AGREEMENT FOR OPERATIONS SUPPORT SERVICES
Exhibit 10.1
Equifax / IBM Confidential
AGREEMENT
FOR
This Agreement is entered into as of July 1, 2003 (the “Effective Date”), between
1. International Business Machines Corporation, a New York corporation (“IBM”),
AND
2. Equifax Inc., a Georgia corporation (“Equifax”).
This Agreement supersedes and replaces certain existing agreements between Equifax (or its Affiliates) and IBM (or its Affiliates), which are listed in Schedule M (Existing IBM-Equifax Agreements Superseded By This Agreement).
The Parties agree to the terms and conditions set forth in this Agreement (which are those set forth in the main body of this Agreement, and the various Schedules, Exhibits, Attachments, Appendices and Supplements attached to and referenced in this Agreement) and in each Statement of Work executed by the Parties referencing this Agreement.
The Commencement Date of the Services under this Agreement will be August 7, 2003. This Agreement is subject to ratification by the Equifax Board of Directors at its meeting to be held August 6, 2003. If such ratification does not occur, this Agreement shall be void ab initio and of no further force or effect.
Signed for and on behalf of IBM:
|
INTERNATIONAL BUSINESS MACHINES CORPORATION |
|||
|
|
|||
|
Signature: |
/s/ Xxxxxx X. Xxxxxxx |
|
|
|
|
|||
|
Title: |
/s/ Global Senior Project Executive (July 31, 2003) |
|
|
|
|
|||
|
Signed for and on behalf of Equifax: |
|||
|
|
|||
|
|
|||
|
Signature: |
/s/ Xxxx X. Xxxxx |
|
|
|
|
|||
|
Title: |
/s/ Chief Technology Officer (July 31, 2003) |
|
|
TABLE OF CONTENTS
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
Terms of Acquisition by IBM of Third Party Provider Software |
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
i
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
ii
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC. |
|
iii
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
iv
|
|
|
||
|
|
|
|
|
|
|
|
v
ATTACHMENTS**
Form of Local Enabling Agreement
|
Schedule |
|
Title |
|
|
|
|
|
A |
|
Services |
|
|
|
|
|
B |
|
Service Levels |
|
|
|
|
|
C |
|
Charges |
|
|
|
|
|
D |
|
Human Resources |
|
|
|
|
|
E |
|
Equipment |
|
|
|
|
|
F |
|
Software |
|
|
|
|
|
G |
|
Third Party Agreements |
|
|
|
|
|
H |
|
Facilities |
|
|
|
|
|
I |
|
Transition/Transformation |
|
|
|
|
|
J |
|
IT Management Process Improvement Program |
|
|
|
|
|
K |
|
Operational Reports |
|
|
|
|
|
L |
|
Governance |
|
|
|
|
|
M |
|
Existing IBM-Equifax Agreements Superseded By The Agreement |
|
|
|
|
|
N |
|
Projects |
|
|
|
|
|
O |
|
Services Transfer Assistance |
|
|
|
|
|
P |
|
Data Protection |
|
|
|
|
|
Q |
|
Country-Specific Regulatory and Legal Requirements |
|
|
|
|
|
R |
|
Listed Subcontractors |
|
|
|
|
|
S |
|
Disaster Recovery Services |
|
|
|
|
|
T |
|
Security Procedures |
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
vi
Equifax / IBM Confidential
1. PURPOSE/STRUCTURE/TERM OF AGREEMENT
(a) IBM is a provider of a broad range of operations support services for financial services companies including, without limitation, information technology, information management, communications and related services, and is experienced and skilled in the administration, management, provision and performance of such services and the business functions, responsibilities and tasks attendant with such services. IBM desires (i) to continue to provide certain of these operations support services to the Equifax Group for the Equifax Business, and to continue to perform and assume the functions, responsibilities and tasks attendant with such operations support services as currently performed by IBM for the Equifax Business and the Equifax Group; and (ii) to provide additional quantities and elements of these and other operations support services to the Equifax Group for the Equifax Business and to perform and assume the functions, responsibilities and tasks attendant with such operations support services as currently performed by the Equifax Group or as envisioned to be required for the Equifax Business and the Equifax Group, all as specifically set forth in this Agreement. Equifax desires that such operations support services for the Equifax Business and the Equifax Group and the attendant functions, responsibilities and tasks, be performed and assumed by IBM. This Agreement documents the terms and conditions under which (i) the Equifax Group will obtain such operations support services from IBM and (ii) IBM will administer, manage, support, provide and perform such services and the functions, responsibilities and tasks attendant with such services, for the Equifax Group.
(b) Subject to Section 1.1(d), the Parties have identified goals and objectives that they intend that IBM’s performance pursuant to this Agreement will assist the Parties to achieve. These goals and objectives include the following:
(i) Realigning of the scope of IBM’s services with Equifax Group’s business needs;
(ii) Providing world class service delivery based on industry best practices and standards, specifically aimed at improving information technology productivity and reliability, and speed to market of new products;
(iii) Achieving significant cost savings, beginning in 2003, and continuing from year to year, enabling resources to be redirected from maintaining legacy systems to new growth initiatives, including the development of new products;
(iv) Providing pricing structures that give Equifax Group better visibility into and control over its total life-cycle spending for information technology systems and platforms;
(v) A commitment by IBM to maintaining the technological currency of the information technology systems and resources used to perform the Services;
(vi) Providing market competitive pricing throughout the Term of this Agreement;
(vii) Establishing a global relationship and Agreement governance structure that shall facilitate the use of consistent approaches and processes across all the countries in which Equifax Group operates;
(viii) Achieving seamless service across the U.S., Canada and Europe that leverages IBM competency centers;
1
(ix) Establishing a single, integrated delivery model across geographies that minimizes the number touch-points between IBM and Equifax Group and eliminates the need for Equifax Group to function as an integrator;
(x) Delivering a solution that places risk on the Party in the best position to manage and control the risk;
(xi) Providing value-added strategic thought, vision and leadership from IBM;
(xii) Providing an opportunity to transition the Services back to the Equifax Group or to another service provider from IBM with minimal disruption;
(xiii) Delivering a solution that will enable IBM to be successful;
(xiv) Securing favorable rates for current and additional resource consumption and for reductions in resource consumption and increasing flexibility regarding resources chargeable and available to the Equifax Group and committed by IBM to the Equifax Group;
(xv) Enhancing the current functionality of the Equifax Group’s processes, systems and service levels covered under this Agreement;
(xvi) Proactively defining and proposing cost-effective solutions to improve the efficiency and functionality of the information management systems operations of the Equifax Group in support of the Equifax Business;
(xvii) Ensuring the efficiency, stability and security of existing and future processes, systems and service levels; and
(xviii) Evolving the support services, processes, systems and service levels to meet the dynamic requirements of the Equifax Group and Equifax Business.
(c) IBM recognizes that the Equifax Group expects to be treated as a valued customer and agrees that the definition of customer satisfaction goes beyond IBM’s performance against established service levels and requires that IBM exhibit a customer service attitude focused on assisting Equifax where commercially reasonable to attain the goals and objectives described in Section 1.1(b), including, without limitation, reducing the operations support costs of and improving service levels to the Equifax Group and the customers of the Equifax Group.
(d) The provisions of this Section 1.1 are intended to be a statement of the purpose of this Agreement and are not intended to alter the plain meaning of the terms and conditions of this Agreement or to require either Party to undertake performance obligations beyond those set forth in this Agreement. To the extent that the terms and conditions of this Agreement are unclear or ambiguous, such terms and conditions are to be interpreted and construed consistent with the purposes set forth in this Section 1.1.
1.2 Structure of Agreement
(a) For certain purposes under this Agreement, the Services will be grouped around the following technology Platforms: (i) Mainframe, Midrange, Parallel Systems, MicroLAN and Service Desk, which collectively comprise and are sometimes referred to as the “Operations” Service Tower; (ii) Voice and Data (including WAN, LAN and MAN), which collectively comprise and are sometimes referred to as the “Network” Service Tower; and (iii) Disaster Recovery, which is a cross-functional Service Tower that spans both the Operations and Network Service Towers.
2
(b) Although the scope of the Services does not include * as of the Execution Date, Equifax has agreed to purchase a certain amount of * from IBM under this Agreement. IBM has agreed to supply such services to Equifax and has included in the charges under Schedule C (Charges) a portion of the cost to Equifax of such work. Any * services ordered from IBM under this Agreement shall be authorized by a Statement of Work prepared and issued under this Agreement for such services, which Statement of Work will contain special terms and conditions applicable to the performance of the * work.
(c) This Agreement is comprised of the provisions set forth in this Agreement and the various Schedules, Exhibits, Attachments, Appendices and Supplements referenced herein.
(d) IBM and Equifax will be the primary contracting parties under this Agreement. Non-U.S. Affiliates of the Parties shall sign Local Enabling Agreements in order for the Services to be provided and received in their respective home countries in accordance with Section 17.17 of this Agreement.
(a) The term of this Agreement will begin as of the Effective Date and will terminate upon the later to occur of (a) the tenth (10th) anniversary of the Execution Date, or (b) the completion of the Services Transfer Assistance (the “Term”), unless earlier terminated in accordance with the provisions of this Agreement or extended pursuant to Section (a). The Commencement Date shall be August 7, 2003 for the Canada, Ireland, Spain, U.K and U.S. Country Locations. Equifax will remain responsible for the performance of the Services from the Execution Date to the Commencement Date for all Country Locations, and IBM will provide assistance to Equifax in managing the delivery of the Services during that period.
(a) Equifax may request and IBM will extend the provision of the Services or the Services Transfer Assistance for up to one (1) year (“Extension Period”) upon not less than sixty (60) days prior written notice before the scheduled termination or expiration of the provision of the Services or Services Transfer Assistance, or if applicable, notice given within thirty (30) days after the effective date of a notice of termination for any reason by either Party, other than Termination for Convenience. Equifax shall have three (3) such optional Extension Periods. The charges set forth in Schedule C (Charges), subject to adjustment and change as provided in Schedule C (Charges), shall apply during any Extension Periods. However, in the event Equifax is in default with respect to the payment of any amounts under this Agreement at the start of the Extension Period, IBM will extend the provision of such Services or Services Transfer Assistance as described in this Section 1.4, only if Equifax cures such default and prepays three (3) months of the Monthly Charges during such Extension Period and a reasonable projection of other charges due for such three (3) calendar months period. Equifax will be credited any unused portions of such prepayment for the remaining part of such Extension Period covered by such unused portion of such prepayment.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
3
2. DEFINITIONS
In this Agreement, the following terms will have the following meanings:
|
1998 Agreement |
|
Means that certain Master Agreement for Operations Support Services, dated January 1, 1998, as amended, between IBM and Equifax. |
|
|
|
|
|
Action |
|
has the meaning given in Section 17.7. |
|
|
|
|
|
* |
|
|
|
|
|
|
|
Affiliates |
|
means, with respect to a Party, any entity at any time Controlling, Controlled by or under common Control with such Party. |
|
|
|
|
|
Agreement |
|
means this Agreement for Operations Support Services, including all of the various Schedules, Exhibits, Attachments, Appendices and Supplements attached to and referenced herein and any Statements of Work issued under and referencing this Agreement. |
|
|
|
|
|
* |
|
|
|
|
|
|
|
Applications Software |
|
means those programs and programming, including all supporting documentation and media, that perform specific user related data processing, data management and telecommunications tasks, including updates, enhancements, modifications, releases and Derivative Works thereof. Applications Software as of the Execution Date is listed in Schedule F (Software). |
|
|
|
|
|
Applications Software — Equifax |
|
means the Applications Software provided by or through Equifax as of the Execution Date, as listed on Schedule F (Software) under such heading, or during the Term of this Agreement in accordance with Section 6.4. If additional Applications Software is provided by or through Equifax during the Term or if previously provided Applications Software is removed, Schedule F (Software) will be amended to reflect the addition or removal of such Applications Software in accordance with Sections 8.1 and 17.2. |
|
|
|
|
|
Applications Software — IBM |
|
means the Applications Software provided by or through IBM as of the Execution Date, as listed on Schedule F (Software) under such heading, or during the Term of this Agreement in accordance with Section 6.4. If additional Applications Software is provided by or through IBM during the Term or if previously provided Applications Software is removed, Schedule F (Software) will be amended to reflect the addition or removal of such Applications Software in accordance with Sections 8.1 and 17.2. |
|
|
|
|
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
4
|
Authorized User |
|
means a person or entity (which shall be either an Affiliate or a customer of Equifax or an entity in which an Equifax Group member is a joint venturer, partner, member or equity owner) authorized to use the Services, including without limitation the System, by Equifax. |
|
|
|
|
|
Baseline(s) |
|
has the meaning given in Schedule C. |
|
|
|
|
|
Cable or Cabling |
|
means the wires or cables that interconnect Machines and/or connect a Machine to a facility connection. |
|
|
|
|
|
Change of Control |
|
means the transfer of the Control of a Party, or a sale of substantially all of the assets of a Party, from the persons or persons who hold such Control on the Execution Date to another person or persons, but shall not include a transfer of the Control of a Party to an Affiliate of such Party. |
|
|
|
|
|
Claim |
|
has the meaning given in Section 14.6(a). |
|
|
|
|
|
Code |
|
has the meaning given in Article 10. |
|
|
|
|
|
Commencement Date |
|
means the date(s) on which IBM’s becomes responsible for performance the Services, which date may be different from one Country Location to another. |
|
|
|
|
|
Commercially Reasonable Efforts |
|
Whether or not capitalized, means taking such steps and performing in such a manner as a well managed company would undertake where such company was acting in a determined, prudent and reasonable manner to achieve a particular desired result for its own benefit. |
|
|
|
|
|
Company Information |
|
has the meaning given in Section 11.1. |
|
|
|
|
|
Confidential Information |
|
has the meaning given in Section 11.1. |
|
|
|
|
|
Contract Change |
|
means any change(s) to any of the documents comprising this Agreement, which shall be carried out as provided in Sections 17.2 and 8.1. |
|
|
|
|
|
Contract Year |
|
means any consecutive twelve (12) month period commencing on the Execution Date or any anniversary thereof during the Term. |
|
|
|
|
|
Control, Controlling, or Controlled |
|
means possessing, directly or indirectly, the power to direct or cause the direction of the management and policies of an entity through contractual right or ownership of greater than fifty (50%) percent of the voting securities of such entity. |
|
|
|
|
|
Country Location |
|
has the meaning given in Schedule C (Charges). |
|
|
|
|
|
Data Center |
|
means the data centers from which the Services are provided located in the Facilities listed in Schedule H (Facilities). |
|
|
|
|
|
Derivative Work |
|
means a work based on one or more pre-existing works, including without limitation, a condensation, transformation, expansion or adaptation, which would constitute a copyright infringement if prepared without authorization of the owner of the copyright of such pre-existing work. |
|
|
|
|
|
Develop |
|
has the meaning given in Article 10. |
|
|
|
|
|
Direct Damages |
|
has the meaning given in Section 13.3. |
|
|
|
|
|
Direct Damages Caps |
|
has the meaning given in Section 13.1(b). |
5
|
Disabling Code |
|
means Code which is designed for the purpose and has the effect of disabling or otherwise shutting down one or more software programs or systems and/or hardware or hardware systems. |
|
|
|
|
|
Disaster Recovery |
|
means the cross-functional Service Tower that is composed of the Disaster Recovery Services as specified in Schedule S for the environment that spans both the Operations and Network Service Towers. |
|
|
|
|
|
Disaster Recovery Services |
|
means the Disaster Recovery Services described in Schedule A (Services) and/or Schedule S (Disaster Recovery Services). |
|
|
|
|
|
Effective Date |
|
means the date set forth on the initial page of this Agreement. |
|
|
|
|
|
Elements of the Services |
|
has the meaning given in Section 17.14. |
|
|
|
|
|
EMU Matters |
|
means the failure of any product or service to correctly process or properly exchange monetary data in euro denominations accurately. |
|
|
|
|
|
Equifax |
|
Means one or more members of the Equifax Group, as the context requires, unless it is clear from the context that the term “Equifax” is instead intended to mean Equifax Inc. in that particular instance. |
|
|
|
|
|
Equifax Business |
|
means the businesses engaged in by the Equifax Group. |
|
|
|
|
|
Equifax Code |
|
means Code Developed by IBM and/or its subcontractors independently or jointly with the Equifax Group and/or their contractors, as part of the Services. Equifax Code shall not include any IBM Derivative Code. |
|
|
|
|
|
Equifax Data |
|
means all information, whether or not Confidential Information, entered in Software or Machines by or on behalf of Equifax and information derived from such information, including as stored in or processed through the Machines or Software. |
|
|
|
|
|
Equifax Direct Damages Cap |
|
has the meaning given in Section 13.1(b). |
|
|
|
|
|
Equifax Derivative Code |
|
means Code Developed by IBM and/or its subcontractors independently or jointly with the Equifax Group and/or their contractors, as part of the Services, which constitutes Derivative Work of software for which the copyright is owned by the Equifax Group and/or their contractors. |
