
|
(5) |
|
Integrate the Vendor Availability Management process with
ACI’s and Third Party vendor(s)’ Availability Management processes, where the
processes interact. |
|
(6) |
|
Integrate the Availability Management process with other
Service Management processes, especially Incident Management, change
management process, Capacity Management, and Disaster Recovery. |
Requirements
|
c. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Provide the levels of availability and reliability of the
Services in compliance with the Service Levels. |
|
(2) |
|
Produce availability plans using requirements, as specified
by ACI, that address ACI’s business forecasts for availability and
reliability, and capitalize on any technology changes that may
cost-effectively improve levels of availability and reliability. |
|
|
(3) |
|
Implement the availability plans after their approval by ACI. |
|
(4) |
|
Produce availability and reliability impact assessments with
respect to Requests for change and Service Requests in accordance with Service
Levels. |
|
|
(5) |
|
Produce Availability and reliability trend analyses. |
|
(6) |
|
Manage the monthly number of availability-related Incidents
in accordance with the Service Levels. |
|
(7) |
|
Cooperate with ACI and its third-party vendor(s) to provide
end-to-end availability and reliability of the Services. |
|
(8) |
|
Retain the availability and reliability source data to enable
trend analysis and to make such data available to ACI. |
|
(9) |
|
Provide early warning or advice to ACI of potential or actual
availability and reliability issues. Vendor will provide additional advice as
the potential increases and as the threat becomes more imminent. |
Reporting
|
d. |
|
Reports are defined in Schedule R (Reports). The Vendor responsibilities
include the following: |
|
(1) |
|
Provide regular reporting of service Outages related to the
Services that affect End Users irrespective of where the Outage occurred. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 17 of 41
|
(2) |
|
Provide a monthly report in a format agreed upon with ACI
that, at a minimum, includes the following: |
|
(a) |
|
Compare performance and Availability statistics for
each Application with planned performance and Availability. |
|
(b) |
|
Provide a list of all outages, linked to an Incident,
including the date and time the outage commenced, its duration, and the
affected infrastructure and Applications. |
|
(c) |
|
Provide trend analysis of the performance for each
Application and Environment for the past 13 months in accordance with
Schedule R (Reports), in order to provide data reporting as needed. |
|
(d) |
|
Report on proposed preventative maintenance
activities. |
|
(3) |
|
Adhoc reports as occasionally requested by ACI and provide
ACI with recommendations of preventative maintenance options. |
|
(4) |
|
Provide a written report containing the findings and
recommendations of each outage analysis. |
2.2.7 |
|
Backup and Recovery Management |
|
a. |
|
Backup and Recovery Management is the process for backing up data files and
recovering such data to its original location in the event of data loss and includes
planning, testing, and implementing procedures and standards required to provide the
Services in the event of a failure. |
|
a. |
|
Batch Management is the process for controlling production batch
applications, including the scheduling of resources and the processing set up for data
and transactions. |
2.2.9 |
|
Capacity Management |
|
a. |
|
Capacity Planning is the process for planning for adequate IT resources
required to fulfill current and future resource requirements and includes planning for
the efficient use of existing IT resources and identifying any change in the type and
quantity of IT resources necessary to perform the Services. |
Capacity Management will assess the future business requirements (the required
service delivery), the organization’s operation (the current service delivery), the
IT infrastructure (the means of service delivery), and will confirm that all current
and future capacity and performance aspects of the business requirements are provided
cost-effectively.
General
|
b. |
|
Capacity Management, as described in this Exhibit, is the primary
responsibility of Vendor. |
Vendor will apply Capacity Management to all aspects of the Services.
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 18 of 41
Requirements
|
c. |
|
Vendor responsibilities include the following: |
|
(1) |
|
Formally review capacity requirements as part of ACI’s normal
business planning cycle. |
|
(2) |
|
Verify that there is adequate IT capacity to meet the
required levels of service. |
|
|
(3) |
|
Manage IT capacity to demand for the Services. |
|
(4) |
|
Work with ACI governance to achieve optimal utilization of IT
capacity. |
|
(5) |
|
Provide additional capacity or advise ACI regarding the need
for additional capacity, as appropriate. |
|
(6) |
|
Monitor resources and system performance, system utilization,
capacity limits, and expected capacity needs, and record appropriately to meet
ACI’s reporting requirements in accordance with Schedule R (Reports). |
|
(7) |
|
Produce regular management reports, including current usage
of resources, trends and forecasts, and exceptions. |
|
(8) |
|
Determine capacity requirements of all new systems to
determine the necessary computer and network resources required, and then size
such new systems taking into account Equipment utilization, performance
Service Levels, and cost (minimizing cost to ACI). |
|
(9) |
|
Utilize new Equipment and software products in Capacity
Management in order to improve the efficiency and effectiveness of the
process, as part of the continuous improvement and evolution of the Services. |
|
(10) |
|
Carry out performance testing of new systems to confirm that
such systems meet planned performance and utilization expectations and
requirements. |
|
(11) |
|
As requested by ACI, or as needed to deliver the Services,
propose Service Levels that are maintainable and cost-justified. |
|
(12) |
|
Tune systems to achieve optimum use of all Equipment and
system software resources. |
|
(13) |
|
Resolve non-Application performance-related Incidents and
Problems. |
|
(14) |
|
Perform capacity studies as reasonably requested by ACI or as
needed to deliver the Services. |
|
(15) |
|
In support of Application Development and Maintenance (ADM)
activities, estimate applicable resource requirements, including impact on the
capacity of the server environment, network environment, end-user computing
environment, etc., as reasonably requested by ACI. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 19 of 41
|
(16) |
|
Deploy proactive Capacity Management processes wherever
practicable to do the following: |
|
(a) |
|
Minimize Incidents and Problems related to resource
utilization. |
|
|
(b) |
|
Trend current system and resource utilization. |
|
(c) |
|
Validate and verify that planned changes affect only
the expected resource impact. |
|
(17) |
|
Utilize reactive Capacity Management whenever necessary to
facilitate successful performance of the Services. |
|
(18) |
|
Investigate new technology applicable to the Services and
with ACI approval, incorporate technological development, advances, and
evolution into the Services. |
|
(19) |
|
Align Capacity Management and the Vendor IT business plan
with ACI’s Long-Range IT Plan. |
|
(20) |
|
Apply Capacity Management’s tools, data, reports, and
disciplines to Incident and Problem relating to poor performance as an active
member of teams working to resolve such Incidents and Problems. |
|
(21) |
|
Align Capacity Management outputs with the Service Levels and
other performance requirements documented in the Agreement. |
|
(22) |
|
Actively include Capacity Management in the change management
process to assess all changes for their impact on the capacity of the systems
and provide appropriate feedback to those submitting changes. |
|
(23) |
|
Incorporate work schedules and dependencies between elements
of the Services into Capacity Management planning. |
|
(24) |
|
Perform short-term demand management as required to maintain
delivery of the Services during failures, spikes in demand, or other
spontaneous events. |
|
d. |
|
ACI will, in support of Application Development and Maintenance (ADM) activities,
estimate applicable resource requirements, including impact on the capacity of the server
environment, network environment, end-user computing environment, etc., as required. |
Capacity Planning
|
a. |
|
Vendor responsibilities include the following: |
|
(1) |
|
Assist ACI in forecasting ACI’s capacity requirements and in
monitoring and validating the capacity forecast against ACI’s actual
utilization. |
|
(2) |
|
Proactively develop and deliver to ACI forecasts of growth
and other changes in response to the projected ACI business and operational
needs disclosed by ACI to Vendor on an annual basis, or more frequently as
ACI may reasonably require. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 20 of 41
|
(3) |
|
Work with ACI to maintain knowledge base of future demand for
the Services, and predict the effects of demand on Service Levels. |
|
(4) |
|
Review ACI’s requirements, based upon ACI’s review of their
business strategies, business plans, and financial plans and validate that
Capacity Management requirements align with those plans. |
|
(5) |
|
On an agreed schedule, or as requested by ACI, revise the
capacity planning model based on actual performance. |
|
(6) |
|
Using Commercially Reasonable Efforts, work with ACI to use
Vendor’s modeling capabilities to assist ACI in long range planning. |
The Capacity Plan
|
b. |
|
The Capacity Plan will document the current levels of resource utilization
and Service performance, and forecast future requirements accounting for ACI business
strategies and plans. The plan must clearly document assumptions and include
recommendations quantified in terms of resources required, costs, benefits, impact,
etc. |
The Vendor responsibilities include the following:
|
(1) |
|
Produce or update the Capacity Plan in conjunction with ACI’s
business planning cycle. |
|
(2) |
|
Include the Capacity Plan in the Vendor annual publication of
the IT business plan. |
|
(3) |
|
Incorporate ACI’s capacity planning recommendations into the
Capacity Plan. |
|
(4) |
|
Be forward-looking by eighteen (18) months unless otherwise
specified by ACI. |
Business Capacity Management
|
c. |
|
ACI employs business Capacity Management to facilitate alignment between its
future IT requirements and future business requirements. |
Vendor will participate as needed in ACI’s business Capacity Management planning
processes.
Vendor participation in business Capacity Management will be sufficiently responsive
so as not to impede ACI’s normal business planning cycles.
As part of ACI’s service level management, as requested by ACI, Vendor shall provide
ACI with service level targets that have the ability to be monitored and upon which
the design of the Services has been based.
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 21 of 41
Service Capacity Management
|
d. |
|
Vendor is responsible for service Capacity Management (the management of the
capacity of the Services. Vendor responsibilities include the following: |
|
(1) |
|
Investigate and research threshold breaches and near misses
to determine what remedial action should be taken; then plan and perform such
remedial actions through the change management process. |
|
(2) |
|
Employ regular monitoring, identification of exceptions, and
manual review of reports and trends. |
Resource Capacity Management
|
e. |
|
Vendor is responsible for resource Capacity Management (the management of the
capacity of the components comprising the Services). The Vendor responsibilities
include the following: |
|
(1) |
|
Maintain an understanding of the capacity and utilization of
each of the IT components that Vendor manages, including Equipment, Software,
and data circuits. |
|
(2) |
|
As necessary to provide optimum resource usage (Equipment,
circuits, etc.) in the delivery of the Services, install Equipment monitors,
properly configure those monitors, and collect the resultant data. |
|
(3) |
|
Upon request, estimate the resource and utilization effects
of planned changes. |
|
(4) |
|
Reactively respond to Incidents that are caused by a lack of
resource or an inefficient use of a resource. |
|
(5) |
|
Proactively identify components that are susceptible to
failure, and recommend cost-effective solutions for ACI’s consideration and
possible approval. |
|
(6) |
|
Publish regular Capacity Management reports to ACI. Such
reports will include current/recent utilization (and trends) compared to
normal utilization, Service Levels, and previously identified baselines. |
2.2.10 |
|
Configuration Management |
|
a. |
|
Configuration Management is the process for designing, planning, and
maintaining the physical and logical configuration of mainframe, midrange, server and
desktop Equipment and software as well as network components and the way these
resources are interrelated in ACI’s environment. |
Configuration Management will provide a logical model of the IT infrastructure by
identifying, controlling, maintaining, and verifying the versions of all
configuration items (CI) in existence.
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 22 of 41
General
|
a. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Use a Configuration Management process to: |
|
(a) |
|
Maintain accurate configuration data for the
configuration items including operations documents, Equipment, Software
and applications used to provide the Services. |
|
(b) |
|
Verify that only authorized and identifiable
configuration items including operations documents, Equipment, Software
and applications are accepted and recorded from receipt to disposal. |
|
(c) |
|
Reproduce the configuration status of the
configuration items — including operations documents, Equipment, Software
and applications at any point in time throughout its life cycle. |
|
(d) |
|
Conduct reviews and audit to verify the physical
existence of Configuration Items including operations documents,
Equipment, Software, and applications and to check that they are correctly
recorded in the configuration management Tool. |
|
(e) |
|
Produce and maintain current Equipment and Software,
configuration documentation for issue to ACI upon request. |
|
(2) |
|
Integrate the Vendor Configuration Management process with
ACI’s and third-party vendor(s)’ Configuration Management processes, where the
processes interact. |
|
(3) |
|
Integrate the Configuration Management process with its other
Service Management processes, especially Incident Management, Problem
Management, change management process, and Asset Management. |
|
(4) |
|
Use the Configuration management process to identify,
control, maintain, and verify the configuration items approved by ACI as
comprising the Equipment and Software to provide the Services. |
|
(5) |
|
Verify that all CIs approved by ACI for the Equipment,
Software, are incorporated into the configuration management tool. Vendor
must complete this incorporation on a continuous basis. |
|
(6) |
|
For each ACI-approved CI, use at least the attributes
specified by ACI. |
|
(7) |
|
Validate that any change to any CI record in the
configuration management tool is the result of an approved Request for change. |
|
(a) |
|
Validate the integrity and currency of the
configuration management tool by continually validating the content of the
configuration management tool against the CIs that provide the Services. |
|
(b) |
|
If a discrepancy is found, take corrective action. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 23 of 41
|
(8) |
|
Maintain the configuration management tool to meet
performance standards, to maximize efficiency, and to minimize outages, as
necessary. |
|
(9) |
|
Maintain, update, and implement the configuration management
tool archive processes and procedures needed to recover from an outage or
corruption in a timely manner in order to meet the Service Levels. |
|
(10) |
|
Provide configuration management tool physical database
management support, including providing backups and restores of data in a
timely manner. |
|
(11) |
|
Install, maintain, and support configuration management tool
-related database Software products. |
|
(12) |
|
Test and implement configuration management tool database
environment changes, as approved by ACI. |
|
(13) |
|
Proactively provide capacity planning for the configuration
management tool to prevent situations caused by lack of capacity (i.e.,
dataset or table space capacity events, full log files, etc.). |
|
(14) |
|
In the event of unusual activity, correct situations caused
by lack of configuration management tool capacity in a timely manner (i.e.,
dataset or table space capacity events, full log files, etc.). |
|
(15) |
|
Perform physical audits of all Equipment and Software
configurations used to provide the Services in order to: |
|
(a) |
|
Verify the existence of CIs recorded in the
configuration management tool. |
|
(b) |
|
Check the accuracy and completeness of the records in
the configuration management tool. |
|
(c) |
|
Identify any CIs not recorded in the configuration
management tool. |
|
(16) |
|
Take corrective action if a physical audit identifies any
deficiency in the accuracy or completeness of the records in the configuration
management tool. |
|
(17) |
|
Control master copies of digital CIs in secure electronic
libraries. |
|
(18) |
|
Establish a baseline of CIs before a release into a
development, test, or production environment. |
|
(19) |
|
Verify release and configuration documentation before changes
are made to the live environment. |
|
(20) |
|
Maintain a secure audit trail of all configuration management
tool transactions. |
|
(21) |
|
With assistance from ACI, manage the process that gathers and
compiles CIs and their attributes during the transition process. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 24 of 41
|
(1) |
|
Provide, with assistance from Vendor, configuration items. |
|
(2) |
|
Provide with assistance from Vendor, configuration
attributes. |
Reporting
|
c. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Provide a monthly report on configuration changes made to the
infrastructure, Equipment, and Software. |
|
(2) |
|
Provide the following monthly report in a format agreed by
ACI as described in Schedule R (Reports). This report includes: |
|
(a) |
|
Number and classification of configuration changes
made. |
|
(b) |
|
Trend analysis of the configuration changes made for
the past 13 months, for reporting in accordance with Schedule R (Reports). |
|
(3) |
|
Provide a report containing the results of the biannual audit
of the configuration management tool to ACI within ten (10) Business Days of
each audit covering, at a minimum: |
|
(a) |
|
Number of differences between the records and audit
findings. |
|
(b) |
|
Number of occasions on which a configuration was
found to be unauthorized. |
|
(c) |
|
Recommended corrective actions to resolve any process
deficiencies or failures identified. |
|
(d) |
|
Number of occasions on which a recorded CI could not
be located. |
|
(e) |
|
Statistical information about the structure and
composition of the Equipment and Software. |
2.2.11 |
|
Database Management |
|
a. |
|
Physical Database Management is the process for the design, development,
deployment, maintenance, and administration of ACI production databases used to
support Vendor’s delivery of the Services. |
2.2.12 |
|
Data Center Infrastructure Facilities Planning |
|
a. |
|
Data Center Infrastructure Facilities planning is the process that defines
the activities associated with the planning for and administration of dedicated
Equipment facilities, including raised floor rooms, server rooms, labs and network
closets. |
Facilities management will provide proper maintenance and safe operation of IT
infrastructure facilities.
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 25 of 41
The Vendor responsibilities include the following:
|
(1) |
|
Establish and maintain proper and adequate facilities
commensurate with a Tier 3 data center; Equipment (including Equipment
supplied by ACI); and supplies at Vendor-owned locations, as well as a
properly trained and appropriately sized management and support staff. |
|
(2) |
|
Properly manage, coordinate, and oversee (and inform ACI of
the results of) all maintenance, testing, and monitoring of facilities
systems, air handlers and uninterruptible power supply systems at Vendor-owned
facilities and ACI facilities operated by Vendor. |
|
(3) |
|
Provide guidance, coordination and required installations for
all activities during Equipment installations, routine maintenance, Incident
and crisis management including interfacing with facilities and technology
groups, third-party vendor(s) and other relevant groups. |
|
(4) |
|
Provide physical security for the Vendor-owned facilities as
described in the physical security requirements of the Security SOW. |
|
|
(5) |
|
Comply with ACI security policies. |
|
(6) |
|
Provide any and all data communication connectivity and
capability that is required at Vendor-owned facilities (or between
Vendor-owned Locations and ACI Locations) in order to provide the Services. |
|
(7) |
|
Create, update, and maintain complete documentation of the
Equipment that is located in Vendor-operated Data Center(s) (for example
inventories, cabling, and installed Equipment diagrams) using computer-aided
drafting (CAD) Software tools for changes to existing documentation and newly
created documentation. |
|
(8) |
|
Provide physical access procedures and standards for the Data
Centers. |
|
(9) |
|
At Vendor-operated Data Centers, initiate and track requests
for space, power, and other Data Center modifications in support of Equipment
installations. |
|
(10) |
|
Provide requests to ACI sixty (60) days in advance for space
and power modifications in support of Equipment at an ACI Data Center(s),
computer room(s) and LAN closet(s) operated by Vendor. |
|
(11) |
|
Allow physical access and facilitate inspections by
government authorities with statutory authority for auditing the conduct of
government business. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 26 of 41
|
(12) |
|
Integrate its Facilities Management process with ACI’s and
other vendor’s Facilities Management processes, where the processes interact. |
|
(13) |
|
Integrate its Facilities Management process with Service
Management processes, especially IT Service Continuity Management and
Availability Management. |
|
a. |
|
Deskside Support is the process for providing technical assistance for End
User requests that require a Vendor technician to provide on-site services at the End
User’s Location. |
2.2.14 |
|
Email and Collaboration Services |
|
a. |
|
E-mail and Collaboration Services is the process that supports both actual
product support, for Lotus Notes e-mail, Domino Web Access and Active Directory, and
servers for Lotus Notes e-mail, Active Directory, BlackBerry, Sametime, FAX and SMTP
(“E-mail and Collaboration Services”). |
The Vendor responsibilities include the following:
|
(1) |
|
Administer and maintain e-mail and Collaborative Applications
services and systems. |
|
(2) |
|
Deploy and support the e-mail and Collaborative Applications
environment within ACI, including the underlying infrastructure and Equipment
necessary for use of the Collaborative Applications. |
|
(3) |
|
Proactively seek opportunities to deploy collaborative
technology in ACI, including developing proposals for ACI businesses and
functions. |
|
(4) |
|
Provide consulting on the effective use of collaborative
technologies. |
|
(5) |
|
Monitor and manage logical security and access-related to
e-mail and Collaborative Applications. |
|
(6) |
|
Immediately report potential security issues related to
e-mail and Collaborative Applications to ACI and take necessary steps to
eliminate security breaches. |
|
(7) |
|
Administer and maintain user IDs and passwords to enable the
use of e-mail and Collaborative Applications. |
|
(8) |
|
Assist End Users with problems, questions, or requests
related to e-mail and Collaborative Services. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 27 of 41
Messaging, Strategy, Architecture and Design
Throughout this section, Vendor may, depending on scope, perform in a primary or
secondary role in the design or development of strategies, architecture, policies,
and/or standards for Messaging Services.
In either role, it is ACI’s expectation that Vendor will obtain ACI’s approval before
proceeding with the design, development, or implementation of Messaging strategies,
architecture, policies, or standards.
|
b. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Assist ACI in architecting, designing and implement Active
Directory, Lotus Notes e-mail, Domino Web Access and related Software. |
|
(2) |
|
Implement policies and standards, developed by ACI, for the
following Messaging Services; Active Directory, Lotus Notes e-mail, Domino Web
Access, Sametime and Fax, via Internet and Intranet (collectively “Messaging
Services”). |
|
(3) |
|
Assist ACI on an as-requested basis in designing architecture
for integrating business applications with Messaging Services and assist ACI
in developing and implementing internal ACI e-mail usage policies. |
|
(4) |
|
Document and coordinate ACI’s approval for any exceptions to
messaging standards. |
|
(5) |
|
Develop or assist in developing directory access methodology
for multiple platforms (e.g., MS Windows, MacOS, Unix, etc.). |
|
(6) |
|
Develop or assist in developing and implement a directory
integration strategy. |
Messaging — Procedures
|
c. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Implement procedures, developed by Vendor in response to ACI
requirements, for managing Messaging Services and e-mail usage. |
|
(2) |
|
Provide End User training documentation to ACI for training
or updating End Users on functionality changes related to Messaging Services. |
|
(3) |
|
Implement messaging account administration process and
systems, designed by ACI. |
|
(4) |
|
Obtain ACI approval for any new or updated procedures that
impact End Users. |
Messaging — Technical Support
|
d. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Provide evaluation and testing support, including: |
|
(a) |
|
Procure and maintain a test environment for messaging
testing, rebuilding, as required. |
|
(b) |
|
Recommend and deploy messaging service Software. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 28 of 41
|
(c) |
|
Evaluate and test compatibility and integration of
new products or standards, architecture, and design with existing
infrastructure and applications. |
|
(d) |
|
Test, certify, and coordinate installation, of
service packs, hot fixes, Anti-Virus Software, and definition upgrades for
all systems supporting all Messaging Services. |
|
(2) |
|
Provide technical administration support, including: |
|
(a) |
|
Create regional administrative and service messaging
accounts and assign roles to these accounts. |
|
(b) |
|
Create and manage the top-level Public Folder and
assign rights as requested by ACI. |
|
(c) |
|
Create, maintain and assign rights to the
distribution lists and global distribution list management. |
|
(d) |
|
Provide support and implementation of certificates on
Messaging Services systems, based on the ACI requirement, provided to
Vendor. |
|
(e) |
|
Initiate and audit DNS records by working with the
ACI telecom and architecture teams. |
|
(3) |
|
Provide Messaging Server support, including: |
|
(a) |
|
Support and maintain all server replication
functionality. |
|
(b) |
|
Administer and manage all database agents running on
Lotus Notes e-mail server, Domino Web Access server, Sametime server and
Blackberry server. |
|
(c) |
|
Maintain virus protection Software on messaging
servers. |
|
(d) |
|
Provide support of servers used for web-based email
services from the Internet. |
|
(4) |
|
Provide Active Directory (“AD”) Services, which include the
following: |
|
(a) |
|
Provide LDAP directory resources (Lightweight
Directory Access Protocol). |
|
|
(b) |
|
Connect to enterprise directory. |
|
(c) |
|
Authenticate service requests using enterprise
directory structure. |
|
(d) |
|
Provide authentication for all AD-provided services
(file and print, mail, desktop, etc.). |
|
(e) |
|
Provide and manage trust relationships to existing
business-unit domains. |
|
(f) |
|
Provide direction for group policy creation and
management. |
|
|
(g) |
|
Remove objects from AD as requested by ACI. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 29 of 41
|
(5) |
|
Optimize disaster recovery procedures for Messaging Services
and recommend enhancements if appropriate. |
|
|
(6) |
|
Provide support to Messaging Operations, including: |
|
(a) |
|
Develop, implement, and maintain Messaging Services
monitoring and alerting strategy. |
|
(b) |
|
Perform Lotus Notes E-mail server mailbox load
balancing. |
|
|
(c) |
|
Maintain and troubleshoot internal mail routing. |
|
(d) |
|
Assist End-User Computing support group(s) with
installation, configuration, and troubleshooting of Lotus Notes e-mail,
Sametime, Domino Web Access, Blackberry (as it relates to server support
only), and Active Directory. |
|
(e) |
|
Work with third-party and other companies on Lotus
Notes e-mail delivery issues. |
|
(f) |
|
Escalate messaging issues to third-party service
providers as required. |
|
|
(g) |
|
Perform virus and hoax assessments. |
Messaging — Operations
|
e. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Manage Active Directory, Lotus Notes e-mail, Domino Web
Access and Sametime. |
|
(2) |
|
Monitor gateways and connectors and troubleshoot both
Intranet and Internet Lotus Notes e-mail, delivery issues. |
End User Support
|
f. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Perform mailbox, mail item restores as requested by ACI. |
|
|
(2) |
|
Support workflow applications using Active Directory. |
|
(3) |
|
Move mailboxes between regions, sectors, divisions, and
groups. |
|
(4) |
|
Provide technical support for Lotus Notes e-mail, Domino Web
Access and Sametime. |
|
|
(5) |
|
Assist with creation of Lotus Notes E-mail forms. |
|
|
(6) |
|
Correct errors found in the global address book. |
|
(7) |
|
Assist with creation/maintenance of, and troubleshoot/resolve
issues with conference rooms, public folders, calendars, mail lists,
mailboxes, and other accounts required to support the business requirements. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 30 of 41
|
(8) |
|
Provide search and data restore as requested by ACI
departments such as Legal, Security, Audit, HR, and intellectual property
discovery requests. |
|
(9) |
|
Assist in coordination, building, formatting, sending, and
processing of corporate-wide messages. |
2.2.15 |
|
File and Directory Services (Active Directory) |
|
a. |
|
File and Directory Services is the process used to support requirements for
Microsoft Active Directory (AD), profiles and shares. |
|
a. |
|
IMAC Coordination is the process used for installation, move, add, change,
and removal of End User Equipment and Software, including the coordination of various
activities required to facilitate an upgrade or relocation. |
2.2.17 |
|
IT Security Management |
|
a. |
|
IT Security Management is the process for providing security protection for
logical and physical inventory and assets that are associated with delivery of the
Services. |
2.2.18 |
|
Network Management |
|
a. |
|
Network Management is the process used for the installation, administration,
maintenance, monitoring, troubleshooting, restoration, and documentation of in-scope
network devices within the Vendor-managed network. |
2.2.19 |
|
Performance Management |
Performance Management is the process for monitoring, measuring, analyzing, tuning and
reporting systems performance to meet agreed upon Service Levels.
|
(1) |
|
Monitor, measure, analyze and tune system performance to meet
agreed upon Service Levels. |
|
(2) |
|
Recommend changes (i.e., Equipment and/or Software upgrades,
configuration changes) to ACI to meet or exceed ACI’s expected performance
levels and/or provide a reduction in costs. |
|
(3) |
|
Provide recommendations for consolidations or other
conversions to improve the efficiency/effectiveness of the environment. |
|
(4) |
|
Define performance indicators and monitor systems performance
against such indicators, providing trend analysis of the data for the past 13
months in accordance with Schedule R (Reports), for reporting as needed. |
|
(5) |
|
Install management agents approved by ACI. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 31 of 41
|
(6) |
|
Review configuration data and usage patterns monthly, or at
ACI’s request. |
|
(7) |
|
Establish performance thresholds and exception reporting
procedures, reviewing with ACI quarterly with recommendations for resolution. |
|
(8) |
|
With ACI’s assistance, establish a schedule for performing
system maintenance (for example, virus detection, backup, and disk space
cleanup) and modifications and enhancements so as maintain agreed upon Service
Levels. |
|
(9) |
|
Perform required system configurations and modifications
necessary to enable Vendor to meet the Service Levels. |
|
(10) |
|
Advise ACI of any recommended system configurations and
modifications necessary to enable Vendor to meet the Service Levels. |
|
(11) |
|
Provide system and subsystem performance reports, detailing
key performance parameters and metrics, highlighting measurements that exceed
thresholds, and trend analysis of the data for the past 13 months in
accordance with Schedule R (Reports), for reporting as needed. |
|
(1) |
|
Evaluate, approve recommendations (i.e., hardware and/or
software upgrades), as appropriate, to enable system performance improvement. |
|
|
(2) |
|
Provide requirements and approval for performance thresholds. |
|
a. |
|
Print Management is the process of maintaining the midrange server print
queues for local printers. |
2.2.21 |
|
Project Management |
|
a. |
|
Project Management is the process used to initiate, execute and complete a
project in accordance with the defined project scope, budget, timeline and completion
criteria. |
2.2.22 |
|
Technology Strategy and Refresh Management |
|
a. |
|
Technology Strategy and Refresh Management is the process used to provide
research, planning, and administrative support for periodically refreshing ACI’s IT
environment with minimal disruption to ACI’s business objectives and business cycles. |
|
|
|
|
Refresh is described in Schedule H (Existing Equipment). |
|
|
|
|
Regardless of Equipment ownership, all Equipment, including storage and network
devices, shall be covered by a maintenance agreement that is recognized by the
manufacturer as a legitimate maintenance. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 32 of 41
Refresh and Technical Currency
General
|
b. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Upgrade and replace Equipment and Software (“Refresh”) as
required throughout the Term, in accordance with the refresh table in Schedule
H (Existing Equipment). |
|
(2) |
|
Deploy Equipment and Software associated with any Refresh in
accordance with the standards of ACI’s technical architecture and Long-Range
IT Plan. |
|
(3) |
|
Provide Refresh within the timeframes and other requirements
associated with Refresh, as well as the financial responsibility for the
underlying assets, as described in Exhibit C-2 (Financial Responsibility and
Ownership Matrix) to Schedule C (Charges), including: |
|
(a) |
|
Perform Refresh throughout the Term in accordance
with the timeframes and other requirements. |
|
(b) |
|
ACI reserves the right to modify the Refresh
timeframes and requirements during the Term based on its business
requirements, subject to the Contractual Change Control Procedures. |
Refresh Responsibility
|
c. |
|
Vendor responsibilities include the following: |
|
(1) |
|
Where Vendor is financially responsible for Equipment and
Software used in conjunction with the Services, as listed in Exhibit C-2
(Financial Responsibility and Ownership Matrix) to Schedule C (Charges), the
Vendor responsibilities include the following: |
|
(a) |
|
Refresh the assets during the Term, including
responsibility for the assets, the implementation, and ongoing support. |
|
(2) |
|
Where ACI is financially responsible for Equipment and
Software used in conjunction with the Services, Vendor will implement and
support the new assets provided by ACI. |
|
(3) |
|
Regardless of the ownership of underlying assets, the Vendor
responsibilities include the following: |
|
(a) |
|
Provide personnel who are adequately trained in the
use of the Equipment or Software to be deployed as part of the Refresh,
and provide such training prior to the Refresh. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 33 of 41
|
(b) |
|
Provide minimal disruption to ACI’s business
operations associated with technology Refresh. |
|
(c) |
|
Use best practices and effective automation tools
during Refresh deployment. |
|
(d) |
|
Perform all changes to Equipment and Software in
accordance with change management process procedures. |
|
(e) |
|
Dispose of assets no longer required in accordance
with the regional regulations and provide certification that disks have
been cleansed prior to disposal. |
Software Currency and Release Levels
|
d. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Unless otherwise directed by ACI, provide and support
Software under the Vendor operational responsibility at the N Release Level. |
|
(2) |
|
As directed by ACI, also support release N-1 Release Level,
the N-2 Release Level, and earlier versions of the Software for the longer of
the following: |
|
(a) |
|
The thirty-six (36) month period following version N
Release Level’s general public availability. |
|
(b) |
|
The time the third-party vendor ceases to support
such version. |
|
(3) |
|
Use Commercially Reasonable Efforts to support Software that
is no longer supported by the third-party vendor. |
|
(4) |
|
Provide support for all Software versions and release levels
that exist as of the Effective Date until otherwise directed by ACI. |
|
(5) |
|
Version upgrades for Systems Software (i.e., XP to Vista) may
be done as a Project as agreed by the Parties. Maintain a standard current
level of Software on ACI computing platforms, including: |
|
(a) |
|
Following each new N Release Level issued by a
vendor: |
|
|
|
|
Within an agreed upon period after the release of a new N Release Level by
a Third-Party vendor, test and evaluate the new release in preparation for
upgrading the global End User environment to the new standard level. |
|
|
|
|
Engage with ACI Application teams to understand the End User workload
required to migrate the production environments to the new Software
revision. |
|
|
|
|
Within an agreed upon period build a deployment strategy and plan, obtain
ACI approval of that strategy and plan, and begin deployment in compliance
with the ACI-approved deployment strategy and plan. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 34 of 41
|
(b) |
|
In partnership with the Software manufacturer(s),
build and maintain a schedule of anticipated releases of major and minor
releases of Systems Software; and communicate these schedules to the ACI
Application Teams to build awareness and preparedness to perform the
necessary testing and porting of Applications into the new standard
environments. |
Refresh Planning
|
e. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Develop an annual plan for Refresh, including: |
|
(a) |
|
Within ninety (90) days after the Effective Date and
then within sixty (60) days prior to ACI’s annual planning process
meetings, review the asset inventory and produce a report that lists the
assets that are due to be refreshed in the upcoming plan year, and provide
such report to ACI’s annual planning process. |
|
(b) |
|
Vendor and ACI will consider the usability of the
assets and review alternatives to replace, re-lease, consolidate, or
retain the assets. Based on the results of this review, Vendor will
deliver the initial recommendations regarding such assets to ACI within
thirty (30) days after the review. |
|
(c) |
|
For Vendor-owned assets, Vendor and ACI will mutually
determine whether Vendor will replace an asset and the appropriate
replacement date. |
|
(d) |
|
If Software changes are required due to replacement
of assets, Vendor, in consultation with the ACI, will review alternatives
for making changes to such Software. |
|
(e) |
|
In accordance with Exhibit C-2 (Financial
Responsibility and Ownership Matrix) and Schedule B (Service Levels), such
replacement of the assets and Software will be at Vendor expense if the
replacement is required to facilitate achievement of the agreed upon
Service Levels or because the asset is obsolete (i.e., replacement parts
cannot be acquired or the asset has become unserviceable). |
|
(f) |
|
For ACI-owned and leased assets, based on the
planning process outcome and direction established by ACI, Vendor will
provide a proposal for refresh of those assets (replacement at ACI’s
expense) to ACI. |
|
(2) |
|
Adhere to ACI’s approved plan, and execute that plan
utilizing established procurement processes, to initiate refresh and
retirement activities. |
|
(a) |
|
Provide monthly reports 180 days prior to lease
expiration date showing assets to be refreshed with latest data. |
|
(b) |
|
Notify ACI monthly of all open agreements related to
assets that are retired or will retire within 180 days of the report date. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 35 of 41
|
(3) |
|
Track and report on the completion progress of asset Refresh
by lease-end date. |
|
|
(4) |
|
Update and archive asset records after retirement. |
|
f. |
|
For ACI owned or leased assets ACI will provide Vendor with Equipment purchase dates
and/or Equipment lease expiration information for inclusion in the Refresh Plan. |
2.2.23 |
|
Long-Range Planning |
|
a. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Assist in developing and updating the long-range,
comprehensive plan for ACI’s information technology (IT) systems, processes,
technical architecture and standards (“Long-Range IT Plan”). While ACI will be
primarily responsible for this plan, Vendor will serve as a key collaborator.
The Long-Range IT Plan will be developed on an annual basis, and will include
a rolling three (3) year projection of anticipated changes (subject to ACI
business and planning requirements). |
|
(2) |
|
With ACI’s input regarding future business requirements
Vendor will assist in developing IT requirements. |
|
(3) |
|
Assist in projecting future volume, technology, and
geographic changes that could impact ACI’s systems and technical architecture. |
|
(4) |
|
Identify candidates and requirements for the deployment of
new technology or the automation of tasks associated with the Services and/or
ACI’s business processes. |
|
(5) |
|
Proactively submit proposals regarding new technology, tools
and automation to ACI for its review and approval. |
|
(6) |
|
Proactively seek to automate manual tasks associated with the
Services and advise ACI of such opportunities. |
|
(7) |
|
Support ACI in the discussion and presentation of potential
new technology product and service offerings. |
|
(8) |
|
Facilitate and encourage active cross-functional,
cross-group, and cross-location coordination and communication related to new
technology and automation. |
|
(9) |
|
Proactively identify strategies and approaches for future IT
service delivery that Vendor believes will provide ACI with competitive
advantages and that may result in increased efficiency, performance, or cost
savings. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 36 of 41
|
(10) |
|
As part of each annual planning cycle, provide specific,
short-term steps and schedules for projects or changes expected to occur
within the first twelve (12) months of each plan. |
|
(11) |
|
Help to identify the projects to be performed, define
associated high-level schedules, and perform cost benefit analyses. |
|
(12) |
|
Help to specify the Equipment and Software architecture and
standards, and participate in continuously keeping ACI’s technical
architecture current. |
|
(13) |
|
Provide access to specialists within the Vendor organization,
as needed, to assist ACI in developing and updating the Long-Range IT Plan. |
|
(14) |
|
Identify industry and technological trends that may impact
ACI’s plan. |
|
(15) |
|
Gather and incorporate the data and lessons learned from the
operating environment that may impact ACI’s plan. |
|
(16) |
|
Perform trend analysis from the resource consumption data to
project future demand that may impact ACI’s plan. |
|
(17) |
|
Cooperate with ACI in researching and implementing automated
tools to improve Service Levels and/or performance of the distributed
computing environment (including end-to-end performance associated with the
server, networks, and End-User Computing (EUC) environments). Tool selection
will be in accordance with ACI standards and technical architecture. |
2.2.24 |
|
Evaluation and Testing |
|
a. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
With direction and final approval from ACI, assume primary
responsibility for evaluating and testing Equipment, Software, and related
products or Services prior to their use or deployment in ACI’s environment. |
|
(2) |
|
Participate in evaluations involving new third-party products
and services. |
|
(3) |
|
Upon request, provide corporate reports, summaries, or
results of its evaluation and testing of Third-Party products and services. |
|
(4) |
|
Benchmark new types of Equipment and Software (including
testing of various configurations and combinations of Equipment and Software)
that may be considered for deployment within ACI. |
|
(5) |
|
Determine interoperability and performance measures for
specific configurations of Equipment and/or Software, including unit testing,
systems integration testing, connectivity testing, load testing. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 37 of 41
|
(6) |
|
Identify, support, and coordinate as necessary with other ACI
IT functions and third-party vendors, any specific Equipment, Software, and/or
telecommunications required for interoperability and performance testing. |
|
(7) |
|
Provide a complete test plan, for Vendor proposed changes,
for ACI’s approval prior to testing. |
|
|
(8) |
|
Report test findings and recommendations to ACI. |
|
(9) |
|
Establish criteria that will be used to support the
evaluation, technology selection, and testing for ACI’s review and approval. |
|
(1) |
|
Assist Vendor in evaluating and testing Equipment, Software,
and related products or services prior to their use or deployment in ACI’s
environment. |
|
(2) |
|
Determine interoperability and performance measures for
specific configurations of Equipment and/or Software, including, applications
integration testing. |
2.2.25 |
|
User ID Administration |
|
a. |
|
User ID Administration is the process for administering and handling ACI and
Vendor User ID requests, including granting, changing, or deleting a user’s access
rights, password resets or user group creation, deletion, or modification. |
Vendor will provide each of the Services during the Service Hours specified in the
following table to be refined during Transition and incorporated into the Process Interface
Manual. All times are local times as indicated below. Local time is defined as the time at
the location receiving the Services, unless otherwise noted. For example, desktop support
will be provided in
New York between the hours of 8:00 AM and 5:00 PM
New York time.
|
|
|
|
|
Services |
|
Service Hours |
|
Notes |
ASSET SERVICES |
|
|
|
|
• Initial Asset Inventory |
|
8:00 a.m. to 5:00 p.m., Local Time Zone, Monday through Friday, excluding Holidays |
|
Location Based |
• Asset Tracking |
|
8:00 a.m. to 5:00 p.m., Local Time Zone, Monday through Friday excluding Holidays |
|
Local time zone in Argentina |
• Asset Inventory Capture |
|
8:00 a.m. to 5:00 p.m., Local Time Zone, Monday through Friday, excluding Holidays |
|
Location Based |
SERVICE DESK SERVICES |
|
|
|
|
• Service Desk |
|
7 / 24 |
|
|
• Self Help |
|
7 / 24 |
|
|
END USER SERVICES |
|
|
|
|
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 38 of 41
|
|
|
|
|
Services |
|
Service Hours |
|
Notes |
• Deskside Support |
|
8:00 a.m. to 5:00 p.m., Local Time Zone, Monday through Friday, excluding Holidays |
|
Location Based |
• IMAC |
|
8:00 a.m. to 5:00 p.m., Local Time Zone, Monday through Friday, excluding Holidays |
|
Location Based, at dedicated support sites only |
• Refresh |
|
8:00 a.m. to 5:00 p.m., Local Time Zone, Monday through Friday, excluding Holidays |
|
Location Based, at dedicated support sites only |
• Electronic Software Distribution |
|
7 / 24 |
|
|
SERVER SYSTEMS MANAGEMENT SERVICES |
|
|
|
|
• Mainframe Services –Monitoring (Vendor System z) |
|
7 / 24 |
|
|
|
|
8:00 a.m. to 5:00 p.m., Local Time Zone, Monday through Friday, excluding Holidays |
|
|
• Linux (Intel |
|
7/ 24 |
|
|
• Intel and UNIX Server Services (includes HP Non-stop) – Monitoring |
|
7/24, except as otherwise stated in the Exhibit C-1 (Base Charges, Baselines, ARC/RRC Rates and Termination Charges) |
|
|
• Stratus |
|
|
|
|
STORAGE MANAGEMENT SERVICES |
|
|
|
|
• Managed Storage |
|
7/24 |
|
|
• Media Management |
|
8:00 a.m. to 5:00 p.m., Local Time Zone, Monday through Friday, excluding Holidays |
|
|
DATA NETWORK SERVICES |
|
|
|
|
• LAN management |
|
7 / 24 |
|
|
• WAN management |
|
7 / 24 |
|
|
• Firewall management |
|
7 / 24 |
|
|
ENTERPRISE SECURITY MANAGEMENT SERVICES |
|
|
|
|
• Security Compliance and Regulatory |
|
8:00 a.m. to 5:00 p.m., Local Time Zone, Monday through Friday, excluding Holidays |
|
Local Time Zone is Boulder |
• Infrastructure Protection |
|
7 / 24 |
|
|
• Authorized and Access |
|
7 / 24 |
|
Via Service Desk |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 39 of 41
|
|
|
|
|
Services |
|
Service Hours |
|
Notes |
DISASTER RECOVERY SERVICES — Declaration |
|
7 / 24 |
|
|
DISASTER RECOVERY SERVICES — Testing |
|
Yearly |
|
As scheduled |
Business Continuity Testing |
|
Yearly |
|
|
|
a. |
|
Vendor will provide, install, configure, test, if applicable, and maintain
the Tools listed in Schedule I (Vendor Supported Software) to enable Vendor to provide
the Services. |
|
|
b. |
|
ACI will: |
|
(1) |
|
Allow Vendor to install the Tools that may be required by
Vendor to provide the Services. |
|
(2) |
|
Provide the system and network capacity and connectivity
required to support the Tools. |
|
(3) |
|
Sign the appropriate vendor license agreement (including
Vendor’s), if required, for Vendor to install Tools on ACI ‘s equipment and/or
premises. |
|
(4) |
|
On expiration or termination of the Agreement, unless
otherwise mutually agreed and stated in the Agreement, return all Tools in
working order to Vendor. |
5. |
|
OPERATIONS DOCUMENTATION |
All documentation maintained by Vendor will be subject to approval by ACI and will conform
to the documentation standards and format agreed upon between ACI and Vendor. Vendor will
develop documentation in accordance with the requirements in the Process Interface Manual
to Schedule S (Governance).
|
a. |
|
The Vendor responsibilities include the following: |
|
(1) |
|
Develop and maintain documentation on all operations
procedures, Services, Equipment, and Software for which Vendor is responsible. |
|
(2) |
|
Incorporate Application requirements that affect Operations,
along with procedural information and contact information for each Application
into Process Interface Manual. |
|
(3) |
|
Document procedures to be utilized by internal IT for the
correct use of the Services, Equipment, Software, connectivity, security, and
Service Desk. |
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 40 of 41
|
(4) |
|
Make all documentation available in paper copies and
electronically, and, wherever possible, using documentation that is
Web-enabled for access by ACI. |
|
(5) |
|
Audit documentation regularly for completeness and accuracy,
and verify that all documentation is present, organized, readable, and
updated. |
|
(6) |
|
Report the resultant audit findings to ACI on a regular
basis, and where it is determined that documentation is inaccurate (for
example, erroneous or out of date), correct and replace such documentation. |
|
b. |
|
ACI will document and provide to Vendor, Application requirements that affect
operations, along with procedural information and contact information for each Application. |
6. |
|
BUSINESS DIVESTURES, ACQUISITIONS, CONSOLIDATIONS, AND RELOCATIONS |
From time to time, ACI has, and intends to, acquire or divest businesses (or parts of
businesses) and relocate or consolidate businesses (or parts of business); such activities
referred to in this section as “business structure event(s)”. Vendor will perform certain
functions at the request of ACI.
Vendor will conform to the requirements and provide the Services associated with
divestitures and acquisitions as described in the MSA.
Confidential
Exhibit A-1 — Delivery Management Services (Cross Functional)
Page 41 of 41
EXHIBIT A-2
ASSET SERVICES
Vendor will provide the following Asset Services to ACI during Service Hours, unless
otherwise mutually agreed by ACI and Vendor. Vendor will implement the process for the
acquisition of assets and for tracking the status, Location and ownership of such assets.
Vendor will conduct an initial, complete wall to wall inventory of all Equipment, at ACI
Locations and will conduct additional electronic Equipment inventories on an annual basis.
The initial Software inventory will be conducted electronically, as will all annual
subsequent Software inventories.
Vendor will provide and ACI will approve the initial inventory before final implementation
as well as the automated Asset Inventory and Management System. ACI will have view
capabilities to the Asset Inventory and Management System monthly reports via IMPACT.
Vendor will also define and support the processes required for the capture of any changes
and will incorporate such changes into the asset database.