|
|
|
|
|
Equifax Group |
|
means individually and collectively Equifax and its existing and future Affiliates that are using and/or receiving any portion of the Services. |
|
|
|
|
|
Equifax Owned Software |
|
means Software that is owned by Equifax. |
6
|
Equifax Provided Hardware |
|
means the computer equipment peripheral devices, storage media, Cabling, connectors, the Data Network, the LAN, telephone equipment and other equipment (however described) provided from time to time by the Equifax Group for use by IBM to perform and deliver the Services and fulfill its obligations under this Agreement. The Equifax Provided Hardware as of the Execution Date is listed on and/or referred to in Schedule E (Machines). If additional Equifax Provided Hardware is added or previously provided Equifax Hardware is removed during the Term of this Agreement in accordance with Section 6.4, Schedule E (Machines) shall be updated pursuant to Sections 8.1 and 17.2 to reflect the then-current Equifax Provided Hardware. |
|
|
|
|
|
Equifax Provided Office Furnishings |
|
means the desks, chairs, filing cabinets, office cube partitions and other office furniture (however described) provided from time to time by the Equifax Group for use by IBM to perform and deliver the Services and fulfill its obligations under this Agreement. The Equifax Provided Office Furnishings as of the Execution Date are listed on and/or referred to in Schedule E (Machines). If additional Equifax Provided Hardware is added or previously provided Equifax Hardware is removed during the Term of this Agreement in accordance with Section 6.4, Schedule E (Machines) shall be updated pursuant to Sections 8.1 and 17.2 to reflect the then-current Equifax Provided Office Furnishings. |
|
|
|
|
|
Equifax Retained Function |
|
means any Process-Element intersection in the Scope Models in Schedule A (Services) in which Equifax is designated as the Actor or for which IBM is not designated as the Actor. |
|
|
|
|
|
Equifax Software |
|
means Applications Software-Equifax and Systems Software-Equifax. |
|
|
|
|
|
Equifax Works |
|
means literary works of authorship (other than Code) Developed by IBM and/or its subcontractors independently or jointly with the Equifax Group and/or its contractors under this Agreement, specifically for the Equifax Group or the Equifax Business or specifically for the purpose of providing the Services, including without limitation user manuals, charts, graphs and other written documentation, and machine-readable text and files, but shall not include any Derivative Works of any works in which the copyright is owned by IBM, its Affiliates or subcontractors. |
|
|
|
|
|
Euro-Ready |
|
means that a product or service, when used in accordance with its associated documentation and used properly in accordance with its specifications, will correctly process monetary data in the euro denomination and will perform in accordance with the euro currency formatting conventions including the euro sign assuming that all other products (i.e. hardware, software, firmware, etc.) that are used with this product are also Euro-Ready. |
|
|
|
|
|
Execution Date |
|
means the date this Agreement is signed by both Parties. |
|
|
|
|
|
Extension Period |
|
has the meaning given in Section 1.4. |
|
|
|
|
|
Facilities |
|
means the facilities listed in Schedule H (Facilities). |
|
|
|
|
|
Force Majeure Event |
|
has the meaning given in Section 17.3(a). |
7
|
IBM |
|
Means any or all of International Business Machines Corporation and its Affiliates, as the context requires, unless it is clear from the context that the term “IBM” is instead intended to mean International Business Machines Corporation in that particular instance. |
|
|
|
|
|
IBM Code |
|
means Code Developed by IBM personnel at IBM’s expense and not as part of the Services, but used to provide the Services, which code does not constitute a Derivative Work of any software owned by the Equifax Group, IBM, or their respective Affiliates or contractors or subcontractors. IBM Code shall not include any Equifax Derivative Code. |
|
|
|
|
|
IBM Derivative Code |
|
means Code Developed under this Agreement, which constitutes Derivative Works of software for which the copyright is owned by IBM, its Affiliates or its subcontractors. |
|
|
|
|
|
IBM Direct Damages Cap |
|
has the meaning given in Section 13.1(a)(i). |
|
|
|
|
|
IBM Euro-Ready |
|
means that an IBM Logo product, when used in accordance with its associated documentation and used properly in accordance with its specifications, will correctly process monetary data in the euro denomination and will perform in accordance with the euro currency formatting conventions including the euro sign assuming that all other products (i.e. hardware, software, firmware, etc.) that are used with this product are Euro-Ready. IBM hardware products that are IBM Euro-Ready may or may not have an engraved Euro sign key on their keyboards. |
|
|
|
|
|
IBM Indemnitees |
|
has the meaning given in Section 14.2. |
|
|
|
|
|
IBM Interfaces |
|
means Code and/or literary works of authorship created at IBM’s expense, by IBM personnel and/or its contractors and not as part of the Services, but used to provide the Services, and interface or describe and instruct regarding the interface, between and among Applications Software and the Systems Software, which does not constitute a Derivative Work of any software or literary works of authorship owned by the Equifax Group, IBM, or their respective Affiliates or contractors, including without limitation, user manuals, charts, graphs and other written documentation, and machine-readable text and files. |
|
|
|
|
|
IBM Logo Products |
|
has the meaning given in Section 4.11. |
|
|
|
|
|
IBM Machines |
|
means the computer equipment, peripheral devices, storage media, cabling, connectors, extenders and other equipment (however described) including without limitation, modems, routers and termination boxes for the Network located in the Facilities and other Equifax Group Sites, including without limitation Data Center and at the Network Locations, provided by or through and used from time to time by IBM to perform and deliver the Services and fulfill its obligations under this Agreement. The IBM Machines as of the Execution Date are listed on Schedule E (Machines), which schedule shall be updated pursuant to Section 8.1 during the Term to reflect the then current IBM Machines. |
|
|
|
|
|
IBM Software |
|
means the Applications Software—IBM and Systems Software—IBM. |
8
|
IBM Year 2000 Compliance or Compliant |
|
means that the product will, subject to the provisions of Section 4.9(b)), when used in accordance with its associated documentation, (i) accurately process and handle date data (including but not limited to, calculating, comparing and sequencing, to the extent that the product’s specifications provide for such processing or handling of date data) within, from, into and between the twentieth and twenty-first centuries, and the years 1999 and 2000, including leap year calculations, to the extent that all other products used in combination with such product properly exchange date data with it, and (ii) will properly exchange date data with other IBM Logo Products that are IBM Year 2000 Compliant, provided that such IBM Logo Products are specified by IBM to operate together as part of a system. |
|
|
|
|
|
IBM Works |
|
means literary works of authorship (other than Code) Developed at IBM’s expense, by IBM personnel and/or its contractors and not specifically for the Equifax Group or the Equifax Business or not specifically for the purpose of providing the Services, but used to provide the Services, including without limitation user manuals, charts, graphs and other written documentation and machine-readable text and files, but shall not include any Derivative Works of any works in which the copyright is owned by Equifax or its Affiliates or subcontractors. |
|
|
|
|
|
Indemnified Party |
|
has the meaning given in Section 14.4. |
|
|
|
|
|
Indemnifying Party |
|
has the meaning given in Section 14.5(a). |
|
|
|
|
|
Indemnitee |
|
has the meaning given in Section 14.1. |
|
|
|
|
|
Key IBM Personnel Positions |
|
means those personnel furnished by IBM to perform the Services who occupy positions designated as Key IBM Personnel Positions in Schedule D (Human Resources) or pursuant to Section 7.3. |
|
|
|
|
|
Knowledge Retention Personnel |
|
Has the meaning given in Section 7.4(a). |
|
|
|
|
|
Listed Subcontractors |
|
has the meaning given in Section 8.6(a). |
|
|
|
|
|
Local Enabling Agreements |
|
has the meaning given in Section 17.17. |
|
|
|
|
|
Losses |
|
means all losses, liabilities, damages, penalties and claims (including taxes and all related interest and penalties incurred directly with respect thereto), and all related costs, expenses and other charges *. |
|
|
|
|
|
Machines |
|
Means the IBM Machines and Equifax Provided Hardware. |
|
|
|
|
|
Maintenance Release |
|
Means those Software fixes and updates provided by the Software vendors as part of normal maintenance service for the Software for which there is no charge by such vendors in addition to periodic maintenance charges, if any. |
|
|
|
|
|
Materials |
|
Means the Equifax Code, the Equifax Derivative Code, the Equifax Works, the IBM Code, the IBM Derivative Code, the IBM Works and the IBM Interfaces. |
|
|
|
|
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
9
|
MicroLan |
|
means desktop support. For the avoidance of doubt, the terms “MicroLan,” and “Desktop” are used interchangeably in this Agreement. |
|
|
|
|
|
Network |
|
means the Service Tower that is composed of the Voice and Data (i.e., WAN, LAN and MAN) Platforms, as such Platforms are defined in Schedule C. |
|
|
|
|
|
New Services |
|
has the meaning given in Section 10.1 of Schedule C (Charges). |
|
|
|
|
|
Notice |
|
has the meaning given in Section 16.1(b). |
|
|
|
|
|
Operations |
|
means the Service Tower that is composed of the Mainframe, Mid-Range, Parallel Systems, MicroLan and Service Desk Platforms, as such Platforms are defined in Schedule C. |
|
|
|
|
|
Parties |
|
means IBM and Equifax. |
|
|
|
|
|
Party |
|
means IBM or Equifax. |
|
|
|
|
|
Platform |
|
is a term used in certain circumstances under this Agreement to subdivide the Services comprising a Service Tower (i.e., Operations, Network or Disaster Recovery) into sub-groups/clusters of Services. |
|
Project |
|
has the meaning given in Schedule N (Projects). |
|
|
|
|
|
Project Executive |
|
has the meaning given in Section 7.1. |
|
|
|
|
|
Required Consents |
|
means any consents or approvals required to be obtained (a) to allow IBM, its Affiliates and its approved subcontractors to assume financial and/or support, operational, management and administrative responsibility for the Equifax Software, the Equifax Provided Hardware and the Equifax Provided Office Furnishings in connection with the Services; (b) for the licensing, transfer and/or grant of the right to the Equifax Group, as permitted by each license, to use the IBM Software and IBM Machines as contemplated by this Agreement; and (c) for the Equifax Group and IBM, its Affiliates and its approved subcontractors to have access to and use of the space, equipment, software and/or third party services provided under the Third Party Agreements in connection with the Services as contemplated by this Agreement. |
|
|
|
|
|
Resource Unit (“RU”) |
|
Has the meaning given in Schedule C (Charges). |
|
|
|
|
|
Service Level Credits |
|
has the meaning set forth in Schedule B (Service Levels). |
|
|
|
|
|
Service Employees |
|
has the meaning given in Section 12.5(g). |
|
|
|
|
|
Service Levels |
|
means the standards of performance to be met or exceeded by IBM in providing the Services. The Service Levels are set forth in Schedule B (Service Levels). |
|
|
|
|
|
Service Tower |
|
is a term used in certain circumstances under this Agreement to subdivide the Services into three high-level groups of Services: Operations, Network and Disaster Recovery. |
10
|
Services |
|
means all functions, responsibilities, tasks and activities: (a) described in this Agreement that are to be performed by IBM under this Agreement; or (b) that are directly related to information technology services and were performed for the Equifax Group in the immediately preceding twelve (12) months before the Execution Date by the Transferred Employees or by Equifax Group employees whose functions are assumed by IBM or displaced under this Agreement; or (c) that were performed or required to be performed by IBM and/or its Affiliates and subcontractors for the Equifax Group in the immediately preceding twelve (12) months prior to the Execution Date under the 1998 Agreement or any of the other agreements identified in Schedule M as being superseded by this Agreement; or (d) that were performed in the immediately preceding twelve (12) months before the Execution Date by assets conveyed or made available to IBM or displaced as a result of this Agreement. For the avoidance of doubt, the Parties agree that references in this definition to the 1998 Agreement and other agreements identified in Schedule M are for purposes of defining the scope of the Services under this Agreement-such references are not intended to incorporate by reference into this Agreement any legal terms and conditions of such agreements, all of which are superseded by this Agreement. |
|
|
|
|
|
Services Transfer Assistance |
|
has the meaning given in Section 12.5. |
|
|
|
|
|
Software |
|
means IBM Software and Equifax Software. |
|
|
|
|
|
Span Elements |
|
has the meaning provided in Schedule A (Services). |
|
|
|
|
|
Statement of Work |
|
has the meaning given in Schedule N (Projects). |
|
|
|
|
|
System |
|
means the Machines, Software and Network covered under this Agreement and the operating environment therefor. |
|
|
|
|
|
Systems Software |
|
means those programs and programming (including all supporting documentation and media) that perform tasks related to the functioning of the data processing, and telecommunication equipment which is used to operate the Applications Software or otherwise to support the provision of the Services by or through IBM under this Agreement, whether or not licensed to IBM. Systems Software may include but is not limited to, database creation and management software, application development tools, operating systems, software utilities, data security software, data network software, communications monitors and data base managers. Systems Software as of the Execution Date is listed in Schedule F (Software), which schedule shall be updated pursuant to Sections 8.1 and 17.2 during the Term to reflect the then current Systems Software. In Schedule A (Services), Systems Software is subdivided into and includes two groups of Software identified as “Platform Software” and “Infrastructure Software.” |
11
|
Systems Software —Equifax |
|
means the Systems Software and general purpose software such as the database creation and management software, utility software and applications development tools software provided by or through Equifax on the Execution Date, as listed in Schedule F (Software) under such heading, or during the Term of this Agreement in accordance with Section 6.4. If additional Systems Software is provided by or through Equifax during the Term or if previously provided Systems Software is removed, Schedule F (Software) will be amended to reflect the addition or removal of such Systems Software in accordance with Sections 8.1 and 17.2 |
|
|
|
|
|
Systems Software—IBM |
|
means the Systems Software provided by or through IBM on the Execution Date, as listed in Schedule F (Software) under such heading, or during the Term of this Agreement in accordance with Section 6.4. If additional Systems Software is provided by or through IBM during the Term or if previously provided Systems Software is removed, Schedule F (Software) will be amended to reflect the addition or removal of such Systems Software in accordance with Sections 8.1 and 17.2 |
|
|
|
|
|
Term |
|
has the meaning given in Section 1.3 and any extension and renewal term described in this Agreement. |
|
|
|
|
|
Termination Charges |
|
means the charges designated as such that are set forth in Exhibit C-8. |
|
|
|
|
|
Third Party Agreements |
|
means those contractual, leasing and licensing arrangements to which one or more members of the Equifax Group is a party and pursuant to which a member of the Equifax Group receives any third party products, software and/or services that IBM will need to access or use in providing the Services and for which IBM is assuming financial, management and/or administrative responsibility under this Agreement. Third Party Agreements in effect as of the Execution Date are listed on Schedule G (Third Party Agreements), which schedule shall be updated pursuant to Sections 8.1 and 17.2 during the Term to reflect the then-current Third Party Agreements. |
|
|
|
|
|
Third Party Provider |
|
means a business or entity other than a member of the Equifax Group or IBM and its Affiliates that provides products, software and/or services under a Third Party Agreement, in support of the provision of the Services by IBM. |
|
|
|
|
|
Third Party Service Agreements |
|
means those Third Party Agreements, excluding leases and license agreements, pursuant to which a member of the Equifax Group receives third party services that IBM will need to access or use in providing the Services and for which IBM is assuming financial, management and/or administrative responsibility under this Agreement. Third Party Services Agreements in effect as of the Execution Date are listed on Schedule G (Third Party Agreements), which schedule shall be updated pursuant to Sections 8.1 and 17.2 during the Term to reflect the then-current Third Party Service Agreements. |
|
|
|
|
|
Transferred Employees |
|
has the meaning given in Section 5.2. |
|
|
|
|
|
Trade Secrets |
|
has the meaning given in Section 11.1. |
|
|
|
|
|
Transition Cover Costs |
|
has the meaning given in Section 13.3(b). |
12
|
Transition Personnel |
|
has the meaning given in Section 5.1(e). |
|
|
|
|
|
Transformation/ Transformation Plan |
|
has the meaning given in Section 5.1(a). |
|
|
|
|
|
Use |
|
means, in the context of Software, to use, copy, maintain, modify, enhance, distribute or create Derivative Works as permitted under the license for such Software. |
|
|
|
|
|
Version |
|
means those Software updates that generally add function to the existing Software and may be provided by the Software vendors at a fee over and above the standard periodic software maintenance costs. |
|
|
|
|
|
Virus or Viruses |
|
means computer instructions that are intended, designed and have the effect of adversely affecting the specified operation, security or integrity of a computing, telecommunications or other digital operating or processing system or environment. |
|
|
|
|
|
Wind-Down Expenses |
|
means the net amount, after IBM takes commercially reasonable action to mitigate the amount thereof, that will reimburse IBM for the actual reasonable costs for severance, relocation and unbillable time that IBM incurs in the placement on other customer accounts or severance of IBM personnel primarily employed to provide the Services; provided, however, Equifax shall have the right to mitigate such costs by hiring such IBM personnel. |
2.2 Other Terms
Other capitalized terms used in this Agreement are defined where they are used and have the meanings there indicated. Those terms, acronyms and phrases not defined in this Agreement but in common usage in the information technology (“IT”) industry or other pertinent business context shall have their generally understood meanings in the IT industry.