2. |
|
INITIAL ASSET INVENTORY |
|
a. |
|
During the Transition Period, Vendor will: |
|
(1) |
|
conduct a planning session with ACI (or location-specific
planning sessions for Locations with a sizable inventory) to review the plan for
performing the inventory (the “Inventory Plan”). ACI will approve and
sign-off on the plan. The Inventory Plan will document the following: |
|
(a) |
|
the assets Vendor will inventory, types of data Vendor
will collect, and the level asset are to be tracked, including all IT
assets, whether such assets are owned or leased by ACI or the Vendor |
|
|
(b) |
|
any Location-specific requirements and hours of access; |
|
(c) |
|
required Location data (for example, floor plans, storage
areas, equipment and software access requirements, safety and security
requirements); |
|
(d) |
|
Locations and End Users that Vendor will inventory using,
for example, mail-in data collection kits as well as the respective return
deadline date for each Location (to be returned before completion of the
inventory at the applicable Location) (see table attached which will specify
those Locations for which Vendor will perform a physical wall-to-wall
inventory; all other ACI Locations will receive mail-in kits); |
Confidential
Exhibit A-2 — Asset Services
Page 1 of 7
|
(e) |
|
any inventory prerequisites as well as any procedures
that Vendor and ACI will follow during the inventory and that ACI needs to
communicate or that ACI’s business units and End Users need to perform; |
|
|
(f) |
|
a tentative inventory schedule (by Location); |
|
(g) |
|
a virus escalation process, including the name and
telephone and pager numbers of the ACI Focal Point for use by Vendor in the
event Vendor incidentally discovers viruses during an electronic inventory
process; |
|
(h) |
|
the user demographic information Vendor will collect
(subject to the capabilities of the inventory tools, if applicable); and |
|
(i) |
|
the electronic inventory tools and the asset (hardware
and software) recognition capabilities of the electronic inventory tools as
well as the alternative inventory techniques Vendor will use, if any, in the
event Vendor cannot electronically inventory the assets; |
|
(2) |
|
notify the ACI Focal Point per the virus escalation process if
Vendor incidentally discovers viruses during the inventory process; |
|
(3) |
|
coordinate and perform the asset inventory (using a combination
of electronic and physical inventory techniques as determined by Vendor and
agreed to by ACI to verify or establish the asset database; |
|
(4) |
|
conduct a physical inventory of stand-alone machines (collected
information should consist of a numeric or alphanumeric asset type, and may also
include: manufacturer (for example, Vendor, HP, Apple); product description (for
example, desktop, server); serial number or asset tag number, as applicable;
asset location (for example, building address, room number, city and state); and
demographic information); |
|
(5) |
|
notify the ACI Focal Point of any obstacle that prevents Vendor
from performing an initial electronic inventory of an asset, including: |
|
(a) |
|
unavailability of, or failure to disable, a power-on or
screen saver password; |
|
(b) |
|
refusal by an End User to permit Vendor to perform the
electronic asset inventory; |
|
|
(c) |
|
untimely admittance to Locations or other areas; |
|
|
(d) |
|
an operating failure of the desktop; or |
|
(e) |
|
desktop executing software at the time of the scheduled
inventory and the End User is unavailable to save open data; |
Confidential
Exhibit A-2 — Asset Services
Page 2 of 7
|
(6) |
|
if the initial electronic inventory attempt is unsuccessful due
to an obstacle, perform a second attempt while in the same area to
electronically audit the asset. If the second attempt is also unsuccessful due
to an obstacle, perform a physical inventory of the asset; |
|
|
(7) |
|
Collect serial numbers of inventoried equipment, as required,; |
|
(8) |
|
prepare mail-in data collection kits and forward the kits to the
ACI Focal Point for distribution to the Locations and End Users identified in
the Inventory Plan; |
|
(9) |
|
if applicable, provide and install the required software agent(s)
to enable electronic scanning of assets to capture future asset database
information; |
|
(10) |
|
on completion of the inventory, reconcile the collected asset
data including identifying and correcting (to the extent within Vendor’s
control) the following, as applicable: |
|
(a) |
|
missing and duplicate serial numbers; |
|
(b) |
|
missing, duplicate and incorrect length of asset tag
numbers; |
|
|
(c) |
|
missing demographic information; and |
|
(d) |
|
discrepancies resulting from IMAC activity performed
during the inventory process, |
|
(11) |
|
utilize ACI’s process to track and capture any IMACs performed
during an asset inventory; |
|
|
(12) |
|
obtain ACI’s approval for the asset inventory results; and |
|
(13) |
|
establish the asset database within IMPACT to which ACI will have
browser and adhoc reporting privileges (i.e., load the asset information
obtained during the initial asset inventory) or validate the asset information
provided by ACI using the information obtained during the asset inventory. |
|
b. |
|
During the Transition Period, ACI will: |
|
(1) |
|
Review with Vendor the Inventory Plan and provide final approval
(or rejection) of such plan no later than ten days before the first Location
inventory; |
|
|
(2) |
|
at least ten days before each scheduled Location inventory: |
|
(a) |
|
provide a listing of the contacts who will perform
administrative responsibilities, including the ACI Focal Point, and ensure
their availability, as required, for status meetings during the inventory; |
|
(b) |
|
provide an estimate of the number of assets to be
inventoried at each Location; |
|
(c) |
|
provide current floor plans for each floor of each
Location to be inventoried; |
Confidential
Exhibit A-2 — Asset Services
Page 3 of 7
|
(d) |
|
provide a soft copy listing (i.e., mail merge capable
file) including the names of and mailing addresses for those End Users at
each Location using mail-in collection kits; |
|
(e) |
|
distribute mail-in data collection kits to the Locations
and End Users identified in the Inventory Plan; and |
|
(f) |
|
distribute the Vendor-supplied inventory worksheets to
End Users with instructions to complete the demographic information sections
of the worksheet before the scheduled date of the inventory. |
|
(3) |
|
during the initial asset inventory: |
|
(a) |
|
ensure the ACI Focal Point is available: |
|
(i) |
|
to accompany Vendor on a walk-through of
the Location; |
|
|
(ii) |
|
in the event Vendor incidentally discovers
viruses during the electronic inventory process; |
|
|
(iii) |
|
to review and accept collected data on a
daily basis; and |
|
|
(iv) |
|
upon inventory completion at each Location,
provide sign-off that the inventory process has been completed; |
|
(b) |
|
provide a temporary work room that is large enough to
accommodate the inventory team and provides access to a collection server, a
printer on which to generate reports, a telephone with outside capability,
and an analog phone line for modem dial out; |
|
(c) |
|
provide reasonable and timely access to equipment to be
inventoried; |
|
|
(d) |
|
prohibit (or restrict) IMAC activity; and |
|
(e) |
|
track and collect all mail-in data collection kits and
forward all completed kits to Vendor before the completion of the inventory
at the applicable Location; and |
|
(4) |
|
provide the initial End User related data (i.e., name, phone
number, location address, department number, network connection) in an
electronic format required to establish End User records; and |
|
(5) |
|
approve the asset inventory results for loading to the assets
database. |
Vendor will define and implement the process for tracking assets throughout their life
cycle from acquisition to disposal, including any changes performed for such assets. ACI
will review, provide feedback and provide final approval for the process.
Confidential
Exhibit A-2 — Asset Services
Page 4 of 7
|
(1) |
|
define and implement the asset tracking process |
|
(2) |
|
maintain the asset database capturing changes Vendor or ACI made
as a result of: |
|
(a) |
|
receipt of new assets; |
|
(b) |
|
data scrubbing and validation (i.e., checking for
nomenclature and data entry discrepancies such as validating that the asset
type is numeric or alphanumeric); |
|
(c) |
|
IMAC, hardware maintenance, and deskside support Services
activity; |
|
|
(d) |
|
asset storage, retirement, and disposal; and |
|
(e) |
|
changes to End User-related data (for example, name,
phone number, location address, department number, network connection). |
|
(3) |
|
perform electronic inventory and/or bar code scans on hardware in
conjunction with performing on-site Services (for example, deskside support,
IMAC, hardware maintenance) and update the asset database; |
|
(4) |
|
add assets for which no record is found to the asset database as
such assets are located during an inventory or are otherwise discovered, for
example, during a Service Desk support call, and notify the ACI Focal Point of
such additions; |
|
(5) |
|
coordinate and perform periodic physical or electronic asset
validations and report the results to ACI; |
|
(6) |
|
forward information on all asset discrepancies and/or issues to
the ACI Focal Point for resolution; |
|
(7) |
|
provide reasonable assistance to ACI in resolving asset database
discrepancies or issues; |
|
(8) |
|
provide a monthly standard report and annual rollup report to
ACI, as well as provide “as needed” reports in a mutually agreed upon timeframe;
and |
|
(9) |
|
Electronically link asset management tools, processes, and the
Asset Inventory and Management System to the Incident Management System, Change
Management procedures, and other Service Desk tools and processes in order to
effectively leverage the information contained therein. |
|
(1) |
|
assist Vendor in the definition of the asset tracking process; |
|
(2) |
|
provide Vendor changes ACI made to the assets as a result of: |
Confidential
Exhibit A-2 — Asset Services
Page 5 of 7
|
(a) |
|
Asset disposal in sites where there is no on-site Vendor
support; |
|
(b) |
|
changes to End User-related data (for example, name,
phone number, Location address, department number, network connection); |
|
(3) |
|
ensure End Users perform their responsibilities in accordance
with the established process during an asset validation or inventory; |
|
(4) |
|
maintain responsibility for software license management (for
example, auditing for compliance to vendor terms and conditions) for all
software owned by or licensed to ACI; |
|
(5) |
|
resolve all ACI asset policy discrepancies and issues and notify
Vendor of the resolution; and |
|
(6) |
|
Provide Vendor with information regarding what to maintain with
respect to the asset records ACI deems necessary to meet ACI’s audit
requirements and financial obligations. |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
(1) |
|
Include within the asset tracking processes the capture of
ACI-provided lease data as it relates to assets tracked |
|
(2) |
|
Prepare and provide lease management reporting as required by
ACI. |
5. |
|
REDEPLOYMENT AND DISPOSAL OF EQUIPMENT |
|
a. |
|
Vendor’s responsibilities include the following for ACI Locations where there
is on-site Vendor support: |
|
(1) |
|
Perform de-installation and/or re-deployment of Equipment in
accordance with change management procedures, including: |
|
(a) |
|
Comply with backup requirements. |
|
(b) |
|
Provide permanent removal of any ACI Software or data
that may exist on storage media (fixed, removable, or shared). |
|
(2) |
|
Upon redeployment or disposal of Equipment, make the necessary
changes in the asset inventory and management system. |
|
(3) |
|
Work with ACI to establish an financial approval process to
remove PCs; |
|
|
(4) |
|
Package the equipment for shipment and coordinate pick-up; |
Confidential
Exhibit A-2 — Asset Services
Page 6 of 7
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
(5) |
|
To the extent the Equipment is owned or leased by ACI, the
Vendor’s responsibilities include the following: |
|
(a) |
|
Return the Equipment to a central location at the ACI
Location or immediately re-deploy Equipment as requested by ACI. |
|
(b) |
|
If the Equipment is to be disposed of and is in usable
condition, dispose of the Equipment as directed by ACI |
|
(c) |
|
Dispose of unusable Equipment in an appropriate,
environmentally responsible manner. Erase, overwrite or destroy all data and
configuration information resident in the computer system, storage
components, and/or devices in such a manner that makes the data
irretrievable prior to disposing of equipment. If the Equipment is sold for
salvage, provide any salvage value to ACI. |
|
b. |
|
ACI’s responsibilities include the following: |
|
|
|
|
For ACI Locations where there is on-site Vendor support: |
|
(1) |
|
Pay for the transportation and disposal costs via locally
approved disposal or salvage process; |
|
(a) |
|
In countries where Asset Services are supported, Vendor
will offer transportation and disposal Services either as separate
Pass-Through Expenses or via direct ACI contracts with third parties. |
|
c. |
|
For ACI Locations where there is no on-site Vendor support, Vendor will, at
ACI’s request, dispatch support for asset disposal assistance. Travel for such
assistance will be a Pass-Through Expense. |
|
|
|
|
[ * ] |
|
|
|
* Represents two pages of redacted text |
Confidential
Exhibit A-2 — Asset Services
Page 7 of 7
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT A-3
SERVICE DESK SERVICES
|
a. |
|
As of the Service Tower Commencement Date, Vendor will provide Service Desk
Services in accordance with this Exhibit. |
|
b. |
|
Vendor shall be the single point of contact for End Users regarding Incidents
and requests, which include events that cause or may cause an interruption or
reduction of service for internal or external users of ACI’s IT Services along with
any requests for service originating from End Users. |
|
c. |
|
Vendor will staff an organization to act as a single point of contact for End
Users who require assistance in the resolution of IT-related problems, concerns, and
questions and to request Services (the “Service Desk”). |
|
d. |
|
Vendor will provide Service Desk support in English only. |
|
(1) |
|
provide the Service Desk service on a 24 x 7 x 365 basis; |
|
(2) |
|
provide the capability for End Users to submit Incidents via
telephone, electronic mail and secure web site; |
|
(3) |
|
provide a Service Desk with processes for Service Delivery and
Service Management that are [ * ]; |
|
(4) |
|
deliver Service Desk services that meet ACI’s established
business continuity and disaster recovery requirements; |
|
(5) |
|
provide Service Desk personnel who have the appropriate
competencies to provide Service Desk services and have been provided with an
orientation to ACI’s business to understand ACI processes and standard
infrastructure and are appropriately trained to provide one call support of
problem resolution, where feasible; |
|
(6) |
|
provide Service Desk support using terms that are clearly
understood by the End Users and consistent with those used by ACI; |
Confidential
Exhibit A-3 — Service Desk Services
Page 1 of 5
|
(7) |
|
provide a Service Desk that is in a location off-site from and
approved by ACI; |
|
(8) |
|
where more than one site is proposed by Vendor for the delivery
of Service Desk services, including for the support of ACI’s business continuity
and disaster recovery requirements, execute any switching between the sites in a
manner transparent to customers of the Service Desk service; |
|
(9) |
|
provide a toll free telephone number for calls to the Service
Desk originating in the United States and Canada. For calls originating
outside the US and Canada, the ACI voice network will be used to connect to the
US toll free telephone number, for End Users calling from outside the US or
Canada who require Service Desk assistance; |
|
(10) |
|
handle via the escalation management process agreed upon by
Vendor and ACI any problem that can not be resolved by telephone, and on a
specified basis provide reports to ACI on these escalated problems; |
|
(11) |
|
provide, program and maintain the automatic call distribution
equipment Vendor requires to provide the Services; |
|
(12) |
|
receive, log and dispatch or transfer calls, as appropriate; |
|
(13) |
|
open an Incident record to document all Incidents. This record
will include End User information, Incident record number, date and time
opened, service requested, problem description or symptoms, assignment (for
example, level 2, level 3), status, and Incident resolution and closure
information; |
|
(14) |
|
prioritize calls in accordance with the Severity Levels
established by ACI and Vendor under this Agreement; |
|
(15) |
|
perform problem analysis, including identification of the source
of the problem; |
|
(16) |
|
provide call status as the End User requests; |
|
(17) |
|
perform password resets, except for password resets on
Application IDs which ACI has retained, on a basis approved by ACI when
requested by End Users; |
|
(18) |
|
dispatch or arrange for on-site support or depot service, if
required, for problem determination and/or resolution; |
|
(19) |
|
notify the ACI Focal Point of systems or equipment failures, or
of an emergency, according to the Process Interface Manual; |
|
(20) |
|
provide a systems status recording and provide system status
broadcast messages on the web portal and via e-mail for in-scope systems with
status information such as known major Incidents and estimated recovery times; |
Confidential
Exhibit A-3 — Service Desk Services
Page 2 of 5
|
(21) |
|
interface with and coordinate problem determination and
resolution with the ACI Focal Point and/or Third Party service providers, as
appropriate; |
|
(22) |
|
monitor problem status to facilitate problem closure within
defined Service Level criteria and/or escalate in accordance with the escalation
management process; |
|
(23) |
|
provide input to ACI on End User training requirements based on
problem Call tracking and analysis; |
|
(24) |
|
with ACI’s assistance, establish and maintain Call prioritization
guidelines and escalation procedures; |
|
(25) |
|
develop Service Desk operational processes and procedures and
provide to ACI for distribution; |
|
(26) |
|
maintain a contact list of Vendor Focal Points, including names
and telephone, pager and fax numbers, and provide to ACI for distribution; |
|
(27) |
|
communicate to the ACI Focal Point on available Services and the
procedures for accessing such Services; |
|
(28) |
|
provide Xxxxx 0, and manage Xxxxx 0 and Level 3 support for the
Equipment and Software; |
|
(29) |
|
provide a standard monthly report to ACI summarizing the
Incidents (by status code) received and handled by the Service Desk for the
prior month; |
|
(30) |
|
provide monthly reports to ACI, as further described in Schedule
R (Reports); |
|
(31) |
|
Conduct random surveys of End Users in accordance with Schedule K
(User Satisfaction Survey Guidelines); and |
|
(32) |
|
Provide information to ACI on Call trends and make
recommendations (for example, additional End User training requirements), where
appropriate. |
|
(1) |
|
be responsible for all End User training in use of ACI hardware
and software; |
|
(2) |
|
for ACI-retained systems, provide systems status information to
the Service Desk and updates as they occur. Vendor will maintain such
information for up to five Business Days or until ACI is notified by Vendor
within the five Business Days, after which time Vendor will delete it unless ACI
requests otherwise; |
|
(3) |
|
maintain and distribute a ACI contact list, including names and
telephone, pager and fax numbers, for use by Service Desk staff to contact
appropriate ACI personnel for problem determination
assistance and escalation and ensure such personnel are available as required; |
Confidential
Exhibit A-3 — Service Desk Services
Page 3 of 5
|
(4) |
|
assist Vendor in establishing Call prioritization guidelines and
escalation procedures; |
|
(5) |
|
ensure End Users have a basic level of understanding of the
Service Delivery Processes and adhere to such processes for accessing the
Services; |
|
(6) |
|
communicate support responsibilities and procedures to the ACI
Focal Point and Third Party service providers (for example, providing Call
status and resolution to the Service Desk) and ensure adherence to such
procedures; |
|
(7) |
|
assist Vendor, as requested and in a time frame commensurate with
the assigned problem Severity Levels and associated Service Level commitment, in
the resolution of recurring problems which are the result of End User error; |
|
(8) |
|
resolve any ACI Third Party services provider performance
problems affecting Vendor’s provision of the Services for any service provider
arrangements that have not been assigned to Vendor; |
|
(9) |
|
be responsible for all ACI Third Party support costs (for
example, help lines); |
|
(10) |
|
be responsible for the resolution or closure of all Incidents
related to products and services that are not within the Services; |
|
(11) |
|
authorize all system access; |
|
(12) |
|
reset passwords and perform logon ID administration for
application IDs; and |
|
(13) |
|
allow Vendor to utilize remote access capability to remotely
diagnose End User problems. |
2.2 |
|
Performance Standards and Reporting for Service Desk |
Vendor shall meet performance standards for the Service Desk services as defined in Schedule B
(Service Levels). Reporting requirements for all Services are defined in Schedule R (Reports).
Confidential
Exhibit A-3 — Service Desk Services
Page 4 of 5
|
a. |
|
Vendor will provide tools and a web services portal to enable the End Users
to: |
|
(1) |
|
perform self help knowledge searches; |
|
(2) |
|
submit problem and service request tickets; |
|
(3) |
|
view online problem and service request ticket status; and |
|
(4) |
|
view current system outages. |
|
(1) |
|
provide and maintain an authentication methodology as part of
ACI’s security guidelines; |
|
(2) |
|
provide ACI’s existing processes and content to assist Vendor in
providing self help Services; and |
|
(3) |
|
promote and ensure the use of the self help Tools and processes
to End Users. |
Confidential
Exhibit A-3 – Service Desk Services
Page 5 of 5
EXHIBIT A-4
END USER SERVICES
Upon the Service Tower Commencement Date, Vendor will provide the following End User
Services to ACI during the Service Hours, unless otherwise mutually agreed by ACI and
Vendor.
2. |
|
DESKTOP SUPPORT SERVICES |
Vendor will provide problem determination and problem resolution at the End User’s work
location within a facility using on-site services which are a combination of deskside
support and hardware related support such as break/fix (i.e., hardware maintenance).
Vendor will not provide such on-site services to End Users in Locations in Malaysia until
Contract Year 3.
For equipment that is eligible for hardware maintenance Services and that is assigned to
Mobile End Users and/or Remote End Users, Vendor will provide such Services as depot
services only, that is, performed at an Vendor-designated repair location. Vendor will
identify the designated depot services location and provide ACI the processes Mobile End
Users and Remote End Users will follow in obtaining such Services. Where no Vendor repair
centre is available Vendor will either replace equipment or provide a loan machine and make
good repairs on the defective system. In those instances when physical presence is
required to perform desktop services and no on-site resource is available, Vendor will
engage and dispatch personnel to address the request and/or resolve the issue. If services
are performed by a third party, ACI would be billed directly by the third party. If
Services are performed by Vendor, Vendor will invoice ACI for travel and living expenses as
Pass-Through Expenses and labor performed by non-ACI dedicated personnel would be billed
via the rate card in Schedule C (Charges).
2.1 |
|
Deskside Support Services |
|
(1) |
|
provide problem source identification, problem impact validation,
and problem determination; |
|
(2) |
|
with ACI’s approval, implement the deskside support Services
operational procedures including the criteria for deployment of deskside support
Services personnel; |
|
(3) |
|
be responsible for all End User data migration, backup and
restore, conversion, and erasure, as required, before and following the
provision of deskside support Services; |
Confidential
Exhibit A-4 — End User Services
Page 1 of 12
|
(4) |
|
provide deskside support Services for Supported Desktop Standard
Products at the End User’s work location within a End User Location in
accordance with the established procedures; |
|
(5) |
|
provide support Services for Supported Desktop Products at remote
End User’s work location via network assist; |
|
(6) |
|
manage the problem to resolution or closure, as appropriate,
including: |
|
(a) |
|
applying emergency software fixes in support of
problem resolution; or |
|
(b) |
|
performing virus eradication on the desktop device;
or |
|
(c) |
|
completely rebuild the system back to its original
standard. |
|
(7) |
|
update the status of the deskside support Services call to the
Service Desk through to completion; |
|
(8) |
|
When a new employee is hired, Vendor will receive from ACI an
IMAC request with the End User requirements for a new Employee. |
|
(9) |
|
on completion of the deskside support Services: |
|
(a) |
|
close the ticket; and |
|
(b) |
|
update the asset database; |
|
(10) |
|
at ACI’s request, provide deskside support Services for
Nonstandard Products on a Commercially Reasonable Efforts basis and based upon
available resources. (See definition of “Nonstandard Product” in Attachment A-1
(Services Definitions)); and |
|
(11) |
|
provide a monthly standard report using available problem
management data to ACI summarizing the deskside support Services Vendor provided
during the prior month. |
|
(1) |
|
assist Vendor in implementing the deskside support Services
operational procedures including the criteria for deployment of deskside support
Services personnel; |
|
(2) |
|
provide adequate and secure space for depot assets; and |
|
(3) |
|
provide authorization and be responsible for all charges for
deskside support Services Vendor provides at ACI’s request for Nonstandard
Products and out-of-scope services (for example, ad hoc End User training, how
to assistance). |
2.2 |
|
Hardware Maintenance Services |
|
(1) |
|
coordinate hardware support for Maintained Equipment including
the repair or exchange of such Maintained Equipment, as appropriate; |
Confidential
Exhibit A-4 — End User Services
Page 2 of 12
|
(2) |
|
at ACI’s request, coordinate hardware support for, Equipment not
on warranty and without a maintenance agreement, including the repair or
exchange of such Equipment as appropriate, on a Commercially Reasonable Efforts
basis and based upon available resources; |
|
(3) |
|
with ACI’s approval, implement the hardware maintenance Services
operational procedures including the criteria for deployment of hardware
maintenance Services personnel; |
|
(4) |
|
coordinate and schedule maintenance activities with the ACI Focal
Point or the requesting End User; |
|
(5) |
|
dispatch hardware maintenance service personnel in accordance
with the established procedures; |
|
(6) |
|
document and provide recovery procedures to maintenance personnel
necessary to recover the Equipment to its original state including foreign
operating systems and individual country dictionaries; |
|
(7) |
|
using ACI-provided warranty documentation, maintain the records
necessary to support warranty service of Equipment on warranty installed as of
the Effective Date (for example, serial number, program number, install date,
location) within the asset database; |
|
(8) |
|
coordinate warranty repair service with the appropriate equipment
manufacturer; |
|
(9) |
|
track and report observed failure trends for Critical Functions; |
|
(10) |
|
on notice from ACI, perform service or provide instructions
pertaining to OEM recall programs for ACI-owned Maintained Equipment consistent
with the terms and conditions and instructions the manufacturer specifies; |
|
(11) |
|
provide the procedures Mobile End Users and Remote End Users are
to follow to obtain depot hardware maintenance Services for Supported Desktops
to the ACI Focal Point for distribution to such End Users; |
|
(12) |
|
update the status of the hardware maintenance Services calls to
the Service Desk through to completion; |
|
(13) |
|
on completion of hardware maintenance Services: |
|
(a) |
|
close the ticket; and |
|
(b) |
|
update the asset database; |
|
(14) |
|
perform any required pre- and post maintenance activities before
permitting and following hardware maintenance Services on equipment (for
example, backup, remove, protect, and restore programs, data and removable
storage media, remove and reload funds); |
|
(15) |
|
on Vendor’s discovery of hardware Standard Products not included
in the asset database, notify the ACI Focal Point of the same, so that ACI
can place such hardware on maintenance, and update the asset database; |
Confidential
Exhibit A-4 — End User Services
Page 3 of 12
|
(16) |
|
at ACI’s request, provide hardware maintenance Services for
Nonstandard Products on a Commercially Reasonable Efforts basis and based upon
available resources; |
|
(17) |
|
at ACI’s request, provide hardware maintenance Services on an
hourly basis to repair or restore Maintained Equipment damaged as a result of: |
|
(a) |
|
ACI’s misuse, accident, ACI’s modification,
unsuitable physical environment in a End User Location, or a Force Majeure
Event, or |
|
(b) |
|
the provision of hardware maintenance services by
other vendor, or |
|
(c) |
|
the inappropriate use of, inadequate use of, or
failure to use, appropriate supplies by ACI, or |
|
(d) |
|
other actions by ACI not covered under a maintenance
agreement or warranty services; and |
|
(18) |
|
provide a monthly standard report to ACI, using available problem
management data that summarizes the hardware maintenance Services Vendor
provided during the prior month; |
|
(19) |
|
notify ACI of any warranty issues; |
|
(20) |
|
implement the hardware maintenance Services operational
procedures including the criteria for deployment of hardware maintenance
Services personnel. |
|
(1) |
|
Provide warranty or maintenance agreements on all Supported
Desktops and Nonstandard Products; |
|
(2) |
|
Be financially responsible, for equipment not covered under
warranty |
|
(3) |
|
approve the hardware maintenance Services operational procedures
including the criteria for deployment of hardware maintenance Services
personnel; |
|
(4) |
|
provide a suitable environment for the equipment to be
maintained, as the equipment’s manufacturer specifies; |
|
(5) |
|
provide Service Desk representatives with the information
required for hardware maintenance Services (for example, machine type, serial
number), and such other information, as requested, including location address,
building and office number and contact name and phone number; |
|
(6) |
|
coordinate and schedule maintenance activities with ACI’s
internal support functions, as required; |
Confidential
Exhibit A-4 — End User Services
Page 4 of 12
|
(7) |
|
provide Vendor with manufacturers’ warranty documentation (for
example, warranty certificate, type of warranty, duration, applicable terms and
conditions) for Maintained Equipment installed as of the Effective Date and for
equipment Vendor will maintain that ACI procures directly after such date; |
|
(8) |
|
ensure all hardware that is procured by or for ACI after the
Effective Date has the maximum warranty available or on schedule with the
refresh cycle on all parts and labor (i.e., three-year on-site service, parts
and labor warranty or equivalent) and warranty services are consistent with the
Service Hours and applicable Service Levels; |
|
(9) |
|
provide all hardware upgrades, maintenance parts, or replacement
equipment not provided under a warranty or maintenance agreement; |
|
(10) |
|
provide and maintain the inventory of all End User consumable
supplies, such as paper, toner, printer cartridges, diskettes, compact disks,
tapes, batteries, and other such items that comply with original equipment
manufacturer’s specifications, and distribute or install such supplies as End
Users require; |
|
(11) |
|
provide the guidelines relative to and the spare parts inventory
for Critical Functions, and the appropriate and secured storage area for such
inventory; |
|
(12) |
|
provide authorization and be responsible for all charges for
hardware maintenance Services Vendor provides at ACI’s request to repair or
restore Maintained Equipment damaged as a result of ACI action under Section
2.2(a)(17) of this Exhibit A-4; |
|
(13) |
|
provide authorization and be responsible for all charges for
hardware maintenance Services Vendor provides at ACI’s request for Nonstandard
Products. |
3. |
|
INSTALL, MOVE, ADD, CHANGE SERVICES |
|
(1) |
|
coordinate and perform IMACs for the Standard Products; |
|
(2) |
|
with ACI’s approval, implement the IMAC Services operational
procedures including the development of an IMAC checklist that defines the
completion criteria for each IMAC Service; |
|
(3) |
|
receive requests for IMAC Services via the established procedures
and create the required documentation (for example, work order, call record
update); |
|
(4) |
|
schedule the IMAC perform date with the ACI Focal Point and the
requesting End User; |
Confidential
Exhibit A-4 — End User Services
Page 5 of 12
|
(5) |
|
before the scheduled IMAC date, communicate to the ACI Focal
Point any IMAC prerequisites and any procedures that need to be followed after
the IMAC is completed; |
|
(6) |
|
notify the ACI Focal Point of the required IMAC components that
need to be available and site preparations (facilities and telecommunications
modifications) that need to be completed before the scheduled IMAC date; |
|
(7) |
|
perform the required pre delivery preparation for any new systems
to be installed, including: |
|
(a) |
|
build and configure the system in accordance with
ACI-provided configuration specifications; |
|
|
(b) |
|
run diagnostics on all configuration components; |
|
(c) |
|
load and configure specified software Standard
Products and replicate loading for site-licensed software Standard
Products using the ACI-provided master diskette or compact disk; |
|
(d) |
|
perform configuration testing, including operating
system testing functions; |
|
(e) |
|
perform hardware burn-in for the designated period of
time for such hardware; and |
|
(f) |
|
repackage the fully assembled and tested system,
including configuration documentation and any vendor-provided operations
manuals or other applicable documentation, in one container or as a banded
unit, apply shipping labels, generate appropriate shipping documentation,
and ship to the designated End User Location; |
|
(8) |
|
before the scheduled IMAC date, verify with the End User, that he
or she has complied with all IMAC prerequisites, all site modifications are
complete, and that the necessary IMAC components have been received and will be
available at the End User’s work location on the scheduled IMAC date . The ACI
Focal Point will be contacted in the event that there is an issue related to the
IMAC; |
|
(9) |
|
perform the IMAC Services for desktop Standard Products according
to the criteria specified in the IMAC checklist; |
|
(10) |
|
obtain concurrence from the End User or the ACI Focal Point that
the IMAC was completed in accordance with the IMAC checklist; |
|
(11) |
|
assist ACI in resolving on a timely basis any issues impacting
IMAC activity; |
|
(12) |
|
prepare displaced hardware (i.e., wrap cords) and software and,
if applicable, move to a designated staging area within the End User Location
for removal by ACI; |
Confidential
Exhibit A-4 — End User Services
Page 6 of 12
|
(13) |
|
update the status of the IMAC Services call to the Service Desk
through to completion; |
|
(14) |
|
on completion of an IMAC: |
|
(b) |
|
collect the appropriate configuration data and update
the asset database; |
|
(15) |
|
implement a mutually agreed process for consolidating IMACs, when
possible, into Projects; |
|
(16) |
|
be responsible for all End User data migration, backup and
restore, conversion, or erasure, as required, before and after the IMAC Service; |
|
(17) |
|
provide a monthly standard report to ACI summarizing the IMAC
Services Vendor performed during the prior month, including the current status
of any IMAC Services requests that are in progress or pending; |
|
(18) |
|
implement the IMAC Services operational procedures including the
development of an IMAC checklist that defines the completion criteria for each
IMAC Service; |
|
(19) |
|
after the completion of the IMAC, return all services to
operational status; and |
|
(20) |
|
ensure all required IMAC components are at the designated staging
area within the facility or at the End User’s work location, as applicable, on
the scheduled IMAC date; escalate to ACI Focal Point if required |
|
(1) |
|
Approve the IMAC Services operational procedures including the
IMAC checklist that defines the completion criteria for each IMAC Service; |
|
(2) |
|
provide to Vendor, via the established procedures, an authorized
IMAC Services request that clearly defines all IMAC requirements and includes
all information Vendor requests; |
|
(3) |
|
provide all Equipment and Software components (for example,
hardware, software and any associated components) necessary to perform an IMAC; |
|
(4) |
|
through the ACI Focal Point: |
|
(a) |
|
coordinate the activities related to and the
completion of all required facilities and data telecommunications
modifications before the scheduled IMAC date; |
Confidential
Exhibit A-4 — End User Services
Page 7 of 12
|
(b) |
|
at Vendor’s request, provide the status on
ACI-retained activities (for example, anticipated completion date of site
modifications) related to or impacting an IMAC; |
|
(c) |
|
ensure End User compliance with all IMAC Services
prerequisites, as set forth in the IMAC checklist or as Vendor or ACI
otherwise communicates, before the scheduled IMAC date; |
|
(d) |
|
at Vendor’s request, verify the completion of all End
User IMAC prerequisites, site readiness, and the availability of all IMAC
components; and |
|
(5) |
|
define and provide Vendor the escalation procedures for
situations where End Users have not completed the communicated IMAC
prerequisites or where site preparations have not been completed within the
defined time frames or in accordance with specifications; |
|
(6) |
|
for IMAC activity not directly requested by the End User, notify
the affected End User(s) of such planned IMAC activity; |
|
(7) |
|
track End User software licenses and be responsible for End User
compliance with all software vendor license terms and conditions; |
|
(8) |
|
for new systems for which Vendor is providing pre-delivery
preparation Services: |
|
(a) |
|
define the configuration specifications; |
|
(b) |
|
provide copies (via diskettes, compact disks, tapes
or other approved media) of any site licensed software Standard Products,
including the master to be loaded as part of a Standard Configuration; |
|
(c) |
|
communicate to Vendor any applicable software vendor
license terms and conditions; |
|
(d) |
|
adhere to all software vendor license terms and
conditions for any site licensed software Standard Products; and |
|
(e) |
|
provide the ship-to location address for each system
unit and the name and phone number of a designated contact person at such
location; |
|
(9) |
|
provide necessary End User orientation and education; |
|
(10) |
|
provide all transportation of IMAC components to, between, and
within Facilities and all transportation associated with the disposal or
relocation of displaced hardware and software; |
|
(11) |
|
be responsible for all costs and compliance with regulatory
requirements for the disposal or relocation of packing materials and displaced
or discontinued hardware and software and related materials (for example,
batteries, manuals, supplies, cathode ray tubes); |
Confidential
Exhibit A-4 — End User Services
Page 8 of 12
|
(12) |
|
provide the packing materials and prepare all displaced hardware
and software for shipping; |
|
(13) |
|
provide a secure staging or storage area within the End User
Location to store IMAC components to be used for a scheduled IMAC and the
hardware and software (and associated documentation) displaced by an IMAC; |
|
(14) |
|
assist Vendor to resolve on a timely basis any issues impacting
an IMAC; and |
|
(15) |
|
provide authorization and be responsible for all charges for IMAC
Services Vendor provides at ACI’s request for Nonstandard Products. |
Vendor will provide Refresh Services to ACI at depot locations as an IMAC and as set forth
below and in Schedule V (In-Flight Projects). A planned Refresh IMAC request that includes
more than ten (10) concurrent IMAC events (i.e., IMACs to be performed during the same time
period, within the same business unit or location) will be considered a Project, if ACI
agrees on a case-by-case basis. ACI will have the option to request multi-desktop
refreshes to be implemented on a staggered basis using staff already assigned to the ACI
account with no increase in charges.
|
(1) |
|
schedule the Refresh perform date with the ACI Focal Point and
the requesting End User, and communicate any End User prerequisites prior to the
scheduled Refresh date (according to the agreed Refresh plan); |
|
(2) |
|
de-install and remove the End User’s existing Supported Desktop
and configure, install and test the new system at the mutually agreed location
(for example, desk or office); |
|
(3) |
|
perform data backup from the End User’s existing Supported
Desktop; |
|
(4) |
|
perform electronic data migration up to two gigabyte from End
User’s existing Supported Desktop to the new system; and |
|
(5) |
|
update the image(s), as required. |
|
(1) |
|
ensure the End User is available to Vendor during the Refresh
process to provide any necessary information (for example, passwords); and |
|
(2) |
|
define the content of the updated image(s) to deploy to all
systems taking into consideration the needs of the various combinations of
operating systems, hardware, and business unit applications. |
Confidential
Exhibit A-4 — End User Services
Page 9 of 12
5. |
|
ELECTRONIC SOFTWARE DISTRIBUTION (ESD) |
|
(1) |
|
with ACI’s assistance, define the ESD processes and procedures; |
|
(2) |
|
provide the ESD processes and procedures including any ACI
support requirements to the ACI Focal Point for distribution to ACI-designated
personnel (for example, operators, systems engineers, problem support
personnel); |
|
(3) |
|
with ACI’s assistance, establish a distribution plan before each
ESD including: |
|
(a) |
|
the mutually agreed software Standard Products
(consistent with the Supported Desktop Software standards) to be
distributed; |
|
(b) |
|
the schedule for distribution; |
|
(c) |
|
any ESD prerequisites and post install procedures
that need to be completed by End Users and ACI’s business units; and |
|
(d) |
|
any End User training requirements related to the
changes that will result from an ESD; |
|
(4) |
|
communicate to the ACI Focal Point any ESD prerequisites and post
install procedures that need to be completed by End Users and ACI’s business
units; |
|
(5) |
|
schedule and coordinate ESD activities with the ACI Focal Point; |
|
(6) |
|
develop the how-to procedures End Users will follow to download
the distributed software Standard Products from a Supported Server to the
Supported Desktop and provide an electronic change notice to all End Users
regarding upcoming distributions prior to the distribution itself; |
|
(7) |
|
before an ESD, configure and test the software standard image
included in the ESD to verify compatibility with existing Supported Server and
Supported Desktop hardware and software configurations and directory structures
and compliance with ACI policy; |
|
(8) |
|
manage and administer the ESD, including: |
|
(a) |
|
monitoring the ESD to verify the successful
completion of the process; and |
|
(b) |
|
taking corrective action, as appropriate, for
problems resulting from the ESD to correct error conditions and facilitate
application stability; |
|
(9) |
|
communicate to the ACI Focal Point any problems that occurred
during the distribution and a list of unsuccessful distributions; |
|
(10) |
|
resolve unsuccessful distributions to the Supported Servers
attributable to Vendor’s error; |
Confidential
Exhibit A-4 — End User Services
Page 10 of 12
|
(11) |
|
provide verification of each completed ESD to the ACI Focal
Point; |
|
(12) |
|
on completion of the ESD, update the asset database, as
appropriate; and |
|
(13) |
|
ensure Supported Servers are equipped with the required hardware
and software and that sufficient network capacity and connectivity (i.e.,
end-to-end connectivity and telecommunications link with minimum capacity of 256
kb) exist to allow for centralized electronic software distribution; |
|
(14) |
|
before an ESD, resolve configuration conflicts between software
products existing on the Supported Servers and Supported Desktops and the
software Standard Products included in the scheduled ESD; |
|
(15) |
|
install software Standard Products that cannot be electronically
distributed on a Project basis; and. |
|
(16) |
|
Apply patches on periodic basis according to the ACI policies and
procedures |
|
(1) |
|
provide all software Standard Products (new and upgrades)
included in an ESD or distributed on a Project basis; |
|
(2) |
|
document and provide to Vendor ACI’s standard configuration and
policy requirements; |
|
(3) |
|
assist Vendor in establishing a distribution plan before each
ESD; |
|
(4) |
|
assist Vendor in testing the ESD process; |
|
(5) |
|
ensure required End User training occurs before the scheduled ESD
date; |
|
(6) |
|
perform file conversion for application files, ACI proprietary
application files, and End User data files; |
|
(7) |
|
provide the necessary system support (for example, scheduling
system downtime, if required) during an ESD; |
|
(8) |
|
ensure compliance by End Users and ACI’s business units with the
communicated ESD prerequisites and post install procedures; |
|
(9) |
|
resolve unsuccessful distributions to the Supported Servers or
Supported Desktops not attributable to Vendor’s error; |
|
(10) |
|
provide to Vendor any software vendor license terms and
conditions and maintenance requirements for newly distributed software Standard
Products that could affect the ESD Services; |
|
(11) |
|
notify Vendor of any distribution time frames specified by any
regulatory agency that need to be met to accomplish compliance with ACI
Regulatory Requirements; |
Confidential
Exhibit A-4 — End User Services
Page 11 of 12
|
(12) |
|
notify Vendor of any software to be deinstalled by Vendor
(through the IMAC process or on a Project basis) in conjunction with an ESD; and |
|
(13) |
|
dispose of all deinstalled software and discontinue the license
and maintenance, if applicable, for such software. |
Confidential
Exhibit A-4 — End User Services
Page 12 of 12
EXHIBIT A-5
SERVER SYSTEMS MANAGEMENT SERVICES (INCLUDING MAINFRAME)
Upon the Service Tower Commencement Date, Vendor will provide ACI the following Server
Systems Management Services during the Service Hours. However, in no case will Vendor’s
availability be limited to the Service Hours when a Severity 1 incident is reported.
Vendor will establish and maintain a properly trained and adequately staffed Data Center
population (i.e., management and support staff) to provide the Supported Server Services to
ACI. Unless otherwise agreed by ACI and Vendor, such Services will be provided during the
Service Hours, excluding the regularly scheduled maintenance periods.
|
(1) |
|
provide server operation Services including the management of
the Supported Server environment using the appropriate processes set forth in
the Process Interface Manual; |
|
(2) |
|
engineer, order, provision and deliver server services
eliminating single points of failure and including redundant data paths,
hot-swappable components, mirrored disk, and/or high availability services to
provide a level of service that meets or exceeds the Service Levels; |
|
(3) |
|
create, maintain and delete volumes and directory structures; |
|
(4) |
|
define, implement and execute required backup and recovery
procedures, specific to the individual server or as part of a logical group of
servers utilizing common storage; |
|
(5) |
|
test and validate data restoration and backout procedures, at
least annually, or as required by customer contracts; |
|
(6) |
|
ensure server services required for system monitoring are
configured and available throughout the systems runtime; |
|
(7) |
|
provide connectivity as defined by ACI to enable ACI to
access their customer sites for problem resolution; |
|
(8) |
|
modify file system sizes and permissions; |
|
(9) |
|
verify mount point availability; |
|
(10) |
|
repair defective file systems; |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 1 of 13
|
(11) |
|
assign account, work group and print managers; |
|
(12) |
|
administer directory distribution and replication; and |
|
(13) |
|
define and manage resources and domains. |
|
(1) |
|
provide the information, as requested by Vendor, required for
Vendor’s initial evaluation of ACI’s operating system environment, such as an
updated inventory of devices and their configuration; and |
|
(2) |
|
support trusted Third Party security servers (for example,
authentication). |
Software license management, for ACI owned or licensed Software, is retained by ACI.