3. THE SERVICES
3.1 Obligation to Provide Services
(a) Starting on the Commencement Date in each Country Location and continuing during the Term, IBM shall provide the Services to, and perform the Services for, the Equifax Group, for use by the Equifax Group and other Authorized Users.
(b) In performing and providing the Services, the relationship of IBM with the members of the Equifax Group will be as an independent contractor. However, as a result of its position in providing and performing the Services, the Parties acknowledge that certain employees of IBM and each of its Affiliates providing portions of the Services may have a unique knowledge of the information technology operations of the members of the Equifax Group that no employee of a member of the Equifax Group will have in full, and employees of IBM and each of its Affiliates providing portions of the Services will be interacting with the employees, executive management and accountants to the Equifax Group and the members thereof, and will be performing functions that would otherwise be performed by employees of the Equifax Group.
13
(c) There may be functions, responsibilities, activities and tasks not specifically described in this Agreement which are required for the proper performance and provision of the Services and are an inherent part of, or a necessary sub-part included within, the Services. To the extent such functions, responsibilities, activities and tasks either (i) were performed during the twelve (12) months preceding the Commencement Date by Equifax personnel (employees and contractors) or assets transitioned or made available to IBM or displaced as a result of this Agreement or (ii) are determined to be required for the proper performance and provision of the Services or are an inherent part, or a necessary sub-part included within, the Services, such functions, responsibilities, activities and tasks shall be deemed to be implied by and included within the scope of the Services to the same extent and in the same manner as if specifically described in this Agreement. Each such determination shall be made by agreement of the Parties or resolved pursuant to the dispute resolution provisions of Article 16. For the avoidance of doubt: (i) this Section 3.1(c) shall not be interpreted to include as deemed parts of the Services any functions, responsibilities, activities or tasks that are not related to the provision of information technology services — for example, managing the company’s annual charitable fund-raising campaign; and (ii) IBM’s obligations with respect to the interpretation of or compliance with laws and regulations as they apply to the Equifax Business shall be limited to those obligations expressly set forth in this Agreement, the criteria in this Section 3.1(c) notwithstanding.
(d) IBM shall refresh and supplement the infrastructure, tools, and other factors of production used by IBM in providing its services in order to keep pace with technological advances and advances in the methods of delivering services, where such advances are at the time pertinent and in general use within the information technology industry to enable Equifax to take advantage of technological advancements in its industry and support Equifax’s efforts to maintain competitiveness in the markets in which it competes. For the avoidance of doubt, this provision does not apply to Span Elements for which a specific refresh schedule has been provided or for which Equifax has retained financial responsibility for refreshment.
3.2 Performance
IBM agrees to perform the Services in a manner that will meet or exceed each of the applicable Service Levels set forth in Schedule B (Service Levels), subject to the limitations and in accordance with the provisions set forth in this Agreement, and to standards satisfied by well-managed operations performing services similar to the Services. IBM further agrees that it shall perform the Services at least at the same level and with at least the same degree of accuracy, quality, completeness, timeliness, responsiveness and efficiency as was provided prior to the Commencement Date by or for Equifax provided Equifax can demonstrate to IBM such levels and degrees utilizing data for the twelve (12) months immediately preceding the Commencement Date.
3.3 Disaster Recovery Services
IBM will provide Disaster Recovery Services in accordance with Schedules A and S. If IBM fails to provide Disaster Recovery Services to the extent and in accordance with the time table set forth in Schedule A (Services) or Schedule S (Disaster Recovery Services) for a period as set forth in Schedule A (Services) or Schedule S (Disaster Recovery Services), Equifax will be entitled, at its election, to terminate the portion of this Agreement (including Schedule S (Disaster Recovery Services)) relevant to the affected Service Tower within the affected country pursuant to Section 12.1(a) (without giving the notices and observing the cure periods set forth in Section 12.1(a)) upon written notice to IBM. If the Services for the Operations and/or Network
14
Service Towers are terminated, Equifax shall have the right to terminate the corresponding Disaster Recovery Services described in Schedules S and A on the same basis. If Equifax elects to terminate as described in this Section 3.3, Equifax shall give notice to IBM of such election within thirty (30) days after the occurrence of the event on which such termination is based. In the event termination of this Agreement is authorized under this Section 3.3, Equifax shall not be required to pay any Termination Charges or Wind-Down Expenses to IBM. Such termination shall not constitute the sole and exclusive remedy of Equifax for such failure of performance by IBM.
3.4 Audits
(a) IBM shall maintain a complete audit trail of all financial and non-financial transactions resulting from this Agreement. IBM will assist the Equifax Group in meeting their respective audit and regulatory requirements, including providing access to the Facilities and IBM’s and its Affiliates’ books and records, to enable the Equifax Group and its auditors and examiners, to conduct appropriate audits and examinations of the Equifax Group’s operations and IBM’s and its Affiliates’ operations relating to the performance of the Services, and to: (i) verify the accuracy of IBM’s charges and credits to Equifax; (ii) verify the integrity of Equifax Group Data and examine the systems that process, store, support and transmit that data; (iii) verify that the Services are being provided in accordance with this Agreement; and (iv) as otherwise necessary to enable Equifax to meet, or to confirm that IBM is meeting, applicable regulatory and other legal requirements. Without limiting the generality of the preceding sentence, in conducting such audits and examinations, the Equifax Group and its auditors and examiners shall have the right to audit or examine relevant practices and procedures; systems, Machines and Software; and supporting information and calculations regarding compliance with Service Levels; general controls and security practices and procedures; disaster recovery and back-up procedures; provided, however, that neither Equifax nor its auditors will be allowed access to other IBM or IBM Affiliates customers’ records or IBM confidential and proprietary data; but provided further that nothing in this Agreement shall limit or restrict Equifax’s or IBM’s rights in discovery proceedings pursuant to any civil litigation. Such access will require forty-eight (48) hour written notice to IBM and will be provided at reasonable hours. If any audit or examination reveals that IBM’s invoices for the audited period are not correct (other than amounts in dispute pursuant Schedule C (Charges)), IBM shall promptly reimburse Equifax for the amount of any overcharges, or Equifax shall promptly pay IBM for the amount of any undercharges. If any such audit activities interfere with IBM’s ability to perform the Services in accordance with the Service Levels, IBM shall be relieved of such performance obligations to the extent caused by such audit activity. If the assistance required of IBM shall cause IBM to expend resources and incur additional costs to provide such assistance that are not within the scope of the Services and Resource Unit Baselines, Equifax shall reimburse IBM for such costs.
(b) If the exercise by the Equifax Group of its audit rights under Section 3.4(a) relates to functions performed by IBM’s subcontractors, IBM shall supply or cause to be provided to the Equifax Group (or its auditors or examiners, as applicable) the necessary information and, as required, arrange for the Equifax Group (or its auditors or examiners, as applicable) to have suitable access to IBM’s subcontractor’s facilities (under IBM’s accompaniment); provided, however, Equifax may request IBM to arrange such access only if part of the Services are performed at such subcontractor’s facility.
(c) Subject to Section 4.10, IBM agrees to make any changes to the Services and take other actions which are necessary in order to maintain compliance with laws or regulations applicable to its performance and provision of the Services. Subject to Section 4.10, Equifax may submit to IBM
15
findings and recommendations regarding changes to the Services necessary for the compliance by Equifax with applicable laws and regulations which IBM will analyze and consider in good faith. IBM shall promptly respond to Equifax regarding IBM’s evaluation and activity plan for such findings and recommendations.
(d) IBM shall conduct audits of or pertaining to the Services in such manner and at such times as is consistent with the audit practices of well managed operations performing services similar to the Services. IBM shall support Equifax’s conduct of SAS 70 (or similar or successor) audits to the extent the control objectives of such audits relate to functions performed by IBM under this Agreement.
(e) IBM shall make available promptly to Equifax the relevant portions of results of any * conducted by IBM or its Affiliates * or by inspectors or regulators, relating to the effectiveness of IBM’s * to the extent such * is relevant to the Services and indicates an impact to Equifax.
(f) Until the later of (i) three (3) years after expiration or termination of this Agreement; (ii) all pending matters relating to this Agreement (e.g., disputes) are closed; or (iii) the information is no longer required to meet Equifax’s records retention policy as disclosed by Equifax to IBM in writing and as such policy may be adjusted from time to time, IBM shall maintain and provide access upon request to the records, documents and other information required to meet Equifax’s audit rights under this Agreement.
3.5 IBM Cooperation with Authorized User Examinations
IBM acknowledges that Authorized Users frequently require the right to conduct security, disaster recovery and regulatory compliance examinations of Equifax information processing facilities and resources used to provide services to them or for their benefit. IBM agrees to cooperate with Equifax on behalf of Equifax’s Authorized Users in the conduct of such examinations and to provide them access to IBM facilities, personnel and systems used to provide and perform the Services as reasonably necessary for such Authorized Users (or their designated representatives) to conduct such examinations. All such access to such IBM facilities and resources used by IBM to provide and perform the Services shall be subject to (i) reasonable data and records protection and physical security measures and (ii) such Authorized Users’ employees, agents and representatives undertaking reasonable confidentiality requirements relating to such examinations.
3.6 Facilities
(a) IBM will not relocate the portion of the Services provided from the Facilities set forth in Schedule H (Facilities) without the prior written consent of Equifax as described in Section 5.3(g).
(b) During the Term, IBM will provide the Equifax Group with access upon prior notice to the portion of the Facilities used by IBM to provide and perform the Services (including, without limitation, the Data Center) in order for Equifax to provide tours of such portions of the Facilities and such tours will be conducted in a manner reasonably calculated not to interfere with IBM’s provision of Services.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
16
(c) IBM will provide reasonable access to the portion of the Facilities used by IBM to provide and perform the Services as necessary or appropriate for the performance, delivery and use of the Services by the Equifax Group and for the operation, maintenance, upgrade, support and use of any other Equifax hardware, software and other resources located in the Facilities (i) to the Equifax Group’s authorized employees, agents and representatives, and (ii) to Third Party Providers and third party vendors and suppliers of installation, maintenance, support and upgrade services, technology and hardware for the System and any other Equifax hardware, software and other resources located in the Facilities serviced thereby. To the extent practical in light of such installation, maintenance, support and upgrade requirements, Equifax will provide twenty-four (24) hours notice to IBM prior to any visits by such Third Party Providers and third party vendors and suppliers.
(d) All access to the portion of the Facilities under the control of IBM and used by IBM to provide and perform the Services (including, without limitation, the Data Center) shall be subject to (i) reasonable data and records protection and physical security measures (including Equifax physical security requirements) and (ii) such Equifax Group employees, agents and representatives and Third Party Providers and third party vendors and suppliers undertaking reasonable confidentiality requirements relating to such visits.
3.7 Security
IBM shall comply with Equifax’s standard policies and procedures and with applicable leases as these are made available to IBM in writing regarding access to and use of the Equifax Data and Equifax Facilities, including procedures for the physical security of the Equifax Facilities. Equifax will authorize all access to all Software operated by, and Company Information and other records of the Equifax Group in the possession of, IBM in support of the Services through the data and records security procedures as described in Schedule T (Security Procedures). IBM shall notify Equifax of the identity of each of the entities and personnel working with IBM to provide and perform the Services that are to be authorized access to Equifax Data or the Software utilized in support of the Services and the level of security access required by each. The Parties shall cooperate in administering security procedures regarding such access, in accordance with such Schedule. IBM will enable such access by persons as designated by Equifax and deny such access to all other persons, in accordance with such Schedule.
IBM will refresh the information technologies components of the Services (including both hardware and software components) as specifically provided in this Agreement. This Section 3.8 shall not affect or limit IBM’s obligations or authority to perform the repair, maintenance and upgrade functions and services as set forth in this Agreement.
3.9 Machines And Third Party Service Agreements
This Section 3.9 addresses the Parties’ respective rights in Machines and Third Party Service Agreements. Grant by Equifax to IBM of rights of use pursuant to this Section 3.9 shall be deemed to include, subject to the other provisions of this Agreement, grant of such rights to IBM’s Listed Subcontractors. Equifax Provided Hardware and Third Party Service Agreements made available to IBM are made available on an “as is, where is” basis, with no warranties whatsoever.
17
(a) Leased Existing Equifax Provided Hardware. With respect to leased Equifax Provided Hardware so designated in Schedule E (Machines) and subject to Section 8.2, Equifax grants to IBM during the remaining term of the applicable lease solely to the extent necessary for performing the Services, the rights of use of such Equifax Provided Hardware that Equifax has with respect to such Equifax Provided Hardware. IBM shall comply with the duties imposed on Equifax by such leases as made known to IBM in writing.
(b) Machine Acquisitions During the Term.
(i) IBM is not acquiring any existing non-personnel assets of Equifax Group as of the Commencement Date.
(ii) Subject to Section 3.9(a) and except as otherwise provided in the Financial Responsibilities Matrix set forth as Exhibit C-14 (Financial Responsibilities Matrix) of Schedule C (Charges), IBM shall acquire and shall be financially responsible for new Machines — including modifications, upgrades, enhancements, additions and replacements of existing Machines in IBM’s name — as necessary or appropriate to provide the Services. Such Machines shall be acquired in the name of IBM except as set forth in Section 3.9(b)(iii) and subject to modifications, upgrades and enhancements of leased Machines being treated in accordance with the governing lease.
(iii) With respect to Machine acquisitions for which Equifax is financially responsible as provided in the Financial Responsibilities Matrix set forth as Exhibit C-14 (Financial Responsibilities Matrix) of Schedule C (Charges), the Machines shall either be acquired by Equifax and made available to IBM for installation and operation or, alternatively, at Equifax’s election, such Machines shall be purchased by IBM, at the applicable vendor’s (third party or IBM) published list price at which such product may be purchased by the general public, plus a xxxx-up of five (5%) percent, in the name of Equifax unless Equifax expressly designates otherwise. With respect to Machines acquired in the name of Equifax pursuant to this Section 3.9(b)(iii), Equifax grants to IBM, during the Term, and (subject to Section 3.9(a) if such Machine is leased) solely to the extent necessary for performing the Services, the rights of use of such Machines that Equifax has with respect to such Machines.
(c) Third Party Service Agreements.
(i) In the case of any Third Party Agreement listed in Schedule G (Third Party Agreements) for which IBM is designated as having ‘Legal’ responsibility, such agreement shall either be assigned to IBM or, alternatively, IBM shall assume legal responsibility for such agreement and have the same responsibility for managing such agreement as if it were an IBM subcontract. The determination as to which Third Party Service Agreements shall be shall be assigned to IBM will be made on a country-by-country basis. In either case, IBM shall comply with the duties imposed on Equifax by such Third Party Agreements.
(ii) In the case of any other Third Party Agreements listed in Schedule G (i.e., those for which Equifax is designated as having ‘Legal’ responsibility), subject to Section 8.2, Equifax grants to IBM, during the Term, and solely to the extent necessary for performing the Services, the rights of use of the services covered by such Third Party Service Agreements that Equifax has with respect to such Third Party Service Agreements. IBM shall comply with the duties imposed on Equifax by such Third Party Service Agreements.
(d) Exercise of Rights. To the extent IBM has financial responsibility for a Machine lease or Third Party Service Agreement, but such lease or Third Party Service Agreement remains in Equifax’s name, Equifax shall exercise termination or extension rights thereunder as IBM, after consultation with Equifax, reasonably directs; provided that IBM shall be responsible for the costs, charges and
18
fees to be paid to such Third Party associated with the exercise of such rights to the extent Equifax has acted in accordance with IBM’s direction.
3.10 Equifax Owned Software — Existing
Equifax grants to IBM, and to IBM’s Affiliates and Listed Subcontractors as required for IBM to provide the Services, a worldwide, fully paid-up, nonexclusive license during the Term to Use Equifax Owned Software solely for the purpose of and to the extent necessary for performing the Services. Equifax Owned Software will be made available to IBM in such form and on such media as exists on the Commencement Date or as is later obtained by Equifax, together with available documentation and any other related materials. IBM shall not be permitted to Use Equifax Owned Software for the benefit of any entities other than members of the Equifax Group and their Authorized Users without the prior written consent of Equifax, which may be withheld at Equifax’s discretion. IBM shall install, operate and support (and otherwise treat in the same manner as Equifax Owned Software existing as of the Commencement Date) additional Equifax Owned Software that Equifax may make available to IBM from time to time during the Term. Except as otherwise requested or approved by Equifax, IBM shall cease all Use of Equifax Owned Software upon expiration or termination of this Agreement. Equifax Owned Software is made available to IBM on an “as is, where is” basis, with no warranties whatsoever, other than the intellectual property infringement indemnification obligations described in this Agreement.