1.3.1 |
|
Installation, Upgrades and Changes |
|
a. |
|
Vendor responsibilities include the following: |
|
(1) |
|
Install, upgrade, and change all Software as required and in
accordance with ACI technical architecture standards, and with ACI’s approval; |
|
(2) |
|
Interface with retained ACI staff and other Third Parties to
promote the compatibility of Software products; |
|
(3) |
|
Unless otherwise directed by ACI, install, upgrade, and
change Software to prescribed release levels; |
|
(4) |
|
Provide installation of department or internal IT-specific
Software as requested by ACI; |
|
(5) |
|
Install vendor-supplied corrections for vendor Software
problems, which include installation of vendor-supplied Software patches as
required, and with ACI’s approval; |
|
(6) |
|
Prior to the start of each calendar quarter, give written
notice to ACI of all upgrades and Software changes that are proposed to occur
in the following quarter. The Parties will mutually agree in writing on the
timing for the implementation of upgrades; |
|
(7) |
|
Coordinate testing, installation, customization, and support
of Software with Application Development and Maintenance (ADM) personnel, and
other Third Parties as required; |
|
(8) |
|
Observe Change Management procedures while implementing
changes, upgrades, or enhancements; |
|
(9) |
|
For any changes, upgrades, or enhancements, advise ACI of any
additional Equipment, network, environmental, or other requirements
needed during integration testing and/or otherwise known to be necessary for
the implementation; |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 2 of 13
|
(10) |
|
Proactively provide ADM staff, ACI, and other Third Parties
with support for Equipment and System Software used to support ADM activities; |
|
(11) |
|
Prior to implementation or changes to Application Software,
proactively provide ADM staff, ACI staff, and other Third Parties with
information and constraints related to Equipment, System Software, and network
requirements; and |
|
(12) |
|
Assist ACI with production testing and implementation
activities for Application Software with the ADM staff, ACI staff, and other
Third Parties as required in order to successfully promote Application
Software into the production environment. |
|
(1) |
|
Provide Vendor with the ACI technical architecture standards;
and |
|
(2) |
|
Perform production testing and implementation activities for
Application Software with the ADM staff, ACI staff, and other Third Parties as
required in order to successfully promote Application Software into the
production environment (except in certain cases where Vendor may be
responsible for production moves). |
|
a. |
|
Vendor responsibilities include the following: |
|
(1) |
|
Support all Software, excluding Applications supported by
ACI’s retained staff or other Third Parties, as required and in accordance
with ACI’s technical architecture standards, and with ACI’s approval; |
|
(2) |
|
Support Software at prescribed release levels or as directed
by ACI; |
|
(3) |
|
Apply patches to Software as required, with ACI’s approval; |
|
(4) |
|
For Systems Software, provide Xxxxx 0, Xxxxx 0, and Level 3
Support; |
|
(5) |
|
Provide ACI internal with Software support, advice, and
assistance; |
|
(6) |
|
Maintain a library of Vendor-supplied and Vendor-developed
documentation that identifies the Software supported by Vendor and the
operational support procedures associated with the Software; and |
|
(7) |
|
Maintain master copies of the ACI standard Software in a
secure, central location. |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 3 of 13
|
a. |
|
Vendor responsibilities include the following: |
|
(1) |
|
Install, update, operate, and maintain virus protection
Software including but not limited to malware, Trojans, and spyware on all
Equipment used to deliver or support the Services; |
|
(2) |
|
Maintain subscription to the anti-virus Software support in
order to proactively receive virus engine and pattern updates; |
|
(3) |
|
Install thoroughly tested and change-controlled updates to
virus-protection Software as needed or as directed by ACI, according to the
Service Levels required by ACI, as defined in Schedule B (Service Levels) and
its Exhibits, no later than twenty-four (24) hours after such updates are made
available to Vendor (or qualified Third Parties selected by Vendor) and have
been approved by ACI; |
|
(4) |
|
Perform virus scans on all e-mails; |
|
(5) |
|
Upon detection of a virus, take immediate steps to notify the
Service Desk, including: |
|
(a) |
|
Assess the scope of damage; |
|
(b) |
|
Arrest the spread and progressive damage from the
virus; |
|
(c) |
|
Eradicate the virus; and |
|
(d) |
|
Restore all data and Software to its original state
(to the greatest extent possible); |
|
(6) |
|
Develop any plans necessary to provide virus protection; |
|
(7) |
|
Provide consulting services for virus protection; |
|
(8) |
|
Respond to virus Incidents; |
|
(9) |
|
Provide proactive alerts to End Users relative to current
virus threats either specific to ACI’s environment, encountered in the Vendor
environment, or based on industry information; |
|
(10) |
|
Provide additional temporary resources in the event of a
major computer virus outbreak so ACI’s performance does not degrade because of
an unavailability of Vendor resources; and |
|
(11) |
|
Provide daily and monthly reports that contain a summary of
the number of viruses detected and cleaned, as well as a list of viruses
caught. |
|
(a) |
|
manage server (including mainframe servers) resource
availability for server and peripheral hardware and software; |
|
(b) |
|
execute recovery procedures, as required, for server
resources; |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 4 of 13
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
(c) |
|
provide support for servers supporting both
production operations and application development in routine and emergency
situations, including, but not limited to, problem diagnosis assistance,
level 2 server and mainframe support data access, program testing, and
promotion of data/programs from test into production; and |
|
(d) |
|
provide server operating status, as requested. This
includes but is not limited to version(s), patch level(s), logs, uptime
statistics, performance data, utilization statistics, and historical data. |
|
(a) |
|
provide requirements and approval for incident
escalation and change processes, expected incident response times,
resolution times, and ACI contacts where appropriate; and |
|
(b) |
|
notify Vendor of any planned or emergency changes to
ACI’s environment affecting Vendor’s provision of the Services. |
|
a. |
|
Vendor will perform the following console activities, utilizing automation
where appropriate, during the Service Hours: |
|
(1) |
|
console monitoring and message filtration; |
|
(2) |
|
system and application restart and recovery; and |
|
(3) |
|
automated problem reporting and paging. |
|
(1) |
|
be consulted when any restore procedure needs to be
performed; |
|
(2) |
|
in those Locations where there is no Vendor staff on-site,
assist Vendor, using ACI personnel, with server restarts, as reasonably
requested (e.g., [ * ]). At no time will Vendor restart an application,
service or device without a procedure defined or assistance or approval from
ACI to perform such restart; and |
|
(3) |
|
provide requirements and approval for application restart and
recovery procedures. |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 5 of 13
1.6 |
|
Server Planning Support |
|
(1) |
|
collect and analyze planned server requirements and workloads
for development and production (includes, but is not limited to, server
hardware, system software, server configuration, storage requirements and
configuration, network requirements and middleware requirements); |
|
(2) |
|
identify potential single points of failure and either a)
provide a plan that remediates all SPOF’s or b) document acceptance of the
SPOF and the specific exposures and predicted frequency of failure; |
|
(3) |
|
schedule, order, install, configure, and deliver hardware and
software based on ACI’s requirements; and |
|
(4) |
|
use Commercially Reasonable Efforts in responding to requests
for accelerated provisioning of server resources, based on customer support
requirements, unplanned demand, or unanticipated workloads. |
|
b. |
|
ACI will approve planned requirements for server resources based on planned
development and production activities. |
1.6.1 |
|
Hardware and Facilities Planning |
|
(1) |
|
coordinate with site facilities management to provide
specified power to equipment, raised floor space, rack placement, and other
physical environmental requirements for the Vendor Data Centers; |
|
(2) |
|
coordinate hardware availability for scheduled maintenance
(i.e., microcode updates, engineering changes); and |
|
(3) |
|
maintain physical configuration plan. |
|
b. |
|
ACI will assist Vendor in conducting system space planning and in assessing
hardware and facility requirements for equipment located in ACI Locations. |
1.6.2 |
|
Installation and Maintenance Services |
In those instances when physical presence is required to perform installation and/or
maintenance services and no on-site resource is available, Vendor will engage and dispatch
Services personnel to address the request and/or resolve the issue. If services are
performed by a Third Party, ACI would be billed directly by the Third Party. If Services
are performed by Vendor, Vendor will invoice ACI for travel and living expenses as
Pass-Through Expenses, and labor performed by non-ACI dedicated personnel would be billed
via the rate card in Schedule C (Charges).
|
(1) |
|
install, configure, and perform cumulative maintenance to
Supported Server Standard Products, including the base operating system,
operating system utilities, functions, features, program products, and other
supported products, BIOS, firmware (storage, and peripheral
devices), and hardware with ACI’s final approval of the implementation; |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 6 of 13
|
(2) |
|
establish a test and implementation plan, including backout
contingencies, before each system upgrade Project; |
|
(3) |
|
schedule and coordinate system testing and implementation
with the ACI Focal Point; and |
|
(4) |
|
communicate to the ACI Focal Point, via the change management
process set forth in the Process Interface Manual, any installation
prerequisites and any post install procedures that need to be followed after
the installation is completed. |
|
(1) |
|
provide Vendor with system requirements for each supported
platform with specific customization, maintenance levels, and/or additional
products required; |
|
(2) |
|
assist Vendor in establishing a test and implementation plan
before each system version upgrade; the final approval of any
hardware/software upgrade rests on ACI; |
|
(3) |
|
ensure compliance by End Users and ACI’s business units, via
the change management process set forth in the Process Interface Manual, with
any communicated change prerequisites and post change procedures; and |
|
(4) |
|
before the system maintenance or upgrade scheduled date, or
upon Vendor’s request, verify to Vendor via the ACI Focal Point that all
communicated prerequisites have been completed. |
1.7 |
|
Database Subsystem Support |
1.7.1 |
|
Database Software Support and Operations |
|
(1) |
|
install, upgrade and maintain the Database Systems Software
and associated utilities on all managed servers per ACI’s requirements; |
|
(2) |
|
manage database subsystem resource availability; |
|
(3) |
|
execute backup and recovery procedures, as required, for
database subsystem resources; |
|
(4) |
|
provide database subsystem status, as requested; and |
|
(5) |
|
provide reports on database availability, utilization and
performance, including trending, on a monthly basis, with trend analysis of
the data for the past 13 months in accordance with Schedule R (Reports), to
support ACI reporting as needed. |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 7 of 13
|
(1) |
|
provide requirements and approval for handling all planned
and unplanned outages affecting the database environment including review,
approval, communication and proper documentation; and |
|
(2) |
|
notify Vendor of any planned or emergency changes to ACI’s
environment affecting Vendor’s provision of the Services. |
1.7.2 |
|
Physical Database Administration |
|
(1) |
|
provide physical support of Oracle, SQL Server, C-tree,
Informix and DB2 application databases which includes: |
|
(a) |
|
creation of physical database objects (i.e., DDL,
DBD, ACB, files); |
|
(b) |
|
management and performance of physical database
maintenance, modifications and enhancements in accordance with the
mutually agreed schedule; |
|
(c) |
|
maintaining mutually agreed database backup
procedures, provided by ACI, to recover from database destruction or
corruption or outage in accordance with the mutually agreed schedule; |
|
(d) |
|
maintaining and implementing mutually agreed database
archive processes and procedures; |
|
(e) |
|
testing data recovery/backout procedures at least
annually; |
|
(f) |
|
monitoring and reporting of database performance and
space utilization, with database reorganization and/or expansion as
required, and trend analysis of the data for the past 13 months in
accordance with Schedule R (Reports), to support ACI reporting as needed; |
|
(g) |
|
recommending modifications for improved performance
and implementing as approved by ACI; and |
|
(h) |
|
interacting and interfacing with logical DBA’s
providing support for their design and implementation(s). |
|
(2) |
|
setup and retain exclusive use of DBMS system administration
IDs and privileges; |
|
(3) |
|
provide physical database maintenance for development and
test environments; |
|
(4) |
|
assist ACI in planning for database modifications as a result
of changes in ACI’s business environment (i.e., growth, application
development projects) and review ACI’s plans on a regular basis; |
|
(5) |
|
promote ACI-approved database changes into the production
environment; |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 8 of 13
|
(6) |
|
develop, implement and maintain appropriate backout processes
for changes where required; and |
|
(7) |
|
perform access grants to database objects as requested by
ACI. |
|
(1) |
|
provide requirements and approval for performing production
database maintenance, modifications, enhancements and backups; |
|
(2) |
|
develop plan(s) for database modifications as a result of
changes in ACI’s business environment (i.e., growth, application development
projects) and review such plans with Vendor on a regular basis; |
|
(3) |
|
provide Vendor the approved database changes; |
|
(4) |
|
define database backup and recovery requirements; |
|
(5) |
|
perform logical database design and data modeling and
cooperate with Vendor during physical database design and review; and |
|
(6) |
|
provide ACI’s access requirements (for example, name and
authorization level) for database objects. |
1.8 |
|
Data Communication Software Support and Operations |
|
(1) |
|
install, upgrade and maintain the Systems Software; |
|
(2) |
|
manage the data communication subsystem resource
availability; |
|
(3) |
|
execute recovery procedures, as required, for data
communication subsystem resources; |
|
(4) |
|
install, test and implement software/microcode/hardware
maintenance per vendor-specified schedules and approved by ACI; and |
|
(5) |
|
provide data communication subsystem status, utilization, and
availability data as requested. |
|
(1) |
|
assist Vendor in developing procedures for handling all
planned and unplanned outages affecting the data communication environment
including review, approval, communication and proper documentation by
providing requirements and approval; and |
|
(2) |
|
notify Vendor of any planned or emergency changes to ACI’s
environment affecting Vendor’s provision of the Services. |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 9 of 13
1.9 |
|
Middleware Software Support and Operations |
|
(1) |
|
install, upgrade and maintain the Systems Software; |
|
(2) |
|
manage the middleware subsystem resource availability; |
|
(3) |
|
execute recovery procedures, as required, for middleware
subsystem resources; |
|
(4) |
|
provide middleware subsystem status, utilization, and
availability data as requested; |
|
(5) |
|
administer security resource definitions (for example,
specific User IDs and group IDs); and |
|
(6) |
|
monitor and manage messages remaining in the system dead
letter queue after deadline scheduling queue (i.e., DLQ Handler) processing. |
|
(1) |
|
assist Vendor in developing procedures for handling all
planned and unplanned outages affecting the middleware environment including
review, approval, communication and proper documentation by providing
requirements and approval; and |
|
(2) |
|
notify Vendor of any planned or emergency changes to ACI’s
environment affecting Vendor’s provision of the Services. |
1.10 |
|
Production Batch Operations |
1.10.1 |
|
Production Batch Job Scheduling |
|
(1) |
|
perform production batch job set-up and scheduling tasks,
such as: |
|
(a) |
|
identification of critical paths based on statistics
of execution; |
|
(b) |
|
identification of jobs eligible for parallel
processing (on same CPU or multiple CPUs) and reorganization of normal
batch schedules; |
|
(c) |
|
support of special batch schedules (e.g., for known
peak periods); and |
|
(d) |
|
recommend scheduling improvements and implement, as
approved by ACI; |
|
(2) |
|
resolve batch scheduling conflicts; |
|
(3) |
|
based on ACI’s requirements and with ACI’s approval, develop
and maintain standards for job acceptance and implementation; |
|
(4) |
|
schedule batch jobs, as requested by ACI, which require
expedited execution, subject to applicable Service Levels attainment relief;
and |
|
(5) |
|
develop and maintain any operational scripts required for the
delivery of operational services by Vendor (e.g., backup/restore scripts). |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 10 of 13
|
(1) |
|
provide ACI’s production batch scheduling requirements and
procedures and any updates as they occur; |
|
(2) |
|
assist Vendor in developing standards for job acceptance and
implementation; |
|
(3) |
|
provide required information (for example, requested time
frames and priority sequence) for expedited batch job requests; and |
|
(4) |
|
evaluate and approve scheduling improvement recommendations. |
1.10.2 |
|
Production Batch Monitoring and Restart |
|
(1) |
|
monitor scheduled production batch jobs; |
|
(2) |
|
resolve batch scheduling conflicts; |
|
(3) |
|
monitor scheduler related incidents and develop and recommend
changes to the scheduler database; |
|
(4) |
|
schedule batch jobs, as requested by ACI, that require
expedited execution; and |
|
(5) |
|
perform job restarts, as necessary, in accordance with
resolution and restart procedures. |
|
(1) |
|
provide ACI’s resolution and restart procedures; and |
|
(2) |
|
provide required information for expedited batch job
requests. |
1.10.3 |
|
Application Library Management |
|
(1) |
|
assist ACI in defining and documenting application code
(i.e., JCL and application program elements) promotion standards and
acceptance criteria for moving application code from test libraries into
production libraries; and |
|
(2) |
|
promote application code from development and/or test
environments to production, including QA and UAT where required. |
|
(1) |
|
promote application code from development and/or test
environments to production, including QA and UAT where required; |
|
(2) |
|
assist Vendor in defining application code (i.e., JCL and
application program elements) promotion standards and acceptance criteria for
moving application code from test libraries into production libraries; and |
|
(3) |
|
provide ACI’s application code promotion requirements and
procedures. |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 11 of 13
Vendor will establish and maintain a properly trained and adequately staffed Data Center
population (i.e., management and support staff) to provide the Mainframe Services to ACI.
Unless otherwise agreed by ACI and Vendor, such Services will be provided during the
Service Hours, excluding the regularly scheduled maintenance periods.
|
(1) |
|
provide technical support and advice for ACI’s application
development and database administration personnel according to the following
standards: |
|
(a) |
|
Vendor will provide and support Systems Software
products as listed in Schedule I (Vendor Supported Software), to support
the development of Applications Software. Vendor will not discontinue use
of such software products without ACI’s approval; provided, that ACI will
assume support expenses for Systems Software products that ACI requires
Vendor to retain after the manufacturer withdraws its support; |
|
(b) |
|
in the event that Vendor desires to discontinue use
of such products, Vendor may offer to migrate ACI onto another product
having similar functions at Vendor’s expense, and ACI will not
unreasonably withhold its approval of such migration; and |
|
(c) |
|
if ACI requests additional application development
support products, such request may be considered a New Service, unless it
is replacing an existing service; |
|
(2) |
|
provision, order, install, configure, upgrade and maintain
the Systems Software with ACI’s direction and approval; |
|
(3) |
|
perform preventive maintenance (patching) within
specifications from the vendor and with agreement with ACI as to frequency and
scheduling; |
|
(4) |
|
install corrective maintenance as required to resolve
defects, and/or to address issues discovered in the development or customer
environments; and |
|
(5) |
|
operate the Applications Software ACI selects, provided such
Applications Software conforms to the operating environment standards
specified in Schedule J (ACI Policies and Standards). |
Confidential
Exhibit A-5 — Server Systems Management Services
Page 12 of 13
|
(1) |
|
for Applications Software: |
|
(a) |
|
select or define the requirements for all
Applications Software; |
|
(b) |
|
provide user exits existing as of the Country
Effective Date. If ACI requests additional user exits, such requests may
be considered a New Service; |
|
(c) |
|
retain responsibility for maintenance, support and
all license and related charges for Applications Software; |
|
(d) |
|
retain responsibility for all license and related
charges, including maintenance fees, and for prioritizing the AD/M
workload necessary to maintain and support Applications Software; and |
|
(e) |
|
have the right to audit, control and approve new
Applications Software before its promotion into production; and |
|
(2) |
|
for Application verification: |
|
(a) |
|
with Vendor’s assistance, verify the results of
Applications Software on-line and batch system support processing; |
|
(b) |
|
provide Applications Software program problem
determination and resolution, including providing support for application
Abends and job recovery; |
|
(c) |
|
attempt to minimize outages caused by application
program failures; |
|
(d) |
|
verify and evaluate any operating Systems Software
and hardware changes recommended by Vendor; |
|
(e) |
|
follow the existing change management process for all
application changes, before submission or installation into the system; |
|
(f) |
|
follow the problem management process, according to
published problem resolution criteria set forth in the Process Interface
Manual, and document problem resolution and closure; |
|
(g) |
|
certify, in cooperation with Vendor, that existing
applications function correctly when Vendor installs new Systems Software
or upgrades to or new releases of current Systems Software; |
|
(h) |
|
enhance applications as indicated by performance
evaluations by ACI at the request of Vendor; and |
|
(i) |
|
review, in conjunction with Vendor, that new
applications or functions adhere to the standards specified in Schedule J
(ACI Policies and Standards). |
Confidential
Exhibit A-5 – Server Systems Management Services
Page 13 of 13
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT A-6
STORAGE MANAGEMENT SERVICES
Upon the Services Tower Commencement Date, Vendor will provide ACI the following Storage
Management Services during the Service Hours. However, in no case will Vendor’s
availability be limited to the Service Hours when a Severity Level 1 Incident is reported.
|
a. |
|
Vendor will perform the following activities: |
|
(2) |
|
storage recovery; and |
|
(3) |
|
problem reporting and paging. |
1.2 |
|
Storage Planning Support |
1.2.1 |
|
Hardware and Facilities Planning |
|
(1) |
|
collect and analyze planned storage requirements and workloads
for development and production; |
|
(3) |
|
schedule, order, install, configure, and deliver Equipment and
Software based on the defined requirements. |
|
(1) |
|
provide planned requirements for storage resources based on
planned development and production activities. |
1.2.2 |
|
Installation and Maintenance Services |
|
(1) |
|
install, configure, maintain and perform cumulative hardware,
software and microcode maintenance to supported storage environments, in
accordance with the Change Control Procedure; |
|
(2) |
|
schedule and coordinate storage testing and implementation with
the ACI Focal Point; and |
Confidential
Exhibit A-6 — Storage Management Services
Page 1 of 7
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
(3) |
|
communicate to the ACI Focal Point, via the change management
process set forth in the Process Interface Manual, any installation
prerequisites and any post install procedures that need to be followed after the
installation is completed. |
|
(1) |
|
provide Vendor with storage installation and customization
requirements; |
|
(2) |
|
assist Vendor in establishing a test and implementation plan
before each storage upgrade; the final approval of any hardware/software upgrade
rests on ACI; |
|
(3) |
|
ensure compliance by End Users and ACI’s business units, via the
change management process set forth in the Process Interface Manual, with any
communicated change prerequisites and post change procedures; and |
|
(4) |
|
before the storage maintenance or upgrade scheduled date, or upon
Vendor’s request, verify to Vendor via the ACI Focal Point that all communicated
prerequisites have been completed. |
1.3 |
|
Data Replication Software Support and Operations for the [ * ] |
|
(1) |
|
install, upgrade and maintain the data replication Software; |
|
(2) |
|
manage the data replication subsystem resource availability; |
|
(3) |
|
provide replication services as specified by ACI; |
|
(4) |
|
execute recovery procedures, as required, for data replication
subsystem resources; |
|
(5) |
|
install, test and implement software/microcode/hardware
maintenance per vendor-specified schedules and approved by ACI; and |
|
(6) |
|
provide data replication subsystem status, utilization, and
availability data as requested. |
|
(1) |
|
define replication specifications; |
Confidential
Exhibit A-6 — Storage Management Services
Page 2 of 7
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
(2) |
|
assist Vendor in developing procedures for handling all planned
and unplanned outages affecting the data replication environment including
review, approval, communication and proper documentation; and |
|
(3) |
|
notify Vendor of any planned or emergency changes to ACI’s
environment affecting Vendor’s provision of the Services. |
|
a. |
|
manage storage on all of ACI’s server platforms including, but not limited,
to [ * ] and |
|
b. |
|
manage storage in the ACI Locations listed in Schedule P (Locations). |
|
(1) |
|
manage files on the Equipment, including: |
|
(a) |
|
managing non-root application file systems; |
|
(b) |
|
modifying file system sizes; |
|
(c) |
|
verifying mount point availability; |
|
(d) |
|
repairing defective file systems; and |
|
(e) |
|
modifying file system permissions; |
|
(2) |
|
keep files under Vendor’s control, current and available during
scheduled access times; |
|
(3) |
|
initiate and complete required data processing activities
concerning data integrity (for example, handling line transmission errors) of
all processed files; |
|
(4) |
|
verify the receipt of incoming files and the processing and
transmission of outgoing files; |
|
(5) |
|
conduct routine monitoring and corrective action according to
procedures Vendor prepares and ACI approves for intermediate files used for
on-line and batch processing; |
|
(6) |
|
verify availability of adequate file space for processing; and |
|
(7) |
|
report to ACI on ACI’s disk space utilization and requirements
for ACI’s capacity planning purposes. |
|
b. |
|
ACI will define requirements for job recovery management. |
Confidential
Exhibit A-6 — Storage Management Services
Page 3 of 7
2.3 |
|
Raw Storage Management |
|
(1) |
|
manage raw storage on the Equipment, including verifying raw
storage availability; |
|
(2) |
|
keep raw storage under Vendor’s control, current and available
during scheduled access times; |
|
(3) |
|
initiate and complete required data processing activities
concerning data integrity (for example, handling line transmission errors) of
all processed raw storage; |
|
(4) |
|
verify availability of adequate raw storage space for processing;
and |
|
(5) |
|
report to ACI on ACI’s disk space utilization and requirements
for ACI’s capacity planning purposes. |
2.4 |
|
Storage Environment Management |
|
(1) |
|
perform storage device preparation and initialization; |
|
(2) |
|
manage storage space through the implementation and customization
of storage management software; |
|
(3) |
|
manage space and utilization rate of storage hardware; |
|
(4) |
|
verify availability and sufficient capacity of Vendor controlled
file systems and raw devices during scheduled service times; and |
|
(5) |
|
provide ACI reports of space utilization at a logical disk or
DASD level on a monthly basis and as reasonably requested by ACI. |
|
b. |
|
ACI will provide requirements for the storage environments (e.g., application
or database file size or file layout). |
|
(1) |
|
based on ACI’s requirements and ACI’s approval, define the
frequency, security, and types of required data backup as well as the retention
periods for the data; |
|
(2) |
|
document, maintain and, as appropriate, update and execute
mutually approved backup and recovery procedures; |
|
(3) |
|
provide the required on-site secure tape storage facilities at
IBM Locations and off-site secure tape storage facilities for all Locations; |
|
(4) |
|
perform data backup and recovery for all managed devices,
including interfacing with on-site or off-site tape storage facilities, if any; |
Confidential
Exhibit A-6 — Storage Management Services
Page 4 of 7
|
(5) |
|
provide secure transport for any media transported outside the
secure data center environments; |
|
(6) |
|
perform daily review of backup logs, resolving all backup
failures the day of occurrence; |
|
(7) |
|
track the success or failure of backup and recovery processes; |
|
(8) |
|
provide standard backup reports to ACI monthly including, but not
limited to, a list of backup jobs with the details of data sets and schedules,
success and failure rates of backup processes, failures and their resolutions; |
|
(9) |
|
provide a recovery procedure for restoring the data image to a
previous level within a mutually agreed time frame; |
|
(10) |
|
conduct regularly scheduled backup and recovery processes as
specified in the Process Interface Manual and as prioritized by ACI (for
example, data set restore), so as to avoid impacting scheduled operations; |
|
(11) |
|
perform test restores of selected data sets as required to
demonstrate data integrity with input from ACI and review of the output by ACI;
test results to be provided by Vendor to ACI; |
|
(12) |
|
provide to ACI a full inventory report of backup tapes, their
contents and locations, on a monthly basis and as reasonably requested; |
|
(13) |
|
provide media destruction services for media that becomes
defective or is retired from service and provide monthly reporting and
certification of such media destruction; and |
|
(14) |
|
provide recommendations to ACI regarding backup and recovery
considerations such as improved levels of protection, efficiencies and cost
reductions. |
|
(1) |
|
with Vendor’s assistance, define the frequency, security,
encryption level, and types of required data backup as well as the retention
periods for the data; |
|
(2) |
|
provide the required on-site secure tape storage facilities for
ACI Locations; and |
|
(3) |
|
specify which data sets to test restore and review the results. |
Confidential
Exhibit A-6 — Storage Management Services
Page 5 of 7
3.1 Tape Media Management and Operations
|
(1) |
|
retain tapes for a mutually agreed retention period for auditing
purposes; |
|
(2) |
|
provide to ACI a full inventory report of backup tapes, their
contents and locations on a monthly basis and as reasonably requested by ACI; |
|
(3) |
|
provide media destruction services for media that becomes
defective or is retired from service; |
|
(4) |
|
rotate tapes, as required, for off-site storage; |
|
(5) |
|
log and track physical tapes that are checked in and out of the
Data Center by ACI or a Third Party; |
|
(6) |
|
notify the Vendor or Third Party tape storage provider when it is
time to scratch or return a tape; |
|
(7) |
|
complete tape mounts in sufficient time to meet production
processing requirements in accordance with the Service Levels; |
|
(8) |
|
provide tape specifications to ACI; |
|
(9) |
|
maintain adequate supplies for the tape environment and provide a
sufficient scratch tape pool to service required processing needs, and notify
ACI when additional tapes and other supplies are required; |
|
(10) |
|
retrieve archived tapes and restore required files and data sets
within mutually agreed time frames; and |
|
(11) |
|
report tape utilization to ACI. |
|
b. |
|
ACI will provide tapes as Vendor requests that meet the Vendor-provided tape
specifications. |
3.2 |
|
Portable Media Handling |
|
(1) |
|
develop and implement processes and procedures to control and
manage ACI portable media inventory, secure handling and movement of such media,
and destroy residual information; |
|
(2) |
|
perform an initial inventory of ACI portable media and annually
reconcile, as appropriate; and |
|
(3) |
|
provide environmental protection for ACI portable media in
accordance with the established procedures. |
|
b. |
|
ACI will approve initial inventory of ACI portable media and provide any
updates as they occur. |
Confidential
Exhibit A-6 — Storage Management Services
Page 6 of 7
|
(1) |
|
provide the required on-site tape storage facilities for Vendor
Locations and provide off-site secure tape storage facilities for Vendor
Locations and ACI Locations; |
|
(2) |
|
interface with on-site or off-site tape storage facilities, if
any; |
|
(3) |
|
store tapes and paper documentation, as appropriate, at the
off-site storage facility; |
|
(4) |
|
manage off-site storage of tape media for vital records, back-up
and recovery; |
|
(5) |
|
pack, label, scan and track all tape output and distribute to the
mutually agreed drop point; and |
|
(6) |
|
securely transport tapes from a non-Disaster Recovery off-site
storage location to a designated facility. |
|
(1) |
|
define requirements for off-site tape storage and archiving; and |
|
(2) |
|
provide the required on-site tape storage facilities for ACI
Locations. |
Confidential
Exhibit A-6 — Storage Management Services
Page 7 of 7
EXHIBIT A-7
DATA NETWORK SERVICES
As of the Service Tower Commencement Date, the Vendor will assume full operational and management
responsibility for the “ACI Data Network”, as defined by the Data Network Diagrams in this Exhibit
and as referenced in tab II.B Monthly Resource Baselines of Exhibit C-1 (Base Charges, Baselines,
ARC/RRC Rates and Termination Charges) of Schedule C (Charges). Vendor will provide the Data
Network Services during the Service Hours and in accordance with the Service Levels.
During Transition, the Parties will identify the ACI client circuits that Vendor will support, and
Schedule C (Charges) will be updated accordingly to include those client circuits. Vendor support
for the ACI client circuits will begin upon completion of the move from the NCR/Savvis Locations.
2.0 |
|
COMMON DATA NETWORK SERVICES |
The Vendor will perform the Services at Locations as defined in this Exhibit and as required to
meet ACI Service Levels. The Locations are listed in Schedule P (Locations), as amended from time
to time.
2.1.2 |
|
Demarcation Boundaries of the Services |
The Vendor will perform the Services within the physical boundaries of the WAN and LAN (including
Supported Servers and transport, as listed in the Circuit Listing in Exhibit C-1 (Base Charges,
Baselines, ARC/RRC Rates and Termination Charges), associated with video conferencing) as depicted
in the Data Network Diagrams in this Exhibit, which describe components and boundaries of these
Data Network Services.
2.2.1 |
|
General Management Services |
The Vendor’s responsibilities include the following:
|
1. |
|
Act as a single point of contact for the management of the Data Network; |
|
2. |
|
Develop and implement approved Data Network strategies in accordance with
Change Management procedures; |
Confidential
Exhibit A-7—Data Network Services
Page 1 of 22
|
3. |
|
Provide End Users with technical support and advice regarding the proper use
and functionality of Data Network Services; |
|
4. |
|
Analyze and propose cost-effective Data Network Service alternatives; and |
|
5. |
|
Support all telecommunication protocols that are approved for use by ACI. |
|
b. |
|
ACI will provide requirements and approve Data Network strategies. |
2.2.2 |
|
General Administration Services |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Administer all Data Network requirements and activities, including processing
change requests and resolving Incident tickets; |
|
2. |
|
Document all aspects of the Data Network Services for ACI, including: |
|
2.1. |
|
Escalation procedures for all Data Network-related teams (including but not
limited to data center vendor support teams, VAR/reseller team, network equipment
vendor, and ACI teams that support services that interact with the network); |
|
2.2. |
|
Service acceptance procedures; |
|
2.3. |
|
Topology documentation; |
|
2.4. |
|
Contact information for all Data Network-related teams (including but not
limited to data center vendor support teams, VAR/reseller team, network equipment
vendor, and ACI teams that support services that interact with the network); and |
|
2.5. |
|
Inventory of network devices; |
|
3. |
|
Document operations procedures and services; and |
|
1. |
|
provide Vendor with design criteria and standards for Data Network Services;
and |
|
2. |
|
assist Vendor in developing escalation procedures for all Data
Network-related teams. |
2.2.3 |
|
Third-Party Vendor Management and Coordination |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Manage and coordinate the activities of all third-party vendors where: |
|
1.1. |
|
The third-party vendor provides services to ACI in direct support of the
in-scope Data Network components; and |
|
1.2. |
|
The activities of the third-party vendor directly impact the performance or
availability of the Data Network; |
Confidential
Exhibit A-7—Data Network Services
Page 2 of 22
|
2. |
|
Maintain technical support relationships with third-party vendors to resolve
Incidents and problems with the Data Network and to provide answers to technical
questions and requirements related to the use of its products or services; and |
|
3. |
|
Monitor third-party vendor service delivery and performance in regard to the
Data Network, including: |
|
3.1. |
|
Monitor the third-party vendor’s compliance with any service levels contained
in any agreement between ACI and the third-party vendor; |
|
3.2. |
|
Provide integrated compliance reporting for the monitoring and management of
service levels contained in any agreement between ACI and the third-party vendor when
the third-party vendor is contractually required to provide compliance reporting data
in a mechanized format; |
|
3.3. |
|
Integrate reporting from any and all subcontractors supporting network
Equipment so that ACI receives consistent and comprehensive reports identified in
Schedule R (Reports); |
|
3.4. |
|
Notify ACI and the third-party vendor of each third-party vendor failure to
perform in accordance with the provisions of its agreement; and |
|
3.5. |
|
Evaluate and recommend retention, modification, or termination of a
third-party vendor based on the performance or cost benefits to ACI as tracked by the
Vendor. |
|
1. |
|
Provide Vendor with all Data Network third-party vendor contracts; and |
|
2. |
|
Provide Vendor with contact information for all Data Network third-party
vendors. |
|
2.3 |
|
Planning and Design Services |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Develop and propose new or enhanced Data Network plans and designs in
conjunction with the ACI communicated strategic plans. This process would be
initiated by ACI, will have requirements specified by ACI, and will be reviewed and
approved by ACI. Vendor will be responsible for the design aspects of any such
effort. |
|
2. |
|
Conduct regular capacity planning reviews, identifying both the current state
of the Data Network and long-term projected needs; |
|
3. |
|
Provide plans and design for the following components: |
|
3.1. |
|
Overall Data Network Topology, including the physical and logical layout of
the Data Network (included in this Exhibit); |
Confidential
Exhibit A-7—Data Network Services
Page 3 of 22
|
3.3. |
|
Optimal telecommunications protocols within the Data Network as necessary to
satisfy ACI’s Service Levels, in accordance with this Exhibit and as follows: |
|
3.3.1. |
|
Develop documented recommendations and plans for optimized network performance &
measurements environment; |
|
3.3.2. |
|
Assess and analyze ACI’s current network architecture and strategy to enable the
design of business requirements into a network solution; |
|
3.3.3. |
|
Define, document and acquire the, hardware and software for dedicated and/or shared
network performance and measurements environment; |
|
3.3.4. |
|
Provide network utilization and performance exception reports to ACI on a monthly
basis (standard reports provided); |
|
3.3.5. |
|
Define and document performance indicators; |
|
3.3.6. |
|
Implement and maintain network performance measurement procedures; and |
|
3.3.7. |
|
Where feasible and as approved by ACI, standardized (nonproprietary) protocols
should be used; |
|
3.4. |
|
Data Network Equipment; |
|
|
3.5. |
|
Data Network Software; |
|
|
3.6. |
|
Data transport systems; and |
|
3.7. |
|
Cabling and wiring, which will be jointly coordinated between Vendor and ACI
— in general the work will be contracted to a Third Party on an as-needed basis and,
if coordinated by Vendor, Third Party Expenses would appear as a pass through; |
|
4. |
|
Document the criteria and assumptions used to develop plans and designs,
including: |
|
4.1. |
|
Interoperability considerations and assumptions for all Equipment and
Software potentially affected by the Data Network plans and design, including
Equipment and Software in other Towers; |
|
4.2. |
|
Data Network bandwidth and/or volume assumptions and projections; |
|
4.3. |
|
Expected Data Network performance and quality of service based on designs and
plans, and minimum performance and quality of service expectations; and |
|
4.4. |
|
Expected Data Network availability, based on designs and plans for
redundancy, and minimum availability expectations; |
|
5. |
|
Utilize Data Network design techniques to appropriately prevent broadcast
congestion and outages, including: |
|
5.1. |
|
Design segmentation of Equipment, Data Network traffic, and design features
to sufficiently control and contain Data Network traffic levels; and |
|
5.2. |
|
Design sufficient redundancy and alternative routing to meet the Service
Levels and ACI’s security and IT service continuity management requirements; |
Confidential
Exhibit A-7—Data Network Services
Page 4 of 22
|
6. |
|
Work cooperatively with third-party vendors, and ACI staff to facilitate
effective planning and design of the Data Network Services; and |
|
7. |
|
Provide reasonably requested analysis related to the potential operational
and financial impact of ACI business plans on network capacity and performance. |
|
b. |
|
The agreed upon network architecture is delineated in the attached Data Network
Diagram. ACI will: |
|
1. |
|
Provide Vendor with future business requirements for the purpose of Data
Network plans and designs; and |
|
2. |
|
Provide Vendor with Data Network strategy and architecture. |
2.4 |
|
Performance Monitoring and Management Services |
2.4.1 |
|
General Monitoring and Management |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Monitor and manage continuous end-to-end (router-to-router) performance of
the Data Network, including: |
|
1.1. |
|
Monitor the Data Network through to the End User Computing Equipment or other
non-Data Network Equipment (e.g., mainframe or server Equipment) to measure and
monitor end-to-end performance of the Data Network. From the data center perspective,
specifically for bank/FI (Financial Institution) private network lines, monitor from
the ACI network to the bank/FI side router and/or bank/FI side server(s). The service
would be based upon the total number of end points on the network; |
|
1.2. |
|
Monitor the level and quality of service of the Data Network, including
monitoring compliance with Service Levels; |
|
1.3. |
|
Monitor and manage the Data Network for service degradation, including
detection, isolation, diagnosis, and correction of Incidents during the Service Hours; |
|
1.4. |
|
Monitor physical and logical connections to the Data Network; |
|
1.5. |
|
Provide all necessary monitoring, diagnostic, and maintenance systems and
Software to meet Data Network monitoring and management requirements; |
|
1.6. |
|
Support Data Network remote operations and monitoring, including remote
diagnostics; remote administration; and remote Incident resolution and, if necessary,
travel to remote sites; |
|
1.7. |
|
Identify actual and potential Data Network bottlenecks; |
|
1.8. |
|
Provide troubleshooting support for Data Network issues (including general
issues where the Data Network issues need to be eliminated as a contributing factor); |
Confidential
Exhibit A-7—Data Network Services
Page 5 of 22
|
1.9. |
|
Employ element management system tools to monitor events that exceed Data
Network design thresholds, as well as: |
|
1.9.1. |
|
Use the tools to provide automated alarms and indication of Data Network Incidents
when thresholds are exceeded; and |
|
1.9.2. |
|
Integrate the tools to automatically generate an Incident within the Incident
management system; |
|
1.10. |
|
Detect other Data Network-exceeded thresholds or component faults; |
|
1.11. |
|
Define reporting and corrective action procedures approved by ACI in the
event design thresholds are exceeded; |
|
1.12. |
|
On at least a monthly basis, proactively report to ACI on Data Network
performance, resource shortages, utilization statistics, and trends; and |
|
1.13. |
|
Provide a Web-based service, through the Service Desk Web portal or email or
voice, if appropriate, and notices of current system outages to include the Data
Network. |
2.4.2 |
|
Capacity and Configuration Management |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Manage Data Network capacity based on current usage and forecasted demand,
including: |
|
1.1. |
|
Monitor Data Network capacity utilization as it relates to established
capacity thresholds; |
|
1.2. |
|
Identify future loads that could impact performance on the Data Network as
requested by ACI with a minimum forward view of six (6) months, based on forecasts
driven by the work authorization system, demand surveys, and analytical forecasting; |
|
1.3. |
|
Propose to ACI for its approval, changes to improve performance in
anticipation of such future loads, including performance improvement expectations; |
|
1.4. |
|
Appropriately size inter-location and intra-location Data Network Equipment,
Software, and data transport systems; and |
|
1.5. |
|
Upgrade, remove, or add capacity as otherwise necessary to meet ACI’s
requirements, or proactively recommend capacity changes where Vendor is not
financially responsible for a specific Data Network component; |
|
2. |
|
Develop, maintain, and adhere to configuration standards as approved by ACI;
and |
|
3. |
|
Participate in joint quarterly capacity planning reviews with ACI and any
third-party vendor designated by ACI. |
|
1. |
|
Provide Vendor with requirements for new demands of Data Network resources;
and |
|
2. |
|
Notify Vendor of any future project or change requests that may have a Data
Network impact. |
Confidential
Exhibit A-7—Data Network Services
Page 6 of 22
2.4.3 |
|
Performance Optimization |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Optimize and improve the performance and design of the Data Network using
data gathered from performance monitoring and forecasting activities; |
|
2. |
|
Perform regular optimization analyses on at least a quarterly basis, and
prior to and following any major transitions or changes; |
|
3. |
|
Optimize cost-effectiveness and cost-efficiency, without sacrificing
performance or the ability to meet the Service Levels; |
|
4. |
|
Use modeling and other analysis tools where applicable to determine methods
of improving the performance; |
|
5. |
|
Assess and implement alternate methods and procedures to reduce Data Network
errors and Data Network downtime; and |
|
6. |
|
Review optimization activities and plans with ACI on at least a quarterly
basis. |
2.5 |
|
Data Transport Support Services |
2.5.1 |
|
Data Transport Services |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Where the Vendor is financially responsible for data transport Services, as
indicated in Exhibit C-2 (Financial Responsibility and Ownership Matrix) to Schedule
C (Charges): |
|
1.1. |
|
The Vendor is entirely responsible for the procurement and delivery of data
transport Services to ACI; and. |
|
1.2. |
|
The Vendor is entirely responsible for managing the existing data transport
Services that are in place for office and data center networks, including managing the
relationship and managing any direct or pass-through costs for any data transport
Services owned/managed by external vendors. |
2.5.2 |
|
Data Transport Systems |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Schedule, coordinate, and perform support activities for data transport
systems in accordance with schedules approved by ACI, including: |
|
1.1. |
|
Coordinate and manage the installation, testing, and support activities of
transport vendors and vendors who contract with data transport vendors; |
|
1.2. |
|
Perform additions and upgrades to data transport systems; |
|
|
1.3. |
|
Perform changes to data transport systems; and |
Confidential
Exhibit A-7—Data Network Services
Page 7 of 22
|
1.4. |
|
Perform deletions to data transport systems; |
|
2. |
|
Check that data transport vendors acknowledge orders on a timely basis; |
|
3. |
|
Provide Level 1 and 2 technical support for the data transport systems; |
|
4. |
|
Review and report monthly on the load and latency of data transport systems; |
|
5. |
|
Provide a monthly acceptance report, including quality assurance information,
prior to accepting billing for newly installed data transport Services; |
|
6. |
|
Track and update relevant data transport system information in the Data
Network management systems and asset inventory and management system; |
|
7. |
|
Promptly disconnect the data transport systems upon the termination or
reduction of data transport Services at a Location; |
|
8. |
|
Ensure billing has promptly ceased upon the termination or reduction of data
transport Services at a Location; |
|
9. |
|
Remove all applicable Equipment upon the termination or reduction of data
transport Services at a Location, or arrange for return of any ACI (bank/FI) owned
Equipment; and |
|
10. |
|
Verify that ACI will not be responsible for data transport Services payments
associated after applicable data transport Services have been terminated or reduced. |
2.6 |
|
Data Network Connectivity and Operations Services |
2.6.1 |
|
Data Network Control and Connectivity Services |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Obtain approval from ACI prior to establishing Connectivity from the ACI Data
Network to Vendor facilities or external networks; |
|
2. |
|
Manage and control Connectivity to and between all Locations and external
networks, including dedicated and all remote access connectivity; and |
|
3. |
|
Manage and operate all Data Network Equipment and Software necessary to
enable Connectivity, (or manage vendor actions for any vendor-managed Data Network
Equipment and Software), including: |
|
3.1. |
|
Configure Data Network Equipment, Software, data transport systems, and
cabling; |
|
3.2. |
|
Install Data Network Equipment, Software, data transport systems, and
cabling; |
|
3.3. |
|
Test Data Network Equipment, Software, data transport systems, and cabling; |
|
3.4. |
|
Implement Data Network Equipment, Software, data transport systems, and
cabling; |
|
3.5. |
|
Support and monitor Data Network Equipment, Software, data transport systems,
and cabling; |
Confidential
Exhibit A-7—Data Network Services
Page 8 of 22
|
3.6. |
|
De-install and remove Data Network Equipment, Software, data transport
systems, and cabling as required; |
|
3.7. |
|
Verify Connectivity of the Infrastructure and all other directly connected
devices; and |
|
3.8. |
|
For production data centers, ensure that all Data Network Equipment and
Software is supported under a vendor maintenance agreement and replacement parts are
available on-site in time for Vendor to meet the Service Levels. |
2.6.2 |
|
Other Data Network Operations Services |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Develop acceptance test procedures for installation and changes to the Data
Network, and for verifying restoration of availability following problems with the
Data Network; |
|
2. |
|
Manage media, including off-site storage; |
|
3. |
|
Manage the naming and addressing of all Data Network devices based on schemes
approved by ACI, including: |
|
3.1. |
|
Document the current addressing scheme; and |
|
3.2. |
|
Implement, coordinate, and update new addressing schemes, including
developing associated migration plans; |
|
4. |
|
Compose, edit, and download configuration files to Equipment using
administration platforms designed to provide a single point of control, dissemination,
and rollback capability; and |
|
5. |
|
When installing or conducting changes to Data Network Equipment and Software
at Locations, implement protection against lightning strikes (in accordance with
industry practices), electric noise, power surges, and unauthorized access in
accordance with the Change Management procedures and ACI’s security requirements. |
|
b. |
|
ACI will provide requirements and approval to Vendor for naming and addressing
schemes. |
2.7 |
|
Installs, Moves, Adds and Changes (IMACs) Services |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Plan, schedule, manage, and/or perform IMACs as requested and approved by ACI
at the Locations and Vendor-managed Locations on all hardware and software supported
by the Vendor, including: |
|
1.1. |
|
“Hard IMACs” (Hard IMACs are for Equipment); and |
|
1.2. |
|
“Soft IMACs” (Soft IMACs are for Software, firmware or microcode and are done
remotely); |
|
2. |
|
Receive, validate, and track all IMAC orders from End Users; |
Confidential
Exhibit A-7—Data Network Services
Page 9 of 22
|
3. |
|
Install, maintain, and upgrade connections; |
|
4. |
|
Use an automated system accessible to End Users by means of an online browser
to track IMAC activity and produce reports on these activities on a monthly basis; |
|
5. |
|
Monitor client satisfaction and closely monitor Service Levels throughout the
IMAC activity; |
|
6. |
|
With respect to authorized IMAC requests, execute the IMAC including: |
|
6.1. |
|
Coordinate Vendor, ACI, and any third-party vendors to achieve high-quality
execution of all IMACs; |
|
6.2. |
|
Obtain or procure all required components and services necessary to perform
IMAC Services; |
|
6.3. |
|
Coordinate space requirements and logistics; |
|
6.4. |
|
Coordinate, with the ACI Focal Point, pre-installation Location surveys to
confirm that the Locations are properly surveyed and prepared to prevent delays in
IMAC activities; |
|
6.5. |
|
Coordinate and install changes to the cabling and other Infrastructure or
Equipment for which the Vendor is responsible; |
|
6.6. |
|
Schedule and dispatch technicians; |
|
|
6.7. |
|
Perform related Software installs and upgrades; |
|
|
6.8. |
|
Perform backups and reloads of data and Software; |
|
|
6.9. |
|
Perform configuration functions; |
|
6.10. |
|
For Hard IMACs, perform on-site operational testing, and provide appropriate
back-out procedures as required; |
|
6.11. |
|
Coordinate with the ACI Focal Point, for the End Users to test and verify
the operation of all applications that utilize or depend on the Data Network resources
being modified; |
|
6.12. |
|
Provide on-site support as required to resolve Incidents associated with
large-scale installations or moves (whether BAU or Project to be determined by the
project scope and/or by mutual agreement based on the nature of the Incident); |
|
6.13. |
|
Update the asset inventory and management system in a timely manner when any
Data Network Equipment or Software changes are made by the Vendor or reported by ACI,
along with all other related documentation (network topology maps in particular); and |
|
6.14. |
|
Set up security, file access, and other administrative procedures associated
with IMACs. |
|
b. |
|
ACI will provide an ACI Focal Point for pre-installation Location surveys for IMAC
activity. |
Confidential
Exhibit A-7—Data Network Services
Page 10 of 22
2.8 |
|
Physical Network Environment Services |
2.8.1 |
|
Site Information and Documentation Services |
|
a. |
|
The Vendor’s responsibilities include creating and maintaining the following: |
|
1. |
|
Based upon the asset inventory and other site information provided to Vendor
by ACI, document the current physical environment at the Locations, including: |
|
1.1. |
|
Data transport systems; |
|
|
1.2. |
|
Data Network Equipment; |
|
|
1.3. |
|
Data Network connections (virtual and physical); |
|
1.4. |
|
Demarcation of responsibilities and physical environment comprising the WAN
and LAN; |
|
1.5. |
|
Power, UPS, and overall space requirements; |
|
|
1.6. |
|
Cabling and wiring; |
|
|
1.7. |
|
Data transport vendor point of entry; and |
|
1.8. |
|
Other relevant environmental requirements and/or attributes that are unique
to a Location; |
|
2. |
|
Document Location survey information and asset information in the asset
inventory and management system.; and |
|
3. |
|
Maintain Locations lists, Data Network diagrams, and other Data Network
documentation and information. |
|
b. |
|
ACI will provide Vendor with Location survey and physical environment information. |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Connect and maintain Equipment at ACI’s facilities to uninterruptible power
supplies (UPS), as required by ACI; |
|
2. |
|
When required, install UPS which may be on a Project basis; and |
|
3. |
|
For production data centers: |
|
3.1. |
|
Monitor and ensure continual uptime of all power supplies, including both
primary and secondary power supplies on Data Network Equipment. |
2.8.3 |
|
Cabling and Wiring Services |
Cabling and wiring will be jointly coordinated between Vendor and ACI — in general the work will be
contracted to a Third Party on an as-needed basis and, if coordinated by Vendor, the Third Party
charges will appear as a Pass-Through Expense.
Confidential
Exhibit A-7—Data Network Services
Page 11 of 22
To the extent that ACI’s Third Party cable and wiring vendors’ contracts cover all of the tasks
listed in this Section 2.8.3, the Vendor’s responsibilities include coordinating the following:
|
1. |
|
Plan, procure, install, operate, administer, maintain, and manage the cabling
and intra-floor and inter-floor wiring, within the Vendor physical demarcation
boundaries as depicted in the Data Network Diagrams in this Exhibit; |
|
2. |
|
Operate and maintain systems, including the physical cable plant, cable plant
switching devices, encryption/security devices, intelligent/non-intelligent wiring
hubs, and the various monitoring devices; |
|
3. |
|
Provide for demarcation extensions from telco demark point to the ACI
network; |
|
4. |
|
Manage cable installations, repairs, and removal using a Software-based cable
plant management system where applicable (i.e., in large installations with five (5)
or more demarcations); |
|
5. |
|
Interact with ACI real estate, landlord management, and other End Users so
that cabling and wiring requirements are properly communicated and managed; |
|
6. |
|
Coordinate with data transport vendor representatives for the planning,
delivery, and maintenance of circuits; demarcation points; termination equipment;
power and air conditioning (A/C) (if original building specification is at capacity
and subject to agreed-upon funding by ACI); rack space; wall space; and plywood or
other backboard materials needed for mounting distribution frames; |
|
7. |
|
For each new installation, communicate accurate cabling and wiring
specifications and costs to ACI real estate representatives no less than four (4)
weeks in advance of installation; |
|
8. |
|
Document changes to the cabling and wiring plan in the Location survey
records, and all changes thereto in the asset inventory and management system; |
|
9. |
|
Comply with ACI cabling and wiring standards; |
|
9.1. |
|
In the absence of an ACI standard, use industry standards that meet or exceed
local code or other requirements of applicable authorities; |
|
10. |
|
Document, label, and map cable runs in the appropriate Location survey
records; |
|
11. |
|
Use ACI-approved and certified cable and wire installers to perform cabling
and wiring Services; |
|
12. |
|
Maintain up-to-date cable records in communications closets, wiring
distribution rooms, and other areas where a high concentration of cabling exists; and |
|
13. |
|
Maintain a secure, clean, well-lit, clutter-free cabling environment in all
telecommunications closets and cable plant areas. |
Confidential
Exhibit A-7—Data Network Services
Page 12 of 22
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
If ACI requires any of the tasks listed above that are not currently provided in one of ACI’s
cabling or wiring Third Party vendor contracts, Vendor will work with the Third Party vendor to
solution those tasks as a Project or New Service.
2.9 |
|
Software Currency and Support Services |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Interface with other ACI third-party vendors to promote compatibility of Data
Network systems, and manage the subcontractors that provide Software support to Data
Network products for which the Vendor is responsible; |
|
2. |
|
Fully test all code revisions, which also should have been used in the
commercial marketplace, before their installation on the Data Network (e.g., version
1.xx); |
|
3. |
|
Proactively notify ACI of availability of new versions of Software, including
analysis of impact and/or value of the new version of Software (e.g., fixes and new
features applicable to ACI technical and business environments); and |
|
4. |
|
Coordinate that production levels are fully supported by third-party vendors;
maintain a record (for each product in production) of version history and associated
availability, as well as of any announced end-of-support or end-of-availability dates. |
2.10 |
|
Network Security Services |
|
a. |
|
A [ * ] MPLS closed network used for internal purposes will satisfy current
requirements. In addition, the non-MPLS network (solution includes provisioning and
support of both MPLS and non-MPLS circuits) which includes encryption in the firewall (a
supported piece of Equipment) also satisfies current requirements. The Vendor’s
responsibilities include the following: |
|
1. |
|
Implement and maintain security tools, procedures, and systems required to
protect the integrity, confidentiality, and availability of the ACI Data Network and
data on the Data Network; |
|
1.1. |
|
ACI will approve the selection of the security tools; |
|
2. |
|
Comply with ACI’s Data Network security policies (described in Schedule J
(ACI Policies and Standards), whereby the Vendor will follow the best practices of
either ACI or Vendor, whichever requires greater security based on reasonable and
prudent standard practices, with approval by ACI; |
|
3. |
|
Perform quarterly assessments of risk exposure including: |
|
3.1. |
|
Gap analyses to indicate exposure to security threats; |
Confidential
Exhibit A-7—Data Network Services
Page 13 of 22
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
3.2. |
|
Action plans to address gaps; and |
|
3.3. |
|
Ratings to gauge progress against closure of gaps; |
|
4. |
|
Provide access to and/or assist ACI’s designated third-party vendors in
performing vulnerability assessments (of the Vendor support network infrastructure) [
* ] from ACI; |
|
5. |
|
Perform reactive security assessments and Incident and problem determination
in accordance with ACI network security policies; |
|
6. |
|
Activate appropriate security monitoring tools, and back up and analyze the
logs from these tools, in accordance with ACI security requirements; |
|
7. |
|
Provide recommendations to remediate the gaps identified by analyzing the
logs; |
|
8. |
|
Utilize Access Control Lists (ACLs) on all networking devices in accordance
with ACI network security policies; |
|
9. |
|
Ensure proper isolation and separation of LAN and WAN traffic originating
from and destined for ACI’s and remote sites (i.e., ensure and prevent individual
bank/FI traffic from being able to be routed to other bank/FI locations or ACI
Locations); |
|
10. |
|
Take reasonable and appropriate action designed to prevent unauthorized
access to the Data Network, in accordance with ACI’s requirements. This will include
the following, where appropriate: |
|
10.1. |
|
Use IPSEC security protocols for access for external networks that use
IPSEC. The release and version of the selected software should stay [ * ] as agreed
to by ACI; and |
|
10.2. |
|
Shut down the Services to prevent further unauthorized access based upon
joint agreement with the ACI Security group; and |
|
11. |
|
Monitor usage patterns and investigate and report significant discrepancies
in those patterns no later than [ * ] after their detection. |
3.0 |
|
WIDE AREA NETWORK (WAN) SERVICES |
The Vendor shall provide Wide Area Network Services (WAN) for ACI’s Data Network in accordance with
this Exhibit and in addition to the Common Network Services.
Confidential
Exhibit A-7—Data Network Services
Page 14 of 22
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
3.1 |
|
WAN Services — Technical Requirements |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Comply with or improve (subject to ACI’s approval) the WAN technical
specifications as supplied by ACI, and as modified during the Term; |
|
2. |
|
Install and maintain WAN Connectivity for approved End Users at all
applicable Locations, as listed in Schedule P (Locations); |
|
3. |
|
Manage a multi-protocol WAN, to include: |
|
3.1. |
|
Manage the currently supported ACI protocols [ * ] and |
|
3.2. |
|
Manage application-specific network addressing schemes [ * ] and |
|
4. |
|
Provide a data transport Services profile that complies with applicable open
system standards and specifications [ * ]. |
|
b. |
|
The following items are part of new client addition activities that will be handled
as a Project or BAU as agreed by the Parties on a case-by-case basis: |
|
1. |
|
Provide WAN options to ACI’s bank/FI customers including (but not limited to)
Frame Relay, MPLS, T1, and site-to-site (B-to-B) VPN; |
|
2. |
|
On-site assistance or dispatch for on-site assistance for customer-owned
equipment; |
|
3. |
|
Rack and cabling new equipment; |
|
4. |
|
All activities related to planning and conducting network equipment
replacements and upgrades; |
|
5. |
|
Escalations to network equipment vendors and all activities for information
gathering and troubleshooting failures and issues; |
|
6. |
|
Configuration and troubleshooting of equipment; |
|
7. |
|
Sniffer/packet capture and analysis; |
|
8. |
|
Deploy, manage, and support ACI-managed bank/FI customer routers; |
|
9. |
|
Follow ticket and escalation process and work with [ * ] to deploy, manage,
and support [ * ] routers; |
|
10. |
|
Bank/FI customer routers and dispatches for on-site assistance; and |
|
11. |
|
Follow ticket and escalation process and work with [ * ] for dispatches for
on-site assistance. |
3.2 |
|
WAN Services – Internet Access Services |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Configure, install, test, support, monitor and maintain the Data Network and
Data Network Equipment used to access the Internet; |
Confidential
Exhibit A-7—Data Network Services
Page 15 of 22
|
1.1. |
|
This will include Connectivity support of high-speed servers to the Internet,
and Connectivity with firewall protection in accordance with ACI’s information
security standards; and |
|
1.2. |
|
For production data center environments, ensure that all Data Network
Equipment and Software is supported under a vendor maintenance agreement and
replacement parts are available on-site in time for Vendor to meet the Service Level; |
|
2. |
|
Manage Internet access and redundant data transport facilities; |
|
3. |
|
Manage routes and filtering as necessary, working in conjunction with the ACI
Security group to determine specific filtering levels. The ACI Security group should
be provided management access to all logs involved; and |
|
4. |
|
Deliver DNS services for domains required by the Vendor to manage the
Equipment. |
3.3 |
|
WAN Services – Extranet Access |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Support and maintain the Extranet and WAN DMZ environments between ACI and
its partners, Third Party vendors, and customers; |
|
2. |
|
Support and maintain high-speed circuits in a shared DMZ environment, and
provide Connectivity with firewall protection in accordance with ACI’s information
security standards; |
|
3. |
|
Assist ACI with defining any security policies, permission, etc. that may be
applicable specifically to the shared DMZ between ACI and other parties; |
|
4. |
|
Configure, install, test, operate, and maintain ACI’s Extranet for all
applicable End User computing devices or servers; |
|
5. |
|
Use connection-based, session-based, or message-based services as
appropriate, depending on the specific requirements of each End User, and support
minimal and optional features as follows: |
|
5.1. |
|
Employ appropriate encryption measures, such as Triple DES, IPSEC, AES, etc.; |
|
5.2. |
|
Provide for and maintain confidentiality of transmitted data; |
|
|
5.3. |
|
Provide authentication of parties exchanging data; and |
|
|
5.4. |
|
Ensure no user account sharing is allowed; |
|
6. |
|
Manage Extranet access and transport, inclusive of related Internet access
and transport; |
|
7. |
|
Configure, install, test, operate, monitor and maintain high-speed transport
facilities to Internet servers for Extranet data access and file transfers; and |
|
8. |
|
Manage routes and filtering as necessary to operate the Extranet Access
Service, working in conjunction with the ACI Security group to determine
specific filtering levels. The ACI Security group should be provided management
access to all logs involved.
|
Confidential
Exhibit A-7—Data Network Services
Page 16 of 22
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
4.0 |
|
LOCAL AREA NETWORK (LAN) SERVICES |
The Vendor shall provide LAN Services for ACI’s Data Network in accordance with this Exhibit and in
addition to the Common Network Services.
4.1 |
|
LAN Services – Technical Requirements |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Install and maintain LAN Connectivity for approved End Users at all
applicable Locations, as listed in Schedule P (Locations); |
|
2. |
|
Provide ACI with a TCP/IP LAN network; |
|
3. |
|
Manage the currently supported ACI protocols [ * ] |
|
4. |
|
Manage ACI’s application-specific network addressing schemes [ * ] |
|
5. |
|
Provide Vendor transmission Services profile that complies with applicable
open system standards and specifications [ * ] |
|
6. |
|
Use intelligent Data Network devices and systems to monitor LANs remotely;
and |
|
7. |
|
For production data centers, ensure that all Data Network Equipment and
Software is supported under a vendor maintenance agreement and replacement parts are
available on-site in time for Vendor to meet the Service Levels. |
4.2 |
|
LAN Services – Installation and Removal Services |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
1. |
|
Deploy new LAN Equipment and related Software to meet the Service Levels and
in accordance with the IMAC process definitions; |
|
2. |
|
Implement LAN connection(s) for new End Users as specified in the IMAC
process; |
|
3. |
|
Implement a dual LAN connection for production servers and network equipment,
such as to provide connectivity to two physically separate network switches; |
|
4. |
|
Configure and activate the appropriate LAN Equipment monitoring agent; and |
|
|
5. |
|
Test LAN Equipment after implementation to include remote monitoring through
agents and monitoring systems. |
Confidential
Exhibit A-7—Data Network Services
Page 17 of 22
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
5.0 |
|
VIDEO CONFERENCING SERVICES |
The Vendor shall provide support for the Supported Servers and transport, as listed in the Circuit
Listing in Exhibit C-1 (Base Charges, Baselines, ARC/RRC Rates and Termination Charges), that are
associated with video conferencing. ACI will retain responsibility for the support of video
conferencing equipment, software and facilities.
6.0 REMOTE ACCESS SERVICES
Upon the Service Tower Commencement Date, Vendor will support ACI’s current environment which
provides for ACI employees to remotely access (non-direct wired connections) to the ACI corporate
network. These remote access services are defined as follows:
|
1. |
|
SSL via multiple network appliance devices [ * ] scattered geographically throughout
the network; |
|
2. |
|
Secure Broadband connectivity via Third Party vendor services [ * ]; and |
|
3. |
|
Dial-up connectivity globally via Third Party vendor services [ * ] in which calls
are placed through local numbers and routed via [ * ] services into the ACI corporate
network. |
There are specific security requirements (checked by either the network appliance or the Third
Party vendor’s software) to ensure a minimum of:
|
1. |
|
OS level and service patch; |
|
2. |
|
A running copy of Antivirus Software; and |
|
3. |
|
Antivirus definition files that are within [ * ] of the current date. |
During Transition, Vendor will initiate a project to replace the existing ACI remote access
technology. Upon completion of the replacement project, Vendor will provide a standardized [ * ]
remote access service. This service will provide:
|
1. |
|
SSL via a standard set of AT&T supported VPN devices which include [ * ] These
devices will be centralized; |
|
2. |
|
Secure Broadband connectivity using [ * ]and |
|
3. |
|
Dial-up connectivity globally via [ * ] in which calls are placed through local
numbers and routed via AT&T services into the ACI corporate network. |
Confidential
Exhibit A-7—Data Network Services
Page 18 of 22
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
[ * ]
* Represents four pages of redacted tabular data
Confidential
Exhibit A-7 – Data Network Services
Page 19 of 22
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT A-8
ENTERPRISE SECURITY MANAGEMENT SERVICES
Vendor will maintain security controls that are consistent with the security controls
implemented at ACI as of the Service Tower Commencement Date. Vendor will work with ACI to
detail ACI’s existing security controls, if necessary, and to develop a detailed document
that will define the mutually agreed security controls that Vendor will implement at ACI.
Such document will include, at a minimum, the security responsibilities listed below. Any
effort to transform ACI’s existing security controls implemented as of the Effective Date
to the mutually agreed security controls, unless specifically and explicitly included in
the Agreement, will be considered a New Service.
2. |
|
SECURITY COMPLIANCE AND REGULATORY |
2.1 |
|
Security Policy Management |
|
(1) |
|
with ACI’s assistance, gather information to document the
security controls ACI has in place as of the Effective Date to establish
ACI’s IT security baseline and to define the technical specifications for
the systems managed by Vendor; |
|
(2) |
|
perform a gap analysis between the security controls ACI
has in place as of the Effective Date and the Information Security Controls
Document; |
|
(3) |
|
provide an initial threat identification summary based on
the gap analysis and update the threat identification summary every 18
months thereafter; such summary will contain: |
|
|
(a) |
|
identified threats organized by the [ * ] clauses, and |
|
|
(b) |
|
suggested remediation actions for each identified
threat; |
|
(4) |
|
with ACI’s assistance, develop and implement the security
document that is used to capture the security policies and technical
controls that Vendor will implement, as requested by ACI, on Vendor managed
systems, servers and networks (“Information Security Controls (ISeC)
Document”); this is a critical deliverable and is to be included in the
Process Interface Manual; |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 1 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
(5) |
|
define and document the privileged User IDs in the
platform-specific technical specifications set forth in the Information
Security Controls Document; and |
|
(6) |
|
on a periodic basis, review the Information Security
Controls Document with ACI and update, as appropriate. Interim changes can
be accepted but a formal review and update will be performed only [ * ]. |
|
(1) |
|
assist Vendor in documenting the security controls ACI
has in place as of the Effective Date; |
|
(2) |
|
provide contact, security policies and IT infrastructure
information and any updates as they occur; |
|
(3) |
|
assist Vendor in developing the Information Security
Controls Document; |
|
(4) |
|
review the threat identification summary and take action,
as appropriate; and |
|
(5) |
|
on a periodic basis, review the Information Security
Controls Document with Vendor and provide recommended updates, as
appropriate. Interim changes can be accepted but a formal review and update
will be performed only every 18 months. |
2.2 |
|
Security Compliance Support |
|
(1) |
|
perform periodic security reviews to validate compliance
(for example, validating access authorization per ACI’s instruction, the
correct use of logical control features) based on ACI’s security framework;
and |
|
(2) |
|
identify and manage security risks and exposures within
Vendor’s control as part of the Services based on ACI’s security framework; |
|
(3) |
|
in the course of their day-to-day support of the ACI
security services, advise ACI in the event that a process appears to be
non-compliant with Vendor’s understanding of industry-wide conventions;and |
|
(4) |
|
as a part of its annual technology review and its 18
month security review, provide industry perspective on security compliance
trends and regulatory changes and provide an industry update on security and
regulatory changes. |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 2 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
b. |
|
ACI will identify and interpret legal, regulatory or other security
requirements applicable to ACI’s business and provide those requirements to Vendor for
implementation. |
2.3 |
|
Security Audit Management |
|
(1) |
|
provide a Vendor Focal Point with responsibility for
account security audits; |
|
(2) |
|
notwithstanding anything in the Agreement to the
contrary, [ * ]; |
|
|
(3) |
|
communicate with and respond to auditor’s requests; |
|
(4) |
|
provide relevant data for security audits and reviews
such as SAS70 Type II Audits described in the MSA and [ * ] as necessary; |
|
(5) |
|
perform non-compliance support audit activities for
Vendor internal audits, external client reviews and Third Party reviews; and |
|
(6) |
|
coordinate issues resolution identified during the
security audit process and provide recommendations for resolution, and
provide resolution as it pertains to the scope of Vendor’s responsibility. |
|
(1) |
|
provide an ACI Focal Point with responsibility for
account security audits; |
|
(2) |
|
during the Transition Period, perform a review of each
Rebadged Employee’s system access authorizations to confirm the need for the
same access requirements following the Effective Date and advise Vendor of
any required changes which are congruent with applicable global privacy laws
and regulations; and |
|
(3) |
|
provide Vendor with ACI’s security audit history (both
internal and external) and security policies, standards and practices in
effect as of the Effective Date and any updates as they occur. |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 3 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
2.4 |
|
Regulatory Program Management |
|
(1) |
|
assist ACI in the development of testing criteria for
ACI-identified regulatory controls and implement them, as appropriate in
accordance with Vendor’s and ACI’s security framework; |
|
(2) |
|
utilize Vendor processes, tools, and infrastructure, as
appropriate, and maintain supporting documentation in support of
ACI-identified regulatory controls; |
|
(3) |
|
in accordance with the ACI-identified regulatory
controls, manage regulatory training for Vendor and maintain supporting
documentation; and |
|
(4) |
|
notwithstanding anything in the Agreement to the
contrary, provide [ * ]. For purposes of clarity, [ * ]. |
|
(1) |
|
provide ACI-identified regulatory controls; and |
|
(2) |
|
develop, with Vendor’s assistance, testing criteria for
ACI-identified regulatory controls. |
|
(1) |
|
provide a Vendor Focal Point with responsibility for
day-to-day security management; |
|
(2) |
|
review changes made or requested by ACI to its security
policies and standards and advise ACI whether or not such changes: |
|
(a) |
|
can be implemented; and |
|
(b) |
|
if implemented, will be considered a New Service; |
|
(3) |
|
perform risk and issue management, including: |
|
(a) |
|
establishing procedures for logging, alarming and
reporting of security violations and issues; |
|
(b) |
|
managing to resolution security risks identified as a
result of reviews and audits; changes in Vendor or ACI environment; and
changes in operating practices, processes or technology; |
|
(c) |
|
notify relevant parties of the risks, their potential
impact and actions to mitigate the impact; and |
|
(d) |
|
provide security procedures and knowledge transfer
for ACI Focal Point on Vendor security management methodology and tools;
and |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 4 of 15
|
(4) |
|
provide monthly security reports as required under this
Agreement. |
|
(1) |
|
provide an ACI Focal Point with responsibility for
day-to-day security management; |
|
(2) |
|
communicate the security procedures to End Users (for
example, login procedures, password requirements, use of Antivirus programs,
data and Equipment security procedures); |
|
(3) |
|
notify Vendor of changes ACI plans to make to its
security policies and standards before implementation; and |
|
(4) |
|
provide any additional or unique resources (for example,
hardware, software or other components, personnel) and perform any site
modifications required to enable Vendor to implement ACI’s security
requirements per ACI’s access policies and standards. |
4. |
|
INFRASTRUCTURE PROTECTION |
4.1 |
|
Emergency Response Services |
|
(1) |
|
provide telephone support for remote security Incident
response; |
|
(2) |
|
perform initial security Incident consultation (scope and
roles to be defined separately in Process Interface Manual); |
|
(3) |
|
with ACI’s assistance, develop customized emergency
response plans to help minimize the effect of future attacks; and |
|
(4) |
|
provide advice and guidance on such topics as Internet
security Incident assessment, preparedness, management, and response. |
|
(1) |
|
assist in the development of customized emergency
response plans; |
|
(2) |
|
declare a security Incident; |
|
(3) |
|
determine if a security Incident is a commercial privacy
breach and implement emergency response plan, as appropriate; |
|
(4) |
|
escalate declared security Incidents in the ACI
organization, as appropriate; and |
|
(5) |
|
provide contact and IT infrastructure information and any
updates as they occur. |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 5 of 15
4.2 |
|
X-Force Threat Analysis Services |
|
(1) |
|
manage daily security threats through comprehensive
evaluation of global online threat conditions and detailed analyses tailored
for ACI; |
|
(2) |
|
provide daily summaries of current, and forecast
assessments for, active vulnerabilities, viruses, worms and threats,
including links to recommended fixes and security advice; |
|
(3) |
|
provide customized and configurable notifications and
current alert status; and |
|
(4) |
|
provide alert trending and attack metrics. |
|
(1) |
|
provide a list of End User e-mail addresses to be
monitored and any updates as they occur; and |
|
(2) |
|
maintain a list of End User notification preferences. |
4.3 |
|
Managed Intrusion Detection |
|
(1) |
|
monitor, manage, configure and support network intrusion
detection sensors; |
|
(2) |
|
actively and passively monitor network traffic and block
known malicious activity in accordance with the security policy
configuration; |
|
(3) |
|
escalate security events and Incidents via e-mail or the
web portal, as appropriate; |
|
(4) |
|
report findings following each escalation; |
|
(5) |
|
provide high-level and in-depth reporting via the web
portal on the security of ACI’s networks; |
|
(6) |
|
assist ACI with resolving and remediating security
events; and |
|
(7) |
|
perform security policy configuration changes needed to
resolve network connectivity issues and critical attacks. |
|
(1) |
|
have access to IDS information; |
|
(2) |
|
be responsible for resolving and remediating security
events; |
|
(3) |
|
provide information regarding ACI’s IT infrastructure and
notify Vendor of changes made to such infrastructure that could impact the
Services; and |
|
(4) |
|
request policy configuration changes needed to resolve
network connectivity issues. |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 6 of 15
4.4 |
|
Managed Protection Services |
|
(1) |
|
monitor, manage and configure Vendor Internet Security
Systems (“ISS”) protection agents; |
|
(2) |
|
provide server-based protection securing the underlying
operating system by preventing attackers from exploiting the operating
system and application level vulnerabilities; |
|
(3) |
|
monitor all traffic to and from the servers: |
|
(a) |
|
in compliance with ACI’s security framework, provided
to Vendor (specifically PCI); |
|
(b) |
|
to detect and prevent inbound and outbound attacks;
and |
|
(c) |
|
block new and unknown attacks such as Trojans, brute
force attacks, unauthorized access and worms; |
|
(4) |
|
escalate security events via e-mail or the web portal, as
appropriate; |
|
(5) |
|
implement virtual patches which provide active blocking
capabilities so ACI is secure until patching of servers; |
|
(6) |
|
provide Incident report following each escalation; |
|
(7) |
|
assist ACI with resolving and remediating security
events; and |
|
(8) |
|
provide high-level and in-depth reporting via the web
portal on the security of ACI’s servers. |
|
(1) |
|
be responsible for resolving and remediating security
events (ACI and Vendor roles to be defined separately); |
|
(2) |
|
provide information regarding ACI’s IT infrastructure and
notify Vendor of changes made to such infrastructure that could impact the
Services. |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 7 of 15
ACI
WORLDWIDE, INC. RECEIVED CONFIDENTIAL
TREATMENT FOR THE PORTIONS OF THIS AGREEMENT
DENOTED BY BOXES AND ASTERISKS PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE SECURITIES
EXCHANGE
ACT OF 1934 PURSUANT TO AN ORDER
FROM THE SECURITIES AND EXCHANGE
COMMISSION
ISSUED ON MAY 6 2008.
4.5 |
|
Security Event and Log Management Services |
For the number of servers listed in the Event Log Collection resource unit [ * ],
|
(1) |
|
collect security or log data in a text-based format; |
|
(2) |
|
archive, analyze, correlate and trend events and logs,
while managing response and remediation workflow; |
|
(3) |
|
provide security events and log data online for one year;
and |
|
(4) |
|
analyze security events from select intrusion detection
and intrusion prevention devices and provide alerts via the web portal. |
|
(1) |
|
provide a list of devices and other required information
(i.e., platform, software revision and version, IP addresses, log retention
period per device) for which events and logs will be collected; |
|
(2) |
|
update access control lists (ACLs) and firewall rules
required for identified devices to communicate with Vendor; and |
|
(3) |
|
install universal log agent on data sources, as
applicable. |
|
(1) |
|
with ACI’s assistance, develop, implement and maintain
the URL filtering policy, including violation reporting procedures; |
|
(2) |
|
install, test, configure and maintain the URL filtering
environment; |
|
(3) |
|
in accordance with the URL filtering policy, control End
User access to web sites (i.e., allow or block access based on person(s),
groups, time of day, IP addresses, bandwidth or time allotment); |
|
(4) |
|
notify ACI, in accordance with the established
procedures, of URL filtering violations; and |
|
(5) |
|
provide monthly URL monitoring reports. |
|
(1) |
|
provide ACI’s business guidelines for End User Internet
access and any updates as they occur; |
|
(2) |
|
assist Vendor in developing and implementing the URL
filtering policy, including violation reporting procedures; and |
|
(3) |
|
provide contact and IT infrastructure information and any
updates as they occur. |
|
(a) |
|
with ACI’s assistance, develop, implement and
maintain the e-mail security policy, including violation reporting
procedures; |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 8 of 15
|
(b) |
|
scan ACI’s inbound e-mail for spam; |
|
(c) |
|
provide ACI with the capability to create filters to
prevent spam and allow e-mail (i.e., black list, white list); |
|
(d) |
|
using ACI provided black list and white list,
identify spam and take action in accordance with the e-mail security
policy (i.e., tag, redirect, delete); |
|
(e) |
|
provide secure password access to a proprietary
Internet-based reporting and management tool which allows ACI to view data
and statistics and offers a number of configuration and management
facilities; and |
|
(f) |
|
provide weekly and monthly security reports via
e-mail. |
|
(a) |
|
with ACI’s assistance, develop, implement and
maintain the e-mail security policy, including violation reporting
procedures; |
|
(b) |
|
scan ACI’s inbound and outbound e-mail to detect
potentially suspected pornographic images; |
|
(c) |
|
implement sensitivity settings and routing options in
accordance with the e-mail security policy (for example, e-mail containing
suspect images can be logged only, tagged, sent or copied to a designated
system administrator or deleted); |
|
(d) |
|
provide secure password access to a proprietary
Internet-based reporting and management tool which allows ACI to view data
and statistics and offers a number of configuration and management
facilities; and |
|
(e) |
|
provide weekly and monthly security reports via
e-mail. |
|
(3) |
|
for e-mail Antivirus: |
|
(a) |
|
with ACI’s assistance, develop, implement and
maintain the e-mail security policy, including violation reporting
procedures; |
|
(b) |
|
scan ACI’s Internet level e-mail to detect viruses
(i.e., known and unknown); |
|
(c) |
|
notify appropriate contact (for example, e-mail
sender, intended recipient, e-mail administrator), in accordance with the
established procedures, if an e-mail or attachment contains a virus; |
|
(d) |
|
handle infected e-mail in accordance with the
established procedures; |
|
(e) |
|
notify ACI of any virus infected e-mail that Vendor
was unable to intercept; |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 9 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
(f) |
|
provide secure password access to a proprietary
Internet-based reporting and management tool which allows ACI to view data
and statistics as well as offers a number of configuration and management
facilities; and |
|
(g) |
|
provide weekly and monthly security reports via
e-mail. |
|
(1) |
|
configure an anti-spam black list and white list; |
|
(2) |
|
provide ACI’s business guidelines for End User e-mail
security and any updates as they occur; |
|
(3) |
|
assist Vendor in developing and implementing the e-mail
security policy, including violation reporting procedures; |
|
(4) |
|
address any virus infected e-mail that Vendor was unable
to intercept; and |
|
(5) |
|
provide contact and IT infrastructure information and any
updates as they occur. |
5.1 |
|
System Security Checking |
|
(1) |
|
install, test and maintain security policy verification
software; |
|
(2) |
|
perform system security checks of managed mainframes,
mid-range servers, network devices, and system tools to validate compliance
with the technical specifications documented in the [ * ]. System
security checks will be performed on a sample of systems. Checks will
verify that: |
|
(a) |
|
Antivirus software is functional and operating on
Supported Servers; |
|
(b) |
|
technical controls to enforce operating system
password policy are in place; and |
|
(c) |
|
logs of privileged access and log-on/log-off
activities are being captured as defined in the Information Security
Controls Document technical specifications; and |
|
(3) |
|
document identified issues and take corrective action on
the findings, as appropriate. |
|
b. |
|
ACI will permit Vendor to access systems as necessary to perform system
security checks per ACI’s access policy, processes and standards. |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 10 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
5.2 |
|
Security Advisory and Integrity |
|
a. |
|
Vendor will for operating systems, software tools, and network infrastructure
systems and devices (including desktop Equipment) managed by Vendor: |
|
(1) |
|
monitor security patches; |
|
(2) |
|
notify ACI within 3 Business Days of Vendor-rated high
severity security patches or earlier depending on the criticality identified
by the Vendor CERT team; |
|
(3) |
|
install ACI-approved security patches within the
following security change window parameters: |
|
(a) |
|
minimum [ * ] security change window; |
|
(b) |
|
[ * ] servers thereafter; and |
|
(c) |
|
In the case of a high CERT criticality, implement the
patch as per the CERT guidelines. |
|
(1) |
|
evaluate advisory notifications from Vendor and approve
security patches for installation at least one Business Day before scheduled
implementation date; and |
|
(2) |
|
provide an environment for testing security patches and
perform such tests, as appropriate. |
5.3 |
|
Malware Defense Management |
|
(1) |
|
install, test and maintain anti-malware software on
Supported Servers and Windows Supported Desktops; |
|
(2) |
|
push anti-malware definitions, vendor product updates,
and policy and configuration updates to Supported Servers and Supported
Desktops, as appropriate; |
|
(3) |
|
if malware is detected, take corrective action in
accordance with the Information Security Controls Document (i.e., prevent,
detect and remove malware infections and respond to malware security
incidents); |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 11 of 15
|
(4) |
|
notify ACI, in accordance with the established
procedures, if malware is detected on a Supported Server or Supported
Desktop; |
|
(5) |
|
perform virus definition, pattern file updates and policy
configuration; and |
|
(6) |
|
provide monthly malware defense management reports. |
|
b. |
|
ACI will provide ACI’s security policy and any updates as they occur. |
5.4 |
|
Vulnerability Management Services |
|
(1) |
|
maintain a list of ACI IP addresses to scan; |
|
(2) |
|
identify vulnerabilities within the network perimeter
using Vendor policies; |
|
(3) |
|
perform historical trending of vulnerability data; |
|
(4) |
|
provide vulnerability scanning reports which include: |
|
(a) |
|
scan results reflecting identified vulnerabilities
for corrective action to be taken, as appropriate; and |
|
(b) |
|
summary reports and trend analysis provided via the
web portal; |
|
(5) |
|
with ACI’s assistance, schedule and perform scans; |
|
(6) |
|
develop and maintain the scanning profile containing the
following: |
|
(a) |
|
system and network devices to be scanned; |
|
(b) |
|
frequency of scanning; |
|
(d) |
|
vulnerabilities that are not security policy
violations; and |
|
(e) |
|
time frames when scans will be executed. |
|
(1) |
|
assist Vendor in developing the scanning profile
containing the following: |
|
(a) |
|
system and network devices to be scanned; |
|
(b) |
|
frequency of scanning; |
|
(d) |
|
vulnerabilities that are not security policy
violations; and |
|
(e) |
|
time frames when scans will be executed; and |
|
(2) |
|
be responsible for resolving application-related issues
discovered during a vulnerability scan. |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 12 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
6.1 |
|
Management of Privileged User IDs and Vendor User IDs |
|
a. |
|
For the operating systems, software tools and network infrastructure systems
and devices under Vendor management, Vendor will: |
|
(1) |
|
with ACI’s assistance, perform a baseline inventory of
access IDs; |
|
(2) |
|
perform the following provisioning and compliance
activities: |
|
(a) |
|
provision and manage User IDs for Vendor personnel to
include special access and emergency access needs; |
|
(b) |
|
perform employment verification upon hire and
termination for Vendor personnel and remove Vendor User IDs, as
appropriate; |
|
(c) |
|
administer passwords for Vendor User IDs and
privileged User IDs; |
|
(d) |
|
provision and manage the Vendor and ACI privileged
User IDs as defined in the platform-specific technical specifications set
forth in the Information Security Controls Document; |
|
(e) |
|
revalidate privileged authorizations annually and
remove privileged User IDs, as appropriate; and |
|
(f) |
|
provide ACI a list of ACI privileged User IDs for
revalidation on request; |
|
(3) |
|
maintain audit records for privileged User ID approvals,
verifications and revalidations and retain such records for two years; |
|
(4) |
|
provide for ACI’s review and approval, as appropriate,
non-expiring passwords and policy exception requests; and |
|
(5) |
|
capture system security logs of privileged access and
log-on/log-off activities as defined in the Information Security Controls [
* ]. |
|
(1) |
|
assist Vendor in performing a baseline inventory of
access IDs for the systems for which Vendor has security responsibility; |
|
(2) |
|
authorize and manage non-privileged User IDs and
passwords for ACI personnel for the operating systems, software tools and
network infrastructure systems and devices under Vendor management; |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 13 of 15
|
(3) |
|
revalidate ACI privileged User IDs; and |
|
(4) |
|
approve non-expiring passwords and policy exception
requests, as appropriate. |
6.2 |
|
Password Management for ACI User IDs |
|
(1) |
|
perform password resets for User IDs using ACI-provided
and maintained employee authentication data; and |
|
(2) |
|
investigate ACI User ID password issues, as identified by
ACI. |
|
(1) |
|
provide and maintain employee authentication data for ACI
User IDs; and |
|
(2) |
|
establish the criteria for resetting passwords and
disclosing such passwords to authorized personnel. |
6.3 |
|
ACI User ID Lifecycle Administration |
|
a. |
|
For the operating systems, software tools and network infrastructure systems
and devices under Vendor management, Vendor will: |
|
(1) |
|
provision and manage ACI-identified User IDs for ACI
personnel; and |
|
(2) |
|
investigate ACI User ID security issues, as identified by
ACI. |
|
(1) |
|
identify ACI User IDs; and |
|
(2) |
|
provide approved provisioning requests for User IDs for
ACI personnel. |
6.4 |
|
ACI User ID Administration Compliance Support |
|
a. |
|
For ACI User IDs in-scope for ACI User ID Lifecycle Administration Services,
Vendor will: |
|
(1) |
|
perform annual employment verification and User ID
revalidation for ACI personnel and remove User IDs, as appropriate; |
|
(2) |
|
perform annual revalidation of privileges and access to
shared User IDs and remove such privileges and access, as appropriate; |
|
(3) |
|
maintain audit records for User ID and privileged User ID
approvals, verifications and revalidations and retain such records for two
years; and |
|
(4) |
|
provide for ACI’s review and approval, as appropriate,
non-expiring passwords and policy exception requests. |
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 14 of 15
|
(1) |
|
revalidate ACI User IDs, privileges and access to shared
User IDs; and |
|
(2) |
|
approve non-expiring passwords and policy exception
requests, as appropriate. |
6.5 |
|
Physical Security and Access Management |
|
(1) |
|
provide the following physical security controls at
Vendor facilities: |
|
(a) |
|
define controlled areas, perform a physical security
assessment and document any identified control and audit issues; |
|
(b) |
|
identify ownership of control and audit issues and
manage closure of Vendor-owned issues; |
|
(c) |
|
perform initial access baseline review and execute
formal revalidation for new protected and restricted areas; |
|
(d) |
|
develop and implement the access authorization
processes; |
|
(e) |
|
manage the implementation of the physical security
environment for the controlled areas; |
|
(f) |
|
perform maintenance, testing and daily operations of
the physical security environment; and |
|
(g) |
|
manage permanent and temporary access authorization
devices. |
|
(1) |
|
provide and manage physical security controls at the ACI
Facilities; |
|
(2) |
|
manage closure of ACI-owned control and audit issues; and |
|
(3) |
|
protect LAN servers and infrastructure devices on ACI
premises from unauthorized access. |
7. |
|
ADDITIONAL SECURITY TERMS |
ACI acknowledges that the Services described herein constitute authorized access to ACI’s
networks and computer systems.
Confidential
Exhibit A-8 — Enterprise Security Management Services
Page 15 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT A-9
DISASTER RECOVERY AND BUSINESS CONTINUITY SERVICES
From the period beginning with the Effective Date of the Agreement, Vendor will provide
Disaster Recovery capabilities either using ACI’s existing disaster recovery plan, if
available and applicable, or on a Commercially Reasonable Efforts basis.
Prior to the completion of transition for any services, Vendor will develop and present to
ACI for approval either a Disaster Recovery Plan specifically addressing the service(s) for
which transition has been completed, or provide a high-level business continuity plan for
the delivery of the service from the designated Vendor Location (for the purpose of
clarity, prior to the service commencement for Service Desk, Vendor will provide to ACI the
Vendor internal high-level business continuity plan that addresses the procedures that
Vendor will follow in the event that service can not be delivered from its service Location
for Service Desk and network operations center).
Following the Transition Period, Vendor will be responsible for the provision of Disaster
Recovery and Vendor business continuity capability and services to ACI as set forth in this
Exhibit and further described in Attachment 1 to this Exhibit.
[ * ]
|
|
|
|
|
* Represents one page of
redacted tabular data |
2. |
|
DISASTER RECOVERY PLAN |
|
a. |
|
Vendor Responsibilities |
Delivery of the Disaster Recovery Plan is a critical deliverable. Vendor will:
|
(1) |
|
during Transition, develop the Disaster Recovery Plan , which
will be ready at the end of each phase of Transition and will include the
following: |
|
(a) |
|
a brief description of the critical services and functions,
including a prioritized listing of the Critical Functions; |
|
(b) |
|
the agreed recovery times (RTO/RPO) for each Critical
Function; |
|
(c) |
|
the hardware and Software composing the Configuration; |
Confidential
Exhibit A-9 — Disaster Recovery and Business Continuity Services
Page 1 of 13
|
(d) |
|
the Equipment and Software, including some existing ACI
Equipment, necessary for connection to the ACI Data Network; |
|
(e) |
|
Vendor’s and ACI’s recovery roles and responsibilities; |
|
(f) |
|
contact listings of ACI and Vendor key employees; |
|
(g) |
|
identification of recovery teams; |
|
(i) |
|
criteria for Disaster declaration, recovery and testing; |
|
(j) |
|
names of those individuals who are authorized by ACI and
Vendor to declare a Disaster; |
|
(k) |
|
backup process and components; |
|
(l) |
|
the location and schedule for the periodic tape backup of
Critical Functions; |
|
(m) |
|
the location and schedule for off-site storage of the tape
backups; |
|
(n) |
|
notification procedures; |
|
(o) |
|
recovery information, procedures, and schedules; |
|
(p) |
|
testing results and any required corrective action plans; |
|
(q) |
|
procedures for maintaining the Disaster Recovery Plan; and |
|
(r) |
|
procedures for restoration back to original location or
another permanent location; |
|
(2) |
|
provide a representative who is knowledgeable in Disaster
Recovery planning and the Disaster Recovery Plan to serve as a single point of
contact for ACI’s Disaster Recovery-related communications and activities. The
Vendor representative will be responsible for the development and maintenance of
the Disaster Recovery Plan and will provide safe storage and distribution of
copies as follows: |
|
(a) |
|
off-site vital records storage; |
|
(b) |
|
ACI’s Disaster Recovery coordinator; and |
|
(c) |
|
Vendor’s Disaster Recovery coordinator; |
|
(3) |
|
in cooperation with ACI, review and update, if necessary, the
Disaster Recovery Plan on an annual basis or as warranted by business and/or
technical changes to validate compatibility with ACI’s and Vendor’s overall
Disaster Recovery strategies and related plans; |
|
(4) |
|
in cooperation with ACI, test the Disaster Recovery Plan
initially within 180 days after the Disaster Recovery Plan is completed, or the
earliest time after 180 days that the Recovery Center is available, and annually
thereafter to validate that the Disaster Recovery Plan and ACI-specific tests
remain practicable and current; |
Confidential
Exhibit A-9 — Disaster Recovery and Business Continuity Services
Page 2 of 13
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
(5) |
|
conduct a Disaster Recovery test for EB On Demand by the start of
the third quarter of 2008 using the Disaster Recovery Plan that is in place at
that time; |
|
(6) |
|
[ * ], unless more time is required to complete a successful test
at the Vendor Recovery Center, for testing ACI’s Mainframe Test/Dev Disaster
Recovery Plan; |
|
(7) |
|
[ * ] unless more time is required to complete a successful test
(ACI financially responsible for any additional [ * ] fees in the event more
time is required), at the [ * ]; |
|
(8) |
|
[ * ], unless more time is required to complete a successful test
(ACI financially responsible for any additional [ * ] fees in the event more
time is required), for testing the [ * ]; |
|
(9) |
|
provide ACI with a report of the test results following each
Disaster Recovery Plan test; |
|
(10) |
|
remediate any issues uncovered during the test and retest if
requested by ACI; and |
|
(11) |
|
develop and maintain the Disaster Recovery Plan for network
connectivity and recovery in the event of a Disaster. |
Any additional updates to the Disaster Recovery Plan that are necessary as a result of
actions by or changes requested by ACI will be considered a New Service.
ACI will provide a representative who is knowledgeable in Disaster Recovery planning
and the Disaster Recovery Plan to serve as a single point of contact for ACI and who
will:
|
(1) |
|
act as the primary interface to Vendor’s Disaster Recovery
representative; |
|
(2) |
|
be available on a continuous basis in the event a Disaster is
declared; |
|
(3) |
|
assist Vendor in the development of the Disaster Recovery Plan; |
|
(4) |
|
in cooperation with Vendor, test the Disaster Recovery Plan; and |
|
(5) |
|
provide the Vendor Disaster Recovery representative with ACI’s
updates to the Disaster Recovery Plan to ensure the Disaster Recovery Plan
remains current. |
Confidential
Exhibit A-9 — Disaster Recovery and Business Continuity Services
Page 3 of 13
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
a. |
|
Vendor Responsibilities |
In the event of a declared Disaster, Vendor will:
|
(1) |
|
deliver the data and Software archived in off-site storage to the
Recovery Center designated in the Disaster Recovery Plan or at such other
location as may be established by Vendor thereafter; |
|
(2) |
|
reroute the affected data communications circuits from the Data
Center to the Recovery Center; |
|
(3) |
|
operate the Critical Functions on the Configuration at the
Recovery Center; and |
|
(4) |
|
pay all travel and living expenses Vendor incurs in the
performance of Vendor’s Disaster Recovery responsibilities. |
In the event of a declared Disaster, ACI will:
|
(1) |
|
perform its Disaster Recovery responsibilities as set forth in
this Exhibit and the Disaster Recovery Plan; |
|
(2) |
|
comply with recovery procedures, including those for safety and
security; |
|
(3) |
|
pay all costs associated with the storage of data and Software at
locations other than the Data Centers, including all storage facility charges
and charges for transporting such data and Software to, from and between the
storage facility, the Data Centers and/or the Recovery Center; and |
|
(4) |
|
pay all travel and living expenses ACI incurs in the performance
of ACI’s Disaster Recovery responsibilities. |
Vendor will reroute the affected data communications circuits from the Data Center to the
Recovery Centers. Upon [ * ], Vendor will be responsible for all network Disaster
Recovery Services, including any costs associated with Vendor managed connectivity and
support. ACI, in cooperation with Vendor, will develop a network recovery plan to be
included in the Disaster Recovery Plan. The network recovery plan will use the strategy
for redundancy in place at the
time of a declared Disaster and will include recoverability only to the extent the
Configuration includes the necessary network connectivity to ACI’s control units.
Confidential
Exhibit A-9 — Disaster Recovery and Business Continuity Services
Page 4 of 13
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
5. |
|
DISASTER RECOVERY FOR ACI-HOSTED SERVERS |
|
a. |
|
ACI will be responsible for the provision of disaster recovery services for
the ACI-hosted server environment, excluding the specific list of Equipment Vendor is
providing Disaster Recovery Services for identified in this Exhibit, including any
costs associated with backup, connectivity and support of Supported Desktops,
Supported Servers and affected networks. |
|
b. |
|
In the event a declared Disaster interrupts the Services Vendor provides to
ACI, Vendor will make [ * ]to provide the Services during such Disaster. |
|
c. |
|
Vendor will cooperate with ACI in the development of ACI’s distributed
environment disaster recovery plan as it pertains to the Services Vendor provides
under the Agreement. If ACI requests Vendor to provide distributed environment
disaster recovery services, Vendor will provide such services as a New Service in
accordance with Schedule C (Charges). |
ACI will be financially responsible for all End User recovery services, including any costs
associated with connectivity, equipment, alternate site relocation and support.
Vendor will assist ACI in developing, maintaining and testing the End User disaster
recovery plans and will assist ACI in the event that such a disaster recovery event occurs.
The resources for Disaster Recovery Services are the capacities of the Configuration listed
in Section 9 (Configuration) below and the connectivity required to connect the Recovery
Center to the Data Center. Growth in the Configuration will be provided at a rate
necessary to support the percent of growth, if any, for each affected Baseline set forth in
Schedule C (Charges) without increasing the charges to ACI.
ACI’s request for additional services, functions or capacity beyond that specified in this
Exhibit will be considered a New Service.
Confidential
Exhibit A-9 — Disaster Recovery and Business Continuity Services
Page 5 of 13
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
In the event a Disaster renders Vendor incapable of providing the processing Services,
Vendor will move its operations to the designated Recovery Center and
provide the Services to ACI with data processing equipment and connectivity in a
Configuration equivalent to [ * ] to be determined in order to support the then-existing
Baselines. The Configuration will be compatible with and support the Systems Software
platform so Vendor may operate and deliver Services for ACI’s Critical Functions at the
levels of service attainable on such Configuration capacity.
In the event of a Disaster, Vendor will provide the Services to ACI from the Recovery
Center using the Configuration set forth below.
[ * ]
* Represents five pages of
redacted tabular data
|
|
|
Note: |
|
The software Configuration will be the Systems Software specified in Schedule I
(Vendor Supported Software). |
Confidential
Exhibit A-9 — Disaster Recovery and Business Continuity Services
Page 6 of 13
ATTACHMENT 1
IBM DISASTER RECOVERY / BUSINESS CONTINUITY
Business Continuity Overview
IBM recognizes that protection of its assets is a major responsibility to its stockholders
and customers. IBM further recognizes the importance of establishing methods that allow its
customers to maintain business continuity and service to their customers in the event of a
disruption. It is the policy of IBM that any system supporting a vital business process has
a business continuity plan. Extensive procedures have been developed to support the
resumption of disrupted critical business and service operations.
If a circumstance should occur in an IBM Service Location such that IBM will be impeded for
providing services for an extended period of time, IBM will initiate commercially
reasonable efforts to establish a capability to deliver the contract of services within a
reasonable amount of time.
Service levels will not approach those being provided in a normal processing environment.
However, every attempt will be made to restore the environment back to normal status as
soon as possible.
Responding to the problem
In a disruption, the first priority is the safety of human life. Once certain that everyone
in the area is safe and accounted for, the business continuity plan will be executed as per
instruction from the IBM management action team.
Management Action Team
All relevant information will be communicated to the IBM management action team. This team
will act as the focal point for all communications both internally and externally,
coordinate recovery actions and make the decision to declare a disaster.
The IBM Delivery Executives for each customer will be responsible for direct communications
with the customer as to the status of the situation. In the event the IBM Delivery
Executive is not available, the Project Engagement Executive or Service Delivery Manager
will assume the Delivery Executive’s role.
Confidential
Exhibit A-9 — Disaster Recovery and Business Continuity Services
Page 11 of 13
Initial communications to the customer will take place assuming that communication channels
are operational. Communications will include the initial assessment of the damage to the
IBM physical facility and an assessment as to when the customers’ services will be up and
running.
Once the decision has been made to declare, all recovery resources are assembled and
recovery activities are executed. As tasks are completed, they are reported back to the IBM
management.
Business Continuity Plan Testing and Maintenance
For a business continuity plan to be effective, it must be current. IBM confirms that its
business continuity plans are current in two ways:
1. Maintenance of the plans regularly updates the information necessary for a successful
recovery.
2. Testing will check the procedures and information stored in the plans for accuracy and
suitability to the tasks of recovery.