3.11 Third Party Provider Software — Existing
(a) Grant of Rights. With respect to the Third Party Provider Software licensed by Equifax, subject to the Parties having obtained any Required Consents for Third Party Provider Software in the manner provided in Section 8.2, Equifax grants to IBM, and to IBM’s Affiliates and Listed Subcontractors as required for IBM to provide the Services, solely for the purposes of and to the extent necessary for performing the Services, the rights of Use of such Software that Equifax has as of the Commencement Date or later obtains with respect to such Software. Except as otherwise requested or approved by Equifax, IBM shall cease all Use of such Software upon expiration or termination of this Agreement. At Equifax’s election, IBM shall promptly return to Equifax or destroy any such Software and related documentation.
(b) IBM will comply with all license obligations under all licenses and maintenance agreements for the Software, including without limitation, the obligations of nondisclosure and scope of use; provided, however, that IBM will only be obligated under this Section 3.11(b) with regard to the licenses and maintenance agreements for Equifax Software to the extent the obligations thereunder are disclosed to and accepted by IBM. To the extent provided to IBM by Equifax prior to execution of this Agreement, IBM shall be deemed to have reviewed and accepted the obligations under the licenses and maintenance agreements for the Equifax Software listed on Schedule F (Software) as of the Commencement Date.
3.12 New Software Added During the Term
(a) IBM shall not introduce any additional IBM Software into Equifax’s dedicated IT Environment in providing the Services without Equifax’s prior written approval, which approval Equifax may withhold in its discretion. As and to the extent necessary for Equifax or a third party to perform work as permitted under this Agreement, IBM grants to Equifax, Authorized Users or such third party, after being notified by Equifax, a non-exclusive license to Use such Software solely to enable Equifax Group and its Authorized Users to receive and use the Services during the Term.
19
(b) All IBM Software provided by IBM in connection with the Services and any Equifax Software licensed under a Third Party Agreement shall be licensed (and the attendant maintenance arrangements contracted) in the name of the Equifax Group member designated by Equifax as the licensee with IBM having the right to access and use such Software in performing the Services, unless IBM can procure such Software (and/or attendant maintenance arrangement) on a more cost effective basis licensed in its own name on terms permitting IBM to assign the license and maintenance agreements for such Software to Equifax without charge to Equifax at the expiration or termination of this Agreement or on terms otherwise accepted by Equifax in writing, in which case IBM may procure such Software (and/or attendant maintenance arrangement) in IBM’s name.
(a) IBM shall not, and shall not have the right to, direct the Equifax Group to, terminate, extend, replace, amend or add licenses for the Software and/or the maintenance arrangements attendant therewith, contracted in the name of a member of the Equifax Group without notifying Equifax in writing of the proposed action by IBM and obtaining Equifax’s prior written agreement; moreover, IBM shall provide to Equifax a written report of the reasons for, and the impact and ramifications on the Services of, such proposed action concurrently with such notification. IBM may terminate, replace, amend or add licensees for the IBM Software as it chooses so long as IBM continues to perform the Services in the manner required by this Agreement; provided, however, IBM agrees to provide twenty-one (21) business days written notification to Equifax prior to each such termination, replacement, amendment or addition and concurrently with such notification, deliver to Equifax a written report of the reasons for, and the impact and ramifications on the Services of, IBM’s proposed action. In addition, if such action by IBM with respect to a license and/or maintenance arrangement for the IBM Software will have an impact on the Services or the monitoring and/or evaluation of the Services in a manner that in turn will have a financial and/or operational impact on the Equifax Group or the ability of IBM or Equifax to monitor and/or evaluate the performance and delivery of the Services, and IBM is notified in writing by Equifax of its estimate of such financial and/or operational impact prior to IBM’s implementation of such action and IBM elects to proceed, IBM will provide or cause to be provided the programs, services, rights and other benefits and resources that are the subject of such licenses and maintenance agreements to the Equifax Group on terms no less favorable than the terms of such license and maintenance agreements and ensure that there shall be no negative impact on the ability of IBM or Equifax to monitor and/or evaluate the performance and delivery of the Services. If Equifax in connection with or resulting from IBM’s termination, replacement, amendment or addition of any license for IBM Software and/or maintenance arrangement incurs additional expenses, costs or Losses, including but not limited to personnel costs, and IBM has been notified in writing by Equifax of its estimate of such financial impact prior to IBM’s implementation of such action and IBM elects to proceed, IBM shall promptly reimburse Equifax for such amounts actually incurred by Equifax; provided, however, that in each instance in this Section 3.13(a)) that Equifax provides IBM an estimate of the financial impact of an action by IBM on Equifax, the amounts recoverable from IBM by Equifax in each such instance shall not exceed the amount of the written estimate provided to IBM for each such instance.
(b) IBM will provide to Equifax, and update as changes occur, a listing of all Software by name, Maintenance Release and Version promoted into production on each Machine at each location of the Machines.
(c) If Equifax requests a substitution of any Software for which IBM has financial responsibility, according to Exhibit C-14 (Financial Responsibilities Matrix) of Schedule C (Charges), Equifax
20
shall pay or receive a credit in the amount by which the periodic license or maintenance fees attributable to the substituted Software exceeds or is less than the then-current periodic license or maintenance fees being paid by IBM attributable to the Software being replaced. If Equifax requests deletion of any Software for which IBM has financial responsibility and does not immediately substitute any other new Software therefor, Equifax may utilize an amount equal to the then-current applicable periodic license and/or maintenance fees attributable to such deleted Software to offset the fees attributable to any new Software or receive a credit in such amount. IBM will provide Equifax with the requisite license and/or maintenance fees support documentation to assist Equifax in evaluating the decision to replace such Software. Equifax will be responsible for any other fees payable to the Software vendor associated with such substitutions or additions.
(d) Equifax may add Software to, or delete Software. IBM agrees to promote into or remove from production, use and operate any Software selected by Equifax, subject to the provisions of Section 10.1 (Prices and Charges for New Services) of Schedule (C) if performance of such obligations requires IBM to perform New Services. Equifax shall be permitted by IBM to audit, control and approve all new Software prior to its promotion into production, and IBM shall provide the cooperation, information and access necessary or appropriate to permit Equifax to perform such functions.
(e) If IBM timely notifies Equifax that any software requested by Equifax be substituted for, deleted from, or added to, the Software will have an adverse impact on the operation of the System before such action is effected and Equifax directs IBM to effect such action even in view of such notice, IBM shall be excused from of any failure to satisfy the Service Levels for the affected portion of the Services to the extent, and only to the extent, such action directly causes such failure to satisfy such Services Levels.
3.14 Terms of Acquisition by IBM of Third Party Provider Software
If IBM acquires Third Party Provider Software in IBM’s name during the Term to provide the Services, IBM shall use Commercially Reasonable Efforts to acquire such software on commercially reasonable terms and conditions, including customary forms of protection of the licensee concerning actual or alleged claims of infringement of intellectual property rights.
3.15 Affiliates
If the Equifax Group acquires any additional Affiliates or other operations or assets during the Term and desires that IBM provide the Services for such Affiliates or other operations or assets, IBM will provide such Affiliates or other operations or assets with Services in accordance with this Agreement, subject to additional charges in accordance with Schedule C (Charges), including Section 7.3 (New Services) of Schedule C (Charges) if and to the extent acceptance of such responsibilities by IBM would require the performance of New Services.
3.16 Viruses
IBM shall take commercially reasonable measures to ensure that no Viruses or similar items are coded or introduced into the System and the operating environments used to provide the Services, initially continuing to perform the Virus protection and correction procedures and processes in place at the Equifax Group prior to the Execution Date, and subsequently continues to review, analyze and implement improvements to and upgrades of such virus prevention and correction programs and processes that are commercially reasonable and consistent with industry standards. If a Virus is found to have been introduced into the System and the operating
21
environments used to provide the Services, IBM shall use Commercially Reasonable Efforts and diligently work to eliminate the effects of the Virus; provided, however, that IBM shall take immediate action if required due to the nature or severity of the Virus’ proliferation. The Party causing or permitting a Virus to be introduced into the System shall bear the costs associated with such efforts. Notwithstanding any other term of this Section 3.16, neither Party shall be liable to the other Party or any of its Affiliates for any such costs incurred by any of them with respect to items and areas outside of the System. If the Equifax Group introduces or permits the introduction of a Virus, IBM shall be relieved of any failure to meet the Service Levels to the extent such failure is caused by such Virus.
4. WARRANTIES/REPRESENTATIONS/COVENANTS
4.1 Work Standards
IBM warrants, represents and covenants that (a) it has, and during the Term will have, and each of the IBM employees and subcontractors that it will use to provide and perform the Services has and during the Term will have, the necessary knowledge, skills, experience, qualifications and resources to provide and perform the Services in accordance with this Agreement; (b) it has successfully provided and performed the Services or services that are substantially similar to the Services for other customers of IBM; and (c) the Services will be performed for the Equifax Group in a diligent, workmanlike manner in accordance with industry standards applicable to the performance of such services.
4.2 Non-infringement
Each of the Parties warrants and covenants that it will perform its responsibilities under this Agreement in a manner that does not infringe, or constitute an infringement or misappropriation of, any patent, trade secret, copyright or other proprietary right of any third party; provided however that IBM shall not be in breach of this warranty and covenant * in the course of performing the Services is caused by *. Notwithstanding this provision or any other provision in this Agreement, Equifax makes no warranty or representation with respect to any claims for such infringement or misappropriation by virtue of its compliance with obligations herein to provide IBM access to, use of or benefits of any Third Party Agreements prior to receiving the necessary Required Consents; provided, however, that this Section 4.2 shall not relieve Equifax from any liability or obligation under Sections 8.2 and 14.2.
4.3 Disabling Code
IBM represents and warrants that, without the prior written consent of Equifax, IBM will not invoke any Disabling Code that may be part of the Software at any time, including upon expiration or termination of this Agreement for any reason.
4.4 Authorization and Enforceability
Each Party hereby represents and warrants that:
(a) it has all requisite corporate power and authority to enter, and fully perform pursuant to, into this Agreement;
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
22
(b) the execution, delivery and performance of this Agreement and the consummation of the transactions contemplated hereby have been duly and properly authorized by all requisite corporate action on its part; and
(c) this Agreement has been duly executed and delivered by such Party.
4.5 Maintenance
IBM warrants and covenants that it shall maintain the Machines and Software for which IBM is responsible so that they operate in accordance with their specifications.
4.6 Efficiency and Cost Effectiveness
IBM warrants and covenants that it shall take commercially reasonable actions (a) to efficiently administer, manage, operate and use the resources employed by IBM to provide and perform the Services that are chargeable to Equifax under this Agreement (b) to diligently and continuously improve the performance and delivery of the Services by IBM and the elements of the policies, processes, procedures and System that are used by IBM to perform and deliver the Services, including, without limitation, re-engineering, tuning, optimizing, balancing or reconfiguring the processes, procedures and systems used to perform, deliver and track the Services; and (c) use Commercially Reasonable Efforts to perform the Services in a cost-effective manner consistent with the required level of quality and performance.
4.7 Software Ownership or Use
IBM warrants that it is either the owner of, or authorized to Use, the Software utilized pursuant to Sections 3.12(a) any Software developed by IBM as part of the Services pursuant to Section 10.1.
4.8 Inducements
IBM represents and warrants that it has not violated any applicable laws or regulations or any Equifax policies of which IBM has been given notice regarding the offering of unlawful inducements in connection with this Agreement.
4.9 Disclaimer
(a) IBM does not warrant the accuracy of any advice, report, data or other product delivered to Equifax to the extent any inaccuracies are caused by data and/or software provided by Equifax. IBM will promptly notify Equifax of any such inaccuracies of which IBM becomes aware and the cause therefore if known by IBM. IBM will provide commercially reasonable assistance to Equifax to remedy such problems.
(b) Subject to the obligations of IBM to satisfy the Service Levels and provide the Services as set forth in this Agreement without material denigration or interruption, IBM does not assure uninterrupted or error-free operations of the Software and Machines.
(c) EMU Transition
(i) IBM is not providing Equifax with any EMU assessment, conversion or testing services under this Agreement. IBM will not be responsible for the assessment of Equifax’s current systems or for taking any appropriate actions to migrate them to Euro-Ready systems. However, nothing in this Section 4.9(c)(i) shall relieve IBM of its obligations under Section 4.9(c)(ii).
23
(ii) The Parties shall have the duties, obligations and responsibilities with respect to EMU Matters as set forth in the following chart for “Equifax Products” (comprised of the categories of assets listed in the chart below); “IBM Logo Products” provided by IBM under this Agreement and used to provide the Services; “IBM Third Party Products” (defined to mean third party products owned or licensed by IBM and provided by IBM under this Agreement, in both cases used to provide the Services); and “Equifax Provided Assets” (defined to mean all hardware, software contracts and licenses with respect to which ownership or title is or was transferred by Equifax to any of its Affiliates to IBM or any of its Affiliates prior to the Commencement Date). The Schedules referenced in this Section shall be updated pursuant to Section 8.1.
|
|
|
Maintenance |
|
Financial |
|
Management |
|
SLA Relief |
|
|
|
|
Note 1 |
|
Note 2 |
|
Note 3 |
|
Note 4 |
|
|
(i) |
Equifax Products |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
“Applications Software — Equifax” (Schedule F) |
|
E |
|
E |
|
E |
|
Yes |
|
|
|
|
|
|
|
|
|
|
|
|
|
“Equifax Provided Hardware” Used by IBM |
|
I |
|
E |
|
I |
|
Yes |
|
|
|
|
|
|
|
|
|
|
|
|
|
Equifax hardware Not Used by IBM |
|
E |
|
E |
|
E |
|
Yes |
|
|
|
|
|
|
|
|
|
|
|
|
|
“Contracts” Used by IBM (Schedule G) |
|
N/A |
|
E |
|
E |
|
Yes |
|
|
|
|
|
|
|
|
|
|
|
|
|
Equifax agreements Not Used by IBM |
|
N/A |
|
E |
|
E |
|
Yes |
|
|
|
|
|
|
|
|
|
|
|
|
|
“Systems Software — Equifax” Used by IBM (Schedule F) |
|
I |
|
E |
|
E |
|
Yes |
|
|
|
|
|
|
|
|
|
|
|
|
|
Equifax software Not Used by IBM |
|
E |
|
E |
|
E |
|
Yes |
|
|
|
|
|
|
|
|
|
|
|
|
(ii) |
IBM Logo Products provided by IBM under this Agreement and used to provide the Services |
|
I |
|
I |
|
I |
|
No |
|
E = Equifax Responsibility |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
I = IBM Responsibility |
|
|
|
|
|
|
|
|
|
(d) With respect to EMU Matters only, the following definitions will apply:
(i) Note 1 — “Maintenance” shall mean maintenance responsibility, including but not limited to applying fixes, corrections and other enhancements (but not financial responsibility for such) and/or using reasonable efforts to cause a third party vendor to perform the foregoing.
(ii) Note 2 — “Financial” shall mean the financial responsibility for all fees, charges and costs incurred in connection with correcting an EMU Matter, including but not limited to software upgrades, new versions or releases, hardware upgrades or replacements and IBM Project Office support.
24
(iii) Note 3 — “Management” shall mean responsibility for coordinating EMU Matter corrective actions (but not financial responsibility for such actions).
(iv) Note 4 — “Service Level Relief” shall mean that IBM then IBM shall not be held responsible for any failure to meet a Service Level if, and only to the extent, such failure is directly attributable to a failure of the items covered by the description in the chart above to be Euro-Ready.
(v) The IBM Logo Products which are introduced after January 1, 1999 and that are used directly by IBM (and not by IBM subcontractors) and that have a dependency to process monetary data in the euro denomination to provide the Services will be IBM Euro-Ready.
(vi) For the IBM Third Party Provider Products, to the extent possible, IBM will seek to determine from the third party manufacturers or providers whether such third party products which have a Euro dependency and are designated by such third party manufacturers or providers as Euro-Ready. To the extent that IBM is permitted by law or contract to do so, IBM will pass through any such representations or warranties for IBM Third Party Products to Equifax. Where IBM has obtained information that an IBM Third Party Product is designated as not Euro-Ready, IBM will notify Equifax as soon as reasonably practicable after IBM becomes aware of such fact. Nothing herein shall, however, be construed as a representation or warranty by IBM that IBM Third Party Products are Euro-Ready.
(vii) Notwithstanding that the IBM Third Party Products are considered to be Euro-Ready, IBM does not represent or warrant uninterrupted or error free operation of the Services.
(viii) For the IBM Logo Products, IBM will determine whether such IBM Logo Products which have a Euro dependency, are designated as IBM Euro-Ready. Where IBM has determined that an IBM Logo Product is designated as not IBM Euro-Ready, IBM will notify Equifax as soon as reasonably practicable after IBM becomes aware of such fact.
(ix) Notwithstanding that the IBM Logo Products are considered to be IBM Euro-Ready, IBM does not represent or warrant uninterrupted or error free operation of the Services.
(e) EXCEPT AS PROVIDED IN THIS AGREEMENT, THERE ARE NO OTHER EXPRESS WARRANTIES OR COVENANTS, AND THERE ARE NO IMPLIED WARRANTIES OR COVENANTS, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR COVENANTS OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
4.10 Legal and Regulatory Compliance
Each Party agrees at its cost and expense to obtain all necessary regulatory approvals applicable to its business, to obtain any necessary permits for its business, and to comply with all laws and regulatory requirements applicable to the performance of its obligations under this Agreement. To the extent Equifax directs IBM, in accordance with the Regulatory Compliance Interaction Model set forth as Exhibit A-4-1 to Schedule A (Services), to comply with Equifax corporate compliance policies that describe the processes and procedures to be followed in order for Equifax to be and remain in compliance with legal and regulatory requirements (including consent decrees to which Equifax is a party) that apply to Equifax’s business and operations and provides IBM a written copy of such corporate compliance policies, IBM shall comply with such corporate compliance policies as and to the extent applicable to functions for which IBM is responsible; provided, however, that IBM’s compliance with such requirements may constitute a New Service.
25
4.11 Year 2000 Warranty
IBM warrants that products manufactured or distributed by IBM and bearing a logo of IBM and/or an IBM Affiliate (“IBM Logo Products”) that are provided under this Agreement and installed after the Execution Date of a Transaction Document and used to provide Services under this Agreement will be IBM Year 2000 Compliant, unless IBM notifies Equifax of its intention to install a non-IBM Year 2000 Compliant IBM Logo Product and Equifax agrees in writing to such installation.
4.12 Covenant of Cooperation and Good Faith
The Parties covenant to timely and diligently cooperate, with due consideration of the goals, objectives and purposes of this Agreement, to facilitate the performance of their respective duties and obligations under this Agreement in a commercially reasonable manner. Further, the Parties agree to deal and negotiate with each other and their respective Affiliates in good faith in the execution and implementation of their duties and obligations under this Agreement.
5. TRANSFER, TRANSITION AND TRANSFORMATION
5.1 Transition/Transformation Plans
(a) IBM and Equifax have developed and agreed upon the “Transition/Transformation Plan” as set forth in Schedule I (Transition/Transformation) and an “IT Management Process Improvement Program” as set forth in Schedule J (IT Management Process Improvement Program). With respect to the transition and transformation, IBM will:
(i) perform the transition and transformation tasks as specified in Schedule I (Transition/Transformation) and Schedule J (IT Management Process Improvement Program), respectively; and
(ii) maintain the Services with minimal disruption to Equifax’s business operations in each country;
(b) No functionality of the information technology services or operations being transitioned or transformed shall be disabled or cut over to a new service or replacement functionality until the new service or functionality is demonstrated to Equifax’s satisfaction to have equivalent capabilities for such functionality and Equifax has provided written notice of acceptance of such capability; provided, however, that IBM shall not be required to keep such dual services or operations enabled for more than thirty (30) days (or, in specific circumstances, if any, to be mutually agreed by the Parties in which it is not reasonably possible to test and verify the proper functioning of the new service or functionality within thirty (30) days, such longer period as is reasonable under the circumstances) at IBM’s expense unless Equifax has identified and notified IBM within such period of reasonable concerns, in which case the Parties will agree to a reasonable timeframe for continuation of the identified services or operations at IBM’s expense.
(c) Equifax reserves the right to monitor, test and otherwise participate in the transition and transformation. IBM shall immediately notify Equifax if such monitoring, testing or participation has caused (or in IBM’s reasonable opinion may cause) a problem or delay in the transition and transformation and work with Equifax to prevent or circumvent such problem or delay.
(d) Equifax reserves the right to temporarily suspend the transition and/or the transformation by providing notice to IBM if IBM is responsible for the transition and/or transformation failing to fulfill the requirements set out in the approved Transition/Transformation Plan or otherwise causing a material disruption in Equifax’s business environment occasioned by the carrying out of the transition and/or transformation, until such time as IBM can demonstrate to Equifax’s satisfaction that it is ready to achieve such requirements and/or end such disruptions.
26
(e) During the transition period, Equifax will cooperate with IBM in implementing the Transformation/Transformation Plan by providing the personnel (or portions of the time of the personnel) set forth in the Transformation/Transformation Plan (“Transition Personnel”) and performing the tasks described for Equifax in the Transition/Transformation Plan; provided, however, that unless otherwise agreed in writing by the Parties, Equifax will have a modest role and be responsible for incurring modest costs in performing such tasks. During the Transition Period, IBM will be responsible for the provision of the Services set forth in this Agreement (including within those Services the implementation of the Transformation/Transformation Plan).
(a) In order to facilitate the orderly assumption by IBM and its Affiliates of incremental scope of responsibility under this Agreement, IBM shall employ or offer employment to (or cause its Affiliate to do so, as applicable), certain Equifax Group personnel identified in Schedule D (“the Transferred Employees”) in accordance with the terms and conditions of Schedule D (Human Resources) and applicable local law. All costs and expenses incurred by IBM in connection with the offer to employ and the employment of the Transferred Employees shall be the responsibility of IBM. Except as Schedule D expressly provides otherwise, IBM will promptly reimburse Equifax for the amount of salary and benefit costs incurred by Equifax, if any, with respect to each Transferred Employee on and after the Commencement Date for the period until they receive offers and reject such offers, become IBM employees, or IBM determines not to offer employment to a Transferred Employee in accordance with its employment guidelines and notifies Equifax in writing of such determination.
(a) To enable IBM to provide the Services, the Parties may agree for Equifax to provide, at no charge to IBM, the use of the Equifax Provided Hardware, Equifax Provided Office Furnishings, Equifax facilities, and office services such as reasonable local analog telephone services for the sole purpose of providing and performing the Services for the Equifax Group. These obligations will generally not include the provision of (i) office, storage or equipment/Data Center space, parking facilities, or heat, light, power, air conditioning and other similar utilities which will be provided under a separate lease agreement between the members of the Equifax Group as lessor and IBM or its Affiliates as lessee for a portion of any Equifax Group facilities leased to IBM (or its Affiliates), or (ii) office support services (e.g., janitorial and security), office supplies and similar services and consumables, unless already being provided to IBM by Equifax as of the Execution Date. All such items provided by Equifax shall comply with all applicable laws and regulations relating to safety and use. Subject to the satisfaction of Equifax’s obligation with respect to compliance with applicable laws and regulations, IBM shall ensure a safe working environment is maintained for the Equifax Provided Hardware, Equifax Provided Office Furnishings and Equifax facilities in compliance with all applicable laws and regulations, and shall take no action that will compromise such safety of such working environment or violate such laws and regulations.
(b) Equifax agrees to negotiate in good faith with IBM with the objective of IBM and Equifax entering into an agreement within six months to extend, through March 1, 2012, the term of the existing sub-lease agreement between them pursuant to which IBM sub-leases from Equifax space located at 1505 and 0000 Xxxxxxxx Xxxxxxxxx, Xxxxxxxxxx, Xxxxxxx. The Parties agree that the extension of the sub-lease would be on its existing terms for calculating the rent and other amounts due under the sub-lease and that IBM shall have the right to perform outsourcing services for other customers utilizing such space. The sub-lease extension will also give IBM the option to further extend the term of the sub-lease to be coterminous with the term of Equifax’s facilities lease that includes the sub-leased space in the event Equifax exercises any or all of its current options to extend such lease at the end of its term — which options give Equifax the right to extend the term of its lease for up to six (6) periods of three (3) months each. If Equifax does not exercise its rights for such lease extension or otherwise provide for IBM to utilize the same space, Equifax shall be responsible for all costs incurred by IBM to move elements necessary for IBM to continue to perform the Services.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
27
(c) If the Parties fail to reach agreement on the terms of the sub-lease extension, the sub-leased space at 1505 and 1525 Windward Concourse will become an Equifax facility upon the expiration of the sub-lease, the continuous use of which Equifax will make available to IBM during the Term, and IBM will credit Equifax with an amount equal to the rent and services amounts specified in the former sub-lease for so long as IBM continues to provide the Services from 1505 and 1525 Windward Concourse.
(d) IBM shall notify Equifax whenever any Equifax Provided Hardware, Equifax Provided Software and/or Equifax Provided Office Furnishings are no longer required by IBM to perform the Services. Equifax’s obligations set forth in this Section with respect to each such item of resources shall terminate thereafter.
(e) Except as otherwise provided in this Agreement, IBM will have the responsibility and obligation to provide and administer, manage, support, maintain and pay for all resources (including, without limitation, personnel, hardware, software, facilities, services and other items, however described) necessary or appropriate for IBM to provide, perform and deliver the Services as described in this Agreement. When the Equifax resources are no longer required for performance of the Services, IBM shall return them to Equifax in substantially the same condition as when IBM began use of them, subject to reasonable wear and tear.
(f) IBM will provide and have on site its Global Project Executive prior to the Commencement Date and for the duration of the Term, and will timely provide additional trained and qualified personnel as necessary or appropriate to facilitate and ensure the timely and proper definition, provision, performance and delivery of the Services in accordance with this Agreement.
(g) IBM will have the right to change the location of the IBM activities associated with the Services with the prior written consent of Equifax (which consent shall not be unreasonably withheld) or upon the occurrence of a Force Majeure Event (in which event IBM shall, if possible, provide the Services from the disaster recovery facility designated for that purpose). Equifax has agreed that IBM may change the location of the Network Operations Center (NOC) from Equifax’s facility in Alpharetta, Georgia to an IBM facility located in the U.S. Among the factors Equifax may consider in determining whether to grant any such consent, Equifax may consider whether any and all changes in the location of such IBM activities may result (i) in a reduction of IBM’s ability to perform the Services and the Business and Operations Support Plan; (ii) in any reduced accessibility to IBM and/or the Services by the Equifax Group; (iii) in any deterioration of the Services; (iv) any decrease in the security or integrity of operations and Company Information of the Equifax Group; and (v) in any additional cost to Equifax.
6. GOVERNANCE
6.1 Relationship and Contract Governance Model
(a) IBM acknowledges that it is a key business requirement of Equifax’s that IBM provide the Services in a consistent, integrated manner globally across all Service Towers and Country Locations. To meet that requirement, IBM has proposed and will adhere to a global relationship and governance model and processes as described in Schedule L (Governance).
(b) The IBM organization responsible for IBM’s relationship with Equifax and delivery of the Services will be led by an IBM Global Project Executive (Global PE), whose counterpart will be the Equifax Global Program Manager (Global PM).
28
(c) The IBM Global PE will be supported by IBM Regional Project Executives (Regional PEs), one in each Country Location, and Delivery Project Executives (DPEs), whose roles and responsibilities are set forth in Schedule L (Governance). The IBM Regional PE’s will serve as the primary points of contact with their respective Equifax counterparts in their home Country Locations, the Equifax Regional Program Managers (Regional PMs).
(d) For each Project undertaken under this Agreement, IBM will also designate in the applicable Statement of Work a Project manager who will be assigned full-time or part-time as specified in that Statement of Work and who will have responsibility, working under the direction of the applicable IBM Regional PE, for the successful completion and delivery of the Project.
6.2 Meetings
The Parties shall determine an appropriate set of meetings to be held between their representatives, which shall include at least a quarterly meeting of the IBM Global PE with the Equifax Global PM and at least a monthly meeting of each IBM Regional PE with his or her counterpart Equifax Regional PM. IBM shall prepare and circulate an agenda sufficiently in advance of each such meeting to give participants an opportunity to prepare for the meeting. IBM will make such changes to the agenda as Equifax may request. Equifax will chair all such meetings. At Equifax’s request, IBM shall prepare and circulate minutes promptly after each meeting. Such minutes shall not be binding on either Party if they are in any way inconsistent with this Agreement.
6.3 Procedures Manual.
(a) The “Procedures Manual” shall describe how IBM shall perform and deliver the Services under this Agreement, the Machines and Software being used, and the documentation (e.g., operations manuals, user guides, specifications) which provide further details of such activities. The Procedures Manual shall describe the activities IBM proposes to undertake in order to provide the Services, including those direction, supervision, monitoring, staffing, reporting, planning and oversight activities normally undertaken to provide services of the type IBM is to provide under this Agreement. The Procedures Manual also shall include descriptions of the acceptance testing and quality assurance procedures approved by Equifax, IBM’s problem management and escalation procedures, and the other standards and procedures of IBM pertinent to Equifax’s interaction with IBM in obtaining the Services. The Procedures Manual shall be suitable for use by Equifax to understand the Services.
(b) Within ninety (90) days after the Execution Date, IBM shall deliver a draft Procedures Manual to Equifax, for Equifax’s comments and review. IBM shall incorporate reasonable comments or suggestions of Equifax and shall finalize the Procedures Manual within one hundred and twenty (120) days after the Commencement Date. The final Procedures Manual shall be subject to the approval of Equifax. IBM shall periodically update the Procedures Manual to reflect changes in the operations or procedures described therein. Updates of the Procedures Manual shall be provided to Equifax for review, comment and approval. IBM shall perform the Services in accordance with the most recent Equifax-approved version of the Procedures Manual. In the event of a conflict between the provisions of this Agreement and the Procedures Manual, the provisions of this Agreement shall control. The Procedures Manual shall be considered an operational document, which the IBM Global Project Executive and the Equifax Global Program Manager may revise by mutual written agreement without the need to amend this Agreement.
29
(a) The Parties will follow an agreed Change Management process to control Changes to the IT Environment in a controlled manner with minimum disruption. “Change,” as defined in Exhibit A-2, means the addition, modification or removal of any aspect of the IT Environment. The purposes and objectives of the Change Management process are (i) to determine whether a Change to the IT Environment is within the scope of the Services or constitutes a New Service, (ii) to prioritize all requests for Changes, (iii) to minimize the risk of exceeding time and/or cost estimates associated with the Change by identifying, documenting, quantifying, controlling, managing and communicating Change requests, their disposition and, as applicable, implementation; and (iv) to identify the different roles, responsibilities and actions that shall be assumed and taken by the Parties to define and implement the Changes. The Change Management process covers activities from receipt of a request for a Change to assessment, scheduling, implementation and, finally, review. The Change Management process will produce approval (or otherwise) for any proposed Change. Equifax will not be obliged to approve any Change requested by IBM if implementation of the change would increase IBM’s charges to Equifax under this Agreement or Equifax’s internal costs, or would otherwise adversely affect Equifax’s business. IBM shall not be obliged to carry out any Change that is not approved by Equifax. The Change Management process will be included as part of the Procedures Manual.
(b) If an approved Change would result in a change in the scope of the Services, IBM’s charges under this Agreement or terms and conditions, then such Change must be authorized via a Contract Change made pursuant to Section 17.2.
(c) The Change Management process shall be considered an operational document, which the IBM Global Project Executive and the Equifax Global Program Manager may revise by mutual written agreement without the need to amend this Agreement.
Unless otherwise provided in this Agreement, IBM shall cause the person assigned as the IBM Global Project Executive to devote substantially all of his or her working time and effort in the employ of IBM to his or her responsibilities for the provision of the Services, subject to IBM’s reasonable holiday, vacation and medical leave policies and subject to occasional, short-term, non-recurring work on other assignments by IBM related to the Project Executive’s areas of expertise. The IBM Global Project Executive shall (i) serve as the single point of accountability for IBM for the Services; (ii) have day-to-day authority for undertaking to ensure customer satisfaction; (iii) work directly with Equifax’s Chief Technology Officer and other information technology executives; (iv) develop and maintain a keen understanding of Equifax’s business requirements and applications; and (v) serve as Equifax’s technology advisor as well as an advocate for Equifax’s interests within IBM. The IBM Global Project Executive’s compensation shall include meaningful financial incentives based on Equifax’s satisfaction with the Services.
(a) IBM shall assign an adequate number of IBM personnel to perform the Services. IBM personnel shall be properly educated, trained and fully qualified for the Services they are to perform.
30
(b) If Equifax reasonably and in good faith determines that it is not in Equifax’s best interests for any IBM or subcontractor employee to be appointed to perform or to continue performing any of the Services, Equifax shall give IBM written notice specifying the reasons for its position and requesting that such employee not be appointed or be removed from the IBM or IBM subcontractor employee group servicing Equifax and be replaced with another IBM employee or IBM subcontractor employee. Promptly after its receipt of such a notice, IBM shall investigate the matters set forth in the notice, discuss with Equifax the results of the investigation, and resolve the matter in a mutually agreeable manner. If, following such period, Equifax requests the replacement of such person, IBM shall replace that person with another person of suitable ability and qualifications.
7.3 Key IBM Personnel Positions
(a) The following positions shall be considered to be the initial Key IBM Personnel Positions:
(i) The Global Project Executive;
(ii) Regional Project Executives; and
(iii) Delivery Project Executives.
(b) IBM shall cause the IBM Personnel who occupy each of the Key IBM Personnel Positions to devote substantially full time and effort to the provision of the Services, except that Equifax agrees that the individual appointed as the IBM Global Project Executive as of the Commencement Date may continue to serve in that role for both Equifax and the company he serves as of the Commencement Date that was formerly owned by Equifax.