Plan Testing
Testing is vital to the continued success of the business continuity plan. The following
are testing objectives:
1. To ensure the accuracy, completeness and validity of recovery procedures.
2. To verify the capabilities of the team members executing the recovery procedures.
3. To validate the information stored in the business continuity plans.
4. To verify that the time estimates for recovery are realistic.
5. To ensure that all changes in the technical and business environment have been reflected
in the business continuity plan.
6. To validate assumptions.
Confidential
Exhibit A-9 — Disaster Recovery and Business Continuity Services
Page 12 of 13
As a general guideline, IBM conducts tests as follows:
• At least once a year, the business continuity team conducts a walk-through of the
business continuity plan. This test will verify that the plan is consistent with
the team members’ expectations and that it can work regardless of the type of disruption.
Maintenance
The business continuity plan for each account is maintained by the front line manager for
that account. Maintenance of the business continuity plan depends on the regular review of
the plan. To maintain the plan properly, the following is done:
Annually:
• Copies of the contact lists are circulated to each business continuity team member. The
team members review the lists for known changes.
• A copy of the staff list is sent to human resources to review for changes and deletions.
Deletions must be replaced by the new jobholders.
• Copies of the business continuity procedures are circulated to each applicable team
member. The team members note their changes on the procedures directly and return them to
the front line manager.
• Major changes in hardware, software and personnel are reflected in the plan as soon as
they happen.
Training for the Recovery Teams
Training of the recovery team will be accomplished during the normal course of maintenance
and testing of the business continuity plan. Normal maintenance of the plan includes
regular reviews of the information lists and procedures of the plan. Testing will exercise
many of the plan’s procedures and information lists.
New employees review the business continuity plan as part of their service indoctrination
program.
Confidential
Exhibit A-9 — Disaster Recovery and Business Continuity Services
Page 13 of 13
SCHEDULE B
SERVICE LEVELS
As of the Service Tower Commencement Date (or as otherwise specified in this Schedule and the
Exhibits to this Schedule), the Vendor will perform the Services to which Service Levels apply so
that the Service Level Performance will, in each month of the Term, meet, or exceed, the Service
Levels.
The achievement of the Service Levels by the Vendor may require the coordinated, collaborative
effort of the Vendor with other third-party vendors. The Vendor shall provide a single point of
contact for the prompt resolution of all Service Level Defaults and all failures to provide high
quality Services to ACI, regardless of whether the reason for such Service Level Defaults, or
failure to provide high quality Services to ACI, was caused by the Vendor.
The defined terms in this Schedule B will be set forth in Schedule D.
The following Exhibits are provided with this Schedule and are hereby incorporated by reference:
Exhibit B-1 Service Levels Matrix. This Exhibit sets forth the quantitative measurements and
effective dates associated with Critical Service Levels, Key Measurements, and Critical
Deliverables.
Exhibit B-2 Critical Service Level and Key Measurements Descriptions. This Exhibit sets forth the
descriptions and definitions of Critical Service Levels and Key Measurements and Critical
Deliverables along with describing the methodology and measuring tools to be used.
Exhibit B-3 Critical Deliverables Descriptions. This Exhibit sets forth the descriptions and
definitions of Critical Deliverables along with describing the methodology and measuring tools to
be used.
Exhibit B-4 Severity Levels. This Exhibit provides a description of the Severity Levels associated
with the in-scope Services.
Service Level Performance shall commence being measured by Vendor as soon as possible after the
Effective Date for the Service Levels identified herein. The method of measuring the Service
Level Performance will be agreed upon by the parties.
Confidential
Schedule B — Service Levels
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
Service Level Credits shall apply from the Service Tower Commencement Date or as otherwise
specified in Exhibit B-1 referencing the column “SCD + mos**”. The numbers used in the
column “SCD +mos**” are in the format X where “X” represents the number of months after the
Service Tower Commencement Date (the “Grace
Period”) when Supplier will be responsible to meet the Service Level and provide measurement
data in support of the Service Level, but Service Level Credits shall not be applicable until
the month immediately following the Grace Period. If the notation in column “SCD + Mos**” is
“SCD” the obligation will commence on the Service Tower Commencement Date (or, if later, the
date on which Supplier assumes responsibility for the Services in question in accordance with
the Transition Plan), based on an agreement as of Effective Date as to the expected and minimum
Service Levels.
During the Transition and any Grace Period relating to a Service Level, the Parties shall
gather and review performance data and baselines relating to each Service Level. As requested
by either Party, the other Party shall discuss in good faith such data and baselines for the
purpose of determining whether the Service Levels set forth in Exhibit B-1 should be adjusted.
As mutually agreed in writing (such agreement not to be unreasonably withheld), the Parties
shall revise Service Levels during the Transition Period and any applicable Grace Period. If
the Parties fail to mutually agree on any revisions to the Services Levels, the Service Levels
in Exhibit B-1 will remain in place but will not be subject to Service Level Credits and either
Party may escalate such dispute in accordance with the Agreement. For the purpose of clarity,
those Service Levels marked “SCD” will not be included in this adjustment process.
Service Level Performance will be measured on a monthly basis unless otherwise specified in Service
Levels Matrix.
The measuring methodologies set forth in Service Levels Descriptions shall be used by the Vendor to
measure the Service Levels from the Date specified herein.
Tools for new Service Levels and changes to tools for existing Service Levels will be implemented
in accordance with the Change Control Procedure. The amount of increase to the Charges, if any,
shall be determined via the Change Control Procedure.
If a tool changes, the Parties may, by written agreement, adjust the Service Level measurements as
necessary to account for any increased or decreased sensitivity in the new measuring tool.
However, it is not anticipated that changes in the monitoring tools will drive changes in Service
Levels; rather, the need to collect and accurately reflect the performance data should drive the
development or change in monitoring tools.
ACI and the Vendor shall work together to agree on acceptable measuring tools and methodologies for
the Critical Service Levels designated prior to the date such tools and methodologies are needed.
If the Service Provider fails to measure Service Level Performance for a Critical Service Level so
that it is not possible to confirm whether the Critical Service Level has been achieved then,
unless such failure to measure was excused in writing by ACI, the Service Level Performance for the
Service Level shall be deemed to be [ * ] value for that Critical Service Level and that value will
be used in all Earnback calculations.
[ * ]
Confidential
Schedule B — Service Levels
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
The Vendor shall provide to ACI, as part of the Vendor’s monthly performance reports, a set of
hard- and soft-copy reports to verify the Vendor’s performance and compliance with the Service
Levels and, until all Critical Deliverables are received and approved by ACI, the Critical
Deliverables.
The Vendor shall provide detailed supporting information for each report to ACI in machine-readable
form suitable for use on a personal computer. The data and detailed supporting information shall
be ACI’s and Vendor Confidential Information, and ACI may access such information online and in
real-time, where technically feasible, at any time during the Term.
5.0 |
|
SERVICE LEVEL CREDITS |
In the event of a Service Level Default, the Vendor shall provide ACI credits as defined below:
|
1. |
|
Subject to Item 5 of this Section 5 and Sections 6 and 7, Vendor will provide ACI a
Service Level Credit if a Service Level Default has occurred. |
|
2. |
|
[ * ] However, if the Vendor fails to meet the applicable Minimum Service Level for a
Key Measurement, [ * ]. |
|
3. |
|
Service Levels Descriptions to this Exhibit sets forth the information required to
calculate the Service Level Credit in the event of a Service Level Default. For each Service
Level Default, the Vendor shall pay to ACI, subject to Item 5 of this Section 5 below, a
Service Level Credit that will be computed in accordance with the following formula: |
|
|
|
|
[ * ] |
|
|
|
|
* Represents one page of
redacted text |
|
1. |
|
If any events or periods that are measured as part of a Service Level are not
successfully achieved in accordance with the relevant performance standard specified in the
Service Level and the Vendor demonstrates that such failure would not have occurred but for
any of the following, then such events or periods shall be disregarded for the purpose of
calculating the relevant Service Level (and shall be excluded from both the numerator and
the denominator for the purposes of calculating whether the Service Level has been
achieved): |
|
|
|
1.1 |
|
[ * ] |
|
|
1.2 |
|
[ * ] |
|
|
1.3 |
|
[ * ] |
|
|
1.4 |
|
[ * ] |
|
|
1.5 |
|
[ * ] |
|
|
1.6 |
|
[ * ] |
|
|
1.7 |
|
[ * ] |
|
|
1.8 |
|
[ * ] |
|
2. |
|
For purposes of calculating actual uptime and availability, all planned downtime shall be
excluded (for example, preventive maintenance, circuit upgrades, etc.). The
Vendor shall maintain Availability during such periods to the extent reasonably practicable
as agreed to by the Parties. |
Confidential
Schedule B — Service Levels
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND
ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT
PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
8.0 |
|
CHANGES TO SERVICE LEVELS |
|
8.1 |
|
[ * ] |
|
* |
|
Represents one page of redacted text |
|
8.2 |
|
Additions, Deletions, and Modifications |
|
1. |
|
Subject to the remainder of this Section 8.2 and Section 8.3, ACI may, by sending written
notice to the Vendor at least 90 calendar days prior to the effective date of the change: |
|
|
1.1. |
|
Add or delete Performance Categories. |
|
|
1.2. |
|
Add, modify, or delete Critical Service Level allocations between Performance Categories. |
|
|
1.3. |
|
Add or delete Service Levels. |
|
|
1.4. |
|
Change Service Levels from Critical Service Levels to Key Measurements or from Key
Measurements to Critical Service Levels. |
|
|
1.5. |
|
Modify the Service Level Credit Allocation Percentages for any Critical Service Levels. |
|
|
2. |
|
[ * ] |
|
|
3. |
|
[ * ] |
|
|
4. |
|
[ * ] |
|
|
5. |
|
[ * ] |
8.3 |
|
Performance Standards for Additional Service Levels |
If ACI adds a Service Level in accordance with Item 1 of Section 8.2, the Expected Service Levels
and Minimum Service Level commitments for such Service Level shall be agreed by the Parties.
Should the Parties not agree, they shall be computed as follows:
|
1. |
|
[ * ] |
|
|
2. |
|
[ * ] |
|
|
3. |
|
[ * ] |
|
|
4. |
|
[ * ] |
9.0 |
|
CRITICAL DELIVERABLES |
|
1. |
|
Certain of the Vendor’s obligations under the Agreement are one-time or periodic
obligations to deliver Critical Deliverables. Exhibit B-1 (Service Level Matrix) to this
Schedule sets forth the Deliverable Credits that shall be payable by the Vendor to ACI in
the event the Vendor fails to deliver any of the Critical Deliverables by the due date,
specified in Exhibit B-1 (Service Level Matrix) to this Schedule. In this regard: |
|
1.1 |
|
[ * ] |
|
|
1.2 |
|
[ * ] |
|
|
1.3 |
|
[ * ] |
|
|
1.4 |
|
[ * ] |
|
|
1.5 |
|
[ * ] |
Confidential
Schedule B — Service Levels
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND
ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT
PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT B-1
SERVICE LEVEL MATRIX
INTRODUCTION
This
Exhibit B-1 to Schedule B (Service Levels) sets forth the
following:
[ * ]
* |
|
Represents one page of redacted text |
Introduction
Page 1
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE
PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT B-1
SERVICE LEVEL MATRIX
[ * ]
* |
|
Represents one page of redacted text |
Critical Service Levels
Page 2
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE
PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT B-1
SERVICE LEVEL MATRIX
[ * ]
* |
|
Represents one page of redacted text |
Key Measurements
Page 3
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT B-1
SERVICE LEVEL MATRIX
CRITICAL DELIVERABLES
[ * ]
Critical Deliverables
Page 4
EXHIBIT B-2
CRITICAL SERVICE LEVELS AND KEY MEASUREMENTS
1.0 |
|
CRITICAL SERVICE LEVELS — INTRODUCTION |
This Section sets forth qualitative descriptions of the Critical Service Levels. The
numerical Minimum Service Levels, Expected Service Levels and commencement of obligations
associated with such Critical Service Levels are set forth in Exhibit B-1 (Service Level
Matrix) to Schedule B (Service Levels).
|
1.1 |
|
Performance Category — Server Availability |
1.1.1 |
|
Server Availability — High Category |
“Server Availability — High Category” shall mean, with respect to all designated High
Availability (HA) Servers (generally all external client facing servers) (a) System
Scheduled Uptime minus Scheduled System Downtime, divided by (b) System Scheduled Uptime
with the result expressed as a percentage. For purposes of clarity, the designation High
Availability is not limited to, nor does it necessarily include the ACI high availability
servers (HP non-stop hardware); it is defined as those servers requiring high availability
due to their usage. This Critical Service Level represents an average Availability for all
servers meeting the description of HA Servers. During Transition, the HA Servers will be
identified and documented.
|
1. |
|
“Available for Use” with respect to all High Category Servers shall
mean that the System—including the processor and associated storage devices,
cabling, peripherals, and other equipment—is running properly so as to enable the
proper execution of transactions on those Applications scheduled to run on such
System and access to updated current data that is intended to be used in
conjunction with such Applications. |
|
2. |
|
“System Scheduled Uptime” shall mean the amount of minutes within the
applicable Measurement Window for the System as set forth in Exhibit B-1 (Service
Level Matrix). The hours of scheduled uptime are designated in the Service
Delivery Statement of Work. |
|
3. |
|
“System Downtime” shall mean the total time per calendar month out of
the System Scheduled Uptime, as measured in minutes, that the System for which
availability is being computed is not Available for Use. |
|
4. |
|
“Scheduled System Downtime” shall mean the total time per month that
this classification of server is allowed to be unavailable for use to ACI and/or
its clients so that the Vendor may perform routine maintenance. For High
Category servers [ * ] is acceptable ([ * ] is acceptable for those servers not
having the ability to do maintenance while the application remains available to the
client) but by [ * ], no Scheduled System Downtime will be the requirement to the
extent all HA Servers have the ability to do maintenance while the application
remains available to the client. |
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 1 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
1.1.2 |
|
Server Availability — Medium Category |
“Server Availability — Medium Category” shall mean, with respect to all designated Medium
Availability Servers (a) System Scheduled Uptime minus System Downtime, divided by (b)
System Scheduled Uptime with the result expressed as a percentage.
This Critical Service Level represents an average Availability for all servers meeting the
description of Non-HA Servers. During Transition, the Medium Availability Servers will be
identified and documented.
|
1. |
|
“Available for Use” with respect to all Medium Category Servers shall
mean that the System—including the processor and associated storage devices,
cabling, peripherals, and other equipment—is running properly so as to enable the
proper execution of transactions on those Applications scheduled to run on such
System and access to updated current data that is intended to be used in
conjunction with such Applications. |
|
2. |
|
“System Scheduled Uptime” shall mean the amount of minutes within the
applicable Measurement Window for the System as set forth in Exhibit B-1 (Service
Level Matrix). |
|
3. |
|
“System Downtime” shall mean the total time per calendar month out of
the System Scheduled Uptime, as measured in minutes, that the System for which
availability is being computed is not Available for Use. |
|
4. |
|
“Scheduled System Downtime” shall mean the total time per month that
this classification of server is allowed to be unavailable for use to ACI and/or
its clients so that the Vendor may perform routine maintenance. For Medium
Category servers this is to be [ * ] per month. |
1.1.3 |
|
Server Availability — Low Category |
“Server Availability — Low Category” shall mean, with respect to all designated Low
Category Servers (a) System Scheduled Uptime minus System Downtime, divided by (b) System
Scheduled Uptime with the result expressed as a percentage. In general Low Category
Servers are those utility or infrastructure servers residing in regional offices where
there are specific hours of operation.
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 2 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
This Critical Service Level represents an average Availability for all servers meeting the
description of Non-HA Servers. During Transition, the Server Availability — Low Category
Servers will be identified and documented.
|
1. |
|
“Available for Use” with respect to all Low Category Servers shall
mean that the System—including the processor and associated storage devices,
cabling, peripherals, and other equipment—is running properly so as to enable the
proper execution of transactions on those Applications scheduled to run on such
System and access to updated current data that is intended to be used in
conjunction with such Applications. |
|
2. |
|
“System Scheduled Uptime” shall mean the amount of minutes within the
applicable Measurement Window for the System as set forth in Exhibit B-1 (Service
Level Matrix). |
|
3. |
|
“System Downtime” shall mean the total time per calendar month out of
the System Scheduled Uptime, as measured in minutes, that the System for which
availability is being computed is not Available for Use. |
|
4. |
|
“Scheduled System Downtime” shall mean the total time per month that
this classification of server is allowed to be unavailable for use to ACI and/or
its clients so that the Vendor may perform routine maintenance. For Low
Availability servers this is to be [ * ] per month. |
1.1.4 |
|
Percent of Processing Delivered On-Time |
Processing Delivered refers to those Systems and schedules jobs identified by ACI during
Transition. Vendor will be responsible for those Systems and scheduled job steps
identified and the specific completion requirements.
Percent of Processing Delivered On Time is calculated as the total number of scheduled job
steps that complete within the scheduled batch processing measurement window for the month,
divided by the total number of scheduled batch job steps for the month with the result
expressed as a percentage.
Scheduled jobs include normally scheduled and recurring production jobs, as well as
production jobs that are run on an as-needed basis. Development, system test, and user
acceptance test jobs are not included. Only those job steps that complete outside the batch
Measurement Window are counted as not being delivered on time.
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 3 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
Example 1. Assume that there is one batch job, which contains 10 batch job steps, and the
job is scheduled each day during a 30-day month. On four of the runs during the month,
three of the runs have two job steps each that do not complete at their scheduled time, but
the entire batch job completes within the batch Measurement Window. On the remaining
exception run, the last job step does not complete successfully within the batch
Measurement Window. The calculation is as follows:
((10 job steps x 30 times) — 1)
/ (10 job steps x 30 times)
= 99.67%
1.1.5 |
|
System Backups Completed |
System Backups Completed is calculated as the total number of scheduled System Backups that
complete successfully within the scheduled time frame allowed for the month, divided by the
total number of scheduled System Backups for the month with the result expressed as a
percentage.
|
1.2 |
|
Performance Category — Incident Management |
1.2.1 |
|
Time to Respond — Severity 1 & 2 |
Time to Respond — Severity 1 & 2 is calculated as the percentage of Severity 1 & 2
Incidents reported to the Vendor Service Desk that are responded to within specified
minutes during the reporting period. Severity Level 1 (as defined in Exhibit B-4)
Incidents must be responded to within [ * ] and Severity Level 2 (as defined in Exhibit
B-4) Incidents must be responded to within [ * ].
1.2.2 |
|
Restoration of Service — Severity 1 Incidents |
Restoration of Service means that the Service or System has been restored to an operating
level that is consistent with its operation prior to the Incident.
Restoration of Service — Severity 1 Incidents is calculated as the percentage of Severity 1
Incidents reported to the Vendor Service Desk for which service has been restored or a
workaround moving the Severity 1 Incident to a Severity 2, 3 or 4 Incident within [ * ]
after the Incident was reported to the Vendor’s Service Desk during the reporting period.
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 4 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
1.2.3 |
|
Restoration of Service — Severity 2 Incidents |
Restoration of Service means that the Service or System has been restored to an operating
level that is consistent with its operation prior to the Incident.
Resolution of Severity 2 Incident is calculated as the percentage of Severity 2
Incidents reported to the Vendor Service Desk for which service has been restored within [
* ] after the Incident was reported to the Vendor’s Service Desk during the reporting
period.
1.2.4 |
|
Root Cause Problem Analysis |
Root Cause Problem Analysis & Resolution is calculated as the percentage of Root Cause
Problem Analysis (preliminary and final) that are successfully completed within the
timeframes as described below.
The preliminary Root Cause Problem Analysis is due to ACI according to the following
schedule:
Severity 1 within [ * ] of restoration of service
Severity 2 within [ * ] of restoration of service
Severity 3 & 4 — as requested by ACI within agreed upon timeframe
Final root cause analysis due within [ * ] or mutually agreed upon timeframe.
1.2.5 |
|
Severity 1 and 2 Problem Resolution |
Severity 1 and 2 Problem Resolution is calculated as the percentage of Severity Level 1 and
2 problem resolutions that are successfully implemented as per agreed upon timeframe within
the measurement period divided by the total number of problem resolutions that were
scheduled for implementation during the measurement period.
|
1.3 |
|
Performance Category — End User / Service Desk |
1.3.1 |
|
Service Desk Speed to Answer |
The Service Desk Speed to Answer Critical Service Level shall be the average time the
Service Desk responds to Calls from Authorized Users who select the option to speak to a
Service Desk agent.
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 5 of 15
The Service Desk Speed to Answer Critical Service Level shall be calculated as the total
number of Calls to the Service Desk during a month for which the Calls were answered by a
Service Desk Agent (after selection of the option on the automated menu to speak to a
Service Desk Agent) prepared to work on the problem without delay in less than 30 seconds
divided by the total number of Calls to the Service Desk that month that resulted in an
Authorized User selection of the option on the
automated unit’s menu to speak to a Service Desk Agent, with the result expressed as a
percentage to two (2) decimal places.
This Service Level shall be measured as the time between the Authorized User’s selection of
the option on the Voice Response Unit’s (VRU) menu to speak to a Service Desk Agent and the
time that a Service Desk Agent answers the Call.
1.3.2 |
|
Service Desk Call Non-Abandon Rate |
The Service Desk Call Non-Abandon Rate Critical Service Level shall be the percentage of
Authorized User calls that are not abandoned after either selecting Voice Response Unit to
speak to a Service Desk agent or the option to leave a voice mail message for the Service
Desk. The Service Desk Call Non-Abandon Rate Critical Service Level shall be calculated as
the total number of Calls in which an Authorized User selects either (i) option from the
Voice Response Unit (VRU) to speak to a Service Desk Agent, or (ii) selects option to leave
a voice mail message and then does not terminate the Call prior to answer by a Service Desk
Agent, divided by the total number of Calls placed to the Service Desk within a month, with
the result expressed as a percentage to two (2) decimal places.
Calls in which the Authorized User elects to leave a voice mail message initially instead
of waiting for a Service Desk representative shall be excluded from the measurement. Also,
Calls that are routed to automated messages will be excluded from the measurement.
1.3.3 |
|
Service Desk First-Call Incident Resolution |
The Service Desk First-Call Incident Resolution Critical Service Level will be the
percentage of calls resolved by the Service Desk that can be resolved on the first Call.
The Service Desk First-Call Incident Resolution Critical Service Level shall be calculated
as the total number of Calls that can be resolved on the first Call by the Service Desk
without escalation to Xxxxx 0, divided by the total number of Incidents that can be
resolved on the first Call received by the Service Desk during the month, with the result
expressed as a percentage to two (2) decimal places.
Call. For purposes of clarification, a Call shall be “actually resolved” during the
Authorized User’s first Call to the Service Desk, as used in the previous sentence, only if
the person who first answers the phone Call resolves the problem, not if the first person
who answers the phone Call passes off the caller to another party who resolves the problem.
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 6 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
All Problems with redirection to Xxxxx 0, or those that are Level 0 candidates, received by
the Service Desk will be included in the performance calculation and
will be tracked and reported separately. Vendor will also report on Xxxxx 0 redirects and
user adoption rate.
This metric will exclude service requests and only apply to Calls that can be resolved on
the first Call.
1.3.4 |
|
Hard IMAC Completion Time |
The Hard IMAC Completion Time Critical Service Level shall be calculated as the number of
Hard IMAC requests that were successfully completed within [ * ] of the receipt of the
Client-Approved Request at the Service Desk for Campus locations and [ * ] for remote
locations, divided by the total number of Hard IMAC requests received by the Service Desk
within a month, with the result expressed as a percentage to two percentage points. The
elapsed time will be measured as the time from the submission of a properly completed
Client-Approved Request to the Vendor’s Service Desk and the ACI’s acceptance of the
installation and proper performance of the System.
Completion time includes the time necessary to install, configure, test, and otherwise
implement Equipment and Software required to complete the IMAC request. IMACs will be
completed when the installation/move/add/change that was requested is ready for use by the
Authorized User per the request’s requirements.
A request for a Hard IMAC that involves different items for the same Authorized User (e.g.,
a change of the personal computer and a change in a peripheral device) shall constitute a
single IMAC, so long as the request for all such items is made on the same IMAC request and
all such items are requested to be made as of the same date.
Project IMACs and electronic software distributions are excluded from this service level
calculation.
Requests that require delivery of additional Equipment or software, which is not included
in the spare parts inventory, will not include the time waiting for delivery of the ordered
component as part of the completion time.
In the event all components are not available for installation as of the same date:
|
a. |
|
There will be a separate MAC for each item to be installed. |
|
b. |
|
These MACs will be excluded from the performance calculation. |
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 7 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
1.3.5 |
|
Service Desk/Deskside Support Request Completion Time |
The Service Desk/Deskside Support Request Completion Time Critical Service Level shall be
calculated as the number of support requests (requests as defined below) that were
successfully completed within the timeframes as indicated below, calculated from the
receipt of the request at the Service Desk, divided by the total number of these type of
requests received by the Service Desk within a month, with the result expressed as a
percentage to two percentage points. Each measurement below is to be tallied separately and
any failure to meet the service level of that particular measurement will constitute a
failure of that particular service level. The elapsed time will be measured as the time
from the receipt of the request at the Service Desk (with all required information being
supplied correctly to the Service Desk rep) and the user acknowledgement that the issue has
been resolved. This measure addresses the request types as defined in the listing below:
Exception requests will be measured against an agreed upon timeframe.
|
|
|
|
|
|
|
|
|
Desktop Support |
|
Measurement |
|
|
Measurement |
|
Measurement Description |
|
Value |
|
|
Frequency |
|
Exception Requests |
|
|
[ * ] |
|
|
|
[ * ] |
|
Centralized Supported Desktop
support — All locations (Campus,
Metro and Remote) |
|
|
[ * ] |
|
|
|
[ * ] |
|
Deskside Support / Software
Break/Fix — Campus |
|
|
[ * ] |
|
|
|
[ * ] |
|
Deskside Support / Software
Break/Fix — Metro |
|
|
[ * ] |
|
|
|
[ * ] |
|
Deskside Support / Software
Break/Fix — Remote |
|
|
[ * ] |
|
|
|
[ * ] |
|
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 8 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
1.3.6 |
|
Anti-Virus/Security Critical Updates |
Anti-Virus/Security Critical Updates - The anti-virus/security updates Critical Service
Level shall be calculated as follows: (a) the actual number of Supported
Servers updated with the critical anti-virus or security Software update within [ * ]of the
critical anti-virus or security Software update being available from the applicable third
party vendor divided by the number of Supported Servers available for the anti-virus or
security updates with the result expressed as a percentage to two (2) decimal points; and
(b) the actual number of connected clients (desktops/laptops) updated with the critical
anti-virus or security Software update within [ * ] of the critical anti-virus or security
Software being available on the connected clients (desktops/laptops) divided by the number
of number of connected clients (desktops/laptops) available for the anti-virus/security
Software updates with the result expressed as a percentage to two (2) decimal points.
|
1.4 |
|
Performance Category — Network Management |
1.4.1 |
|
Site Availability — Client to Prod Data Center |
The Service Level for Site Availability — Client to Prod Data Center is the percentage of
time the Data Center Locations are Available to ACI external clients using Vendor managed
circuits during the applicable Measurement Period. Critical Uptime for this Service Level
is determined by multiplying the total minutes in the Measurement Period by the existing
number of Client connections to the Data Center. Actual Uptime for this Service Level is
aggregate of the total minutes in the Measurement Period during which each connection is
Available. The Service Level calculation will be (the number of minutes the Data Center is
available to any external client connection) divided by (the total minutes in the
Measurement Period multiplied by the number of client connections Site Availability — Dev
Centers.
1.4.2 |
|
Site Availability — Dev Center |
The Service Level for Site Availability — Dev Center is the percentage of time the
Development Center Locations are Available during the applicable Measurement Period.
Critical Uptime for this Service Level is determined by multiplying the total minutes in
the Measurement Period by the then existing number of Locations. Actual Uptime for this
Service Level is aggregate of the total minutes in the Measurement Period during which each
Site is Available. The Service Level calculation will be (the number of minutes the
Development Center Locations are available) divided by (the total minutes in the
Measurement Period multiplied by the number Locations).
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 9 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
1.4.3 |
|
End to End Transaction Response Time — Retail |
End to End Response Time — Retail is calculated for the ACI retail Application
transactions as the average total response time to the client of all transactions executed
for the measurement period. Expected and minimum averages are as listed
in Exhibit B-1 Service Level Matrix. Vendor is only accountable for End to End Transaction
Response Time for those elements within its direct control.
This measure is the total response time observed by a user, including any network time.
Excluded within the measure is the average application processing time, calculated by ACI
using its application measuring tools, thereby holding the vendor accountable for the
infrastructure and networking component of the response time.
For example, assuming that the application transaction processing time is calculated by ACI
and validated by the Vendor to be [ * ], that the Vendor will be responsible for the
remainder of the transaction time.
1.4.4 |
|
Network Response Time — Client to Prod Data Center |
End-to-end Network Response Time is the average round trip propagation delay from client
router to Vendor data center router. These measurements will be taken every [ * ] on [ * ] basis
1.4.5 |
|
Network Response Time — Dev Centers |
End-to-end Network Response Time is the average round trip propagation delay from
development center routers to the Vendor data center router. These measurements will be
taken every [ * ] on [ * ] basis.
2.0 |
|
KEY MEASUREMENTS — INTRODUCTION |
This Section sets forth qualitative descriptions of the Key Measurements. The numerical
Minimum Service Levels, Expected Service Levels and commencement of obligations associated
with such Key Measurements are set forth in Exhibit B-1 (Service Level Matrix) to Schedule
B (Service Levels).
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 10 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
2.1 |
|
Performance Category — Incident Management |
2.1.1 |
|
Time to Respond — Severity 3 & 4 |
Time to Respond — Severity 3 & 4 is calculated as the percentage of Severity 3 & 4
Incidents allocated to Vendor by the Service Desk that are responded to within the
specified timeframes listed below during the reporting period. Severity 3 Incidents must
be responded to within [ * ] and Severity 4 Incidents must be responded to within [ * ]
2.1.2 |
|
Restoration of Service — Severity 3 & 4 Incidents |
Restoration of service means that the service or System has been restored to an operating
level that is consistent with its operation prior to the Incident.
Restoration of Service — Severity 3 & 4 Incidents is calculated as the percentage of
Severity 3 & 4 Incidents reported to the Vendor Service Desk for which service has been
restored within the following timeframes during the reporting period:
[ * ]
2.1.3 |
|
Severity 3 and 4 Problem Resolution |
Severity 3 and 4 Problem Resolution is calculated as the percentage of severity 3 and 4
problem resolutions that are successfully implemented as per agreed upon timeframe within
the measurement period divided by the total number of problem resolutions that were
scheduled for implementation during the measurement period.
|
2.2 |
|
Performance Category — Change Management |
2.2.1 |
|
Change Management Effectiveness |
The Change Management Effectiveness Service Level is calculated as the number of successful
scheduled promotion to production jobs for the month divided by the number of scheduled
promotion to production jobs for the month. Development, system test, and user acceptance
test jobs are not included. The integrity of code, meaning source matching prod binaries
is included in the definition of a successful promotion.
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 11 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
2.2.2 |
|
Timely Patch Application |
The Vendor will integrate, test, document, distribute, and install patches within the
prescribed timeframes as defined in the Process Interface Manual. This measurement is
calculated on a monthly basis.
Timely Patch Application is calculated as the total number of patches that were completed
during the period and within the prescribed timeframe divided by the total number of
patches expected to be completed during the period.
|
2.3 |
|
Performance Category — Reporting |
Report Delivery is calculated as the total number of reports that are delivered as
scheduled for the month, divided by the total number of scheduled reports for the month
with the result expressed as a percentage.
|
2.4 |
|
Performance Category — Project Management |
2.4.1 |
|
Milestones Delivered On-Time |
Milestones Delivered On-Time is calculated as the total number of Project Milestones
delivered in the period on or before the scheduled date divided by the total number of
Project Milestones expected to be completed during the reporting period. Milestones and
applicable completion criteria are identified prior to the start of each Project and
reported by Vendor during the period.
2.4.2 |
|
Proposals Delivered On-Time |
A Proposal is the initial investigation of an idea or concept to provide to ACI with the
required deliverables to decide whether the idea will be committed for further development
performed through a Project.
Proposals Delivered On-Time is calculated as the number of requested Proposals accepted as
completed on-time ([ * ]) by ACI during the period divided by the total number of Proposals
expected to be completed during the period.
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 12 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
2.5 |
|
Performance Category — Asset Management |
2.5.1 |
|
Hardware and Software Asset Management |
Vendor shall conduct an initial inventory, as described in Schedule A (Statement of Work).
Vendor shall maintain the accuracy of ACI’s Equipment and Software inventory (the “ACI
Inventory”) over the Term of the Agreement in accordance with the accuracy commitments
described in Schedule A (Statement of Work).
Upon reasonable prior written notice and subject to confidentiality and security policies
at Vendor Locations, ACI shall have the right to audit Vendor’s ACI
Inventory at any time during the Term of the Agreement to determine whether the ACI
Inventory satisfies the ACI Inventory Service Levels.
Measurement. The Hardware and Software Asset Management Service Level shall be measured as
the percentage of accuracy of ACI Inventory records in the ACI Inventory database.
The Hardware and Software Asset Management Service Level shall be calculated as the number
of randomly selected accurate ACI Equipment and/or ACI Software items, as applicable, for
which the inventory information required in for service delivery is accurately reflected in
Vendor’s ACI Inventory (as shown by ACI’s audit), divided by the total number of ACI
Equipment and/or ACI Software items measured in the audit, with the result expressed as a
percentage to two (2) decimal places.
|
2.6 |
|
Performance Category — User Satisfaction |
2.6.1 |
|
User Satisfaction Rating |
Measurement. The Service Desk Authorized User Satisfaction Rating Service Level shall be
the average rating on the Point of Service Customer Satisfaction Survey and the Executive
Customer Satisfaction Survey. The average satisfaction rating shall be [ * ].
Calculation. The Service Desk Authorized User Satisfaction Rating Service Level shall be
calculated as the average satisfaction rating on a [ * ] measured on each of the surveys
conducted. The Service Desk Authorized User Satisfaction Rating Service Level shall be
calculated by summing the satisfaction ratings for all survey responses, and dividing the
sum by the total number of responses received in the month, with the result expressed as an
average rating to two (2) decimal places. The annual Executive
Customer Satisfaction Survey results will be incorporated in the overall tally in the month
after its completion.
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 13 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
In general survey recipients will be asked to rate the services on the following scale: [ *
]. This Authorized User Satisfaction process is described in Schedule K — User
Satisfaction Survey.
|
2.7 |
|
Performance Category — Network Management |
2.7.1 |
|
Internet Connectivity |
Internet Connectivity is a measure of the availability of Internet connectivity between
each ACI site and the Internet. This calculation is the total number of sites multiplied
by the total
number of minutes of actual connectivity divided by the total number of possible minutes of
connectivity for the measurement period. [ * ]
WAN Outages is measured as the number of WAN outages (including any substantial degradation
of performance) experienced by any office during the measuring period.
2.7.3 |
|
Site Availability — Corporate Offices |
The Service Level for Corporate Offices (non-data center and non-development centers) is
the percentage of time the Corporate Office Locations are Available during the applicable
Measurement Period. Critical Uptime for this Service Level is determined by multiplying the
total minutes in the Measurement Period by the then existing number of Locations. Actual
Uptime for this Service Level is aggregate of the total minutes in the Measurement Period
during which each Site is Available.
2.7.4 |
|
Network Response Time — Corporate Offices |
End-to-end Network Response Time- Corporate Offices the average round trip propagation
delay from corporate Locations other than data center and development center Locations to
the data center Location. [ * ] The standards that are to be used for this calculation will
be the standards as published by the appropriate service provider (meaning the one
providing the actual circuit) An average calculation will be made for each point to point
circuit (i.e. router port to router port) using the samples collected during the measuring
period. The number of average calculations meeting or exceeding
the applicable standard will be divided by the total number of averages for the period,
with the result expressed in the form of two decimal places.
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 14 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
2.7.5 |
|
Internal VPN Access Response Time |
End-to-end Internal VPN Access Response Time is the average round trip propagation delay
across the Internal VPN managed by the Vendor from ACI office Location routers to the
Vendor data center routers. [ * ] The standards that are to be used for this calculation
will be the standards as published by appropriate service providers (e.g. [ * ]) in their
point to point specifications guides. An average calculation will be made for each point
to point circuit using the samples collected during the measuring period.
* * * * *
Confidential
Exhibit B-2 — Critical Service Levels and Key Measurements
Page 15 of 15
EXHIBIT B-3
CRITICAL DELIVERABLES
1.0 |
|
INTRODUCTION |
|
|
|
This Exhibit B-3 sets forth certain obligations of the Vendor regarding Critical
Deliverables. If the Vendor fails to deliver to ACI any Critical Deliverables as described
below in format and content specified in this Exhibit B-3, and such failure is solely as a
result of Vendor’s failure to perform its obligations, the associated Deliverable Credit
set forth in Exhibit B-1 (Service Level Matrix) will be paid to ACI. |
|
|
|
Unless otherwise specified below, the Vendor shall provide each Critical Deliverable set
forth in Exhibit B-1 (Service Level Matrix) to Schedule B (Service Levels) on or before the
date specified in Exhibit B-1 or this Exhibit B-3, as applicable. |
|
2.0 |
|
COMPLETE ANNUAL DR TEST — RE-TEST IF TEST FAILS |
|
|
|
The Vendor will complete a successful annual Disaster Recovery (DR) Test as described in
the Disaster Recovery Plan. If the DR Test fails and such failure was the result of Vendors
actions or inactions, the Vendor will at its expense re-test until the DR Test is
successful. The first annual test will be conducted on the anniversary of the Server
Systems Management Services Service Tower Commencement Date. |
|
3.0 |
|
DELIVER ANNUAL SAS 70 TYPE II REPORT |
|
|
|
The Vendor will deliver an annual SAS 70 Type II audit report as specified in Section 11.3
of the Master Services Agreement. |
|
4.0 |
|
PROVIDE PROCESS INTERFACE MANUAL/KNOWLEDGE BASE |
|
4.1 |
|
Provide Process Interface Manual |
|
|
|
Vendor shall deliver to ACI, on or before the required date indicated in Exhibit B-1
(Service Level Matrix), the completed and approved final Process Interface Manual which
will describe the following: |
|
• |
|
Organizational overview; |
|
|
• |
|
Performance management procedures; |
|
|
• |
|
Financial management procedures; |
|
|
• |
|
Contract management procedures; |
|
|
• |
|
Relationship management procedures; and |
|
|
• |
|
Vendor operational procedures. |
Confidential
Exhibit B-3 — Critical Deliverables
Page 1 of 3
Vendor shall demonstrate to ACI prior to the assumption of responsibilities for the Service
Desk, in accordance with the criteria specified in the Transition Plan, that it has
developed and implemented a comprehensive knowledgebase to support its Service Desk.
Included in the knowledgebase will be the major elements of the Process Interface Manual,
accessible to its Service Desk agents in an automated fashion.
5.0 |
|
PROVIDE INITIAL DISASTER RECOVERY PLAN |
Vendor will complete and deliver to ACI a Disaster Recovery Plan. This plan will address
the technology process and procedures the Vendor will implement to assist ACI in ensuring
continuity of IT Services to support any ACI or Vendor declared disaster or emergency. The
plan shall be consistent with Vendor’s methodology, and contain a level of detail normally
expected for efforts of this complexity.
6.0 |
|
COMPLETE INITIAL WALL TO WALL HARDWARE INVENTORY & INITIAL ELECTRONIC SOFTWARE INVENTORY |
The accuracy and timeliness of Vendor’s obligation to record inventories of hardware and
Software assets with each tracked separately for purposes of Critical Service Level
compliance) is essential to the satisfactory provision of Services. Vendor shall conduct an
inventory of ACI’s equipment and software assets, as described in Exhibit A-2 (Asset
Management) so as to meet the requirements set forth in Exhibit B-1 (Service Level Matrix).
Upon completion of the inventory Vendor shall provide the inventory to ACI for review and
approval. ACI shall have the right to audit the inventory within ten (10) business days of
the date that the inventory report, or mutually agreed upon portion of inventory report,
has been received.
The inventory, or portion of the inventory, submitted shall be deemed accepted at such time
as either (i) ACI sends notice as provided above that it accepts the inventory or (ii) ACI
fails to send a notice regarding such inventory within a ten (10) Business Day period
following receipt of the portion described above.
If the inventory report is provided in mutually agreed upon portions, with some portions
being provided earlier than others, the satisfaction of this deliverable will not be
complete until all portions have been provided, reviewed, and approved.
If Vendor fails to submit an entire inventory for the equipment and software as set forth
in Exhibit A-2 (Asset Management) on or before the date indicated in Exhibit B-1 (Service
Level Matrix), then the deliverable will be deemed to be missed and the Deliverable Credit
will become due.
Confidential
Exhibit B-3 — Critical Deliverables
Page 2 of 3
7.0 |
|
CONDUCT ANNUAL INVENTORY AND PROVIDE REPORT |
|
|
|
The Vendor will conduct on an annual basis the electronic Equipment and software inventory
as described in Exhibit A-2 Asset Management, and will provide the report to ACI. |
|
8.0 |
|
PROVIDE ANNUAL PLANNING REPORTS |
|
|
|
The Vendor will provide on an annual basis the annual planning reports as described in the
Statements of Work and Schedule S (Governance). |
|
9.0 |
|
DELIVER INITIAL MONTHLY REPORTS |
|
|
|
Vendor will deliver the first set of monthly reports including the Service Level reports in
accordance with the Service Level Methodology and Schedule R (Reports). The Service Level
report(s) will indicate Service Levels (Critical Service Levels, Critical Deliverables, and
Key Measurements) for which Vendor is responsible, the actual attainment of the associated
Expected Service Levels and Minimum Service Levels as well as attainment of the Critical
Deliverables and any Service Level Credit(s) that may apply. |
|
|
|
Vendor will provide standard report(s) after the completion of the second full calendar
month of providing Service after Service implementation has been completed. |
|
10.0 |
|
CONDUCT THREAT IDENTIFICATION SUMMARY ASSESSMENT |
|
|
|
The Vendor shall complete a vulnerability assessment at the level and frequency described
in Exhibit A-8 (Enterprise Security Management Services) and provide a report to ACI that
identifies any serious vulnerabilities along with a mitigation plan. |
|
11.0 |
|
DELIVERY OF A DETAILED TRANSITION PLAN |
|
|
|
Within 60 days after the Effective Date, Vendor is to provide a detailed Transition Plan. |
|
12.0 |
|
TRANSITION COMPLETION |
|
|
|
The Vendor will complete all stages of Transition by the applicable “Go-Live” date
specified in the Transition Plan in accordance with the completion criteria to be developed
during Transition. |
Confidential
Exhibit B-3 — Critical Deliverables
Page 3 of 3
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT B-4
SEVERITY LEVELS
INTRODUCTION
Each Incident and Problem will be assessed in terms of its impact upon the business of ACI
and the urgency with which ACI requires the Incident or Problem to be resolved or a work
around to be implemented. The Incident or Problem shall be assigned a Severity Level based
on this assessment along with any specific needs identified by ACI at the time of the
incident. Severity levels are assigned based on the Incident’s or Problem’s impact and
ACI’s agreement.
Changes to Severity Level classifications or designations can only done after consultation
with and agreement between ACI and Vendor.
This Exhibit B-4 sets forth qualitative descriptions of Severity Levels associated with the
Services.
An Incident or Problem will be assigned as “Severity Level 1” if the Incident or Problem is
characterized by the following:
• [ * ]
An Incident or Problem will be assigned as “Severity Level 2” if the Incident or Problem is
characterized by the following:
• [ * ]
An Incident or Problem will be assigned as “Severity Level 3” if the Incident or Problem is
characterized by the following:
• [ * ]
Confidential
Exhibit B-4 — Severity Levels
Page 1 of 2
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
An Incident or Problem will be assigned as “Severity Level 3” if the Incident or Problem is
characterized by the following:
The assignment of Severity Levels to an Incident or Problem will be recorded in the [ * ]. In the
event that an Incident or Problem is not resolved within the applicable resolution time set forth
in the Service Levels, such Incident or Problem [ * ].
Confidential
Exhibit B-4 — Severity Levels
Page 2 of 2
SCHEDULE C
CHARGES
In addition to the requirements specified in the Agreement, this Schedule C contains pricing and
financial provisions related to the Agreement and any associated Service Levels, and is valid in
the countries specified in the Agreement. The following Exhibits are attached to this Schedule C
and are hereby incorporated by reference:
|
• |
|
Exhibit C-1 (Base Charges, Baselines, ARC/RRC Rates and Termination Charges) -
Specifies the details of the Charges: the Monthly Base Charges for each Service, the
monthly resource baseline volume levels included in the Monthly Base Charges (“Resource
Volume Baselines”), the Charges related to performance of the Transition (“Transition
Fees”), the incremental Charges to ACI in the event that the number of Resource Units
utilized exceeds the Resource Volume Baselines (“ARC”), the incremental credits due to ACI
in the event that the number of Resource Units actually utilized are below the Resource
Volume Baselines (“RRC”), and defines the fees to be charged by the Vendor in the event of
termination for convenience by ACI (“Termination Charges”). |
|
• |
|
Exhibit C-2 (Financial Responsibility and Ownership Matrix) — This exhibit describes
the financial responsibility of ACI and the Vendor for functions and assets associated
with the Services. |
|
• |
|
Exhibit C-3 (Form of Invoice) — Sample of the invoice to be provided on a monthly basis
by Vendor. |
|
• |
|
Exhibit C-4 (Base Case) — Defines the financial scope of what is assumed by Vendor and
retained by ACI. This exhibit contains ACI’s projection of its expenses associated with
the Services if ACI were not to enter into this Agreement with the Vendor. |
Monthly Base Charges together with the Hardware and Software charges in Exhibit C-1 include all of
the Charges, including one-time Charges, required to perform the Services.
Confidential
Schedule C — Charges
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
2.1.1 |
|
This Schedule C defines the Resource Units, Charges, pricing provisions, Resource Volume
Baselines and the ARCs and RRCs should the actual volume of Resource Units utilized by ACI
vary from the Resource Volume Baselines. |
2.2 Transition Fees
The Transition Fees for Transition are set forth in Exhibit C-1.
[ * ]
2.3.1 |
|
General. The Monthly Base Charge for each contract month is set forth in Exhibit C-1, and
is the firm fixed Charge to ACI for Vendor’s provision of the Services for the applicable
Resource Volume Baselines after the applicable Service Tower Commencement Date, subject to the
provisions of this Schedule C. [ * ] |
2.3.2 |
|
Monthly Invoice. In accordance with the Agreement, Vendor shall invoice ACI on a monthly
basis for the Monthly Base Charges. |
The Resource Units associated with the Services are defined below:
[ * ] except as otherwise noted in Exhibit C-2, Financial Responsibility and Ownership Matrix.
The mainframe Services pricing is based on the Resource Volume Baselines contained in Exhibit
C-1.