(c) Equifax may from time to time change the designated Key IBM Personnel Positions under this Agreement, provided that without IBM’s consent, the number of Key IBM Personnel pPpositions shall not exceed the number specified above as of the Commencement Date.
(d) Before the initial and each subsequent assignment of an individual to a Key IBM Personnel Position, IBM shall notify Equifax of the proposed assignment, introduce the individual to appropriate representatives of Equifax and, consistent with IBM’s personnel practices, provide Equifax with a resume and any other information about a prospective individual reasonably requested by Equifax. If Equifax in good faith objects to the proposed assignment, the Parties shall attempt to resolve Equifax’s concerns on a mutually agreeable basis. If the Parties have not been able to resolve Equifax’s concerns within five (5) working days, IBM shall not assign the individual to that position and shall propose to Equifax the assignment of another individual of suitable ability and qualifications.
(e) IBM will give Equifax, where reasonably possible, at least ninety (90) days advance notice of a change of the person appointed to a Key IBM Personnel Position, and will discuss with Equifax any objections Equifax may have to such change. Where reasonably possible, IBM will arrange for the proposed replacement for an individual appointed to a Key IBM Personnel Position to work side-by-side with the individual being replaced during the notice period to effectuate an effective transfer of knowledge prior to the incumbent leaving his or her position. IBM shall not reassign or replace any person assigned to a Key IBM Personnel Position during the first year of his or her assignment to the Equifax service team, nor shall IBM assign more than five (5) different individuals to a single Key IBM Personnel Position during the Term, unless Equifax consents to such reassignment or replacement, or the IBM employee voluntarily resigns from IBM, requests a transfer, is terminated by IBM or is unable to work due to his or her death or disability. Individuals
31
filling Key IBM Personnel Positions may not be transferred or re-assigned until a suitable replacement has been approved by Equifax, and no such re-assignment or transfer shall occur at a time or in a manner that would have an adverse impact on delivery of the Services. IBM shall establish and maintain an up-to-date succession plan for the individuals serving in Key IBM Personnel Positions.
7.4 Retention of Experienced Personnel
(a) Equifax has identified certain of the Transferred Employees as “Knowledge Retention Personnel” due to their possession of knowledge that Equifax believes will be critical to IBM in providing the Services. A list of the Transferred Employees who are designated as Knowledge Retention Personnel is set forth as Exhibit D-5 (Knowledge Retention Personnel) to Schedule D (Human Resources). IBM will not transfer or reassign any Knowledge Retention Personnel from his or her current function prior to the successful completion of the transition and transformation projects set forth in Schedule I (Transition/Transformation) in the applicable Country Locations that relate to his or her current function. Thereafter, IBM will use commercially reasonable efforts to keep all Knowledge Retention Personnel as members of the Equifax service team subject to IBM’s ability to make reasonable opportunities for promotion available to them within the Equifax service team. The provisions of Section 7.3(e) shall also apply to changes in the assignment and/or employment status of Knowledge Retention Personnel, except that the provision of Section 7.3(e) that limits the number of individuals who may occupy a Key Personnel Position during the Term shall not apply to Knowledge Retention Personnel.
(b) Equifax and IBM agree that it is in their best interests to keep the turnover rate of IBM personnel to a reasonably low level. Accordingly, if IBM fails to meet the Service Levels persistently or continuously and if Equifax reasonably believes such failure is attributable in whole or in part to IBM’s reassignment, movement, or other changes in the human resources allocated by IBM to the performance and delivery of the Services and/or to the IBM subcontractors assigned to the Equifax service team, Equifax will notify IBM of such belief and the basis for such belief. Upon receipt of such notice from Equifax, IBM (a) will promptly provide to Equifax a report setting forth IBM’s position regarding the matters raised by Equifax in its notice; (b) will meet with Equifax to discuss the matters raised by Equifax in its notice and IBM’s positions with regard to such matters; and (c) will promptly and diligently take Commercially Reasonable Efforts to modify or eliminate any IBM practices and/or processes identified as adversely impacting the performance and delivery of the Services.
8.1 Annual Updating of Schedules to this Agreement
The Parties agree to review and update the Schedules to this Agreement (including their respective Exhibits, Attachments, Appendices and Supplements) at least once a year during the Term to accurately reflect the implementation of agreed Changes. The preceding sentence is not intended, nor is it authorization, to expand the scope of the Services except as provided pursuant to Section 10.1 (Prices and Charges for New Services) of Schedule C (Charges). If the Schedules to this Agreement are not otherwise updated during any Contract Year, the Parties will review and update them during the first month after the end of such Contract Year.
32
(a) Equifax shall have the legal responsibility for timely obtaining all Required Consents under the Third Party Agreements to which a member of the Equifax Group is a party on the Execution Date. Unless Schedule G (Third Party Agreements) expressly provides otherwise, the applicable Equifax Group member will remain the contracting party of record on each such Third Party Agreement.
(b) With regard to obtaining any Required Consents, IBM will provide Equifax with advice and counsel regarding IBM’s experience and agreements with the Third Party Providers with respect to the agreements in Schedule G (Third Party Agreements), and the benefit of any relationship of IBM with each such Third Party Provider to the extent permitted under the IBM-Third Party Provider arrangement. IBM shall also have management and administrative responsibilities for obtaining Required Consents under such Third Party Agreements, subject to the consent of Equifax to the terms of each such Required Consent. Subject to the provisions of Section 8.3, IBM will use commercially reasonable efforts to obtain, and will act as Equifax’s attorney in fact in connection with obtaining, such Required Consents, and any other Third Party Agreements that are entered into after the Execution Date. Upon obtaining a Third Party Provider’s agreement to terms for a Required Consent, the Required Consent shall be provided to Equifax for review, approval, and signature. If IBM is unable to obtain the Required Consent within a reasonable time in a form acceptable to Equifax, then Equifax may pursue such Required Consent directly. If Equifax is unable to obtain the Required Consent, Equifax and IBM will determine a reasonable alternative arrangement for the portion of the Services affected by the absence of such Required Consent. The cost of achieving such reasonable alternative arrangement shall be borne by IBM if caused by Required Consents needed from (i) IBM or Affiliates of IBM, (ii) from the licensors of the IBM Software, and/or (iii) from Third Party Provider under any Third Party Agreements treating outsourcing arrangements involving IBM as the services provider differently than their standard policies afforded to other outsourcing services providers generally, and in all other instances such cost shall be borne by Equifax.
(c) The provisions of this paragraph shall govern financial responsibility for fees payable for or in connection with obtaining Required Consents under Equifax Group licenses for Third Party Provider Software listed on Schedule F (Software). Equifax is financially responsible for payment of such consent fees in an aggregate amount up to *, and IBM shall be financially responsible for any such consent fees in excess of *. IBM will pay the required fees to the Third Parties and may invoice Equifax for reimbursement for such payments (up to the * aggregate cap) in January 2004. If the actual aggregate amount of such fees is less than *, Equifax will reimburse IBM for the actual amount of such fees and, in addition, pay IBM a bonus in an amount equal to one-half (1/2) of the difference between * and the actual amount of such fees. For the avoidance of doubt, Equifax will be financially responsible for all payments for any Required Consents for Third Party Software not listed on Schedule F (Software) as of the Execution Date.
(d) Equifax is financially responsible for all payments for any Required Consents under Third Party Agreements listed in Schedule G (Third Party Agreements) other than the Equifax Group licenses for Third Party Provider Software listed on Schedule F (Software), which are subject to Section 8.2(c) above.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
33
(e) For all Third Party Agreements allocable to this Agreement entered into after the Execution Date, the Party having financial responsibility for the product or service to which the Third Party Agreement relates, as indicated in Exhibit C-14 (Financial Responsibilities Matrix) to Schedule C (Charges), shall bear the costs, if any, of obtaining any associated Required Consents. The provisions of this paragraph shall be applicable to New Services unless otherwise provided by the Parties in the Contract Change documentation governing New Services.
8.3 Appointment as Attorney In Fact
(a) Equifax appoints IBM as the attorney in fact of the members of the Equifax Group, and IBM accepts such appointment as a part of the Services, for the limited purposes of administering, managing, supporting, operating under and paying under the Third Party Agreements to which one or more members of the Equifax Group is a party, and to obtain Required Consents as provided in Section 8.2, in connection with the Services as contemplated by this Agreement. Equifax does not appoint IBM as the attorney in fact of the members of the Equifax Group for the purposes of entering into oral or written agreements with any individual or business entity for or in the name of the Equifax Group or their Affiliates, without the prior express written approval of Equifax. Equifax agrees to promptly notify all Third Party Providers under the Third Party Agreements to which one or more members of the Equifax Group is a party of such appointment. Subject to its obligation to indemnify Equifax for any applicable penalties, damages, termination or other charges under Section 14.1, IBM may direct that the Equifax Group cancel, substitute, terminate, change or add to the Third Party Providers under the Third Party Agreements as it chooses so long as IBM continues to perform the Services in the manner required by this Agreement; provided, however, IBM must submit written notification to Equifax and obtain Equifax’s written agreement prior to the cancellation, substitution, termination, change or addition of any Third Party Agreement to which one or more members of the Equifax Group is or will be a party. If Equifax does not respond to such notice from IBM within twenty-one (21) business days of Equifax’s receipt of such notice, Equifax shall be deemed to have agreed to the cancellation, substitution, termination, change or addition described in the IBM notice. If any such cancellation, substitution, termination, change or addition of a Third Party Agreement will have an impact on the operations of users that are outside the scope of the Services and Equifax has notified IBM prior to the expiration of the Equifax response period described above of such impact and IBM elects to proceed, IBM will provide or cause to be provided the products and/or services that are the subject of such Third Party Agreement to the users that are outside the scope of the Services on terms no less favorable than the terms of the applicable Third Party Agreement.
(b) IBM will perform its obligations and responsibilities as an attorney in fact pursuant to Section 8.3(a) under all Third Party Agreements to which a member of the Equifax Group is a party subject to the provisions of this Agreement, including, without limitation, Section 8.2, this Section 8.3, Section 9.1 and Article 11. Upon Equifax’s request, IBM will provide to Equifax all information and documentation related to its activities as the Equifax Group’s attorney in fact with regard to such Third Party Agreements. Equifax may terminate or provide additional restrictions on IBM’s attorney in fact appointment with respect to any Third Party Agreement to which one or more of the members of the Equifax Group is a party if IBM (i) fails to pay any amount due in a timely manner; (ii) permits an actual default to occur; or (iii) does not diligently pursue the service and financial benefits available to the Equifax Group under such Third Party Agreement.
(c) Beginning on the Commencement Date and for the Term, the Equifax Group will not enter into any new, or terminate or amend any existing, Third Party Agreement to which one or more members of the Equifax Group is a party that adversely impacts IBM’s ability to provide the
34
Services or increases IBM’s cost of providing such Services without the prior written consent of IBM.
(a) Each Party recognizes that IBM personnel providing Services to the Equifax Group under this Agreement may perform similar services for others and this Agreement shall not prevent IBM from performing similar services for others subject to the restrictions set forth in Article 11; provided, however, IBM shall not use any of the Equifax Provided Hardware or Equifax Software or Equifax Provided Office Furnishings to perform similar services for others (including IBM), without the prior written consent of Equifax.
(b) Neither Party, through its personnel at any site covered under this Agreement, shall knowingly, directly or indirectly, solicit any employee of the other Party or their Affiliates at such site during the Term of this Agreement unless otherwise agreed in writing by the Parties and except as provided in Section 12.5(g). Equifax or IBM employee’s responses to or employment resulting from general public solicitations will be exempted from this provision.
(a) During the Term, Equifax shall have the right to retain third party suppliers (including suppliers of *) to perform any service, function, responsibility, activity or task that is within the scope of the Services or would constitute a New Service pursuant to Schedule C (Charges), or to perform any such services, functions, responsibilities or tasks (whether all or a part of the Services or the New Services) internally. IBM shall cooperate with any such third party supplier and Equifax as requested from time to time. Such cooperation shall include, without limitation, (i) providing reasonable physical and electronic access to the Facilities, the Data Center and the books and records in the possession of IBM regarding the Equifax Business and/or the Services; (ii) use of any Machines used by IBM to perform services for the Equifax Group for the Equifax Business; (iii) use of any of the Software (other than any Software where the underlying license agreement does not authorize such access and consent permitting such access and use has not been obtained); (iv) providing such information (subject to an appropriate confidentiality agreement, if appropriate) regarding the operating environment, System constraints, and other operating parameters as is reasonably necessary for the work product of the third party supplier of the Equifax Group to be compatible with the Services or New Services; and (v) such other reasonable cooperation as may be requested by Equifax.
(b) IBM’s obligations hereunder shall be subject to the third party suppliers’ compliance with reasonable Facilities and Data Center data and physical security and other applicable standards and procedures, execution of appropriate confidentiality agreements, and reasonable scheduling of computer time and access to other resources to be furnished by IBM pursuant to this Agreement.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
35
(c) If IBM’s cooperation with Equifax or any third party supplier performing work as described in Section 8.5(a) would constitute a New Service, IBM shall promptly so notify Equifax and the provisions of Section 10.1 of Schedule C (Charges) shall apply. The Parties further agree that if in IBM’s reasonable, good faith determination, a third party supplier’s activities impair IBM’s ability to meet the Service Levels or otherwise provide the Services in accordance with this Agreement, IBM will provide written notice to Equifax of such determination. The Parties will cooperate to determine and verify whether such effect is caused by a third party supplier, the extent of such effect, and how to ameliorate any such effect. IBM shall be excused for any inability to meet the Service Levels or otherwise provide any of the Services to the extent, and only for the period, any such third party supplier’s activities directly impair IBM’s ability to meet any Service Level or otherwise provide any of the Services in accordance with this Agreement.
(d) Equifax’s retention of third party suppliers pursuant to this Section 8.5 to perform services, functions, activities, tasks or responsibilities that are within the scope of the Services shall not relieve Equifax of its obligations set forth in this Agreement to pay IBM the charges applicable to such services, functions, activities, tasks or responsibilities as set forth in this Agreement, unless Equifax is relieved from such charge pursuant to a provision of this Agreement or by the agreement of IBM. For the avoidance of doubt, the preceding sentence shall not be interpreted to require Equifax to pay IBM any amount, pursuant to a PxQ Calculation under Schedule C (Charges), for any Resource Units not actually used or consumed by Equifax except in any particular circumstances in which Equifax would be required to pay such amount to IBM pursuant to Schedule C (Charges), notwithstanding the fact that Equifax did not actually use or consume the Resource Units in question.
8.6 Use of Subcontractors
(a) The Parties will develop and prepare a list of approved subcontractors that the Parties agree may be engaged by IBM to perform and deliver the part or portion of the Services indicated on such list as a subcontractor to IBM (the “Listed Subcontractors”), which will be attached to this Agreement as Schedule R. Affiliates of IBM shall be deemed to be Listed Subcontractors. With respect to subcontractors which are not Listed Subcontractors, IBM shall notify Equifax at least fifteen (15) business days prior to the proposed date of commencement by IBM of any subcontractor’s activity with respect to the Equifax Group or the Services, in writing of a decision to delegate or subcontract a function, responsibility or task to a subcontractor, or to change subcontractors for any function, responsibility or task, (i) that could have a material affect on the quality, timing, cost, consistency or performance of the Services or on the operations of any member of the Equifax Group or on the security of the Equifax Group data, books and records, or Facilities, or on the Equifax Business as conducted by any member of the Equifax Group, or (ii) where the subcontractor will interface directly with the members of the Equifax Group. Upon Equifax’s request, IBM shall promptly provide to Equifax information regarding the proposed new or replacement subcontractors in order to permit Equifax to determine whether to grant its consent to such delegation or change or subcontract. Such information shall include the scope of the Services to be delegated, and the experience, financial status, resources, and reason for selection of the proposed subcontractors. Subject to IBM’s timely provision of the foregoing information to Equifax, Equifax shall be deemed to have accepted such delegation or subcontract or change that is the subject of the notification by IBM to Equifax, if Equifax has not notified IBM in writing of its good faith objections to such delegation or subcontract on or before the fifteenth (15th) business day after receipt of such notice from IBM. IBM shall not delegate or subcontract or change subcontractors unless and until IBM and Equifax shall have resolved any objection timely made by
36
Equifax to such proposed action by IBM. In addition, IBM shall not disclose any Confidential Information of the Equifax Group to any subcontractor unless and until such subcontractor has agreed in writing to protect the confidentiality of such Confidential Information in a manner equivalent to that required of IBM by Article 11.
(b) Equifax shall have the right to request that IBM replace a subcontractor if such subcontractor has entered a business that is primarily competitive with Equifax’s main business.
(c) IBM shall remain primarily liable and obligated to Equifax for the timely and proper performance of all of its obligations hereunder even if such obligations are delegated to third party subcontractors (including, without limitation, Affiliates of IBM entering into Local Enabling Agreements with Equifax and/or Affiliates of Equifax), and for the proper and timely performance and actions of any person or entity to which it delegates or subcontracts any such obligation.
(d) Subcontractors used by IBM in performing the Services shall be subject to the provisions of Section 3.7 and Schedule T (Security Procedures).
8.7 Equifax Approvals and Notification
For those areas of the Services where Equifax (a) has reserved a right-of-approval, consent or agreement, (b) is required to provide notification, and/or (c) is to perform a responsibility set forth in this Agreement, and such approval, consent, notification or performance is delayed or withheld beyond the period provided in this Agreement, without authorization or right and, such delay or withholding is not caused by IBM and affects IBM’s ability to provide the Services under this Agreement, IBM will be excused from any failure to meet the Service Levels for any affected portion of the Services to the extent, but only to the extent, such failure is directly caused by such delay or withholding. If not specified otherwise in this Agreement, the period for such approval or notification shall be fifteen (15) business days unless another time period is otherwise agreed by the Parties.
9. CHARGES
Schedule C (Charges) to this Agreement sets forth the pricing, invoicing and payment methodologies and processes for the charges related to the Services. For the avoidance of doubt, Equifax acknowledges that it will receive and be obliged to pay invoices for IBM’s charges under the existing IBM-Equifax agreements set forth in Schedule M for Services provided on or before July 31, 2003 thereunder.
10. INTELLECTUAL PROPERTY RIGHTS
IBM, the members of the Equifax Group and their respective contractors and subcontractors may develop, create, modify or personalize (collectively, “Develop,” “Developed” or “Developing”) certain computer programming code, including source and object code (“Code”) and other Materials in order to perform the Services. The provisions of this Article 10 set forth the respective rights of Equifax and IBM in such Code and other Materials.
37
With respect to any Materials whether Developed solely by IBM or its subcontractors, or jointly by the Equifax Group personnel or their subcontractors and IBM or its subcontractors, ownership will be as follows:
(a) Equifax Code, Equifax Derivative Code and Equifax Works, and all * other than Equifax Materials Developed by IBM under this Agreement (for example, Equifax Materials developed outside the scope of this Agreement or existing prior to the Commencement Date), shall be owned by Equifax or another member of the Equifax Group, as applicable. During the Term, IBM shall have an irrevocable, nonexclusive, worldwide, paid-up license to use, execute, reproduce, display, perform, operate, distribute, modify, develop, personalize and create Derivative Works from such Materials *.
(b) IBM Code, IBM Derivative Code, IBM Works and IBM Interfaces, and all patent rights created in the course of Developing IBM Code, IBM Derivative Code, IBM Works and IBM Interfaces, shall be owned by IBM. The Equifax Group shall have an irrevocable, nonexclusive, worldwide, paid-up license to use, execute, operate, reproduce, display, perform, distribute, modify, Develop, personalize and create Derivative Works from such Materials internally, and the right to sublicense third parties to do any of the foregoing, to the extent necessary and for the sole purpose of receiving or using the Services during the Term.
(c) With respect to any Equifax Materials whether or not Developed under this Agreement, which are or have been Developed solely by the Equifax Group personnel and/or their contractors, such Materials and all patent rights created in the course of Developing such Materials shall be owned by Equifax. IBM shall have an irrevocable, nonexclusive, worldwide, paid-up license to use, execute, operate, reproduce, display, perform, distribute, modify, Develop, personalize and create Derivative Works from such *.
(d) *
(e) Any ownership or license rights herein granted to either Party or another member of the Equifax Group or any other Authorized Users are limited by and subject to any *, and terms and conditions of * applicable Third Party Providers.
(f) To the extent that by operation of law any of the Materials, * may not be owned by IBM or the Equifax Group to which ownership has been allocated under this Article 10, each Party agrees to promptly assign, or cause to be assigned, and take such actions and execute and deliver such documents as shall be necessary or appropriate to effect such assignment without further consideration. Each Party hereby assigns, without further consideration, the ownership of all right, title and interest in all U.S. and foreign copyrights, and mask work rights (if any) in the Materials to the other Party as set forth in this Article 10. Such assignee shall have the right to obtain and hold in its own name or transfer patents and copyrights, applications, registrations, renewals and all other rights relating or pertinent thereto.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
38
10.2 Obligations Regarding Materials
(a) Following the Development of Equifax Code, Equifax Derivative Code or Equifax Works or the creation of any invention (whether or not patentable) in the course of such Development, by IBM (or any of its Affiliates or subcontractors), IBM will follow its standard processes and procedures to assess whether any patentable ideas have been identified or discovered and provide to Equifax any invention disclosure prepared by IBM in accordance with its standard processes and procedures.
(b) The Parties agree to reproduce copyright legends which appear on any portion of the Materials which may be owned by the Parties and any and all third parties.
(c) Except as set forth in this Article 10 or in Article 11, this Agreement shall not preclude either Party from Developing materials or providing services which are competitive to the Materials or Services which might be delivered pursuant to this Agreement, except to the extent any of same may infringe any of the other Party’s patent rights, copyrights, trade secrets or mask work rights.
(d) Neither this Agreement nor any disclosure made hereunder grants any license to either Party under any patents rights, copyrights, mask work rights or trade secrets of the other Party, except for the licenses expressly granted under this Article 10 and Section 12.6 hereof.
(e) Each Party and their respective Affiliates shall have the right to develop commercialize, use, publish and distribute materials and/or intellectual property which may be substantially similar to the Materials (including, without limitation, computer programs and other copyrighted works) for their own use, for third parties or for other purposes provided that such activities are effected without breach of their obligations under this Agreement and do not infringe the intellectual property rights of the other Party and/or its Affiliates.
10.3 Authorized Users
The Authorized Users (excluding the Equifax Group) shall have only such rights to the intellectual property comprising the System as shall be granted by Equifax which in no event shall be greater than any right Equifax may have to such intellectual property. All such rights shall be subject to this Agreement.
11. CONFIDENTIALITY/DATA SECURITY
(a) IBM and Equifax each acknowledge that the other Party and/or its Affiliates possesses and will continue to possess information, which has commercial value in such other Party’s and/or its Affiliates’ business and is not in the public domain. Such information has been created, discovered, developed by such other Party and its Affiliates or provided to it by a third party, and such other Party and/or its Affiliates holds property rights in such information by assignment, license or otherwise. “Confidential Information” means with respect to a Party, any and all proprietary business information of the disclosing Party and/or its Affiliates and/or of third parties in the possession of the disclosing Party and its Affiliates treated as secret by the disclosing Party and its Affiliates (that is, it is the subject of efforts by the disclosing Party and/or its Affiliates that are reasonable under the circumstances to maintain its secrecy) that does not constitute a Trade Secret (defined below), including, without limitation, the terms of this Agreement, and any and all proprietary information in the possession of such disclosing Party and/or its Affiliates of which the receiving Party and/or its Affiliates become aware as a result of its access to and presence at the other Party’s and/or its Affiliates’ facilities. “Trade Secrets” mean with respect to a Party,
39
information related to the services and/or business of the disclosing Party and/or its Affiliates and/or of a third party which (a) derives economic value, actual or potential, from not being generally known to or readily ascertainable by other persons who can obtain economic value from its disclosure or use; and (b) is the subject of efforts by the disclosing Party and/or its Affiliates that are reasonable under the circumstances to maintain its secrecy, including without limitation (i) marking any information reduced to tangible form clearly and conspicuously with a legend identifying its confidential or proprietary nature; (ii) identifying any oral presentation or communication as confidential immediately before, during or after such oral presentation or communication; or (iii) otherwise, treating such information as confidential or secret. Assuming the criteria in sections (a) and (b) above are met, Trade Secrets include, but are not limited to, technical and nontechnical data, formulas, patterns, compilations, computer programs and software, devices, drawings, processes, methods, techniques, designs, programs, financial plans, product plans, and lists of actual or potential customers and suppliers. “Company Information” means collectively the Confidential Information, Equifax Data and Trade Secrets. Company Information also includes information which has been disclosed to either Party and/or its Affiliates by a third party which such Party and/or its Affiliates is obligated to treat as confidential or secret.
(b) For the purposes of obligations under Article 11, “Authorized Users” are included within the concept of “Equifax and/or its Affiliates” or “Party and/or its Affiliates”.
11.2 Obligations
(a) Equifax and IBM will each refrain from disclosing, will hold as confidential, and will use the same level of care to prevent disclosure to third parties and to hold confidential, the Company Information of the other Party as it employs to avoid disclosure, publication or dissemination of its own information of a similar nature but in no event less than a reasonable standard of care. Notwithstanding the foregoing, the Parties and their Affiliates may disclose Company Information in the case of Equifax and its Affiliates, to members of the Equifax Group or to companies divested by the Equifax Group that elect to receive services hereunder as an Authorized User, and in the case of both Parties and their Affiliates, to companies divested by the Equifax Group that elect to receive services hereunder as an Authorized User or to authorized contractors and subcontractors involved in providing and using the Services under this Agreement where: (i) such disclosure is necessary to permit the members of the Equifax Group or any divested companies of the Equifax Group that receive services hereunder as an Authorized User, or any authorized contractor or subcontractor to perform its duties hereunder or use the Services; (ii) members of the Equifax Group and such divested companies of the Equifax Group that elect to receive services hereunder or any authorized contractor or subcontractor agree in writing to observe the confidentiality and restricted use and disclosure covenants and standards of care set forth in this Article 11 and IBM and Equifax are each third party beneficiaries for all purposes; and (iii) IBM in the case of Equifax Company Information received by IBM and/or its Affiliates and disclosed by them as permitted herein or Equifax in the case of IBM Company Information received by Equifax and/or its Affiliates and disclosed by them as permitted herein, assumes full responsibility for the acts or omissions of its Affiliates, contractors and subcontractors or, in the case of Equifax, its divested companies receiving services hereunder as an Authorized User, no less than if the acts or omissions were those of IBM and Equifax respectively.
(b) Neither Equifax nor IBM shall use the Company Information of the other Party except in the case of IBM and its Affiliates and subcontractors, (i) in connection with the performance of the Services and (ii) as otherwise specifically permitted in this Agreement, and in the case of Equifax, its contractors and other members of the Equifax Group, (A) as specifically permitted in this
40
Agreement and (B) in connection with the use of the Services. IBM shall be responsible to ensure that its Affiliates and subcontractors comply with this Section 11.2(b) and Equifax shall be responsible to ensure that the members of the Equifax Group and its contractors comply with this Section 11.2(b).
(c) Without limiting the generality of the foregoing, neither Party nor their Affiliates will publicly disclose the terms of this Agreement, except to the extent permitted by this Article 11 and to enforce the terms of this Agreement, without the prior written consent of the other. Furthermore, neither IBM nor Equifax nor their Affiliates will make any use of the Company Information of the other Party and its Affiliates except as contemplated by this Agreement; acquire any right in or assert any lien against the other Party’s Company Information except as contemplated by this Agreement; or refuse to promptly return, provide a copy of or destroy such Company Information upon the request of the disclosing Party.
(d) Notwithstanding any other provision of the Agreement, neither Party will be restricted in using, in connection with its business operations, any * ideas, concepts, know-how and techniques which are retained in the unaided memories of employees who have had access to the other Party’s Confidential Information, subsequent to the Commencement Date, without deliberate memorization of such Confidential Information for purposes of reuse under this paragraph (“Residual Knowledge”) *.
11.3 Exclusions
Notwithstanding the foregoing, this Article 11 will not apply to any information which IBM or Equifax can demonstrate was: (a) at the time of disclosure to it, in the public domain; (b) after disclosure to it, published or otherwise becomes part of the public domain through no fault of the receiving party; (c) without a breach of duty owed to the disclosing party, is in the possession of the receiving party at the time of disclosure to it; (d) received after disclosure to it from a third party who had a lawful right to and, without a breach of duty owed to the disclosing party, did disclose such information to it; or (e) independently developed by the receiving party without reference to Company Information of the disclosing party. Further, either Party may disclose the other Party’s Company Information to the extent required by law or order of a court or governmental agency. However, the recipient of such Company Information must give the other Party prompt notice and make a reasonable effort to obtain a protective order or otherwise protect the confidentiality of such information, all at the discloser’s cost and expense. It is understood that the receipt of Company Information under this Agreement will not limit or restrict assignment or reassignment of employees of IBM and its Affiliates and the Equifax Group within or between the respective Parties and their Affiliates.
11.4 Loss of Company Information
The receiving Party will immediately notify the disclosing Party, orally or in writing in the event of any disclosure, loss, or use in violation of this Agreement of a disclosing Party’s Company Information known to the receiving Party.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
41
11.5 Limitation
The covenants of confidentiality set forth herein (a) will apply after the Commencement Date to any Company Information disclosed to the receiving Party before and after the Commencement Date and (b) will continue and must be maintained from the Commencement Date through termination of the relationship between the Parties and (i) with respect to Trade Secrets, until the earlier of ten (10) years after termination of this Agreement or until such Trade Secrets no longer qualify as trade secrets under applicable law; and (ii) with respect to Confidential Information for a period equal to the shorter of two (2) years after termination of the Parties’ relationship under this Agreement, or until such Confidential Information no longer qualifies as confidential under applicable law. Neither Party will be responsible for the security of the Company Information of the other Party during transmission via public communications facilities or for the loss of or damage to such information during transmission, except to the extent that such breach of security or loss or damage is caused by the failure of such Party to perform its obligations under this Agreement, including exercising the standard of care set forth in Section 11.2(a).
11.6 Equifax Data
(a) All of Equifax’s Company Information (including, without limitation, data, records and reports related to the Equifax Group, the Equifax Business and the Services) is represented by Equifax to be the exclusive property of Equifax, and/or its Affiliates or the property of third parties licensed to Equifax and/or its Affiliates, and the furnishing of such information, data, records and reports to, or access to such items by, IBM and/or its Affiliates and/or subcontractors will not grant any express or implied license to or interest in IBM and/or its Affiliates and/or subcontractors relating to such information, data, records and reports except as required to perform the Services pursuant to this Agreement. Unless specifically provided otherwise in this Agreement, IBM shall have no responsibility with respect to compliance with laws or regulations applicable to the storage, maintenance, and distribution of Equifax Company Information to the extent that any such activity by IBM is performed or implemented in accordance with Equifax’s legal compliance officer’s written instruction or direction. Upon request by Equifax at any time and from time to time and without regard to the default status of the Parties under this Agreement, IBM and/or its Affiliates and/or subcontractors shall promptly deliver to Equifax Equifax’s Company Information (including without limitation all data, records and related reports regarding the Equifax Group, the Equifax Business and the Services) in electronic (tape) format and in such hard copy as existing on the date of the request by Equifax.
(b) IBM personnel shall not attempt to access, or allow access to, any Equifax Data which they are not permitted to access under this Agreement. If such access is attained, IBM shall immediately report such incident to Equifax, describe in detail the accessed Equifax Data and return to Equifax any copied or removed Equifax Data.
11.7 Data Privacy
In carrying out their activities under this Agreement, the Parties shall observe and comply with the data privacy and protection requirements set forth in Schedule P (Data Protection).
42
12. TERMINATION
12.1 Termination By Equifax
Subject to the Termination Charges set forth in Schedule C (Charges), where applicable, Equifax may terminate the applicable portion(s) of this Agreement for the following reasons:
(a) A material breach of this Agreement by IBM and/or its Affiliates that remains uncured for ten (10) days after receipt of written notice thereof; provided, however, if a material breach of this Agreement by IBM and/or its Affiliates (other than a breach of Article 11 hereof) occurs that by its nature cannot be cured by IBM in such ten (10) day period but IBM submits a commercially reasonable written plan to Equifax within such period to cure such breach after the ten (10) day period (but in no event more than forty five (45) days after such notice of breach), the cure period for such breach shall be extended to the date set forth in the plan (but in no event more than sixty (60) days after the notice of breach). If the material breach by its nature cannot be cured within sixty (60) days, then Equifax may terminate this Agreement by providing notice to IBM; or
(b) There exists a series of non-material or persistent breaches by IBM and/or its Affiliates that in the aggregate have a material and significant adverse impact (i) on the Services support of the administrative, management, planning, financial reporting or operations functions of the Equifax Group or the portion of the Equifax Group constituting the user group, or (ii) on the management of the Services or the portion of the Services; or
(c) For convenience upon one hundred eighty (180) days prior notice by Equifax to IBM, Equifax may terminate by Service Tower or by Country Location or this entire Agreement at any time after the third anniversary of the Commencement Date; or
(d) In the event that (i) another entity, directly or indirectly, in a single transaction or series of related transactions, acquires either Control of Equifax or all or substantially all of the assets of Equifax, or (ii) Equifax is merged with or into another entity, upon one hundred eighty (180) days prior notice by Equifax to IBM, which notice must be given within 180 days after the Change of Control; or
(e) IBM and/or its Affiliate that has accepted this Agreement by executing a Local Enabling Agreement becomes insolvent or is unable to pay its debts or enters into or files (or has filed or commenced against it) a petition, arrangement, application, action or other proceeding seeking relief or protection under the bankruptcy laws of the United States or any similar laws of the United States or any state of the United States or any other country or transfers all or substantially all of its assets to another person or entity; or
(f) IBM and/or its Affiliate that has accepted this Agreement by executing a Local Enabling Agreement incurs * in excess of the * under the circumstances and resulting from the events described in Section 13.1(a)(i);
(g) If Equifax’s license to use credit data in Spain shall expire or be terminated prior to the end of the Term of this Agreement, Equifax may terminate this Agreement with respect to Services provided in Spain as of a date specified by Equifax in a written notice of termination to IBM, and Equifax will pay IBM’s charges due and payable through the termination date. If Equifax elects such termination, Equifax shall pay on account of such termination IBM’s Wind-Down Expenses for a period not to exceed one hundred twenty (120) days and shall acquire from IBM, at a cost equal to IBM’s then-current net book value, and hardware or software primarily dedicated to performing Services for Equifax that cannot be redeployed by IBM using Commercially Reasonable Efforts.; or
(h) Under the circumstances set forth in Section 17.3.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
43
12.2 Termination by IBM
In the event, but only in the event, that Equifax fails to pay IBM when due undisputed charges totaling at least one (1) month’s charge under this Agreement and fails to make such payment within sixty (60) days after receiving notice from IBM of the failure to make such payment, IBM may, by giving written notice to Equifax, terminate this Agreement as of a date specified in the notice of termination.