The mainframe billable Resource Units are defined as follows:
[ * ]
1. [ * ]
2. [ * ]
3. [ * ]
4. [ * ]
5. [ * ]
6. [ * ]
2.4.2 [ * ] * Represents
seven pages of redacted text
Confidential
Schedule C — Charges
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
1. |
|
The Messaging Services pricing is based on the Resource Volume Baselines contained in
Exhibit C-1. |
|
2. |
|
The messaging billable Resource Units are defined as follows: |
|
|
2.4.4 |
|
Network Management Services |
|
1. |
|
The Network Management Services pricing is based on the Resource Volume Baselines
contained in Exhibit C-1. |
|
|
2. |
|
The Network Management billable Resource Units are defined as follows: |
|
|
|
2.1 |
|
WAN Management |
|
|
2.1.1. |
|
The WAN Management pricing is based on the Resource Volume
Baselines contained in Exhibit C-1. |
|
|
2.1.2. |
|
Vendor Managed |
|
|
2.1.2.1. |
|
Complex Device |
|
|
|
|
i.) [ * ] |
|
|
2.1.2.2. |
|
Standard Device |
|
|
|
|
i.) [ * ] |
|
|
2.1.2.3. |
|
Simple Device |
|
|
|
|
i.) [ * ] |
|
|
2.1.3. |
|
Vendor Owned and Managed |
|
|
2.1.3.1. |
|
Complex Device |
|
|
|
|
i.) [ * ] |
|
|
2.1.3.2. |
|
Standard Device |
|
|
|
|
i.) [ * ] |
|
|
2.1.3.3. |
|
Simple Device |
|
|
|
|
i.) [ * ] |
|
|
2.2 |
|
LAN Management |
|
|
2.2.1 |
|
The LAN Management pricing is based on the Resource Volume Baselines contained in
Exhibit C-1. |
|
|
2.2.2 |
|
Vendor Managed |
|
|
2.2.2.1 |
|
Complex Device |
|
|
|
|
i.) [ * ] |
|
|
2.2.2.2 |
|
Standard Device |
|
|
|
|
i.) [ * ] |
|
|
2.2.2.3 |
|
Simple Device |
|
|
|
|
i.) [ * ] |
|
|
2.2.3 |
|
Vendor Owned and Managed |
|
|
2.2.3.1 |
|
Complex Device |
|
|
|
|
i.) [ * ] |
|
|
2.2.3.2 |
|
Standard Device |
|
|
|
|
i.) [ * ] |
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
|
2.2.3.3 |
|
Simple Device |
|
|
|
|
i.) [ * ] |
|
|
2.3 |
|
Firewall Management |
|
|
2.3.1 |
|
The Firewall Management pricing is based on the Resource Volume Baselines contained in
Exhibit C-1. |
|
|
2.3.2 |
|
Vendor Managed |
|
|
2.3.2.1 |
|
Complex Device |
|
|
|
|
i.) [ * ] |
|
|
2.3.2.2 |
|
Standard Device |
|
|
|
|
i.) [ * ] |
|
|
2.3.2.3 |
|
Simple Device |
|
|
|
|
i.) [ * ] |
|
|
2.3.3 |
|
Vendor Owned and Managed |
|
|
2.3.3.1 |
|
Complex Device |
|
|
|
|
i.) [ * ] |
|
|
2.3.3.2 |
|
Standard Device |
|
|
|
|
i.) [ * ] |
|
|
2.3.3.3 |
|
Simple Device |
|
|
|
|
i.) [ * ] |
|
2.4 |
|
Network Management IMAC |
|
|
2.4.1 |
|
[ * ] |
|
|
2.4.2 |
|
[ * ] |
|
2.4.5 |
|
Network Transport Services |
|
1. |
|
The Network Transport Services pricing is based on the Resource Volume Baselines
contained in Exhibit C-1 |
|
|
2. |
|
The Network Transport billable Resource Units are defined as follows: |
|
|
2.1. |
|
MPLS Transport |
|
|
2.1.1. |
|
[ * ] |
|
|
2.1.2. |
|
The speeds for the above are as documented in Exhibit C-1. |
|
|
2.2. |
|
Other Connectivity |
|
|
|
|
[ * ] |
|
|
2.2.1 |
|
[ * ] |
|
|
2.2.2 |
|
The speeds for the above are as documented in Exhibit C-1. |
Confidential
Schedule C — Charges
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
2.3. |
|
Internet Connectivity |
|
|
2.3.1 |
|
[ * ] |
|
|
2.3.2 |
|
The speeds for the above are as documented in Exhibit C-1. |
|
1. |
|
The Security Services pricing is based on the Resource Volume Baselines contained in
Exhibit C-1. |
|
|
2. |
|
The Security billable Resource Units are defined as follows: |
|
|
2.1 |
|
[ * ] |
|
|
2.2 |
|
[ * ] |
|
|
2.3 |
|
[ * ] |
|
|
2.4 |
|
[ * ] |
|
|
2.5 |
|
[ * ] |
|
|
2.6 |
|
[ * ] |
|
|
2.7 |
|
[ * ] |
|
2.4.7 |
|
Disaster Recovery Services |
|
1. |
|
The Disaster Recovery Services pricing is based on the Resource Volume Baselines
contained in Exhibit C-1 |
|
|
2. |
|
The Disaster Recovery billable Resource Units are defined as follows: |
|
|
2.1 |
|
[ * ] |
|
|
2.2 |
|
[ * ] |
|
2.4.8 |
|
End-User Computing Services |
|
1. |
|
The End-User Computing Services pricing is based on the Resource Volume Baselines
contained in Exhibit C-1 |
|
|
2. |
|
[ * ] |
|
|
3. |
|
[ * ] |
|
|
4. |
|
[ * ] |
|
|
5. |
|
[ * ] |
|
1. |
|
The Help Desk Services pricing is based on the Resource Volume Baselines contained in
Exhibit C-1. |
|
|
2. |
|
The Help Desk billable Resource Units are defined as follows: |
|
|
2.1. |
|
Help Desk Services |
|
|
2.2 |
|
[ * ] |
|
|
3. |
|
[ * ] |
The Projects Charges are based on a Resource Volume Baseline of hours as defined in Exhibit C-1
Confidential
Schedule C — Charges
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
Vendor shall perform Projects requested and approved by ACI as part of the Services. The in-scope
resources (as delineated in the Base Case Exhibit C-4) have historically provided a level of
project work to ACI. As such, this volume of project work is included in the scope of Services and
is represented by a pool of hours (“Project Pool”).
Vendor work efforts that consist of the following activities would not be counted against the
Project Pool:
|
• |
|
IT work efforts that relate to Vendor’s support or maintenance (e.g., patches, memory
upgrades, or database re-indexing) of Equipment, Software or other elements of the ACI IT
environment used by Vendor to deliver the Services (including as necessary to meet Service
Levels); or |
|
• |
|
IT work efforts that relate to Vendor’s support, maintenance, enhancement or refresh of
Equipment, Software or other elements of the Vendor Service infrastructure used by Vendor
to deliver the Services (including as necessary to meet Service Levels) |
|
• |
|
IT work efforts that result in an increase in or new Resource Units consumed as
provided for in Schedule C |
Any new work activities that require Vendor to acquire additional or different resources, or new
work activities that affect Vendor’s ability to deliver Services according to the Service Levels
(e.g. ACI office moves, ACI data center build outs, and other activities as agreed by the Parties)
would be activities that are counted against the Project Pool.
|
2. |
|
As part of the Services, [ * ]. The Resource Volume Baseline for Projects can be adjusted
on an annual basis, based on a request by ACI, as a part of the annual technology planning
process. Any adjustment to the Resource Volume Baseline of Project hours will result in a
corresponding adjustment in the monthly service Charge for Projects with the calculation to
be based on the Base unit rates for Projects as defined in Exhibit C-1. In addition, in
Contract Year One, Vendor will provide an ARC rate for any hours requested by ACI in excess
of the Resource Volume Baseline. |
|
3. |
|
It is envisioned that the Vendor will perform most new infrastructure Projects using
hours from the Project Pool until such time that the hours are exhausted or that ACI
requests an alternative proposal. If and to the extent ACI authorizes Vendor to exceed the
applicable Baseline Project Hours in any Contract Year, ACI shall pay Vendor for such |
Confidential
Schedule C — Charges
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
additional FTEs at the rates specified in the rate card in Exhibit C-1.
At ACI’s request, Vendor shall provide fixed pricing for Projects without utilizing the
Baseline Project Hours. In such instances, the fixed price proposed by Vendor shall be no
less favorable to ACI than the price obtained by multiplying the FTE rates specified in the
Rate Card Tab set forth in Exhibit C-1 (“Rate Card”) by the projected level of effort.
|
4. |
|
[ * ] These Projects will be viewed as separate events requiring separate pricing.
Nothing in this provision should be interpreted as limiting ACI’s right to perform itself or
have third parties perform Projects regardless of their size. |
|
5. |
|
All Projects, regardless of whether the hours are to come from the Project Pool or from
the rate card, will be estimated and a cost estimate provided to ACI for approval prior to
work commencing. Where practical, the Vendor will provide fixed cost (or fixed hours)
pricing for a given Project. [ * ] |
|
6. |
|
For Projects that cannot be easily quantified at the outset, Vendor pricing may be
established, based on ACI written approval, on a time and materials basis utilizing the Rate
Card. |
|
|
7. |
|
[ * ] |
|
8. |
|
Vendor shall report monthly on Projects in accordance with Schedule R. Such reports
shall specify, among other things, the Vendor Charges, hours, resources and expenses for
each Project for the applicable month and Contract Year and any other pertinent information
reasonably requested by ACI. |
|
|
9. |
|
Items Not Separately Billable |
|
|
|
[ * ]
* Represents one page of redacted text |
3.0 |
|
ADDITIONAL AND REDUCED RESOURCE CHARGES (ARCS AND RRCS) |
3.1 |
|
The Vendor shall track the number of Resource Units actually utilized by ACI during [ * ] |
3.2 |
|
ARC — Additional Resource Charge: [ * ] |
Retained expenses are those expenses, which ACI will retain and pay directly. The initial
estimation of the retained expenses is shown under the “Retained” portion Exhibit C-4.
Confidential
Schedule C — Charges
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
The Parties may subsequently agree to treat a retained expense as a Pass-Through Expense.
5.0 |
|
INCENTIVES TO REDUCE COSTS |
ACI is continually seeking ways to reduce and minimize its expenses, including retained and
Pass-Through Expenses. Accordingly, ACI encourages the Service Provider to explore and identify
opportunities to improve the Services and reduce the cost of Services being provided under the
Agreement
The Service Provider will advise ACI’s IT management of each opportunity that is identified and
estimate the potential savings.
6.0 |
|
ECONOMIC CHANGE ADJUSTMENT |
6.3 |
|
The following indices are applicable to the Services provided by Vendor to ACI under the
Agreement. |
|
|
|
[ * ] |
|
6.4 |
|
[ * ] |
|
6.5 |
|
[ * ] |
|
6.6 |
|
[ * ] |
|
6.7 |
|
[ * ] * Represents one page of redacted text |
7.0 |
|
OTHER CHARGES, CREDITS, AND SERVICES |
|
7.1 |
|
Telecommunication Transport Charges |
|
|
|
Vendor will assume responsibility for the Charges for ACI to ACI [ * ] |
|
7.2 |
|
Third Party Charges |
|
|
|
Vendor will assume responsibility for all Charges for the [ * ] as of the Service Tower
Commencement Date. |
|
7.3 |
|
Termination Charges |
|
|
|
Exhibit C-1 sets forth the amounts payable by ACI in the event that ACI terminates the
Agreement under the circumstances specified in the Agreement. |
Confidential
Schedule C — Charges
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
8.1 |
|
Resource Unit Classification for New Technologies |
|
|
|
ACI and Vendor will review, on a quarterly basis, the impact of new technologies on the
existing Resource Units. Specifically, this is necessary for Resource Units that are
categorized into Complex, Standard, and Simple Devices. |
|
8.2 |
|
Vendor Travel |
|
|
|
[ * ] as specified in Schedule A (Statement of Work) and the Exhibit C-2 (Financial
Responsibility and Ownership Matrix). To the extent that ACI requires the Vendor to travel
for approved billable Projects, the Vendor will xxxx these travel related expenses as
Pass-Through Expenses. |
|
8.3 |
|
Rebadged Employee Equipment |
|
|
|
Rebadged Employees will continue to use their existing personal computer equipment and
software (subject to software license restrictions) until such point that Equipment or
Software is due for refresh. [ * ] The Vendor shall perform [ * ] (Statement of Work). [ * ] |
* * * *
Confidential
Schedule C — Charges
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE C-1
BASE CHARGES, BASELINES, ARC/RRC RATES AND TERMINATION CHARGES
* Represents
27 pages of redacted tabular data
ACI
Worldwide Confidential
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE C-2
FINANCIAL RESPONSIBILITY AND OWNERSHIP MATRIX
MEANING OF HEADINGS
[ * ]
* Represents
seven pages of redacted tabular data
|
|
|
|
|
|
ACI Worldwide Confidential
|
|
Meaning of Headings |
Page 1
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE C-2
FINANCIAL RESPONSIBILITY AND OWNERSHIP MATRIX
[ * ]
* Represents one page of tabular data
|
|
|
|
|
|
ACI Worldwide Confidential
|
|
Personnel |
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE SECURITIES EXCHANGE ACT
OF 1934.
SCHEDULE C-2
FINANCIAL RESPONSIBILITY AND OWNERSHIP MATRIX
[ * ]
* Represents one page of tabular data
|
|
|
|
|
|
ACI Worldwide Confidential
|
|
Equipment |
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE SECURITIES
EXCHANGE ACT OF 1934.
SCHEDULE C-2
FINANCIAL RESPONSIBILITY AND OWNERSHIP MARTIX
[ * ]
* Represents one page of tabular data
|
|
|
|
|
|
ACI Worldwide Confidential
|
|
Software |
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE SECURITIES
EXCHANGE ACT OF 1934.
SCHEDULE C-2
FINANCIAL RESPONSIBILITY AND OWNERSHIP MARTIX
[ * ]
* Represents one page of tabular data
|
|
|
|
|
|
ACI Worldwide Confidential
|
|
Facilities |
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE C-2
FINANCIAL RESPONSIBILITY AND OWNERSHIP MARTIX
[ * ]
* Represents one page of tabular data
|
|
|
|
|
|
ACI Worldwide Confidential
|
|
Other |
ACI WORLDWIDE, INC. HAS REQUESTED
THAT THE PORTIONS OF THIS DOCUMENT
DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE SECURITIES
EXCHANGE ACT OF 1934.
Exhibit C-3
FORM OF INVOICE
[ * ]
* Represents five pages of tabular data
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE SECURITIES
EXCHANGE ACT OF 1934.
EXHIBIT C-4
BASE CASE
[ * ]
* Represents
45 pages of redacted tabular data
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
DEFINITIONS
SCHEDULE D
Unless otherwise specified, all Section references are references to the Master Services Agreement.
|
|
|
1. |
|
[ * ] |
|
2. |
|
“ACI” is defined in the preamble to the Agreement, subject to Section 2.2. |
|
3. |
|
[ * ] |
|
4. |
|
“ACI Confidential Information” is defined in Section 15.3. |
|
5. |
|
“ACI Contract Executive” is defined in Section 12. |
|
6. |
|
“ACI Contractor Agreements” is defined in Section 5.2. |
|
7. |
|
“ACI Contractor Personnel” is defined in Section 5.2. |
|
8. |
|
“ACI Data” means all data regarding ACI’s personnel, subcontractors or other aspects of ACI’s business made available to Vendor or entered in any Software or Equipment, together with any data derived from such data, including Personally Identifiable Information. |
|
9. |
|
“ACI Equipment” means machines that are: (i) owned, leased or rented by ACI on or after the Effective Date; (ii) [ * ] |
|
10. |
|
“ACI Focal Point” means the individual designated by ACI to act as the single point of contact within a specified Services area or Location to whom Vendor may direct all communications related to such Services area. |
|
11. |
|
“ACI Indemnitees” is defined in Section 18.1. |
|
12. |
|
“ACI Information Security Requirements” is defined in Section 15.2. |
|
13. |
|
“ACI IT Standards” is defined in Section 3.9. |
|
14. |
|
“ACI Laws” is defined in Section 22.1. |
|
15. |
|
“ACI Office Space” is defined in Section 8.1. |
|
16. |
|
“ACI-Provided Product” means any equipment, system, program, product, or business process provided to Vendor by ACI under the Agreement [ * ]. |
|
17. |
|
“ACI Provided Technology” is defined in Section 18.2. |
|
18. |
|
“ACI Risk Control Requirements” is defined in Section 15.4. |
Confidential
Schedule D – Definitions
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
19. |
|
“ACI Software” means Software owned by ACI or its Affiliates. |
|
20. |
|
[ * ] |
|
21. |
|
“Adjustment” is defined in Section 11.2. |
|
22. |
|
[ * ] |
|
23. |
|
[ * ] |
|
24. |
|
“Agreement” means the Master Services Agreement to which this Schedule D is attached, including its Schedules, Exhibits and Attachments, as the same may be amended by the Parties from time to time. |
|
25. |
|
[ * ] |
|
26. |
|
“Applicable Law” means any United States and non-United States federal, state or local law (including common law), statute, ordinance, rule, regulation (including NASD rules, regulations and notices as well as any and all rules, pronouncements and interpretations issued by self regulatory authorities), order, decree writ, injunction, judgment, permit, governmental agreement, member advisory bulletins or decree of a government entity applicable to the Party or other entity indicated by the context, including, as applicable, to such Party’s or entity’s Affiliates, assets, directors, employees and agents in such capacities. |
|
27. |
|
[ * ] |
|
28. |
|
[ * ] |
|
29. |
|
[ * ] |
|
30. |
|
[ * ] |
|
31. |
|
“Auditors” is defined in Section 11.3. |
|
32. |
|
“Benchmarker” is defined in Section 13.7. |
|
33. |
|
“Business Day” means every Monday through Friday, [ * ] In the Agreement references to days that do not specifically refer to Business Days are references to calendar days and, unless otherwise provided, any specified number of days that expires on a day other than a Business Day will be automatically extended to the next following Business Day. |
|
34. |
|
“Business Hours” means the normal business hours for the facility being audited. |
|
35. |
|
[ * ] |
|
36. |
|
“Change Control Procedure” is defined in Section 3.10(b). |
|
37. |
|
“Changed Service Level” is defined in Section 9.6. |
Confidential
Schedule D – Definitions
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
38. |
|
“Charges” is defined in Section 13.1. |
|
39. |
|
“Code” is defined in Section 23.15. |
|
40. |
|
“Commencement Date” means the Effective Date or [ * ]. |
|
41. |
|
[ * ] |
|
42. |
|
[ * ] |
|
43. |
|
“Confidential Information” is defined in Section 15.3. |
|
44. |
|
[ * ] |
|
45. |
|
[ * ] |
|
46. |
|
“Contractual Change Control Procedure” is defined in Section 10.6. |
|
47. |
|
[ * ] |
|
48. |
|
“CPU” means central processing unit. |
|
49. |
|
[ * ] |
|
50. |
|
[ * ] |
|
51. |
|
[ * ] |
|
52. |
|
“Critical Service Levels” is defined in Section 9.3. |
|
53. |
|
“DASD” means direct access storage device. |
|
54. |
|
[ * ] |
|
55. |
|
[ * ] |
|
56. |
|
[ * ] |
|
57. |
|
“Data Owner” is defined in Section 22.5. |
|
58. |
|
[ * ] |
|
59. |
|
[ * ] |
|
60. |
|
“Developed ACI Software” is defined in Section 7.4. |
|
61. |
|
“Developed Vendor Software” is defined in Section 7.4. |
|
62. |
|
[ * ] |
Confidential
Schedule D – Definitions
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
63. |
|
[ * ] |
|
64. |
|
[ * ] |
|
65. |
|
[ * ] |
|
66. |
|
“Dispute Date” is defined in Section 20.1. |
|
67. |
|
“DM” is defined in Section 20.1. |
|
68. |
|
“DR/BC Plans” is defined in Section 19.5. |
|
69. |
|
[ * ] |
|
70. |
|
“Effective Date” is defined in the preamble to the Agreement. |
|
71. |
|
[ * ] |
|
72. |
|
“End User Equipment” means all workstations, terminals, printers and associated peripheral equipment located at Locations. |
|
|
73. |
|
“End User Locations” means locations at which the Services are received or used bythe End Users. |
|
74. |
|
“End User Services” means the Services set forth in Exhibit A-4 (End User Services) of Schedule A (Statement of Work) of the Agreement. |
|
75. |
|
“End Users” is defined in Section 3.10(a). |
|
76. |
|
“Enhancement Activities” is defined in Section 10.8. |
|
77. |
|
[ * ] |
|
78. |
|
“Equipment” means the [ * ]. Equipment includes the following: (i) computer equipment, including associated attachments, features, accessories, peripheral devices, front end devices, and other computer equipment, and (ii) telecommunications equipment, including private branch exchanges, multiplexors, modems, hubs, bridges, routers, switches and other telecommunications equipment. |
|
79. |
|
“Executive Steering Committee” is defined in Section 10.2. |
|
80. |
|
“Existing Third Party Systems Software” means Third Party Systems Software that exists on the Effective Date and was being utilized by ACI or its Affiliates immediately prior to the Effective Date [ * ]. |
|
81. |
|
[ * ] |
|
82. |
|
“Extraordinary Event” is defined in Section 13.5. |
Confidential
Schedule D – Definitions
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
83. |
|
[ * ] |
|
84. |
|
“Force Majeure Event” is defined in Section 19.6. |
|
85. |
|
“Go Live Date” means the last Service Tower Commencement Date. |
|
86. |
|
“Holidays” means the days specified in the Process Interface Manual. |
|
87. |
|
“I-9” is defined in Section 16.13. |
|
88. |
|
[ * ] |
|
89. |
|
“Including” and its derivatives (such as “include” and “includes”) means |
|
|
“including, without limitation.” This term is as defined, whether or not capitalized in the |
|
|
Agreement. |
|
90. |
|
[ * ] |
|
91. |
|
“Install, Move, Add, Change or IMAC” means Install, Move, Add, Change events. |
|
92. |
|
[ * ] |
|
93. |
|
“Intellectual Property Rights” means all rights, title, and interest arising under U.S. common and statutory law and the laws of other countries to all (i) patents and all filed, pending or potential applications for patents, including any reissue, reexamination, division, continuation, or continuation-in-part applications throughout the world now or hereafter filed; (ii) trade secret rights and equivalent rights (including know-how); (iii) copyrights, moral rights, other literary property or authors’ rights; (iv) proprietary indicia, trademarks, trade names, symbols, logos, or brand names; and (v) mask works and mask work rights. |
|
94. |
|
“Internet” means a worldwide network of TCP/IP-based networks. |
|
95. |
|
[ * ] |
|
96. |
|
[ * ] |
|
97. |
|
“IT” means information technology. |
|
98. |
|
“Joint Verification Period” is defined in Section 23.3. |
|
99. |
|
“Key Measurements” is defined in Section 9.7. |
|
100. |
|
“Key Rebadged Employees” is defined in Section 5.2. |
|
101. |
|
“Key Vendor Positions” is defined in Section 5.1. |
|
102. |
|
[ * ] |
|
103. |
|
[ * ] |
Confidential
Schedule D – Definitions
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
104. |
|
[ * ] |
|
105. |
|
[ * ] |
|
106. |
|
[ * ] |
|
107. |
|
[ * ] |
|
108. |
|
[ * ] |
|
109. |
|
“Location” means any location: [ * ]; and (ii) that is listed in Schedule P (Locations) of the Agreement. |
|
110. |
|
“Losses” means all losses, fines, punitive awards, monetary sanctions, restitution, liabilities, damages and claims, payable to unaffiliated third parties and/or governmental or regulatory agencies, and all related third-party costs and expenses. |
|
111. |
|
[ * ] |
|
112. |
|
[ * ] |
|
113. |
|
[ * ] |
|
114. |
|
“Mandatory Employment Period” is defined in Section 5.2. |
|
115. |
|
“Minimum Revenue Commitment” or “MRC” is defined in Section 3.6(a). |
|
116. |
|
[ * ] |
|
117. |
|
[ * ] |
|
118. |
|
[ * ] |
|
119. |
|
[ * ] |
|
120. |
|
“Monthly Performance Report” is defined in Section 10.3. |
|
121. |
|
[ * ] |
|
122. |
|
“New Entity” is defined in Section ý3.14. |
|
123. |
|
“New Services” is defined in Section 13.6. |
|
124. |
|
[ * ] |
|
125. |
|
[ * ] |
|
126. |
|
“Notice of Election” is defined in Section 18.4. |
Confidential
Schedule D – Definitions
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
127. |
|
“OEM” means original equipment manufacturer. |
|
128. |
|
[ * ] |
|
129. |
|
[ * ] |
|
130. |
|
“Party” means either ACI or Vendor and “Parties” means both ACI and Vendor. |
|
131. |
|
“Pass-Through Expenses” is defined in Section 13.2. |
|
132. |
|
“PDP” means pre delivery preparation. |
|
133. |
|
[ * ] |
|
134. |
|
“Performance Information” is defined in Section 9.7. |
|
135. |
|
“Personally Identifiable Information” means any nonpublic personal information, as defined under any Applicable Law. |
|
136. |
|
[ * ] |
|
137. |
|
“Potentially Rebadged Employees” is defined in Section 5.2. |
|
138. |
|
“Privacy Laws” means all Applicable Laws set forth in Section 22.5. |
|
139. |
|
“Procedures Manual” is defined in Section 10.5. [ * ] |
|
140. |
|
[ * ] |
|
141. |
|
[ * ] |
|
142. |
|
“Rebadged Employees” is defined in Section 5.2. |
|
143. |
|
[ * ] |
|
144. |
|
[ * ] |
|
145. |
|
[ * ] |
|
146. |
|
“Relocation Notice” is defined in Section 3.13. |
|
147. |
|
“Remote End User” means an End User who has only dial-up access to a LAN. |
|
148. |
|
“Required Consents” means such consents as may be required or desirable for the assignment to Vendor, or the grant to Vendor of rights of use, of resources provided for in the Agreement. |
|
149. |
|
[ * ] |
|
150. |
|
[ * ] |
Confidential
Schedule D – Definitions
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
151. |
|
[ * ] |
|
152. |
|
[ * ] |
|
153. |
|
“Retained Processes” is defined in Section 3.15. |
|
154. |
|
“Retained Systems” is defined in Section 3.15. |
|
155. |
|
“RMON” means remote network monitoring. |
|
156. |
|
“SAS 70 Type II Report” is defined in Section 11.3. |
|
157. |
|
“Schedule” means any of the schedules attached to the Agreement as the same may be amended by the Parties from time to time in accordance with the Agreement. |
|
158. |
|
[ * ] |
|
159. |
|
“Section 404” means Section 404 of SOX and the rules and regulations promulgated thereunder. |
|
160. |
|
“Security Plan” is defined in Section 15.2. |
|
161. |
|
[ * ] |
|
162. |
|
[ * ] |
|
163. |
|
[ * ] |
|
164. |
|
[ * ] |
|
165. |
|
[ * ] |
|
166. |
|
[ * ] |
|
167. |
|
“Service Level Credits” is defined in Section 9.3. |
|
168. |
|
[ * ] |
|
169. |
|
[ * ] |
|
170. |
|
[ * ] |
|
171. |
|
[ * ] |
|
172. |
|
“Service Levels” is defined in Section 9.1. |
|
173. |
|
“Service Locations” means locations at which Services are performed by any Vendor Personnel. |
Confidential
Schedule D – Definitions
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
174. |
|
[ * ] |
|
175. |
|
“Service Provider” is defined in Section 22.5. |
|
176. |
|
[ * ] |
|
177. |
|
[ * ] |
|
178. |
|
“Services” is defined in Section 3.1. |
|
179. |
|
[ * ] |
|
180. |
|
[ * ] |
|
181. |
|
[ * ] |
|
182. |
|
[ * ] |
|
183. |
|
[ * ] |
|
184. |
|
[ * ] |
|
185. |
|
[ * ] |
|
186. |
|
“Software Capital Costs” is defined in Section 6.5. |
|
187. |
|
“Software Operational Support Costs” is defined in Section 6.5. |
|
188. |
|
“SOX” means the Sarbanes Oxley Act of 2002, as amended, and the rules and regulations promulgated thereunder. |
|
189. |
|
[ * ] |
|
190. |
|
[ * ] |
|
191. |
|
[ * ] |
|
192. |
|
[ * ] |
|
193. |
|
[ * ] |
|
194. |
|
[ * ] |
|
195. |
|
[ * ] |
|
196. |
|
[ * ] |
|
197. |
|
[ * ] |
Confidential
Schedule D – Definitions
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
198. |
|
[ * ] |
|
199. |
|
[ * ] |
|
200. |
|
“Technology Plan” is defined in Section 10.8. |
|
201. |
|
“Term” is defined in Section 4.1. |
|
202. |
|
[ * ] |
|
203. |
|
“Termination/Expiration Assistance” is defined in Section 21.9. |
|
204. |
|
“Termination/Expiration Assistance Period” is defined in Section 21.9. |
|
205. |
|
“Third Party or Third Parties” means any entity or person other than Vendor and ACI and their respective Affiliates, directors, officers, and employees. |
|
206. |
|
[ * ] |
|
207. |
|
“Third Party Contracts” means agreements pursuant to which any third party agrees with Vendor, ACI or any of their Affiliates to provide products or services constituting or used in providing the Services, including contracts for the services of non-employee personnel to provide Services. [ * ] |
|
208. |
|
[ * ] |
|
209. |
|
[ * ] |
|
210. |
|
“Transformation” means the portion of the Transition Services detailed in the Transformation Plan. |
|
211. |
|
“Transformation Period” means the portion of the Transition Period during which the Transformation occurs. |
|
212. |
|
Transformation Plan” means the section of the Transition Plan that describes the transformation activities. |
|
213. |
|
“Transition” is defined in Section 3.8. |
|
214. |
|
[ * ] |
|
215. |
|
“Transition Period” means the period, defined in the Transition Plan, [ * ] |
|
216. |
|
“Transition Plan” is defined in Section 3.8. |
|
217. |
|
“Use” means to use, copy, maintain, modify, enhance or create derivative works. |
|
218. |
|
“User ID” means a string of characters (i.e., a user name or a password) that uniquely identifies a user to a system and enables access to a system or specific data residing on a system. |
Confidential
Schedule D – Definitions
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
219. |
|
[ * ] |
|
220. |
|
[ * ] |
|
221. |
|
“Vendor Developed IP” is defined in Section 7.4. |
|
222. |
|
“Vendor Focal Point” means the individual designated by Vendor to act as the single point of contact within a specified Services area or Location to whom ACI may direct all communications related to such Services area or Location. |
|
223. |
|
“Vendor” is defined in the preamble to the Agreement, subject to Section 2.2. |
|
224. |
|
“Vendor Indemnitees” is defined in Section 18.2. |
|
225. |
|
“Vendor Laws” is defined in Section 22.1. |
|
226. |
|
[ * ] |
|
227. |
|
“Vendor Preexisting IP” is defined in Section 7.4. |
|
228. |
|
“Vendor Delivery Project Executive” is defined in Section 5.1. |
|
229. |
|
[ * ] |
|
230. |
|
[ * ] |
|
231. |
|
[ * ] |
|
232. |
|
[ * ] |
|
233. |
|
“Vendor Transition Manager” is defined in Section 5.1. |
|
234. |
|
[ * ] |
|
235. |
|
[ * ] |
|
236. |
|
[ * ] |
|
237. |
|
[ * ] |
|
238. |
|
“Work Product” is defined in Section 7.4. |
|
239. |
|
[ * ] |
Confidential
Schedule D – Definitions
SCHEDULE E
INTENTIONALLY LEFT BLANK
SCHEDULE F
INTENTIONALLY LEFT BLANK
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE G
THIRD PARTY CONTRACTS
1. INTRODUCTION
This Schedule lists ACI’s Third Party Contracts for which Vendor will be financially and
administratively and operationally responsible as of the Service Tower Commencement Date.
This Schedule will be verified and updated, as required, during the Joint Verification
Period described in Section 23.3 of the Master Services Agreement.
2. LICENSES
2.1 Financial, Administrative and Operational Responsibility
[ * ]
* Represents
five pages of redacted tabular data
3.
OTHER CONTRACTS
3.1 Financial, Administrative and Operational Responsibility
[ * ]
* Represents
13 pages of redacted tabular data
Confidential
Schedule G — Third Party Contracts
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE H
EXISTING EQUIPMENT
1. Introduction
This Schedule H (Existing Equipment) sets out the existing Equipment lists, provided to Vendor by
ACI, as of the Effective Date, that Vendor will use to provide to the Services to ACI in accordance
with Section 3.7 of the MSA. This Schedule will be updated after the completion of a wall-to-wall
inventory.
2. Mainframe Existing Equipment
This following table lists the existing mainframe Equipment located in the [ * ]
[ * ]
3. Security Existing Equipment
This following table lists the existing security Equipment located in ACI Locations.
[ * ]
4. Midrange/Server Existing Equipment
The following Exhibits list the existing midrange/server Equipment.
|
• |
|
Exhibit H-1 (ACI US Midrange Inventory) |
|
• |
|
Exhibit H-2 (ACI Toronto Server Room Inventory) |
|
• |
|
Exhibit H-3 (EMEA Server Equipment) |
|
• |
|
Exhibit H-4 (ACI AP Midrange Inventory) |
5. Network Existing Equipment
Exhibit H-5 (Network Inventory) lists the existing Network Equipment.
6. End User Services Existing Equipment
The following table and Exhibit H-6 (People Counts by Location) list the existing End User machine
quantities.
[ * ]
Confidential
Schedule H — Existing Equipment
Page 1 of 3
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
7. Refresh Of Existing Equipment
The following table lists Vendor’s general Refresh plan for the existing Equipment.
[ * ]
More specifically, the Vendor will apply the following refresh schedule until all ACI hardware is
on the
standard schedule:
– [ * ]
Confidential
Schedule H — Existing Equipment
Page 2 of 3
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE SECURITIES
EXCHANGE ACT OF 1934.
EXHIBIT H-0
XXX XX XXXXXXXX XXXXXXXXX
[ * ]
* Represents
26 pages of redacted tabular data
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE SECURITIES EXCHANGE
ACT OF 1934.
EXHIBIT H-0
XXX XXXXXXX XERVER ROOM INVENTORY
[ * ]
* Represents
four pages of redacted tabular data
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED BY
BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE SECURITIES
EXCHANGE ACT OF 1934.
EXHIBIT H-3
EMEA SERVER EQUIPMENT
[ * ]
* Represents
14 pages of redacted tabular data
ACI WORLDWIDE, INC. HAS REQUESTED
THAT THE PORTIONS OF THIS DOCUMENT
DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED
UNDER THE SECURITIES EXCHANGE ACT OF
1934.
EXHIBIT H-4
ACI AP MIDRANGE INVENTORY
[ * ]
* Represents
four pages of tabular data
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT H-5
NETWORK INVENTORY
[ * ]
* Represents
seven pages of redacted tabular data
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT H-6
PEOPLE COUNTS BY LOCATION
[ * ]
* Represents
two pages of redacted tabular data
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE PORTIONS
OF THIS DOCUMENT DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE I
VENDOR SUPPORTED SOFTWARE
1. ACI Systems Software Introduction
This Schedule I (Vendor Supported Software) sets out the existing ACI Systems Software lists,
provided to Vendor by ACI, as of the Effective Date, that Vendor will use to provide the Services
to ACI as well as the Vendor System Software that Vendor will use to provide the Services. This
Schedule will be verified and updated after Transition.
2. Mainframe Existing ACI Systems Software
This following table lists the Mainframe Existing ACI Systems Software in use on the Existing
Mainframe Equipment at the [ * ].
[ * ]
* Represents
two pages of tabular data
3. Security/Asset Existing ACI Systems Software
This following table lists the Existing ACI Systems Software.
[ * ]
4. Midrange/Server Software
The following table list the Existing Midrange/Server ACI Systems Software.
[ * ]
* Represents
eight pages of tabular data
The following table lists the IBM software tools that Vendor will use to provide the Services.
[ * ]
Confidential
Schedule I — Vendor Supported Software
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE PORTIONS
OF THIS DOCUMENT DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT PURSUANT TO RULE
24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
5. Network Existing ACI Systems Software
The following table lists the Existing Network ACI Systems Software.
[ * ]
6. End User Services Existing ACI Systems Software
Exhibits I-1, Exhibit I-2, and Exhibit I-3 list the existing End User services ACI Systems
Software:
|
• |
|
Exhibit I-1 — Framingham Workstations |
|
• |
|
Exhibit I-2 — Xxxxxx Workstations |
|
• |
|
Exhibit I-3 — Omaha Workstations |
Confidential
Schedule I — Vendor Supported Software
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT
l-0
XXXXXXXXXX XXXXXXXXXXXX
[ * ]
* Represents
785 pages of redacted tabular data
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES
AND ASTERISKS BE ACCORDED CONFIDENTIAL
TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE SECURITIES EXCHANGE
ACT OF 1934.
EXHIBIT
l-0
XXXXXX XXXXXXXXXXXX
[ * ]
* Represents
496 pages of redacted tabular data
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT
l-3
OMAHA WORKSTATIONS
[ * ]
* Represents
947 pages of redacted tabular data
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
SCHEDULE J
ACI POLICIES AND PROCEDURES
TABLE OF CONTENTS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Page |
|
|
|
|
|
|
|
|
|
|
|
1. |
|
|
[ * ] |
|
|
2 |
|
|
2. |
|
|
Business Ethics Policy |
|
|
7 |
|
|
3. |
|
|
[ * ] |
|
|
14 |
|
|
4. |
|
|
[ * ] |
|
|
15 |
|
|
5. |
|
|
[ * ] |
|
|
25 |
|
|
6. |
|
|
[ * ] |
|
|
29 |
|
|
7. |
|
|
[ * ] |
|
|
32 |
|
|
8. |
|
|
[ * ] |
|
|
35 |
|
|
9. |
|
|
[ * ] |
|
|
38 |
|
|
10. |
|
|
[ * ] |
|
|
42 |
|
|
11. |
|
|
[ * ] |
|
|
47 |
|
|
12. |
|
|
[ * ] |
|
|
49 |
|
|
13. |
|
|
[ * ] |
|
|
54 |
|
|
14. |
|
|
[ * ] |
|
|
60 |
|
|
15. |
|
|
[ * ] |
|
|
63 |
|
|
16. |
|
|
[ * ] |
|
|
65 |
|
|
17. |
|
|
[ * ] |
|
|
68 |
|
|
18. |
|
|
[ * ] |
|
|
71 |
|
|
19. |
|
|
[ * ] |
|
|
74 |
|
|
20. |
|
|
[ * ] |
|
|
79 |
|
|
21. |
|
|
[ * ] |
|
|
81 |
|
|
22. |
|
|
[ * ] |
|
|
114 |
|
|
23. |
|
|
[ * ] |
|
|
126 |
|
|
24. |
|
|
[ * ] |
|
|
131 |
|
|
25. |
|
|
[ * ] |
|
|
135 |
|
|
26. |
|
|
[ * ] |
|
|
136 |
|
|
27. |
|
|
[ * ] |
|
|
138 |
|
|
28. |
|
|
[ * ] |
|
|
140 |
|
|
29. |
|
|
[ * ] |
|
|
142 |
|
|
|
|
|
|
|
|
|
|
|
|
|
Confidential |
|
|
|
|
Schedule J – ACI Policies and Procedures
|
|
Page 1 of 144 |
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
[ * ]
* Represents
6 pages of redacted text
|
|
|
|
|
|
|
|
|
|
|
|
Confidential |
|
|
|
|
Schedule J — ACI Policies and Procedures
|
|
Page 2 of 144 |
ACI WORLDWIDE BUSINESS ETHICS POLICY
Policy Number 7-400
Revision Date — 21 November 2007
|
|
|
|
|
Policy Contact |
|
|
Information: |
|
This Policy Applies To: |
|
|
|
|
|
Xxxxxx Xxxxxx
|
|
Group
|
|
Except |
|
|
|
|
|
mailto:xxxxxxx@XXXxxx.xxx
|
|
þ All Contractors |
|
|
|
|
|
|
|
(000) 000-0000
|
|
o USA-based Contractors |
|
|
|
|
|
|
|
|
|
o Omaha-based Contractors |
|
|
|
|
|
|
|
|
|
o IT Support Staff — Omaha-based |
|
|
|
|
|
|
|
|
|
o IT Support Staff — All Locations |
|
|
|
|
|
|
|
|
|
þ Other: Authorized Non-contractors |
|
|
|
|
|
|
|
ACI WORLDWIDE CORP
CODE OF BUSINESS CONDUCT AND ETHICS
This policy is in addition to ACI’s Code of Ethics for the Company’s Chief Executive Officer
and Senior Financial Officers (Policy 7-410).
Introduction
This Code of Business Conduct and Ethics describes the basic principles of conduct that we
share as officers and contractors of Transaction Systems Architects, Inc. (“we” or the “Company”).
This Code also applies to our directors. Violation of this Code may result in disciplinary action,
varying from reprimand to dismissal. ACI contractors will annually review the ACI Code of Business
Conduct and Ethics and acknowledge this review per local Human Resources practice.
This Code is intended to provide a broad overview of basic ethical principles that guide our
conduct. In some circumstances, we maintain more specific policies on the topics referred to in
this Code. Should you have any questions regarding these policies, please review the policies
posted on the Company’s intranet (i4) or contact a member of the Human Resources department.
|
|
|
|
|
|
|
|
|
|
|
|
Confidential |
|
|
|
|
Schedule J — ACI Policies and Procedures
|
|
Page 7 of 144 |
Compliance with Laws, Rules and Regulations
Our policy is to comply with all laws, rules, and regulations of the places where we do
business. No contractor, officer or director of the Company shall commit an illegal or unethical
act, or instruct others to do so, for any reason. If a law, rule or regulation is unclear, or
conflicts with a provision of this Code, you should seek advice from supervisors or our General
Counsel, but always seek to act in accordance with the ethical standards described in this Code.
Conflicts of Interest
We conduct our business affairs in the best interest of the Company and should therefore avoid
situations where our private interests interfere in any way with the Company’s interests or could
improperly influence our work, business decisions or actions. We need to be especially sensitive
to situations that have even the appearance of impropriety and promptly report them to a
supervisor, or if appropriate, a more senior manager. If you believe that a transaction,
relationship or other circumstance creates or may create a conflict of interest, you should
promptly report this concern in the manner provided in this Code. It is our policy that
circumstances that pose a conflict of interest for our contractors are prohibited unless a waiver
is obtained from our General Counsel. Consistent with Nasdaq listing requirements, and as further
described below, any waiver of this conflict of interest policy for a director or executive officer
may only be made by our Board or a committee of our Board, and any such waiver will be promptly
disclosed in accordance with applicable law and listing Nasdaq requirements.
Record-Keeping
We require honest and accurate recording and reporting of information in order to make
responsible business decisions. We document and record our business expenses accurately.
Questionable expenses should be discussed with the appropriate personnel in our accounting
department.
All of our books, records, accounts, and financial statements are maintained in reasonable
detail, appropriately reflect our transactions, and conform both to applicable legal requirements
and to our system of internal controls. Unrecorded or “off the books” funds or assets should not
be maintained unless permitted by applicable law or regulation.
The disposal or destruction of the Company’s records and files is not discretionary with any
contractor. The Company’s requirements for record retention are further outlined in the Company’s
Record Retention Policy. In addition, when matters such as litigation (actual or threatened),
government inquiries, investigations or audits are pending or reasonably expected, we will not
destroy any relevant records until such matter is closed, and then only in accordance with the
Company’s Records Retention Policy.
We avoid exaggeration, derogatory remarks, guesswork, or inappropriate characterizations of
people and companies in our business records and communications. We maintain our records according
to our record retention policies. In accordance with those policies, in the event of litigation or
governmental investigation, please consult our General Counsel.
|
|
|
|
|
|
|
|
|
|
|
|
Confidential |
|
|
|
|
Schedule J — ACI Policies and Procedures
|
|
Page 8 of 144 |
Public Reporting
We are a public company and as a result file reports and other documents with the Securities
and Exchange Commission (SEC) and Nasdaq. As well, we issue press releases and make other public
statements that include financial and other information about our business, financial condition and
results of operations. We endeavor to make full, fair, accurate, timely and understandable
disclosure in reports and documents we file with, or submit to, the SEC and Nasdaq and in our press
releases and public communications.
We require cooperation and open communication with our internal and outside auditors. It is
illegal to take any action to fraudulently influence, coerce, manipulate, or mislead any internal
or external auditor engaged in the performance of an audit of our financial statements.
The laws and regulations applicable to filings made with the SEC, including those applicable
to accounting matters, are complex. While the ultimate responsibility for the information included
in these reports rests with senior management, numerous other contractors participate in the
preparation of these reports or provide information included in these reports. We maintain
disclosure controls and procedures to ensure that the information included in the reports that we
file or submit to the SEC is collected and communicated to senior management in order to permit
timely disclosure of the required information.
If you are requested to provide, review or certify information in connection with our
disclosure controls and procedures, you must provide the requested information or otherwise respond
in a full, accurate and timely manner. Moreover, even in the absence of a specific request, you
should report to your supervisor or a more senior manager any information that you believe should
be considered for disclosure in our reports to the SEC.
If you have questions or are uncertain as to how our disclosure controls and procedures may
apply in a specific circumstance, promptly contact your supervisor or a more senior manager. We
want you to ask questions and seek advice. Additional information regarding how to report your
questions or concerns (including on a confidential, anonymous basis) is included below in this Code
under the heading “Reporting Illegal or Unethical Behavior.”
Xxxxxxx Xxxxxxx
We do not trade in Company stock on the basis of material, non-public information concerning
the Company, nor do we “tip” others who may trade in Company securities. Please refer to our stock
transaction policies for more detailed information about our policies in this area.
Corporate Opportunities
We do not personally take opportunities that are discovered through the use of Company
property, information or position without the prior consent of our Board. Our directors, officers,
and contractors are also prohibited from competing with the Company.
|
|
|
|
|
|
|
|
|
|
|
|
Confidential |
|
|
|
|
Schedule J — ACI Policies and Procedures
|
|
Page 9 of 144 |
Competition and Fair Dealing
We outperform our competition fairly and honestly by developing leading solutions and
technology based on design and performance. We do not engage in unethical or illegal business
practices such as stealing proprietary information, possessing trade secret information that was
obtained without the owner’s consent, or inducing disclosure of this type of information by past or
present contractors of other companies. Each contractor, officer and director of the Company
should endeavor to deal fairly with customers, suppliers, competitors, the public and one another
at all times and in accordance with ethical business practices.
Business Entertainment and Gifts
We recognize that business entertainment and gifts are meant to create goodwill and sound
working relationships, not to gain unfair advantage with customers or suppliers. Neither we nor
our family members offer, give, or accept any gift or entertainment unless it: (a) is not a cash
gift, (b) is consistent with customary business practices, (c) is not excessive in value, (d)
cannot be construed as a bribe or payoff, and (e) does not violate any laws or regulations. Any
questionable gift or invitation should be discussed with a supervisor, or, if appropriate, a more
senior manager.
Discrimination and Harassment
The diversity of our contractors is a tremendous asset. We provide equal opportunity in all
aspects of employment and will not tolerate discrimination or harassment of any kind. Derogatory
comments based on racial or ethnic characteristics, unwelcome sexual advances and similar behavior
are prohibited.
Health and Safety
We strive to provide a safe and healthful work environment. We ensure a safe and healthy work
environment by following safety and health rules and practices and promptly reporting accidents,
injuries, unsafe conditions or other violations or potential violations of applicable OSHA
standards to a supervisor or more senior manager.
We do not permit violence or threatening behavior in our workplaces. We report to work in
condition to perform our duties at our best, free from the influence of illegal drugs or alcohol.
We do not tolerate the use of illegal drugs in the workplace.
Confidentiality
We protect confidential information. Unauthorized use or distribution of confidential
information is prohibited and could also be illegal, resulting in civil or even criminal penalties.
Confidential information includes proprietary information such as our trade secrets, patents,
trademarks, copyrights, business, marketing plans, sales forecasts, engineering ideas, designs,
databases, records, salary information, and unpublished financial data and reports, as well as any
non-public information that might be of use to competitors or harmful to us or our customers if
disclosed. It also includes information that
suppliers, customers and other business partners have entrusted to us on a confidential basis.
Our personal obligation not to disclose confidential information continues even after employment
ends.
|
|
|
|
|
|
|
|
|
|
|
|
Confidential |
|
|
|
|
Schedule J — ACI Policies and Procedures
|
|
Page 10 of 144 |
Protection and Proper Use of Company Assets
Theft, carelessness, and waste of Company assets have a direct impact on our profitability and
should be avoided. Any suspected incident of fraud or theft should be immediately reported to a
supervisor or, if appropriate, a more senior manager for investigation.
Payments to Government Personnel
In compliance with the United States Foreign Corrupt Practices Act, we do not give anything of
value, directly or indirectly, to officials of foreign governments or foreign political candidates
in order to obtain or retain business. We do not promise, offer, or deliver to any foreign or
domestic government contractor or official any gift, favor, or other gratuity that would be
illegal. Our General Counsel can provide guidance in this area.
The laws or customs of other countries in which we operate may be less clear. It is our
policy to comply with those laws or customs; however, if a local law or custom seems to contradict
the principles described in this Code, contact a supervisor or our General Counsel for guidance.
Waivers
Consistent with Nasdaq listing requirements, only our Board or a committee of our Board may
waive a provision of this Code for our executive officers or directors, and any waiver will be
promptly disclosed to the public in accordance with applicable law and Nasdaq listing requirements.
Waivers of this Code for any other contractor may be made only by our General Counsel, and then
only under special circumstances.
Reporting Illegal or Unethical Behavior
In order to encourage good faith reports of illegal or unethical behavior (including
violations of this Code), we keep all reports confidential and do not allow retaliation for reports
of misconduct by others. It is also our duty to cooperate in internal investigations of alleged
misconduct.
We must all work to ensure prompt and consistent action against unethical or illegal behavior.
Oftentimes a violation of this Code will be easy to recognize and should be promptly reported as
described in the answer to Question 6 below. However, in some situations it is difficult to know
right from wrong. Since none of us can anticipate every situation that will arise, it is important
that we have a way to approach a new or sensitive question or concern. Here are some questions
that can be asked:
|
|
|
|
|
|
|
|
|
|
|
|
Confidential |
|
|
|
|
Schedule J — ACI Policies and Procedures
|
|
Page 11 of 144 |
What do I need to know? In order to reach the right solutions, we must be as fully
informed as possible.
What specifically am I being asked to do? Does it seem unethical or improper? This will
focus the inquiry on the specific action in question, and the available alternatives. Use judgment
and common sense; if something seems unethical or improper, it probably is.
What is my responsibility? In most situations, there is shared responsibility. Should
colleagues be informed? It may help to get others involved and discuss the issue.
Should I discuss the issue with a supervisor? In many cases, a supervisor will be more
knowledgeable about the question and will appreciate being brought into the decision-making
process. Remember that it is the supervisor’s responsibility to help solve problems.
Should I seek help from Company management? In the case which it may not be appropriate to
discuss an issue with a supervisor, or where you would not be comfortable approaching a supervisor
with your question, consider discussing it with your office manager or a member of the Human
Resources department. If for some reason you do not believe that your concerns have been
appropriately addressed, you can seek advice from our General Counsel.
How should I report instances of questionable behavior by contractors, officers or directors
(including possible violations of this Code)? For those who wish to remain anonymous, you can
submit your concern:
|
(i) |
|
The Company’s General Counsel, at 000 X. 000xx
Xxxxxx, Xxxxx, XX 00000-00000000; or |
|
|
(ii) |
|
The Chairman of the Company’s Audit Committee,
at 000 X. 000xx Xxxxxx, Xxxxx, XX 00000-00000000. |
|
B. |
|
By anonymously contacting the third-party service provider
identified in the Company’s Whistleblower Protection Policy. That service
provider will notify the Company’s senior officers of any report but will not
disclose the identity of the reporting person if that person requests
anonymity. |
An anonymous report should provide enough information about the incident or situation to allow
the Company to investigate properly. If concerns or complaints require confidentiality, including
keeping an identity anonymous, we will endeavor to protect this confidentiality, subject to
applicable law, regulation and legal proceedings.
For those who do not choose to remain anonymous, please:
|
A. |
|
Initially address your concern with either your supervisor or a
member of the Human Resources department. |
|
|
|
|
|
|
|
|
|
|
|
|
Confidential |
|
|
|
|
Schedule J — ACI Policies and Procedures
|
|
Page 12 of 144 |
|
B. |
|
If at any time you are not satisfied that your concern is being
adequately addressed, you should bring the matter to the attention of the
Company’s General Counsel. |
|
|
C. |
|
If you are still unsatisfied with the resolution of, or
attention to, the matter, you should contact the Chairman of the Audit
Committee. |
Your matter will be addressed confidentially to the extent practicable and with anonymity to
the extent you desire and to the extent practicable.
Compliance and Enforcement
All contractors, directors and officers are expected to comply with all of the provisions of
this Code, and the Company recognizes the need for this Code to be applied equally to everyone it
covers. The Code will be strictly enforced throughout the Company and violations will be dealt
with immediately. Violations of the Code that involve illegal behavior will be reported to the
appropriate authorities.
Our General Counsel has primary authority and responsibility for administering this Code,
investigating alleged violations and determining corrective and disciplinary action, subject to the
supervision of the Audit Committee of our Board. Depending on the circumstances, in some cases
senior managers and other officers will be involved to consider and determine the appropriate
corrective or disciplinary action. In some cases, the Audit Committee or the full Board will be
responsible for conducting the investigation and determining actions to be taken. The Company will
devote the necessary resources to enable the General Counsel to establish such procedures as may be
reasonably necessary to create a culture of accountability and facilitate compliance with this
Code. The General Counsel will periodically report violations of this Code and the corrective
actions taken to the Audit Committee.
The Company strives to impose discipline for each violation of this Code that fits the nature
and particular facts of the violation. The Company generally will issue warnings or reprimands for
less significant, first-time offenses. Violations of a more serious nature may result in an action
such as suspension without pay, demotion, or reduction of compensation. Termination of employment
generally is reserved for conduct such as theft or other violations amounting to a breach of trust,
or for cases where a person has engaged in multiple violations. Termination may also be
appropriate for ethical violations if the contractor has had appropriate training and consciously
chooses to pursue unethical behavior. Violations of this Code are not the only basis for
disciplinary action. The Company has additional guidelines and procedures governing conduct, and
violations of those guidelines and procedures may also result in corrective or disciplinary action.
Retaliation against any contractor for good faith reporting of violations of this Code is
strictly prohibited. Any such retaliation will be treated as a serious violation of this Code.
Questions concerning this Code should be directed to our General Counsel.
|
|
|
|
|
|
|
|
|
|
|
|
Confidential |
|
|
|
|
Schedule J — ACI Policies and Procedures
|
|
Page 13 of 144 |
Conclusion
The Company’s good name and reputation depend, to a very large extent, upon your taking
personal responsibility for maintaining and adhering to the policies and guidelines set forth in
this Code. Your business conduct on behalf of the Company must be guided by the policies and
guidelines set forth in this Code.
* * * * *
Consistent with applicable laws and regulations, this Code will be included on the Company’s
website and will be made available upon request sent to the Company’s Secretary. The Company’s
annual report to stockholders will state that this Code is available on the Company’s website and
will be made available upon request sent to the Company’s Secretary.
The undersigned acknowledges that he/she has received and read this Code of Business Conduct and
Ethics.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signature
|
|
Date
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Print Name
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Confidential |
|
|
|
|
Schedule J — ACI Policies and Procedures
|
|
Page 14 of 144 |
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
[ * ]
* represents 130 pages of redacted text
|
|
|
|
|
|
|
|
|
|
|
|
Confidential |
|
|
|
|
Schedule J — ACI Policies and Procedures
|
|
Page 15 of 144 |
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE K
USER SATISFACTION SURVEY GUIDELINES
This Schedule describes the requirements related to customer satisfaction surveys.
ACI will have overall review and approval of the customer satisfaction surveys, to include input
and approval of the survey recipients, the survey methodology, and the survey questions.
|
a. |
|
Vendor’s responsibilities include the following: |
|
(1) |
|
During Transition, develop and submit for ACI’s approval a complete
and comprehensive customer satisfaction survey process, including the content and
format of each customer satisfaction survey (each, a “Survey”). Such process
shall be deemed to be the “Survey Process” for purposes of this Agreement. |
|
|
(2) |
|
Conduct Surveys for the following categories of End Users: |
|
(3) |
|
At ACI’s request, work with the Executive Steering Committee and/or
the Management Committee to determine the list of ACI personnel and other End
Users to be included in each Survey; provided that the individuals to be included
in any Survey (the “Participants” for such Survey) shall be subject to the ACI’s
written approval. |
|
|
(4) |
|
Conduct each Survey for its Participants in accordance with the
Survey Process and any ACI-approved materials and methodologies specific to such
Survey, using tools agreed upon by the Parties. |
|
|
(5) |
|
[ * ] |
|
|
(6) |
|
Measure customer satisfaction in all Surveys for a selection of the
following general attributes: |
|
|
(a) |
|
[ * ] |
|
|
(b) |
|
[ * ] |
|
|
(c) |
|
[ * ] |
|
|
(d) |
|
[ * ] |
|
|
(e) |
|
[ * ] |
|
|
(f) |
|
[ * ] |
|
|
(g) |
|
[ * ] |
|
|
(h) |
|
[ * ] |
|
|
(7) |
|
At ACI’s direction and in cooperation with ACI, use the Survey
results to plan and implement measurable improvements to those portions of the
Services requiring attention (provided that any such improvements to the Services
shall be subject to ACI’s written approval). |
|
|
(8) |
|
In response to a pattern of issues raised by each Survey, promptly
prepare and provide to ACI a set of recommendations for Vendor to further improve
its provision of the Services. |
|
|
(9) |
|
Work in good faith with ACI to remedy issues or concerns raised in
each Survey. |
Confidential
Schedule K — User Satisfaction Survey Guidelines
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
3. |
|
EXECUTIVE CUSTOMER SATISFACTION SURVEYS |
|
a. |
|
The Vendor’s responsibilities include the following:
|
|
(1) |
|
[ * ] |
|
|
(2) |
|
[ * ] |
|
|
(3) |
|
[ * ] |
|
|
(4) |
|
[ * ] |
|
|
(5) |
|
Report the results of the Survey in writing (in a format acceptable
to ACI) to the ACI Contract Executive within thirty (30) Business Days after the
completion of the Survey. |
|
|
(6) |
|
Along with ACI, conduct follow-on reviews as requested by the ACI
Contract Executive, including reviewing the results of Executive Customer
Satisfaction Surveys in the next Executive Steering Committee meeting. |
4. |
|
NON-EXECUTIVE CUSTOMER SATISFACTION SURVEYS |
|
a. |
|
The Vendor’s responsibilities include the following: |
|
(1) |
|
[ * ] |
|
|
(2) |
|
[ * ] |
|
|
(3) |
|
[ * ] |
|
|
(4) |
|
[ * ] |
|
|
(5) |
|
Report the results of the Survey in writing (in a format acceptable
to ACI) to the ACI Contract Executive within thirty (30) Business Days after the
completion of the Survey. |
|
|
(6) |
|
Along with ACI, conduct follow-on reviews as requested by the ACI
Contract Executive, including reviewing the results of non-Executive Customer
Satisfaction Surveys in the next Executive Steering Committee meeting. |
5. |
|
POINT-OF-SERVICE CUSTOMER SATISFACTION SURVEYS |
[ * ]
Confidential
Schedule K — User Satisfaction Survey Guidelines
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE L
TRANSITION AND TRANSFORMATION
1. |
|
INTRODUCTION |
|
|
|
This portion of the Schedule describes the Transition scope and approach used to manage the
Transition, including the subprojects that will be further defined in the detailed
Transition Plan. The terms and conditions of this Agreement will apply to the Transition,
except to the extent expressly amended by the applicable Transition Plan. |
|
|
|
Vendor will begin Transition activities on the Agreement Effective Date and complete the
subprojects needed for Vendor to provide service as of the Service Tower Commencement Date.
Each subproject produces deliverables, (including installed tools and documented processes
and procedures amended by knowledge transfer from appropriate ACI employees), for the Vendor
service delivery team. Each subproject generally represents a specific Service Tower
competency such as Service Desk, Data Network Services, Enterprise Security Management
Services, etc. In addition, there are two data center moves occurring during the
Transition: [ * ] |
|
|
|
The general workflow and timelines for key subprojects are described below. The complete
listing of subprojects will be described in the detailed Transition Plan. The actual dates
are subject to change after the joint planning session with ACI that will be scheduled after
the Agreement Effective Date. These dates will be reflected in the detailed Transition Plan
to be delivered 60 days after the Agreement Effective Date. |
|
|
|
The initial 30 — 45 days after the Agreement Effective Date includes the acquisition of
internal Vendor resources, a joint planning session with ACI that will produce the detailed
Transition Plan, as well as joint verification of baselines. The governance structure will
be described to ACI and established as the Vendor Program Management Office is implemented.
The signed Agreement will be registered and a complete deliverables list will be created and
provided to the Vendor service delivery team and ACI. These activities and others to be
described in the detailed Transition Plan are represented in the Planning and Startup arrow
as well as the PE Project Office arrow in Exhibit L-1. |
|
|
|
The [ * ] data center move will be addressed as a Transition project with a Vendor project
manager, working with an ACI project manager, coordinating all of the Vendor and ACI
resources needed to remove Equipment and associated Software from the [ * ] data center and
relocate to the [ * ] Location. The planning stage will include coordination with existing
ACI move plans and preparation. Work activities will include obtaining sufficient raised
floor, outfitting with any new Equipment needed, installing local shared Internet access
Equipment, preparation for [ * ], packing and shipping Equipment from [ * ], installing
Equipment and re-installing existing Software, performing testing of installation and
turning over to steady state operations. The actual move will occur over a three-day weekend
period with advance notice to End Users. This activity is schedule for completion on August 1, 2008. These activities and
overall start and stop dates are represented by the [ * ]. |
Confidential
Schedule L — Transition and Transformation
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
The [ * ] data center move will be started as a Transition project with the Transition
team developing the initial project plan in conjunction with ACI
personnel in both the [ * ].
This activity will start after the planning for the [ * ] move is completed and the
preparatory tasks will begin after the [ * ] move plan is completed. This move will involve
the transmission of all Software from [ * ] Equipment to Equipment on the [ * ] raised
floor. The work effort will be completed by [ * ] employees under Vendor Project Manager
guidance. Once installed on the [ * ] Equipment, testing will take place and the
systems will be turned over to Vendor to provide Service. The move of data will take place
over a weekend with advance notice to End Users and these activities are scheduled for
completion on November 1, 2008. This is represented by the
[ * ].
The Enterprise Security Management Services subproject will transfer the responsibility
for user ID administration, security administration Services, and intrusion detection
Services to Vendor, and will produce an Information Security Controls Document for ACI’s
approval. The start and stop dates are represented by the Security green arrow in Exhibit
L-1.
The Data Network Services subproject will provide Network connectivity supporting the
four data center migrations to Vendor raised floor, [ * ] to major ACI development Locations
as well as Network monitoring (via [ * ]) of ACI global location connectivity. The [ * ]
will be operational to support existing and future connectivity on August 1, 2008. The full
complement of [ * ].
The Service Desk Services transition subproject will replace multiple existing ACI
Service Desk functions with a [ * ]. There will be a knowledge transfer period, a knowledge
gap analysis followed by additional knowledge gathering as required. A single Service Desk
telephone number will be created for ACI and service queues will be set up for ACI and
Vendor teams to access help requests from End Users. [ * ]
The End User Services subproject will transition support from existing ACI resources to
Vendor and/or subcontractor resources allocated to ACI Locations in Schedule P according to
the End User Services SOW Exhibit A-4. The start and end date for this subproject is
indicated by the Deskside Support Services green arrow in Exhibit L-1.
The Delivery Management Services subproject as illustrated here will Transition
existing ACI problem and change management processes as well as capacity planning and
requests for service (RFS) procedures to Vendor administered processes and procedures. This
will include incident management for outages as well as provisions for initiating IMAC
activity. Some of these will have separate subprojects but for display purposes they have
been combined in this subproject. The detailed Transition Plan will separate them as
appropriate. The overall start and stop dates are shown in the Services Management
Transition green arrow in Exhibit L-1.
The Human Resources subproject has two phases. The initial phase will
address [ * ].
Confidential
Schedule L — Transition and Transformation
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
|
* Represents one page of tabular data |
Confidential
Schedule L — Transition and Transformation
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
2. |
|
TRANSITION MANAGEMENT |
|
2.1 |
|
Transition Personnel |
|
|
|
Vendor’s Transition management approach provides that: |
|
a. |
|
the Vendor project executive has overall responsibility and accountability to
meet agreed upon quality, cost, schedule and technical objectives of the Transition; |
|
|
b. |
|
ACI and Vendor will each assign the appropriate employees and subcontractors to
comprise the Transition Team. Such Transition Team members will be assigned specific
tasks to be accomplished within the time frames set forth in the Transition Plan; |
|
|
c. |
|
ACI and Vendor will each assign an individual (each a “Transition
Manager” and collectively the “Transition Managers”) who will serve as the
single point of contact and be responsible for overseeing the completion of its
Transition Plan responsibilities and coordinating activities with the other; and |
|
|
d. |
|
the Transition Managers will orient the Transition Team members regarding the
Transition management approach and the Transition Plan, including individual
responsibilities, deliverables, and schedules. Each Transition Manager will provide
operational guidance to, manage and be accountable for the performance of its employees
and subcontractors assigned to the Transition. |
2.2 |
|
Roles and Responsibilities |
|
1) |
|
with ACI’s assistance, develop and maintain the detailed Transition
Plan and any associated documentation; |
|
|
2) |
|
establish and implement a project management system and control
structure, including processes for managing Transition activities, milestones,
support resources and deliverables status, issues, risks, changes and quality; |
|
|
3) |
|
manage the Transition including planning, directing and monitoring
Transition activities and assigned resources, according to the agreed schedule
and processes; |
|
|
4) |
|
implement all changes consistent with the change control process
set forth in Section 5 (Change Control Process); |
|
|
5) |
|
identify, address and resolve deviations from the Transition Plan
and any business and/or technical issues that may impact the Transition; |
|
|
6) |
|
develop the Transition meetings (i.e., planning, review, status)
schedule with ACI, including the frequency and location for such meetings; |
Confidential
Schedule L — Transition and Transformation
|
7) |
|
coordinate and conduct Transition meetings in accordance with the
established schedule; and |
|
|
8) |
|
provide to ACI periodic written status report(s) which include
information such as schedule status, Transition progress, issue identification
and related action plans. |
|
1) |
|
serve as the interface between the Transition Team and ACI’s
business functions, units, or Affiliates participating in the Transition to
define ACI’s business and technical requirements for Transition and to validate
that the Transition Plan meets such requirements; |
|
|
2) |
|
assist Vendor in the development and maintenance of the detailed
Transition Plan and any associated documentation; |
|
|
3) |
|
review and approve the Transition Critical Deliverables; |
|
|
4) |
|
provide Vendor’s employees and subcontractors with access (i.e.,
physical and logical) to the ACI Service Locations and systems affected as a
result of the Transition or required by Vendor to provide the Services; |
|
|
5) |
|
assign ACI’s resources and manage the completion of the ACI-owned
Transition activities according to the agreed schedule and processes; |
|
|
6) |
|
implement all changes consistent with the change control process
set forth in Section 5 (Change Control Process); |
|
|
7) |
|
obtain and provide current information, data and documentation
related to the Transition (for example, Third Party supplier and vendor
information, Service Location data, inventory data, existing operational
processes and procedures, systems documentation, configuration documentation),
decisions and approvals, within the agreed time period, which will be within five
Business Days of Vendor’s request, unless otherwise mutually agreed; |
|
|
8) |
|
assist Vendor in identifying, addressing and resolving deviations
from the Transition Plan and any business and/or technical issues that may impact
the Transition; and |
|
|
9) |
|
develop the Transition meetings (i.e., planning, review and status)
schedule with Vendor, including the frequency and location, and attend such
meetings in accordance with the established schedule. |
3. |
|
TRANSITION PLAN |
|
3.1 |
|
Overview |
|
|
|
The detailed Transition Plan will contain the following information: |
|
a. |
|
Management Summary |
|
|
|
|
This section will provide a management summary of the overall Transition strategy and
approach. |
|
|
b. |
|
Background and Business Objectives |
|
|
|
|
This section will provide an overview of the Agreement and ACI’s business objectives. |
Confidential
Schedule L — Transition and Transformation
|
c. |
|
Transition Objectives and Scope of Work |
|
|
|
|
This section will provide a summary of the overall Transition and define the scope of
work to be performed. |
|
|
d. |
|
Transition Organization and Responsibilities |
|
|
|
|
This section will identify ACI’s and Vendor’s respective Transition Managers,
Transition Team and key responsibilities that ACI and Vendor are required to perform
in order to complete the Transition. |
|
|
e. |
|
Assumptions and Dependencies |
|
|
|
|
This section will describe any key assumptions or dependencies upon which the
Transition was based and/or is dependent upon for completion. |
|
|
f. |
|
Milestones and Deliverables |
|
|
|
|
This section will provide a schedule of key Transition milestones and a description of
items to be delivered by Vendor to ACI under the Transition. |
|
|
g. |
|
Completion Criteria |
|
|
|
|
This section will describe the completion criteria that Vendor must meet in order to
satisfy its obligations under the Transition. |
3.2 |
|
Transition Subprojects |
|
|
|
The detailed Transition Plan will further define each Transition subproject set forth below,
including a set of objectives, assumptions, dependencies, milestones, deliverables, and
completion criteria. |
|
3.2.1 |
|
Human Resources |
|
|
|
The Human Resources subproject will describe the tasks necessary to facilitate Vendor’s
hiring of the ACI employees and address the incorporation of these new employees into the
Vendor culture. Vendor will: |
|
a. |
|
assist in communicating to the Affected Employees regarding employment status
and Vendor’s employment process; |
|
|
b. |
|
provide the Rebadged Employees with orientation to Vendor; |
|
|
c. |
|
provide the Rebadged Employees with Vendor cultural training; and |
|
|
d. |
|
provide the Rebadged Employees with initial training in the use of Vendor
internal tools. |
3.2.2 |
|
Workplace Services |
|
|
|
The Workplace Services subproject will address the establishment of a productive working
environment at the Service Locations for Vendor (i.e., Rebadged Employees, Vendor account
team, Transition Team) to provide the Services to ACI. Vendor will: |
|
a. |
|
obtain access, as authorized and provided by ACI, to the Service Locations and
systems affected by Transition or required by Vendor to provide the Services; |
Confidential
Schedule L — Transition and Transformation
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
b. |
|
coordinate the resources (for example, Service Locations, office consumables,
pagers, cellular phones, home connectivity, access to internal support) required by
Vendor to provide the Services; and |
|
|
c. |
|
coordinate the deployment of workstation tools (for example, laptops, desktops,
desktop software applications, system IDs and training, Network connectivity) required
by Vendor to provide the Services. |
|
1) |
|
perform a review of each Rebadged Employee’s system access
authorizations to confirm the need for the same access requirements following the
Effective Date and advise Vendor of any required changes; and |
|
|
2) |
|
perform other activities as described in Exhibit A-8 (Enterprise
Security Management Services) of Schedule A (Statement of Work). |
|
a. |
|
develop and execute the process to transfer assets from ACI to Vendor,
including using the appropriate forms, obtaining the authorized signatures and
maintaining the required documentation; and |
|
|
b. |
|
with ACI’s assistance, develop a list of ACI assets to be transferred to
Vendor, including all computer assets (e.g., PCs) used by Rebadged Employees prior to
the Effective Date. |
3.2.10 |
|
[ * ] |
|
|
| | * | represents two pages of
redacted text |
3.2.11 |
|
[ * ] |
|
|
| | * | represents
one page of
redacted text |
3.2.15 |
|
[ * ] |
|
|
| | * | represents
one page of
redacted text |
|
a. |
|
Vendor will notify ACI in writing when the completion criteria for a Transition
deliverable have been met. |
|
|
b. |
|
ACI must inform Vendor, in writing, within ten Business Days following receipt
of Vendor’s notification if ACI believes Vendor has not met the completion criteria,
together with reasonable detail as to the reasons for such belief. |
|
|
c. |
|
The Vendor Transition Manager will consider ACI’s timely request for revisions,
if any, within the context of Vendor’s obligations. |
|
|
d. |
|
ACI revisions, agreed to by Vendor, will be made and the deliverable will be
resubmitted to the ACI Transition Manager, at which time such deliverable will be
deemed accepted. |
|
|
e. |
|
If Vendor does not receive written notice from ACI within the time frame
specified above, then the Transition deliverable(s) will be deemed accepted by ACI. |
Confidential
Schedule L — Transition and Transformation
5. |
|
CHANGE CONTROL PROCESS |
|
|
|
The change control process is part of the overall project management system which will be
implemented by Vendor to control changes to the Services. Either ACI or Vendor may request
a change to Transition subject to the following change control process: |
|
a. |
|
The Transition, as described in this Agreement and the Transition Plan, may be
changed only by a writing signed by authorized representatives of ACI and Vendor. |
|
|
b. |
|
All Project Change Requests (“PCRs”) to Transition will be submitted in writing
by the requesting Vendor or ACI Transition Manager. The PCR will reference the
Transition, describe at a reasonable level of detail the change, the rationale for the
change and the impact the change may have on the Transition if it is accepted and if it
is rejected. |
|
|
c. |
|
The Transition Managers will review the PCR and either: |
|
1) |
|
recommend approval of the change by authorized representatives of
ACI and Vendor signing the PCR. Upon such approval, the change will be
implemented; or |
|
|
2) |
|
agree in writing to submit the PCR for further investigation and to
pay Vendor for its reasonable charges, if any, for Vendor’s investigation. Such
investigation will determine the technical merits and the effect on price,
schedule, and other terms and conditions that may result from the implementation
of the PCR. ACI and Vendor will then agree to mutually approve or reject the
PCR. If ACI and Vendor do not agree, either Vendor or ACI may submit such PCR to
the project executives for resolution; or |
|
|
3) |
|
reject the PCR. If rejected, the PCR will be returned to the
requesting Transition Manager along with the reason for rejection. |
|
a. |
|
Vendor will perform the Transition and implement the Transition Plan in
accordance with the timetable and milestones set forth in the Transition Plan, and ACI
will reasonably cooperate with Vendor to assist Vendor in implementing the Transition
Plan. Vendor will provide all cooperation and assistance reasonably required or
requested by ACI in connection with ACI’s evaluation or testing of the deliverables
resulting from implementation of the Transition Plan. Vendor will implement the
Transition Plan in a manner that will not: |
|
1) |
|
materially disrupt or have a material adverse impact on the
business or operations of ACI or the End Users; |
|
|
2) |
|
degrade the Services then being received by ACI and the End Users;
or |
|
|
3) |
|
interfere with ACI’s or the End Users’ ability to obtain the full
benefit of the Services, except as may be otherwise provided in the Transition
Plan. |
|
b. |
|
Prior to undertaking any Transition activity, Vendor will discuss with ACI all
known ACI-specific material risks and will not proceed with such activity until ACI is
reasonably satisfied with the plans with regard to such risks (provided that, neither
Vendor’s disclosure of any such risks to ACI nor ACI’s acquiescence in Vendor’s plans
will operate or be construed as limiting Vendor’s responsibilities under this
Agreement). Vendor will identify and resolve, with ACI’s reasonable assistance, any
problems that may impede or delay the timely completion of any phase of the Transition
Plan. |
Confidential
Schedule L — Transition and Transformation
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
TRANSFORMATION
|
a. |
|
This portion of the Schedule sets forth an outline of the Transformation
activities that ACI and Vendor will perform during the Transformation Period. During
the Transition phase, a team of the appropriate Vendor employees and ACI employees (the
“Transformation Team”) will draft a detailed Transformation Plan. The Transformation
Plan will describe: |
|
• |
|
the specific objectives of each portion of the Transformation; |
|
|
• |
|
the equipment, software and resources ACI and Vendor require to complete the
Transformation during the Transformation Period; |
|
|
• |
|
the technical assumptions and dependencies inherent in the Transformation
Plan; |
|
|
• |
|
any unique Transformation requirements related to the Service Locations; and |
|
|
• |
|
the required time frames, activity dates and people responsible for individual
tasks throughout the Transformation Period. |
|
b. |
|
The Transformation Plan will specify ACI’s and Vendor’s respective
Transformation responsibilities. It will contain descriptions and schedules for the
required tasks. |
|
|
c. |
|
Upon completion of the Transformation Plan, the Transformation Team will meet
regularly as mutually agreed, and will review and update the Transformation Plan to
reflect mutually agreed upon changes such as revisions to schedules, resource
requirements, dependencies, and priorities. |
2. |
|
[ * ] |
|
| | * | represents
one page of
redacted text |
3. |
|
GENERAL ROLES AND RESPONSIBILITIES |
|
a. |
|
Vendor Responsibilities |
|
|
|
|
Vendor will take the leadership role in the development and implementation of the
Transformation Plan. Vendor will provide the resources necessary to perform its
responsibilities set forth in the Transformation Plan. In addition, Vendor will establish a
Transformation project office, manage at a minimum monthly Transformation status meetings,
and track and report on the status of all tasks. Vendor will provide regular updates to ACI
management describing the following: |
|
1) |
|
activities scheduled during the current reporting period; |
|
|
2) |
|
activities planned for the next reporting period; and |
|
|
3) |
|
change control activity: |
|
|
• |
|
cumulative; |
|
|
• |
|
approved; |
Confidential
Schedule L — Transition and Transformation
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
• |
|
rejected; |
|
|
• |
|
in progress, concerns; and |
|
|
• |
|
recommendations. |
b. |
|
ACI Responsibilities |
|
|
|
ACI will assign the appropriate employees to the Transformation Team to assist Vendor in the
development and implementation of the Transformation Plan. ACI will provide the resources
necessary to perform its responsibilities set forth in the Transformation Plan, including: |
|
1.) |
|
assigning the appropriate employees and subcontractors to develop,
jointly with Vendor, individual Transformation Plan sections and identify the
tasks required to complete each major Services area Transformation; |
|
|
2.) |
|
providing representation and input from the End User organizations
that will be required to assist in defining the criteria for the Transformation
of operations; |
|
|
3.) |
|
providing Vendor’s employees with access to the Service Locations
and systems affected as a result of the Transformation or required by Vendor to
provide the Services; |
|
|
4) |
|
providing, to the extent available, current documentation related
to the Transformation (for example, Third Party supplier and vendor information,
facility data, existing operational processes and procedures, systems
documentation, configuration documentation, and inventory data); and |
|
|
5) |
|
identifying all current and future known activities that Schedule V
(In-Flight Projects) does not address and that may impact upon Vendor’s provision
of the Services. |
4. |
|
[ * ] |
|
| | * | represents
three pages of
redacted text |
Confidential
Schedule L — Transition and Transformation
SCHEDULE M
VENDOR CONFIDENTIALITY AGREEMENT
|
|
|
COMPANY:
|
|
[ ] |
ADDRESS:
|
|
[ ] |
CITY:
|
|
[_____] |
STATE:
|
|
[___] |
ZIP:
|
|
[_____] |
This Confidentiality Agreement (“Agreement”) is executed by the company named above
(“Company”) for the benefit of International Business Machines Corporation
(“Information Provider”) in exchange for access to certain confidential information of
Information Provider.
Effective Date:
ACI Worldwide, Inc. (“ACI”) has engaged Information Provider to provide certain
services pursuant to the Master Services Agreement between ACI and
Information Provider effective [
_____ ], 2008 (the “Services Agreement”) and, pursuant to the Services
Agreement, Information Provider agreed to cooperate with third parties performing services for or
on behalf of ACI and to provide information to such third parties, some of which may be
confidential information of Information Provider. In consideration of permitting Company to have
access to the confidential information of Information Provider to the extent reasonably necessary
to enable Company to provide services for or on behalf of ACI, Company agrees to the following
terms and conditions:
Company will (a) hold in confidence and use the same means it uses to protect its own
confidential information of like kind and import, but in any event not less than a reasonable
degree of care, to prevent the disclosure and protect the confidentiality of information, whether
electronic, oral or written, and whether confidential to ACI or Information Provider, that is
communicated to Company by Information Provider in connection with Company providing services to
ACI (the “Confidential Information”), and (b) disclose, duplicate, transfer and use
Confidential Information only in connection with providing services to ACI. Company may disclose
this Agreement and Confidential Information to those employees and agents of the Company who have a
need to know Confidential Information and only to the extent reasonably necessary for those
individuals to perform the services for ACI. Compliance by employees and agents of Company with
the confidentiality obligations in this Agreement will remain the responsibility of the Company.
With respect to any particular Confidential Information, the Company’s obligations under this
Agreement shall continue without limitation in time, subject to any exclusion set forth in Section
2 below becoming applicable to that Confidential Information. The Company will not make or issue,
or cause to be made or issued, any announcement or statement regarding activities under this
Agreement for dissemination to the general public or any third party without the prior written
consent of Information Provider and ACI.
Confidential
Schedule M — Vendor Confidentiality Agreement
Page 1 of 4
The foregoing will not prevent the Company from disclosing or using Confidential Information
that: (a) is independently developed by Company, as demonstrated by Company’s written records,
without violating Information Provider’s proprietary rights (including this Agreement), (b) is or
becomes publicly known (other than through unauthorized disclosure), (c) is disclosed by the owner
of such information to a third party free of any obligation of confidentiality, (d) is already
known by Company at the time of disclosure, as demonstrated by Company’s written records, and
Company has no obligation of confidentiality other than under this Agreement or any confidentiality
agreement between Company and Information Provider entered into before the Effective Date, or (e)
is rightfully received by Company free of any obligation of confidentiality, provided that Company
has no knowledge that such information is subject to a confidentiality agreement and such
information is not of a type or character that a reasonable person would have regarded as
confidential. Company will promptly notify Information Provider of any unauthorized possession or
use, or attempt thereof, of the Confidential Information. If Company is requested or required by
any governmental agency or law, whether by oral question, interrogatories, requests for information
or documents, subpoenas, civil investigation or similar process, to disclose any Confidential
Information, Company will provide Information Provider with prompt notice of such requests so that
Information Provider may seek an appropriate protective order or similar relief or, if appropriate,
waive compliance with the applicable provisions of this Agreement. Company will use all
commercially reasonable efforts to obtain, or assist Information Provider in obtaining such a
protective order or relief.
3. RETURN OF CONFIDENTIAL INFORMATION. |
Upon the written request of Information Provider, the Company will, at the Company’s option,
either return all Confidential Information, including all copies thereof, or certify in writing
that all Confidential Information and all copies thereof have been destroyed.
Upon any actual or threatened violation of this Agreement by the Company, Information Provider
may be entitled to seek preliminary and other injunctive relief against such violation, in addition
to any other rights or remedies which Information Provider may have at law or in equity.
5. NO WARRANTIES OR FURTHER RIGHTS. |
Information Provider does not make any representations or warranties, express or implied, with
respect to any Confidential Information. Nothing contained in this Agreement will be construed as
granting or conferring any rights by license or otherwise in Confidential Information, except for
the use of Confidential Information as expressly provided in this Agreement.
Confidential
Schedule M — Vendor Confidentiality Agreement
Page 2 of 4
Confidential Information provided pursuant to this Agreement may be subject to U.S. government
laws, regulations, orders or other restrictions regarding export or re-export of U.S. origin
technical data or other items, or derivatives of such items. The Company agrees (a) to comply with
all such laws or restrictions and (b) to not export or re-export any such items received pursuant
to this Agreement to a destination or end user for which applicable law, including U.S. law,
requires an export license or other approval without first having obtained such license or
approval. The Company will reasonably cooperate with Information Provider to assure compliance
with this Section 6.
The Company will comply with all Information Provider and ACI security policies, information
protection, and privacy policies, procedures, standards, requirements and specifications provided
to the Company applicable to the Company’s provision of the Services to ACI. Information Provider
agrees that such policies, procedures, standards, requirements and specifications will be no more
restrictive on Company than on ACI in connection with its receipt of Services from Information
Provider.
If any provision of this Agreement is held to be invalid, illegal or unenforceable, the
validity, legality and enforceability of the remaining provisions will not in any way be affected
or impaired, and such provision will be deemed to be restated to reflect the original intentions of
the Parties as nearly as possible in accordance with applicable law. The Company will not act or
have authority to act as an agent of Information Provider for any purpose whatsoever. This
Agreement and performance under it shall be governed by and construed in accordance with the laws
of the State of New York without regard to any portion of its choice of law principles that might
provide for application of a different jurisdiction’s law. This Agreement will be binding on
Company and its successors and permitted assigns; provided however that Company shall not assign
any of its obligations under this Agreement without the prior written consent of Information
Provider. This Agreement sets forth the entire understanding of the Company and Information
Provider with respect to the subject matter of this Agreement. This Agreement may be modified only
by a written instrument executed by Company and Information Provider.
Confidential
Schedule M — Vendor Confidentiality Agreement
Page 3 of 4
Company has duly executed and delivered this Confidentiality Agreement by its duly authorized
representative as of the Effective Date set forth above.
|
|
|
|
|
|
|
COMPANY: |
|
|
|
|
|
|
|
|
|
Signature: |
|
|
|
|
|
|
|
|
|
Name: |
|
|
|
|
(Please print or type)
|
|
|
|
|
Title: |
|
|
|
|
|
|
|
|
|
Date: |
|
|
|
|
|
|
|
Confidential
Schedule M — Vendor Confidentiality Agreement
Page 4 of 4
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE N
APPROVED SUBCONTRACTORS
1. |
|
INTRODUCTION |
|
|
|
This Schedule identifies the Approved Subcontractors as of the Effective Date. |
Confidential
Schedule N — Approved Subcontractors
Page 1 of 1
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE O
APPROVED BENCHMARKERS
[ * ]
Confidential
Schedule O — Approved Benchmarkers
Page 1 of 1
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
SCHEDULE P
LOCATIONS
1. ACI Locations
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Location |
|
Address |
|
City |
|
State |
|
Zip Code |
|
Country |
|
[ * ] |
|
Comments |
1
|
|
New York City (Corp)
|
|
000 Xxxxxxxx, Xxxxx 0000
|
|
XXX
|
|
XX
|
|
|
00000 |
|
|
XXX
|
|
[ * ]
|
|
[ * ] |
2
|
|
New York City (Sales)
|
|
000 Xxxxxxxx, Xxxxx 0000
|
|
XXX
|
|
XX
|
|
|
00000 |
|
|
XXX
|
|
[ * ]
|
|
[ * ] |
3
|
|
New Brunswick
|
|
000 Xxxxx Xxxxxx Xxxxx Xxxxx Xxxxxxxxx, XX 00000
|
|
Xxxxx Xxxxxxxxx
|
|
XX
|
|
|
00000 |
|
|
XXX
|
|
[ * ]
|
|
[ * ] |
4
|
|
Naples, ITALY
|
|
Xxx Xxxxxxxxx, 00
00000 Xxxxxx, Xxxxx
|
|
Napoli
|
|
|
|
|
|
|
|
Italy
|
|
[ * ]
|
|
[ * ] |
5
|
|
Moscow
|
|
Xxxxxxxxx Xxxxxx Xxxxxxxx 0X
00xx Xxxxx
00/0 Xxxxxxxxxxxxxxxx Nab
Xxxxxx 000000
|
|
Xxxxxx
|
|
|
|
|
|
|
|
Xxxxxx
|
|
[ * ]
|
|
[ * ] |
0
|
|
Xxxxxx Xxxx
|
|
Xxxxxxxxxxx Xxx 0000,Xxxx 14,
Modulo 1Torre Mural
San Xxxx Xxxxxxxxxxx Xxx X.X. 00000
|
|
Xxxxxx Xxxx
|
|
|
|
|
|
|
|
Xxxxxx
|
|
[ * ] |
|
|
7
|
|
Melbourne
|
|
Level 2, 789 Toorak Road
Hawthorn East Vic 3123 Australia
|
|
Melbourne
|
|
|
|
|
|
|
|
Australia
|
|
[ * ]
|
|
[ * ] |
Confidential
Schedule P — Locations
Page 1 of 6
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Location |
|
Address |
|
City |
|
State |
|
Zip Code |
|
Country |
|
[ * ] |
|
Comments |
8
|
|
Manama
|
|
PO Box 15134, Diplomatic Area
Al-Salam Tower, 9th Floor
Manama
Bahrain
|
|
Manama
|
|
|
|
|
|
|
|
Bahrain
|
|
[ * ]
|
|
[ * ] |
9
|
|
Madrid
|
|
Xx 00 Xxxx Xxxxxxxxx
Xxxxx 000
00000 Xxxxxxxxxx
Xxxxxx, Xxxxx
|
|
Madrid
|
|
|
|
|
|
|
|
Spain
|
|
[ * ]
|
|
[ * ] |
10
|
|
Leeds, UK
|
|
00-00 Xxxxxxxxx Xxxxxx
Xxxxx 0, 0xx Xxxxx
Xxxxx, Xxxxxxxxx, XX
|
|
Xxxxx
|
|
|
|
|
|
|
|
XX
|
|
[ * ]
|
|
[ * ] |
00
|
|
Xxxxx Xxxxxx
|
|
Xx 00-0, Xxxxx XXX 0/00, XXX 0,
Xxxxxxx sunway, Kota Damansara
00000 Xxxxxxxx Xxxx, Xxxxxxxx Xxxxx
Xxxxx, Xxxxxxxx
|
|
Kuala Lampur
|
|
|
|
|
|
|
|
Malaysia
|
|
[ * ]
|
|
[ * ] |
12
|
|
Johannesburg
|
|
P.O. Box 55553
Northlands 0000
Xxxxxxxxxxxx Xxxxx Xxxxxx
|
|
Xxxxxxxxxxxx
|
|
|
|
|
|
|
|
Xxxxx Xxxxxx
|
|
[ * ]
|
|
[ * ] |
00
|
|
Xxxxx, XXXX
|
|
Xxxxxxxxxxxx 0 P.O. Box 867
2800 XX Xxxxx, The Netherlands
|
|
Gouda
|
|
|
|
|
|
|
|
The Netherlands
|
|
[ * ]
|
|
[ * ] |
00
|
|
Xxxxxxxxx
|
|
Xx Xxxxxxxxx 0
X-00000 Xxxxxxxx, XXXXXXX
|
|
Xxxxxxxxx
|
|
|
|
|
|
|
|
Xxxxxxx
|
|
[ * ]
|
|
[ * ] |
15
|
|
Framingham
|
|
000 Xxx Xxxxxxxxxxx Xxxx, Xxxxx 000
Xxxxxxxxxx, XX 00000-0000
|
|
Xxxxxxxxxx
|
|
XX
|
|
|
00000-0000 |
|
|
XXX
|
|
[ * ]
|
|
[ * ] |
Confidential
Schedule P — Locations
Page 2 of 6
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Location |
|
Address |
|
City |
|
State |
|
Zip Code |
|
Country |
|
[ * ] |
|
Comments |
16
|
|
Newton
|
|
000 Xxxxxx Xxxxxx
Xxxxxx, XX 00000
|
|
Xxxxxx
|
|
XX
|
|
|
0000 |
|
|
XXX
|
|
[ * ] |
|
|
00
|
|
Xxxxx
|
|
Xxxxxxxx 0, Xxxxx 0
Xxxxx Internet City
United Arab Emirates
|
|
Dubai
|
|
|
|
|
|
|
|
UAE
|
|
[ * ]
|
|
[ * ] |
18
|
|
Clearwater
|
|
00000 Xxxxxxxxx Xxxxxxxxx
Xxxxxxxxxx, XX 00000
|
|
Xxxxxxxxxx
|
|
XX
|
|
|
00000 |
|
|
XXX
|
|
[ * ]
|
|
[ * ] |
19
|
|
Bangalore
|
|
#104, First Floor Prestige Omega,
EPIP Xxxx, Xxxxxxxxxx, Xxxxxxxxx-
000 000
|
|
Xxxxxxxxx
|
|
|
|
|
|
|
|
Xxxxx
|
|
[ * ]
|
|
[ * ] |
20
|
|
Buenos Aires
|
|
Xxxxxxxxx 552, Piso 15
Ciudad Xxxxxxxx xx Xxxxxx Xxxxx 0000
|
|
Xxxxxx Xxxxx
|
|
|
|
|
|
|
|
Xxxxxxxxx
|
|
[ * ]
|
|
[ * ] |
00
|
|
Xxxxxx
|
|
Xxxxxx Xxxxx, Xxxxxxxx X
2-4 Mesogeion Ave
Athens, Greece
|
|
Athens
|
|
|
|
|
|
|
|
Greece
|
|
[ * ]
|
|
[ * ] |
22
|
|
Watford
|
|
00 Xxxxxxxxx Xxxx, Xxxxxxx, Xxxxx,
XX00 0XX, XX
|
|
Xxxxxxx
|
|
|
|
|
|
|
|
XX
|
|
[ * ] |
|
|
23
|
|
Victoria
|
|
0000 X. Xxxxxxxxxxx Xxxx, Xxxxx 000
Xxxxxxxx, XX 00000
|
|
Xxxxxxxx
|
|
XX
|
|
|
00000 |
|
|
XXX
|
|
[ * ]
|
|
[ * ] |
24
|
|
Toronto
|
|
000 Xxxxxxxxx Xxxxxx, Xxxxxxx,
Xxxxxxx X0X 0X0
|
|
Xxxxxxx
|
|
Xxxxxxx
|
|
|
|
|
|
Xxxxxx
|
|
[ * ]
|
|
[ * ] |
25
|
|
Tokyo
|
|
BUREX Kyobashi 000, 0-0-00 Xxxxxxxx
Xxxx-xx Xxxxx 000-0000, XXXXX
|
|
Xxxxx
|
|
|
|
|
|
|
|
Xxxxx
|
|
[ * ]
|
|
[ * ] |
26
|
|
Timisoara, XXXXXXX
|
|
Xxx. Xxxxxxxxxx xx. 00
Xxxxxxxxx 000000, Xxxxxxx
|
|
Timisoara
|
|
|
|
|
|
|
|
ROMANIA
|
|
[ * ]
|
|
[ * ] |
Confidential
Schedule P — Locations
Page 3 of 6
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Location |
|
Address |
|
City |
|
State |
|
Zip Code |
|
Country |
|
[ * ] |
|
Comments |
00
|
|
Xxxxxx
|
|
Xxxxx 0, 00 Xxxxxxxx Xxxxxx
Xxxxxx, XXX Xxxxxxxxx 2000
|
|
Sydney
|
|
|
|
|
|
|
|
Australia
|
|
[ * ]
|
|
[ * ] |
28
|
|
Singapore
|
|
3 Tampines Grande
XXX Xxxxxxxx, #00-00
Xxxxxxxxx 000000
|
|
Xxxxxxxxx
|
|
|
|
|
|
|
|
Xxxxxxxxx
|
|
[ * ]
|
|
[ * ] |
29
|
|
Sao Xxxxx
|
|
Xxx Xxxxx Xxxxxxx, 200-10 Andar
Sao Paulo-SP CEP 00000-000
XXXXXX
|
|
Sao Paulo
|
|
|
|
|
|
|
|
Brazil
|
|
[ * ]
|
|
[ * ] |
30
|
|
Xxxxxxx, IRELAND
|
|
National Technology Park
Xxxxxxxx Xxxxx
Xxxxxxxx Xxxxxxxx xx Xxxxxxx
|
|
Xxxxxxxx
|
|
|
|
|
|
|
|
XXXXXXX
|
|
[ * ]
|
|
[ * ] |
31
|
|
Providence
|
|
000 Xxxxxx Xxxxxx
Xxxx Xxxxxxxxxx, XX 00000
|
|
Xxxxxxxxxx
|
|
XX
|
|
|
00000 |
|
|
XXX
|
|
[ * ]
|
|
[ * ] |
32
|
|
Plano
|
|
0000 Xxxxxxx Xxxx Xxxx.
Xxxxx 00
Xxxxx, Xxxxx 00000
|
|
Xxxxx
|
|
XX
|
|
|
00000 |
|
|
XXX
|
|
[ * ]
|
|
[ * ] |
33
|
|
Paris
|
|
00 xxx xxx xx Xxxxx Xxxxxxxxx
00000 St. Germain en Laye France
|
|
Paris
|
|
|
|
|
|
|
|
France
|
|
[ * ]
|
|
[ * ] |
34
|
|
Omaha (current location)
|
|
000 Xxxxx 000xx Xxx, Xxxxx XX 00000
|
|
Xxxxx
|
|
XX
|
|
|
00000 |
|
|
XXX
|
|
[ * ] |
|
|
35
|
|
Omaha (new location)
|
|
0000 Xxxxxxxx Xxxxx, Xxxxx, XX 00000
|
|
Xxxxx
|
|
XX
|
|
|
00000 |
|
|
XXX
|
|
[ * ] |
|
|
00
|
|
Xxxxxx Xxxx,
Xxxxxxxxxxx
|
|
1100 88 Corporate Center Valero
cor Xxxxxx Sts. Xxxxxxx Village,
Makati City, Xxxxxx 0000
|
|
Xxxxxx Xxxx
|
|
|
|
|
|
|
|
Xxxxxxxxxxx
|
|
[ * ] |
|
|
Confidential
Schedule P — Locations
Page 4 of 6
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Location |
|
Address |
|
City |
|
State |
|
Zip Code |
|
Country |
|
[ * ] |
|
Comments |
37
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
|
[ * ] |
|
|
[ * ]
|
|
[ * ]
|
|
[ * ] |
38
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
|
[ * ] |
|
|
[ * ] |
|
[ * ] |
|
[ * ] |
39
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
|
[ * ] |
|
|
[ * ]
|
|
[ * ]
|
|
[ * ] |
40
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
|
[ * ] |
|
|
[ * ]
|
|
[ * ]
|
|
[ * ] |
[ * ]
Confidential
Schedule P — Locations
Page 5 of 6
ACI WORLDWIDE, INC. HAS REQUESTED THAT
THE PORTIONS OF THIS DOCUMENT DENOTED
BY BOXES AND ASTERISKS BE ACCORDED
CONFIDENTIAL TREATMENT PURSUANT TO
RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1943.
2. IBM Locations
|
|
|
|
|
|
|
|
|
|
|
|
|
Location |
|
Address |
|
City |
|
State |
|
Zip Code |
|
Country |
|
Comments |
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ] |
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
[ * ] |
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
|
|
|
|
[ * ]
|
|
[ * ] |
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
|
|
|
|
[ * ]
|
|
[ * ] |
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
|
|
|
|
[ * ]
|
|
[ * ] |
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
|
|
|
|
[ * ]
|
|
[ * ] |
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
|
|
|
|
[ * ]
|
|
[ * ] |
[ * ]
|
|
[ * ]
|
|
[ * ]
|
|
|
|
|
|
[ * ]
|
|
[ * ] |
Confidential
Schedule P — Locations
Page 6 of 6
SCHEDULE R
REPORTS
SECTION 1 — GENERAL
1.1 |
|
Schedule R is the Vendor reporting requirements and lists all reports to be provided by Vendor
in accordance with the Statements of Work. ACI acknowledges that reports are required following
the Service Tower Commencement Date. |
|
1.2 |
|
All report descriptions set out in the Vendor Reporting Requirements Chart are for reference
only and are intended to provide a general list of items which the Vendor shall include in the
applicable report. |
SECTION 2 — ADDITIONAL REPORTS
2.1 |
|
Subject to the Change Control Procedure, ACI may require the Vendor to submit additional
reports and may change or request new Reports from time to time. |
SECTION 3 — SUBMISSION OF REPORTS
3.1 |
|
The Vendor shall submit reports on time as set out in this Schedule R, unless otherwise
mutually agreed to by both Parties. |
|
3.2 |
|
The Vendor shall submit all reports to the ACI Contract Manager via the Vendor portal. |
Confidential
Schedule R — Reports
Page 1 of 17
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
Schedule R — Reports Chart
[ * ]
* Represents
16 pages of redacted tabular data
Confidential
Schedule R — Reports
Page 2 of 17
SCHEDULE S
GOVERNANCE
This Schedule sets out the Governance structure for the Agreement; the roles and responsibilities
of both Parties to maintain a working relationship; and the type, content, and frequency of the
Agreement review meetings that will be held.
The purpose of this Schedule is to establish and agree on the formal procedures for:
a) managing the relationship between ACI and Vendor with respect to the Agreement.
b) facilitating the continued alignment of the interests of the Parties.
c) enabling the relationship to be maintained at the appropriate level within each Party.
To further such purpose, this Schedule establishes the governance operating model consisting of the
following:
|
• |
|
Governance organization and staffing. |
|
|
• |
|
Governance joint committee structures. |
Vendor shall be responsible for supporting the development and implementation of the governance
operating model by (a) using industry leading practices, (b) leveraging its expertise, templates,
tools and personnel resources and (c) complying with its obligations set forth in the Agreement.
ACI shall be responsible for: (a) developing with Vendor overall governance strategy and (b)
participating in the development and implementation of the governance operating model as set forth
herein.
2.0 |
|
KEY GOVERNANCE RESPONSIBILITIES |
During the Transition Period ACI will develop its governance model. Such model will address the
responsibilities as described below although they may be addressed in fewer individuals than what
is currently depicted.
2.1.1 |
|
ACI Engagement Executive |
Primary ACI Engagement Executive responsibilities include:
|
1. |
|
Manage the overall relationship with the Vendor. |
|
2. |
|
Provide leadership and guidance to the ACI Governance organization. |
Confidential
Schedule S — Governance
Page 1 of 15
|
3. |
|
Work with the Vendor Project Executive and the Vendor Delivery Project
Executive to progress the goals and objectives of the arrangement. |
|
4. |
|
Resolve escalated issues in accordance with the Governance escalation
procedures. |
|
5. |
|
Provide liaison activities and guidance with the Vendor’s corporate executive
leadership in regard to the strategic needs of ACI. |
2.1.2 |
|
ACI Engagement Manager |
The ACI Engagement Manager has primary operational responsibility for the Agreement and monitoring
all Vendor deliverables and commitments.
Primary ACI Engagement Manager responsibilities include the following:
|
1. |
|
Monitor Vendor and ACI compliance with the obligations of the Agreement. |
|
2. |
|
Monitor Vendor contract-level deliverable commitments. |
|
3. |
|
Track fulfillment of Vendor deliverables. |
|
4. |
|
Ensure audit-ability of Vendor processes. |
|
5. |
|
Manage Benchmarking activities. |
|
6. |
|
Staff and manage the ACI Governance organization. |
|
7. |
|
Resolve escalated issues according to the Governance escalation procedures. |
|
8. |
|
Approve (or decline) all work requests that are in excess of pre-established
expenditure amounts or circumstances. |
|
9. |
|
Evaluate Performance Credits and approve any action plans resulting from
critical service performance failures. |
|
10. |
|
Approve, authorize, and oversee all contract-related policies and procedures. |
2.1.3 |
|
ACI Engagement Administrator |
The ACI Engagement Administrator has primary administrative responsibility for the Agreement,
including the management of all reporting and updates to the Agreement.
Primary ACI Engagement Administrator responsibilities include:
|
1. |
|
Ensure receipt and review of all Vendor reports required per the Agreement. |
|
2. |
|
Develop standard reporting and communication requirements between the Vendor
and various staff and organizations within ACI. |
|
3. |
|
Develop and assist with negotiations related to all addendums and updates to
the Agreement that are required during the Term. |
|
4. |
|
Assist with interpretation and intent of the Parties in regard to the terms and
conditions of the Agreement. |
Confidential
Schedule S — Governance
Page 2 of 15
2.1.4 |
|
ACI Engagement Transition Manager |
The ACI Engagement Transition Manager has the overall responsibility for fulfilling ACI’s
obligations under the Transition Plan and reports to the ACI Contract Manager.
Primary ACI Engagement Transition Manager responsibilities include:
|
1. |
|
Approve the Transition Plan. |
|
2. |
|
Manage ACI’s obligations under the Transition Plan. |
2.1.5 |
|
ACI Business-Unit Coordinator |
The ACI Business-Unit Coordinator has the overall responsibility for ACI’s customer relationship
with the Vendor across all business units.
Primary ACI Business-Unit Coordinator responsibilities include:
|
1. |
|
Provide advice and counsel to ACI business units regarding the terms and
conditions of the Agreement. |
|
2. |
|
Provide support to ACI business units in regard to questions and issues arising
from the delivery of Services. |
|
3. |
|
Act as the primary interface between the Vendor’s organization and the ACI
business units. |
2.1.6 |
|
ACI’s Finance Manager |
The financial management of the Agreement is critical to assure accuracy and audit-ability of all
related financial transactions and that proper financial controls are in place during the term of
the Agreement. The ACI Finance Manager oversees all financial activities related to the Agreement
and the delivery of services.
Primary ACI Finance Manager responsibilities include:
|
1. |
|
Establish and manage the overall budget in connection with the Agreement. |
|
2. |
|
Monitor to ensure that savings objectives for the Agreement are being met. |
|
3. |
|
Review financial analysis for all Vendor-sponsored initiatives to ensure
financial viability. |
|
4. |
|
Assist in and support, as needed, the review of monthly charges to assure the
accuracy of Vendor charges, ACI retained costs, and pass-through expenses. |
|
5. |
|
Ensure that anticipated and agreed-upon Vendor financial responsibilities are
not converted to ACI retained or pass-through expenses. |
|
6. |
|
Investigate variances in forecasted expenses or usage. |
|
7. |
|
Establish and maintain the ACI charge-back process and systems. |
|
8. |
|
Ensure that ACI and Vendor have the necessary internal financial controls in
place to comply with the Xxxxxxxx-Xxxxx Act of 2002. |
Confidential
Schedule S — Governance
Page 3 of 15
2.1.7 |
|
ACI Service Manager(s) |
The ACI Service Manager(s) will have the primary responsibility to monitor and support the Vendor’s
performance of the Services associated with each Service Tower within the scope of the Agreement.
Primary ACI Service Manager responsibilities include:
|
1. |
|
Review all Service Levels and contractual commitments for the respective
Service Tower. |
|
2. |
|
Assist both ACI and the Vendor with forecasting resource requirements. |
|
3. |
|
Provide support to ACI and Authorized Users in accordance with the Problem
Management process, as described in Exhibit A-1 (Delivery Management Services (Cross
Functional)) of Schedule A (Statement of Work). |
|
4. |
|
Review and approve specific project plans and Change Management activities for
a Service Tower. |
2.2.1 |
|
Vendor Project Executive |
Vendor Project Executive has complete authority and responsibility to deliver all Services from
Vendor to ACI.
The Vendor Project Executive is the single point of contact for overall performance of the Vendor
team. The Project Executive will be responsible for the success of the overall relationship and the
strategic value it represents to ACI and will focus on client satisfaction, contract compliance,
financial reporting and reconciliation, service performance, and continuous improvement.
Primary Vendor Project Executive responsibilities include:
|
1. |
|
Manage the overall relationship regarding Vendor and ACI. |
|
2. |
|
Assure the successful Transition of the Agreement to operational status. |
|
3. |
|
Oversee the fulfillment of Vendor’s obligations under the Agreement. |
|
4. |
|
Work with the ACI Governance Team to establish, manage, and meet commitments,
requirements, and expectations. |
|
5. |
|
Work with ACI executives and business-unit managers to align the delivery of
Services with the strategic needs of ACI. Such activities will be performed with the
approval and in conjunction with the ACI Service Delivery Managers. |
|
6. |
|
Inform ACI about new corporate capabilities and developments within Vendor’s
organization, and propose ideas and solutions that will provide ongoing benefit to ACI. |
|
7. |
|
Act as the primary Vendor focus for new service establishment for ACI. |
|
8. |
|
Implement a client satisfaction survey for the account in accordance with
Schedule K (User Satisfaction Survey Guidelines). |
Confidential
Schedule S — Governance
Page 4 of 15
2.2.2 |
|
Vendor Transition Manager |
Vendor Transition Manager has the overall responsibility for the successful transition of the
Transitioned Employees and applicable subcontractors to Vendor account team while ensuring that
Service Levels and ACI satisfaction are maintained.
The Transition Manager is responsible for managing the transition of services from ACI to Vendor in
a seamless manner. The Transition Manager works with the ACI and Vendor teams to develop the
transition plan, establish success criteria, and oversee all transition activities.
Primary Vendor Transition Manager’s responsibilities include:
|
1. |
|
Establish the account infrastructure necessary to operate the account,
including financial, human resources, security, facilities, and communication. |
|
2. |
|
Develop and implement the Service delivery plan. |
|
3. |
|
Install all Service delivery processes and confirm that the Service Level
reporting mechanisms are established and operational. |
|
4. |
|
Transition all of ACI’S applicable personnel and subcontractors seamlessly to
Vendor. |
2.2.3 |
|
Vendor Delivery Project Executive |
Vendor Delivery Project Executive will have the primary responsibility to deliver the Services
associated with each Service Tower within the scope of the Agreement.
The Delivery Project Executive is accountable for the delivery of all Services. In this role, they
will monitor trends to verify that Service Levels are met and issues are dealt with. They will also
enforce system management disciplines and assume responsibility for regular Service reporting.
Primary Vendor Delivery Project Executive responsibilities include:
|
1. |
|
Meet all Service Levels and contractual commitments for the respective Service
Tower. |
|
2. |
|
Provide support to ACI and End Users in accordance with the Problem Management
process, as described in the Exhibit A-1 (Delivery Management Services (Cross
Functional)) of Schedule A (Statement of Work). |
|
3. |
|
Provide all Service Level reporting to the service control function. |
|
4. |
|
Verify that Vendor’s performance requirements as they relate to ACI business
requirements and business objectives are satisfied. |
|
5. |
|
Assure operational compliance with the Agreement and confirm that Vendor
fulfills its obligations under the Agreement, including all obligations relating to
deliverables. |
|
6. |
|
Establish and execute the account management disciplines, business management
processes, and associated reporting. |
Confidential
Schedule S — Governance
Page 5 of 15
|
7. |
|
Confirm prompt identification and resolution of Service delivery issues. |
|
8. |
|
Confirm that Vendor’s performance requirements as they relate to the ACI
strategic business planning (business and architecture, strategic options, business
assessment, business operating plans) requirements are met. |
|
9. |
|
Manage any selection of subcontractors. |
|
10. |
|
Manage shared resource centers within the ACI account. |
|
11. |
|
Interface as needed with ACI. |
|
12. |
|
Establish Vendor metrics program. |
|
13. |
|
Construct the performance reports and manage the monthly reporting. |
|
14. |
|
Establish Vendor Benchmarking methodology in accordance with the Agreement. |
|
15. |
|
Introduce Vendor’s processes and delivery models to the account. |
|
16. |
|
Establish training programs as required by the Agreement. |
|
17. |
|
Provide process ownership for Service delivery processes. |
|
18. |
|
Provide Vendor quality assurance function. |
|
19. |
|
Manage other administrative functions including security as required by the
Agreement. |
|
20. |
|
Provide for the receipt and review of Vendor reports required per the
Agreement. |
|
21. |
|
Develop standard reporting and communication requirements between Vendor and
various staff and organizations within ACI. |
2.2.4 |
|
Vendor Service Delivery Managers |
Vendor Service Delivery Managers will have the primary responsibility to deliver the Services
associated with an individual Service Tower within the scope of the Agreement.
The Service Delivery Manager is accountable for the delivery of Services within his or her
respective Service Tower. In this role, they will monitor trends to verify that Service Levels are
met and issues are dealt with. They will also use system management disciplines and assume
responsibility for regular Service reporting for their respective Service Tower.
Primary Vendor Service Delivery Manager responsibilities for their respective Service Tower
include:
|
1. |
|
Meet all Service Levels and contractual commitments. |
|
2. |
|
Provide all Service Level reporting to the service control function. |
Confidential
Schedule S — Governance
Page 6 of 15
|
3. |
|
Verify that Vendor’s performance requirements as they relate to ACI business
requirements and business objectives are satisfied. |
|
4. |
|
Establish and execute the account management disciplines, business management
processes, and associated reporting. |
|
5. |
|
Confirm prompt identification and resolution of Service delivery issues. |
|
6. |
|
Manage shared resource centers within the ACI account. |
|
7. |
|
Interface as needed with ACI. |
|
8. |
|
Establish Vendor metrics program. |
|
9. |
|
Construct the performance reports and manage the monthly reporting. |
|
10. |
|
Establish training programs as required by the Agreement. |
|
11. |
|
Provide Vendor quality assurance function. |
|
12. |
|
Manage other administrative functions including security as required by the
Agreement. |
|
13. |
|
Provide for the receipt and review of Vendor reports required per the
Agreement. |
|
14. |
|
Develop standard reporting and communication requirements between Vendor and
various staff and organizations within ACI. |
2.2.5 |
|
Vendor Financial Analyst |
Vendor Financial Analyst will have primary responsibility for all financial, billing, contractual
compliance, and new business management functions.
Primary Vendor Financial Analyst’s responsibilities include:
|
1. |
|
Provide the monthly invoice and all account billing and reporting functions. |
|
2. |
|
Provide all financial reporting, including exception reporting, to ACI, in
accordance with Schedule C (Charges). |
2.2.6 |
|
Vendor Human Resource Manager |
Vendor Human Resource Manager will have account management responsibilities for personnel policies
or process administration.
Primary Vendor Human Resource Manager’s responsibilities include:
|
1. |
|
Establish personnel administration policies for the account. |
|
2. |
|
Provide the Human Resources management function for the account. |
|
3. |
|
Provide the recruitment and placement function for the account. |
|
4. |
|
Provide the communication forms for the account. |
Confidential
Schedule S — Governance
Page 7 of 15
|
1. |
|
An Executive Steering Committee will be formed, consisting of an equal number
of both ACI and Vendor executives, to provide business oversight and ensure that the
Service delivery objectives are achieved. This committee will also direct the ACI /
Vendor relationship and assist the ACI Engagement Executive and Vendor Project
Executive in decisions that directly affect this Agreement. |
|
2. |
|
An ACI Engagement Manager and a Vendor Delivery Executive will be appointed by
the Parties to liaise with the Executive Steering Committee and to monitor and
resolve, where possible, any issues raised by the ACI Service Manager(s) and Vendor
Service Delivery Manager. |
|
3. |
|
The appropriate ACI Service Manager(s) and Vendor Service Delivery Manager(s)
will carry out the day-to-day coordination of Service delivery, and will include other
ACI representatives as required. |
|
4. |
|
ACI and Vendor will jointly develop and implement agreed performance management
and business assurance processes. |
|
5. |
|
The performance management and business assurance processes and procedures will
be deployed at the designated ACI Locations, which will confirm the stable start-up and
efficient delivery of the Services. |
3.1 |
|
Executive Steering Committee |
Within 30 days of the Effective Date, the Parties will establish an Executive Steering Committee.
The Executive Steering Committee will have executive management responsibility for the Agreement
and for the relationship between the parties and provide strategic direction. This committee’s
responsibilities will include:
|
• |
|
Discussing the evolving business agenda of both companies. |
|
|
• |
|
Reviewing and refreshing the strategic goals for the partnership. |
|
|
• |
|
Identifying change on the horizon that will need to be managed. |
|
|
• |
|
Reviewing performance against the strategic goals, both business and relationship,
and assessing client satisfaction. |
|
|
• |
|
Exploring ways to extend the relationship to solve new business challenges. |
|
|
• |
|
Reviewing and discussing how the parties can leverage new skills, techniques, and
knowledge gained by Vendor through research and development initiatives and experiences
with other clients. |
Confidential
Schedule S — Governance
Page 8 of 15
The Executive Steering Committee shall be chaired by the ACI Engagement Executive and Vendor
Project Executive and will be comprised as follows:
|
2. |
|
Vendor Vice President, Global Technology Services, Banking Industry. |
|
3. |
|
Vendor Delivery Director Global Technology Services, Financial Services Sector. |
|
4. |
|
ACI Business Unit Coordinators. |
|
5. |
|
Vendor Client Executive. |
|
6. |
|
Other ACI and Vendor personnel as required. |
3.1.2 |
|
Key Responsibilities |
The responsibilities of the Executive Steering Committee include:
|
1. |
|
Ensure business alignment between the Parties, analysis of ACI and Vendor
business plans, and oversight of new or modified Services during the Term. |
|
2. |
|
Develop strategic requirements and plans associated with the Services or New
Services during the Term. |
|
3. |
|
Resolve issues escalated by the Management Committee. |
3.1.3 |
|
Reports (to be provided by Vendor) |
Provide minutes of Executive Steering Committee meetings.
Hold initial quarterly meetings, changing to time periods as agreed by the Parties.
Within 30 days after the Effective Date, the Parties will establish a Management Committee.
The Management Committee will manage the business relationship between the Parties. This
committee’s responsibilities will include:
|
• |
|
Developing strategies to meet the goals that are set by the Executive Steering
Committee. |
|
|
• |
|
Addressing any systemic contractual or management issues. |
|
|
• |
|
Periodically assessing the quality of the working relationship and planning the
appropriate actions to strengthen the relationship. |
|
|
• |
|
Identifying and resolving conflict. |
|
|
• |
|
Identifying and managing impending change. |
|
|
• |
|
Reviewing business volumes and service performance. |
|
|
• |
|
Investigating new opportunities to deliver business value. |
|
|
• |
|
Making recommendations to the Executive Steering Committee on significant changes to
objectives, strategies, or the contract. |
|
|
• |
|
Defining the procedures and practices to be followed by the Service Delivery
Committee. |
Confidential
Schedule S — Governance
Page 9 of 15
The Management Committee shall be chaired by the ACI Engagement Manager and Vendor Delivery Project
Executive and will be comprised as follows:
|
1. |
|
ACI Engagement Executive. |
|
2. |
|
Vendor Project Executive. |
|
3. |
|
Other ACI and Vendor personnel as required. |
Subject to direction and approval from the Executive Steering Committee and to the authority
derived from the Change Control procedures to be approved by ACI, the Management Committee will
have general authority and responsibility regarding:
|
1. |
|
Proposing changes to the Agreement. |
|
2. |
|
Adding, modifying, and/or removing Services covered by the Agreement. |
|
3. |
|
Operational, technical, financial, and general management oversight of the
Agreement. |
|
4. |
|
Resolving issues escalated by the Service Delivery Committee. |
3.2.3 |
|
Key Responsibilities |
The responsibilities and authorities of the Management Committee will be determined and delegated
in each case in accordance with the authority outlined in Section 3.2.2 above.
The responsibilities of the Management Committee include:
|
1. |
|
Manage the performance of the Parties’ respective roles and responsibilities
under the Agreement. |
|
2. |
|
Implement/execute the Agreement. |
|
3. |
|
Manage risks and opportunities for improvement. |
|
4. |
|
Monitor Service delivery and Transition activities based on reporting and
coordination with the Service Delivery Committee. |
|
5. |
|
Consider and approve, where possible, operational and technical changes in
accordance with the Change Management requirements set out in Exhibit A-1 (Delivery
Management Services (Cross Functional)) of Schedule A (Statement of Work). |
Confidential
Schedule S — Governance
Page 10 of 15
|
6. |
|
Consider and approve, where possible, changes to the Agreement and to the
Services in accordance with the Change Control procedures to be approved by ACI. |
|
7. |
|
Seek to resolve any issues escalated by the Service Delivery Committee in
accordance with Section 4.0 (Issue Escalation Procedures) in this Schedule. |
|
8. |
|
Produce any Management Committee summary reports as set out in Schedule R
(Reports) and submit them for Executive Steering Committee review. |
|
9. |
|
Approve the following and report, as required, to the Executive Steering
Committee with respect to: |
|
9.1. |
|
Service Levels, Service Level Credits, and Earnback, as described in Schedule B
(Service Levels). |
|
9.2. |
|
Continuous improvement and quality assurance measures. |
|
9.3. |
|
Proposals for reset of Service Levels. |
|
9.4. |
|
Review of financial performance. |
|
9.6. |
|
Customer satisfaction surveys. |
|
9.8. |
|
Benchmarking results. |
|
10. |
|
Monitor and review the ongoing status of Third Party Contracts as appropriate. |
|
11. |
|
Initiate, as appropriate, the recommendations and suggestions made by the
Executive Steering Committee relating to the Services and/or this Agreement. |
|
12. |
|
Ensure the implementation of process/infrastructure, financial and resource
plans. |
|
13. |
|
Review business proposals as submitted by ACI business sponsors and/or Vendor
personnel. |
|
14. |
|
Recommend new proposals to the Executive Steering Committee. |
|
15. |
|
Provide advice and direction to the Service Delivery Committee for performance
improvement. |
|
16. |
|
Delegate any powers it considers appropriate to the Service Delivery Committee. |
3.2.4 |
|
Reports (to be prepared by Vendor) |
Provide minutes of Management Committee meetings.
Confidential
Schedule S — Governance
Page 11 of 15
The Management Committee will meet (at a minimum) monthly, and at other times as agreed between the
Parties, to review:
|
1. |
|
Contract Management and Change Control. |
|
3. |
|
Transition management (as required). |
|
4. |
|
Transformation management (as required). |
3.3 |
|
Service Delivery Committee |
Within 60 days after the Effective Date, the Parties will establish a Service Delivery Committee.
The Service Delivery Committee will focus on service quality and continuous improvement. This
committee’s responsibilities include:
|
• |
|
Identifying and addressing day-to-day service and change management issues. |
|
|
• |
|
Preparing reports for the Management Committee, to highlight service issues. |
|
|
• |
|
Identifying upcoming events that may result in changes in service demand. |
|
|
• |
|
Reviewing and discussing client satisfaction and service quality improvements. |
|
|
• |
|
Reviewing monthly reports and Service Level attainment. |
|
|
• |
|
Continually reviewing support processes, tools, and methodologies. |
The Service Delivery Committee will be comprised as follows:
|
1. |
|
ACI Service Manager(s). |
|
2. |
|
ACI Business-Unit Coordinator. |
|
3. |
|
ACI Site Managers (as required). |
|
4. |
|
Vendor Delivery Project Executive. |
|
5. |
|
Vendor Service Delivery Manager. |
|
6. |
|
Other ACI and Vendor personnel as required. |
Confidential
Schedule S — Governance
Page 12 of 15
All members of the Service Delivery Committee:
|
1. |
|
Review and approval, where possible, of the short-term and long-term plans and
activities in regard to the delivery of the Services. |
|
2. |
|
Resolution of Service delivery problems. |
|
3. |
|
Upward notification of all opportunities or issues that might result in the
addition, deletion, or modification of the Services, or the terms of the Agreement,
irrespective of the initiating Party. |
|
4. |
|
Agreement of local Service delivery initiatives, where approved by appropriate
level. |
3.3.3 |
|
Key Responsibilities |
The responsibilities and authorities of the ACI and Vendor representatives will be determined and
delegated in each case by the Management Committee and may include matters within the relevant
region such as the following:
|
1. |
|
Monitor Critical Deliverables and Service Levels. |
|
2. |
|
Coordinate and communicate day-to-day Service delivery issues; address,
co-coordinate, and prioritize the issues affecting the provision of the Services to
ACI. |
|
3. |
|
Review and escalate operational problems and issues in accordance with the
Procedures Manual. |
|
4. |
|
Review and schedule change requests in accordance with the Change Management
requirements described in Schedule A (Statement of Work). |
|
5. |
|
Ensure efficient flow of documentation as required by the Agreement. |
|
6. |
|
Handle disputes within the authority of the ACI and Vendor representatives, and
refer others to the Management Committee in accordance with Section 4.0 (Issue
Escalation Procedures) of this Schedule. |
|
7. |
|
Submit issues concerning the relationship between the Parties to the Management
Committee for its guidance and recommendations. |
|
8. |
|
Submit reports as required and as defined in Schedule R (Reports) to the
Management Committee. |
|
9. |
|
Advise the Management Committee of new opportunities and proposals. |
|
10. |
|
Identify and refer matters outside the authority of ACI and Vendor
representatives to the Management Committee. |
|
11. |
|
Review and present recommendations and suggestions made by ACI representatives
and Vendor representatives relating to the Services, and initiate appropriate actions. |
|
12. |
|
Identify issues that may have an impact outside the relevant Locations and
refer these to the Management Committee and, as appropriate, to other Locations as
required. |
Confidential
Schedule S — Governance
Page 13 of 15
|
13. |
|
Review and adjust the following, as directed by the Management Committee: |
|
|
13.2. |
|
Continuous improvement and quality assurance measures. |
|
|
13.3. |
|
Customer satisfaction surveys. |
|
|
13.5. |
|
Benchmarking results. |
3.3.4 |
|
Reports (to be prepared by Vendor) |
|
1. |
|
Regional/Management Reports. |
|
2. |
|
Service Levels and Service delivery results (as required). |
The Service Delivery Committee will meet (at a minimum) bi-weekly, and at other times as agreed
between the Parties, to review:
|
3. |
|
Transition management (as required). |
|
4. |
|
Transition/projects (as required). |
4.0 |
|
Issue Escalation Procedures |
From time to time, issues will arise that cannot be resolved at the various levels of management
within the ACI and Vendor teams. These issues may arise at a particular site/country, region or at
the global level. These issues may involve obligations of Party, performance, commercial issues,
personnel, etc.
It is the intent of ACI and Vendor to resolve issues in a constructive way that reflects the
concerns and commercial interests of each Party. Both Parties’ primary objective and intent is to
have issues resolved by the appropriate levels of authority without the need for escalation. With
this in mind, the following steps are to be followed:
|
1. |
|
Notification: Either Party may decide that escalation is desirable when
resolution of an issue appears unachievable at the current management level. In this
case, the Party desiring escalation provides written notice of its intention to the
member(s) of the other Party currently involved in the dispute. At either Party’s
request, the Parties currently engaged in attempting to resolve the issue shall meet
again to attempt resolution of the issue prior to escalation to the next level. When
and if the issue cannot be resolved at the current management level, the issue will
then be escalated after good faith attempts by both Parties to resolve the issue at the
current level. |
Confidential
Schedule S — Governance
Page 14 of 15
|
2. |
|
Documentation: Both Parties will jointly develop a short briefing document
called Statement of Issue for Escalation that describes the issue, relevant impact, and
positions of both Parties. |
|
3. |
|
Request for Assistance: A meeting will be scheduled with appropriate
individuals as described below (phone or videoconference in most cases). The Statement
of Issue for Escalation will be sent in advance to the participants. |
|
4. |
|
It is the intention of ACI and Vendor that issues are escalated for review and
resolution to the next level of management. |
Confidential
Schedule S — Governance
Page 15 of 15
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE T
HUMAN RESOURCES
[ * ]
* Represents
3 pages of redacted text and tabular data
Confidential
Schedule T — Human Resources
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
SCHEDULE U
CHANGE CONTROL PROCEDURE
This Schedule U describes the Contractual Change Control Procedure Vendor and ACI will
follow where required under the Agreement, including changes to [ * ]
[ * ]
3. |
|
CHANGE CONTROL PROCEDURES |
3.1 |
|
If ACI desires a Change, ACI will deliver a written notice to the Vendor Delivery Executive,
which generally describes the proposal (a “Change Request”). |
3.2 |
|
If Vendor wishes on its own initiative to propose a Change, Vendor will deliver a draft
Change Management Document (as defined below) for ACI’s review. |
3.3 |
|
Vendor will conduct an impact assessment of any Changes initiated under Section 3.1 or 3.2
above, at no incremental charge, to determine what Service modifications implementing the
Change would require, including whether there would be resulting changes in Charges, and to
document the impact of the Change (the “Change Management Document”). Each Change
Management Document provided by Vendor will be in substantially the form attached hereto as
Exhibit U-1, including: |
|
(G) |
|
for the implementation of a New Service, when and to the extent appropriate: |
|
(1) |
|
a transition plan, including milestones, Deliverables and
Deliverable Credits; |
|
(2) |
|
a transformation plan, including milestones and a schedule for
completing the transformation; |
|
(3) |
|
a draft plan for the provision of Termination/Expiration
Assistance for the New Service; and |
|
(4) |
|
a draft update or supplement to Vendor’s then-current disaster
recovery plan documents and the Procedures Manual to incorporate the New
Service. |
Confidential
Schedule U — Change Control Procedure
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
3.4 |
|
First drafts of the Change Management Document for Change Requests by ACI will be delivered
based on the following classification: |
[ * ]
3.5 |
|
If Vendor, in proposing a Change or responding to a Change Request, proposes new Charges, or
an increase in existing Charges, the Change Management Document will include the underlying
financial assumptions and a reasonably detailed demonstration of the increased resources
required to accommodate the Change. |
3.6 |
|
Vendor acknowledges that not every Change will necessarily result in new Charges or an
increase in existing Charges. Notwithstanding any term of this Schedule U to the contrary, no
additional Charges will be payable for a Change (a) that can be handled with the resources
then currently utilized by Vendor to deliver the Services without materially impacting
Vendor’s ability to meet Service Levels or other obligations under this Agreement (such as
Changes to operating procedures, schedules and equipment configurations), (b) that is required
to cure a defective Deliverable or other Service default, or (c) that does not cause a net
increase in Vendor’s cost of providing the Services, taking into account any cost savings
arising from the Change. |
3.7 |
|
All Changes will be reviewed and prioritized by the Relationship Management Team. |
3.8 |
|
If ACI elects to accept the Change Management Document (as modified from the original version
proposed by Vendor by agreement of the Parties), as evidenced by the written approval of the
ACI Contract Executive, the Parties will execute the Change Management Document. |
|
(A) |
|
Except as expressly provided to the contrary herein with respect to emergency
Changes, no Change will become effective without the written approval of the ACI
Contract Executive and the Vendor Delivery Executive. |
|
(B) |
|
Until such time as a Change has such written approval, Vendor shall, unless
otherwise agreed in writing, continue to provide the Services as if the Change Request
had not been made. |
|
(C) |
|
Any discussions which may take place between the Parties in connection with a
Change Request before the authorization of a resultant Change Management Document shall
be without prejudice to the rights of either Party. |
Confidential
Schedule U — Change Control Procedure
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
(D) |
|
Each Change Management Document will, until signed, serve as an administrative
instrument to guide and organize the Parties’ deliberations regarding the proposed
Change. However, the final Change Management Document that is signed will be limited
to defining the Change itself (including all impacts to compensation). Accordingly,
before being signed and becoming effective, each Change Management Document will be
reviewed and revised to delete Section A (of Exhibit U-1) and any other terms other
than the agreed terms of the Change. |
3.9 |
|
All Change Management Documents will be logged and documented by Vendor and designated, as
specified by ACI, within one of the following priority categories: |
[ * ]
Unless otherwise specified by ACI in writing on a case-by-case basis, work under Change
Management Documents of a higher priority will take precedence over work under Change
Management Documents of a lower priority.
4.2 |
|
Notwithstanding any term or condition of this Schedule U to the contrary, if ACI exercises
its right to require a Mandatory Change, it will deliver a Change Notice to Vendor that
describes the nature of the required Mandatory Change in sufficient detail to allow for Vendor
to commence implementation thereof, expressly designates the Change as a Mandatory Change and
authorizes Vendor to commence such implementation (the “Mandatory Change Notice”).
Unless otherwise instructed by ACI in the Mandatory Change Notice, Vendor will begin
implementing the Mandatory Change immediately after receipt of the Mandatory Change Notice. |
4.3 |
|
Vendor’s preparation and the Parties’ finalization of the Change Management Document for a
Mandatory Change will take place concurrently with Vendor’s implementation of the Mandatory
Change. Vendor shall also prepare and deliver to ACI a good faith estimate of the impact on
the Charges as a result of implementation of the Mandatory Change. |
4.4 |
|
If the Parties are unable to agree on the impact on the Charges within thirty (30) days after
the Mandatory Change Notice, then (i) Vendor will charge ACI for the work performed at the
rates listed in Schedule C (Charges) for the level of resource that is reasonably required to
complete the Mandatory Change, plus reasonable out-of-pocket expenses, pre-approved by ACI in
writing, directly attributable to the Mandatory Change until such time as the Parties agree,
as documented under this Contractual Change Control Procedure, to the actual costs of the
Mandatory Change and (ii) either Party may consider such failure to agree to be a dispute, and
may escalate such dispute for resolution in accordance with Article 20 of the Agreement.
Promptly following the resolution of such dispute, the Parties shall conduct a true-up process
to reconcile the Charges paid by ACI for such Mandatory Change with the ultimate resolution of
the dispute. |
Confidential
Schedule U — Change Control Procedure
5.1 |
|
Notwithstanding anything to the contrary in the Agreement, the Procedures Manual, or ACI’s
existing procedures, Vendor will not make any Change that has a material adverse affect on the
functions or performance, or materially decreases the operational efficiency, of the Services,
including the implementation of technological Changes, without first obtaining ACI’s written
approval, except as described in Section 5.2 below. |
5.2 |
|
Emergency Changes may be needed in exceptional circumstances. In such a circumstance, Vendor
must make commercially reasonable efforts to obtain approval prior to making the Change from
the ACI Contract Executive or another ACI Relationship Management Team member. If none are
available, and in the opinion of the Vendor, a delay in implementing the Change is reasonably
likely to result in some material failure of a Service obligation, breach of ACI information
security, violation of Applicable Law or other material adverse impact to ACI or its business,
Vendor may make the Change, and then report the incident to ACI at the first opportunity, and
prepare a Change Management Document form in accordance with this Schedule U. |
Each Change Request and Change Management Document will be tracked using a Vendor assigned
reference number. Vendor will:
|
(A) |
|
Prepare a monthly report listing any open Change Requests or Change Management
Documents; |
|
(B) |
|
Inform ACI, in writing, of the completion of approved Changes; and |
|
(C) |
|
Provide testing and demonstration of the completed implementation as agreed by
the Parties. |
* * * * *
Confidential
Schedule U — Change Control Procedure
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2 PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
EXHIBIT U-1
FORM OF CHANGE MANAGEMENT DOCUMENT
* Represents
two pages of redacted tabular data
|
|
|
|
|
|
|
SECTION C. APPROVALS |
|
|
|
|
|
|
|
|
|
|
|
ACI WORLDWIDE, INC. |
|
INTERNATIONAL BUSINESS MACHINES CORPORATION |
|
|
|
|
|
|
|
By:
|
|
|
|
By:
|
|
|
|
|
|
|
|
|
|
Name:
|
|
|
|
Name:
|
|
|
|
|
|
|
|
|
|
Title:
|
|
|
|
Title:
|
|
|
|
|
|
|
|
|
|
Confidential
Exhibit U-1 — Form of Change Management Document
SCHEDULE V
IN-FLIGHT PROJECTS
This Schedule describes the Projects to be performed under this Agreement and the overall
Project management process that will be implemented in order to support delivery of such
Projects. Vendor shall be responsible for such Projects as of the Service Tower
Commencement Date.
Projects for which there is a Baseline set forth in Schedule C (Charges) and listed herein
as of the Service Tower Commencement Date are included within the Annual Services Charge
(“In-scope Projects”). Any additional Projects may be chargeable as set forth in this
Agreement.
|
(1) |
|
assess project schedules and budgets for completeness and
viability; |
|
(2) |
|
for those projects that do not meet the project schedule and budget
criteria, provide an action plan for ACI’s approval; and |
|
(3) |
|
perform project activities set forth in the plan based upon ACI’s
project prioritization. |
|
(1) |
|
review and approve the action plan provided by Vendor for those
In-scope Projects which do not meet the project schedule and budget criteria; and |
|
(2) |
|
review and reprioritize In-scope Projects, as appropriate, and
notify Vendor. |
3. |
|
PROJECT MANAGEMENT PROCESS |
|
a. |
|
Vendor’s Project management process is based upon the premise that the Vendor
Delivery Project Executive has overall responsibility and accountability to meet the
agreed upon quality, cost, schedule and technical objectives of the Project. |
|
b. |
|
ACI and Vendor will each assign an individual to a Project (each a “Project
Manager” and collectively the “Project Managers”) who has the authority to represent
and bind ACI and Vendor, respectively, for that Project and who will have specific
operational roles as described below and further delineated in the Project Plan. A
Project Manager may be assigned to oversee more than one Project at a time. ACI and
Vendor will each provide the other reasonable advance written notice of a change to
their respective Project Manager and will discuss any objections the other has to such
change. |
|
c. |
|
ACI and Vendor will develop a Project Plan as specified in Section 5 (Project
Plan) below, as applicable. Upon ACI’s and Vendor’s signature of such Project Plan,
the Project Plan will be assigned a sequential number and will be attached to, and
become a part of, this Schedule, for example, Project Plan V-1 (Title), Project Plan
V-2 (Title). The terms and conditions of this Agreement will apply to all Projects,
except to the extent expressly amended by the applicable Project Plan. |
Confidential
Schedule V — In-Flight Projects
Page 1 of 7
|
a. |
|
Vendor Responsibilities |
The Vendor Project Manager will:
|
(1) |
|
be the single point of contact to ACI for establishing and
maintaining communications through the ACI Project Manager regarding the Project; |
|
(2) |
|
develop the detailed Project Plan in conjunction with the ACI
Project Manager; |
|
(3) |
|
measure, track and evaluate progress against the Project Plan; |
|
(4) |
|
maintain files of the Project Plan and any associated
documentation; |
|
(5) |
|
manage the Project for Vendor including planning, directing, and
monitoring all Project activities; |
|
(6) |
|
establish the Vendor Project team and, in conjunction with the ACI
Project Manager, orient team members regarding the Project management process and
the Project Plan, including individual responsibilities, deliverables and
schedules; |
|
(7) |
|
provide operational guidance to, manage and be accountable for the
performance of Vendor’s employees and Approved Subcontractors assigned to the
Project; |
|
(8) |
|
define and monitor the support resources required for the Project; |
|
(9) |
|
implement all changes consistent with the Project change control
process set forth in Section 6 (Change Control Process) below; |
|
(10) |
|
resolve deviations from the Project Plan with the ACI Project
Manager; |
|
(11) |
|
identify and address Project issues with the ACI Project Manager; |
|
(12) |
|
plan, schedule, conduct and participate in periodic Project
planning, review, and status meetings, as applicable, including review of the
Work Products being produced; |
|
(13) |
|
coordinate and schedule the attendance of Vendor’s employees and
Approved Subcontractors, as appropriate, at such periodic planning, review, and
status meetings; and |
|
(14) |
|
provide periodic written status reports to ACI that provide
information such as schedule status, technical progress, issue identification and
related action plans. |
The ACI Project Manager will:
|
(1) |
|
be the single point of contact for the management of ACI’s
obligations under the Project; |
|
(2) |
|
serve as the interface between the Project team members and ACI’s
business functions, units, or Affiliates participating in the Project; |
|
(3) |
|
define ACI’s business and technical requirements for each Project; |
|
(4) |
|
assist Vendor in Vendor’s development of the detailed Project Plan
and validate that the Project Plan meets ACI’s business and technical
requirements; |
Confidential
Schedule V — In-Flight Projects
Page 2 of 7
|
(5) |
|
establish the ACI Project team and, in conjunction with the Vendor
Project Manager, orient team members regarding the Project management process and
the Project Plan, including individual responsibilities, deliverables, and
schedules; |
|
(6) |
|
provide operational guidance to, manage and be accountable for the
performance of ACI’s employees and Approved Subcontractors assigned to the
Project; |
|
(7) |
|
implement all changes consistent with the Project change control
process set forth in Section 6 (Change Control Process) below; |
|
(8) |
|
participate in and provide necessary support during periodic
Project planning, review, and status meetings, as scheduled by Vendor; |
|
(9) |
|
obtain and provide information, data, decisions and approvals,
within the agreed time period, which, for existing Projects, will be within five
Business Days of Vendor’s request, unless otherwise mutually agreed; |
|
(10) |
|
coordinate and schedule the attendance of ACI employees and
Approved Subcontractors, as appropriate, at planning, review, and status meetings
scheduled by Vendor; |
|
(11) |
|
identify and address Project issues with the Vendor Project
Manager; |
|
(12) |
|
escalate Project issues within ACI’s management as needed; |
|
(13) |
|
assist Vendor in resolution of deviations from the Project Plan; |
|
(14) |
|
participate in periodic Project reviews, as requested by Vendor;
and |
|
(15) |
|
review the deliverables to determine if they meet the Completion
Criteria set forth in the applicable Project Plan and, within the specified time
frame, inform the Vendor Project Manager in writing of the results of such
review. |
A Project Plan should contain the following information:
This section will identify ACI’s and Vendor’s respective Project Managers including
name, address, telephone number, pager number, and fax number.
|
b. |
|
Purpose and Scope of Work |
This section will provide a summary of the overall purpose of the Project and define
the scope of work to be performed.
|
c. |
|
Assumptions and Dependencies |
This section will describe any key assumptions or dependencies upon which the Project
was based or is dependent upon for successful completion, or both.
This section will define any terms specific to the Project.
|
e. |
|
Vendor Responsibilities |
This section will describe the responsibilities that Vendor is required to perform in
order to complete the Project.
Confidential
Schedule V — In-Flight Projects
Page 3 of 7
This section will describe the responsibilities that ACI is required to perform in
order to complete the Project.
|
g. |
|
Required Equipment and Materials |
This section will list all required equipment and materials including, hardware and
software, which ACI or Vendor must provide in order to facilitate completion of the
Project.
This section will provide a description of any items to be delivered by Vendor under
the Project.
This section will provide the estimated schedule for completion of the Project,
including any milestones and target dates for completion.
This section will state the Completion Criteria that Vendor must meet in order to
satisfy its obligations under the Project.
This section will specify the applicable charges, if any, for the Project (for
example, included within the Base Charge or performed for additional charges on a
fixed price or time and materials basis).
|
l. |
|
Additional or Unique Terms and Conditions |
This section will identify terms and conditions, if any, in addition to or different
from the terms and conditions of this Agreement.
6. |
|
CHANGE CONTROL PROCESS |
The change control process is part of the overall project management system which will be
implemented by Vendor to control changes to the Services. Either ACI or Vendor may request
a change to a Project subject to the following change control process:
|
a. |
|
A Project may be changed only by a writing signed by authorized
representatives of ACI and Vendor. |
|
b. |
|
All Project Change Requests (“PCRs”) to a Project will be submitted in
writing by the requesting Vendor or ACI Project Manager. The PCR will reference the
Project, describe at a reasonable level of detail the change, the rationale for the
change and the impact the change may have on the Project both if it is accepted and if
it is rejected. |
|
c. |
|
The Project Managers will review the PCR and either: |
|
(1) |
|
recommend approval of the change by authorized representatives of
ACI and Vendor signing the PCR. Upon such approval, the change will be
implemented; or |
Confidential
Schedule V — In-Flight Projects
Page 4 of 7
ACI WORLDWIDE, INC. HAS REQUESTED THAT THE
PORTIONS OF
THIS DOCUMENT DENOTED BY BOXES AND
ASTERISKS BE
ACCORDED CONFIDENTIAL TREATMENT
PURSUANT TO RULE 24b-2
PROMULGATED UNDER THE
SECURITIES EXCHANGE ACT OF 1934.
|
(2) |
|
agree in writing to submit the PCR for further investigation and to
pay Vendor for its reasonable charges, if any, for Vendor’s investigation. Such
investigation will determine the technical merits and the effect on price,
schedule, and other terms and conditions that may result from the implementation
of the PCR. ACI and Vendor will then agree to mutually approve or reject the
PCR. If ACI and Vendor do not agree, either Vendor or ACI may submit such PCR to
the Project Executives for resolution; or |
|
(3) |
|
reject the PCR. If rejected, the PCR will be returned to the
requesting Project Manager along with the reason for rejection. |
|
a. |
|
Vendor will notify ACI in writing when the Completion Criteria for a
deliverable has been met. |
|
b. |
|
ACI must inform Vendor, in writing, within ten Business Days following
receipt of Vendor’s notification if ACI believes Vendor has not met the Completion
Criteria, together with reasonable detail as to the reasons for such belief. |
|
c. |
|
The Vendor Project Manager will consider ACI’s timely request for revisions,
if any, within the context of Vendor’s obligations. |
|
d. |
|
ACI revisions, agreed to by Vendor, will be made and the Project deliverable
will be resubmitted to the ACI Project Manager, at which time such deliverable will be
deemed accepted. |
|
e. |
|
If Vendor does not receive written notice from ACI within the time frame
specified above, then the Project deliverable will be deemed accepted by ACI. |
[ * ]
* Represents
three pages of redacted tabular data
Confidential
Schedule V — In-Flight Projects
Page 5 of 7