12.3 Services Transfer Assistance
(a) The Parties agree that IBM will cooperate with the Equifax Group to assist in the orderly transfer of the services, functions, responsibilities, tasks and operations comprising the Services provided by IBM and its Affiliates hereunder to one or more members of the Equifax Group itself or another services provider in connection with the expiration or earlier termination of this Agreement for any reason, however described. The Term of this Agreement shall not be deemed to have expired or terminated until the Services Transfer Assistance thereunder is completed. Upon Equifax’s request IBM or its Affiliate shall provide transfer assistance in connection with migrating the work of the Equifax Group to the Equifax Group itself or another services provider (“Services Transfer Assistance”) commencing up to one (1) year prior to expiration or upon any notice of termination, or of non-renewal of this Agreement. In the event Equifax repeatedly fails to pay any amounts when due and payable under this Agreement within two (2) years of the start of Services Transfer Assistance, with or without an attendant termination for cause by IBM, IBM shall not be required to provide Services Transfer Assistance unless Equifax prepays the applicable total monthly charges due under Schedule C (Charges) for the entire duration of Services Transfer Assistance, if any, and a reasonable projection of other charges due for the entire period Equifax requests Services Transfer Assistance. In no event will Equifax’s holding of or escrow of monies in compliance with Section 8.2 (Disputed Charges/Credits) of Schedule C (Charges) be considered a failure by Equifax to pay amounts due and payable hereunder. Further, IBM shall provide the Services Transfer Assistance in accordance with this Section 12.5 even in the event of Equifax’s material breach (other than an uncured payment default) with or without an attendant termination for cause by IBM, if Equifax prepays a reasonable projection of the other charges due under this Agreement (other than the total monthly charges due under Schedule C (Charges), which shall be paid monthly as provided in Schedule C (Charges)) for the Services Transfer Assistance for the entire period Equifax desires IBM to provide such services to the Equifax Group or its designees. Services Transfer Assistance shall be provided through the effective date of the expiration or termination of the Services being terminated, and upon request by Equifax, the effective date of such expiration or termination shall be extended for up to one (1) year thereafter pursuant to the terms and conditions of this Agreement and such period shall be considered an extension of the Term, however any such extension shall not affect the payment date or amount of any applicable Termination Charges, which Termination Charges shall be due and payable as of the initially noticed effective date of termination. Services Transfer Assistance shall include, but not be limited to, providing the Equifax Group and their respective agents, contractors and consultants, as necessary, with the services described in Schedule O (Services Transfer Assistance).
(b) If the provision of any Services Transfer Assistance by IBM would require IBM to perform New Services, the provisions of Section 10.1 (Prices and Charges for New Services) of Schedule C (Charges) shall apply.
(c) If Equifax exercises its option to prepay the monthly charges due under Schedule C (Charges) and other charges reasonably projected by IBM for Services Transfer Assistance and it is
44
determined that such prepayment is in excess of the actual charges associated with the Services Transfer Assistance, then IBM shall apply such overpayment to monies otherwise due IBM or, if no monies are due IBM, promptly refund such overpayment to Equifax at the end of such Services Transfer Assistance. Conversely, if the amount prepaid by Equifax to IBM for Services Transfer Assistance does not fully reimburse IBM for the actual charges due under Schedule C (Charges) for the provision of Services Transfer Assistance to Equifax, then IBM shall invoice Equifax and Equifax shall promptly pay IBM for such additional amounts as incurred and invoiced to Equifax.
(d) In the process of evaluating whether to undertake or allow termination, expiration or renewal of this Agreement, Equifax may consider obtaining, or determine to obtain, offers for performance of services similar to the Services following termination, expiration or renewal of this Agreement. As and when reasonably requested by Equifax for use in such a process, IBM shall provide to Equifax such information and other cooperation regarding performance of the Services as would be reasonably necessary for a third party to prepare an informed, non-qualified offer for such services. The types of information and level of cooperation to be provided by IBM pursuant to this Section 12.3(d) shall be no less than those initially provided by Equifax to IBM prior to commencement of this Agreement.
12.4 Equitable Remedies
If a court of competent jurisdiction should find that IBM has breached its obligations to provide Service Transfer Assistance, IBM agrees that, *.
12.5 Other Rights Upon Termination
At the expiration or earlier termination of this Agreement for any reason, however described, IBM agrees in each such instance, as applicable:
(a) Upon Equifax’s request, IBM agrees to sell to Equifax or its designee the IBM Machines owned by IBM then currently being used by IBM primarily to perform the Services or the portion of the Services, as applicable, at its then-current unamortized net book market value. In the case of IBM Machines that IBM is leasing and using primarily to perform the Services, IBM agrees to permit Equifax or its designee to either buy-out the lease on the IBM Machines and purchase the IBM Machines from the lessor or assume the lease(s) and secure the release of IBM thereon, subject to the terms of the applicable lease. Equifax shall be responsible for any sales, use or similar taxes associated with such purchase of such IBM Machines or the assumption of such leases.
(b) To the extent that IBM is using commercially available IBM proprietary software to perform the Services on the termination or expiration of the Agreement, IBM will grant to the members of the Equifax Group and their Affiliates a license (which license shall permit a third party designee to use such software solely for Equifax’s benefit) to such software (and any related documentation) on IBM’s then standard terms and conditions (other than any one-time charges which shall not be required).
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
45
(c) IBM will provide to the Equifax Group * in accordance with * for use by the Equifax Group as a part of and in connection with the Equifax Business, upon terms and prices to be mutually agreed upon by the Parties (which prices shall not be greater and other terms shall be no less favorable than those then offered to other customers of IBM) or, in the case where no such customers exist, other third parties). At Equifax’s option, IBM will recommend a mutually agreeable commercially available substitute, if available, to perform the same function.
(d) Subject to Section 12.6(e), if IBM has licensed or purchased and is using any generally commercially available Software to provide the Services to the Equifax Group at the date of expiration or termination of this Agreement, Equifax may elect to take a transfer or an assignment of the license for such software (and any attendant maintenance agreement), subject to the terms of such license reimburse IBM for the initial license or purchase charges for such Software in an amount equal to the remaining unamortized cost of such Software, if any, depreciated over a five (5) year life. Equifax shall also pay any transfer fee or charge imposed by the applicable vendor and not the obligation of IBM hereunder, and subject to Equifax’s acceptance of any applicable vendor terms and conditions, such licensed Software shall be transferred or assigned to Equifax.
(e) If IBM has licensed or purchased and is using any generally commercially available Software to provide the Services to the Equifax Group and other IBM customers in a shared environment at the date of expiration or termination of this Agreement, IBM, upon request by Equifax, will assist Equifax in obtaining licenses for such Software (and any attendant maintenance agreement) subject to Equifax’s payment of any license fee and other charge imposed by the applicable vendor.
(f) IBM will use Commercially Reasonable Efforts to negotiate license arrangements with third parties that will minimize the amount of license and maintenance agreement and assignment fees to be paid by Equifax. If IBM is unsuccessful in any such negotiations, it will so notify Equifax prior to executing the affected agreement, in which event Equifax may elect participate in the negotiation of such license and maintenance agreement arrangements. IBM shall provide reasonable advance written notice to Equifax of such anticipated negotiations.
(g) In the case of the impending expiration or termination of this Agreement for any reason, subject to local law, the Equifax Group shall have the right (or, as required by applicable local law, the duty) to make offers of employment to any or all IBM employees performing material Services for the Equifax Group hereunder, as applicable (“Service Employees”). Promptly after either Party provides the other Party written notice of termination or expiration with the prior consent of each Services Employee (each of whom IBM will notify of Equifax’s interest), IBM agrees, subject to the agreement of the Service Employees, to supply Equifax with the names and resumes requested by Equifax for the purpose of exercising its rights under this Section 12.5(g), at no charge. Equifax’s rights under this Section 12.5 will take precedence over any IBM/employee employment contract or covenant that may otherwise limit an employee’s right to accept employment with the Equifax Group.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
46
(h) Upon Equifax’s request, IBM will transfer or assign to Equifax or its designee, on mutually acceptable terms and conditions, any Third Party Agreements not otherwise treated in this Section 12.5, applicable solely to services being provided to Equifax, including, without limitation, Third Party Agreements for maintenance, Disaster Recovery Services and other necessary third party services then being used by IBM to perform the Services subject to the payment by Equifax of any transfer fee or charge imposed by the applicable vendors.
12.6 Effect of Termination/Survival of Selected Provisions
Notwithstanding the expiration or earlier termination of the Services or this Agreement for any reason however described, the following Sections of this Agreement shall survive any such expiration or termination: Section 8.3(b), Article 10, Article 11, Section 12.5, Section 12.6, Article 13, Article 14, Article 15, Section 16.1 and Article 17.
12.7 Savings Clause
Equifax’s failure to perform its Equifax Retained Functions or its responsibilities set forth in this Agreement (other than as provided in Section 12.2) shall not be deemed to be grounds for termination by IBM. IBM’s nonperformance of its obligations under this Agreement shall be excused if and to the extent (a) such IBM nonperformance results from Equifax’s failure to perform its responsibilities; and (b) IBM provides Equifax with reasonable notice of such nonperformance and uses Commercially Reasonable Efforts to perform notwithstanding Equifax’s failure to perform (with Equifax reimbursing IBM for its additional out-of-pocket expenses for such efforts).
13. LIABILITY
13.1 Liability Caps
(a) Except as provided in Section *, the liability of IBM and its Affiliates to Equifax and its Affiliates under this Agreement arising out of or resulting from the performance or non-performance of IBM and/or its Affiliates and/or subcontractors of the Services and its obligations shall be limited in the aggregate for all claims, causes of action or occurrences:
(i) to Direct Damages incurred by Equifax and its Affiliates equal to the charges paid by Equifax for the Services in the affected country during the * immediately prior to the first event which is the subject of the first claim or if * have not elapsed in the term of this Agreement at the time of the first such event, the estimated charges to Equifax for the Services in the affected country set forth in Schedule C (Charges) during the first * of the Term (“IBM Direct Damages Cap”); and
(ii) in the event Equifax claims Direct Damages for event(s) which are the subject matter of claim(s) or cause(s) of action which are the basis for and result in Equifax’s termination of this Agreement pursuant to Section 12.1(a) for cause or Section 12.1(e) for Bankruptcy, and the * operates to preclude Equifax’s recovery of *, then * shall be entitled to recover an *, not to exceed * of *, which amount shall be applied only toward *.
(b) Except as provided in Section *, the liability of Equifax to IBM arising out of or resulting from the performance and non-performance of its obligations in each country shall be limited in all cases to Direct Damages which in the aggregate shall not exceed the amounts payable by Equifax upon a termination for convenience under Schedule C (the “Equifax Direct Damages Cap”). The IBM Direct Damages Cap and the Equifax Direct Damages Cap are herein collectively called the “Direct Damages Caps”.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
47
13.2 *
13.3 Direct Damages and Cover Charges
Unless specifically provided to the contrary in this Agreement, neither party shall have any liability whether based on contract, tort (including without limitation, negligence), warranty, guarantee or any other legal or equitable grounds to the other party for any damages other than Direct Damages.
(a) “Direct Damages” mean actual, direct damages incurred by the claiming Party which include, by way of example but without limitation, (i) the costs to * rendered by *, (ii) the difference in the amounts to be paid * and the * to provide, and/or the costs incurred by *, all or a portion of the Services during any period or periods that * the Services, (iii) the Service Credits, (iv) Transition Cover Costs, and (v) similar damages, but “Direct Damages” shall not include (A) loss of interest, profit or revenue of the claiming Party or (B) incidental, consequential, special or indirect damages suffered by the claiming Party (except as the damages described in (A) and (B) are included as a part of the Termination Charge and the Service Credits or as otherwise provided for in this Agreement) and shall not include punitive or exemplary damages suffered by the claiming Party arising from or related to this Agreement, even if such Party has been advised of the possibility of such losses or damages.
(b) “Transition Cover Costs” means all costs and expenses incurred by the Equifax Group to Transition to another provider of information management and communications services, and/or take in-house, some or all of such functions, responsibilities, tasks and activities comprising the portion of the Services provided under any terminated portion(s) of this Agreement, after Commercially Reasonable Efforts to mitigate such costs and expenses.
13.4 Dependencies
In no event will IBM or its subcontractors be liable for any damages if and to the extent caused by Equifax’s or its Affiliates’ or its subcontractors’ failure to perform its responsibilities hereunder; provided, however, for the purposes of this Section 13.4, neither IBM nor its Affiliates nor the Third Party Providers shall be considered a subcontractor of Equifax. Neither Equifax nor its Affiliates or contractors shall be liable for any damages if and to the extent caused by any failure to perform by IBM or its Affiliates or subcontractors.
13.5 Remedies
At its option, Equifax may seek all remedies available to it under law and in equity or recover as liquidated damages the Service Credits, subject to the limitations and provisions specified in this Article 13. If IBM’s provision of the Services is such that IBM would otherwise owe Equifax a Service Credit and Equifax elects to recover Service Credits, Equifax’s recovery of Service Credits shall constitute acknowledgment by Equifax of full satisfaction and release of any claim by Equifax that IBM has breached its obligations under this Agreement with respect to any such event(s) giving rise to the Service Credits. However, within twelve (12) calendar months of the receipt of any Service Credits Equifax received with respect to any action or inaction by IBM upon which Equifax is basing termination for cause under Section 12.1(a) or termination for persistent breaches under Section 12.1(b), Equifax may return such Service Credits and pursue a damage claim against IBM, if any such claim exists.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
48
14. INDEMNITIES
14.1 Indemnity by IBM
IBM will indemnify and hold each member of the Equifax Group and their respective officers, directors, employees, agents, successors, contractors and assigns (each an “Indemnitee”) harmless from and against any and all Losses incurred by any of them arising from or in connection with:
(a) any Claims of infringement asserted against an Indemnitee as a result of * on or after the Commencement Date, including the *;
(b) subject to Section 14.1(a) above, any Claims of infringement of any patent or any copyright, trademark, service xxxx, trade name, trade secret, or similar property right conferred by contract or by common law or by any law of any country, including without limitation, the United States, and any other applicable jurisdiction or any state, alleged to have been incurred because of or arising out of any aspect of the Services (including without limitation any information technology, information management and communications services, equipment, software or other resources) provided by IBM and/or its Affiliates or subcontractors in its performance of the Services; provided, however, IBM will have no obligation with respect to any Losses to the extent arising from or in connection with * related to the Services committed by an Indemnitee or any employee of an Indemnitee that is not the result of IBM and/or its Affiliates or subcontractors * including, without limitation, obtaining * for which it has responsibility; and provided, further, that IBM will have no obligation with respect to any Losses to the extent arising out of or in connection with * provided by IBM and/or its Affiliates or subcontractors, or an Indemnitee’s * provided by IBM and/or its Affiliates or subcontractors with * not furnished by, through or at the specification of IBM or its Affiliates or subcontractors, or an Indemnitee’s use of * provided by IBM and/or its Affiliates to such Indemnitee * specifically designated in * or a written notice to Equifax from IBM;
(c) any Claims, however described (including without limitation, failure to obtain Required Consents or arising from IBM’s exercise of its rights to terminate, modify or change the Third Party Agreements pursuant to Section 8.3(a)), accruing during the Term (that is, not arising or resulting from a breach by the Equifax Group before the Commencement Date or after the termination date of this Agreement) regarding any Third Party Agreement; provided, however, IBM will have * to the extent arising out of or in connection with Claims for * related to the Services (i) committed by any Indemnitee or any employee of an Indemnitee that is not the result of IBM and/or its Affiliates or subcontractors * for which it has responsibility or (ii) to the extent arising out of or resulting from Equifax * for which it has responsibility;
(d) any Claims for personal injuries, death or damage to tangible personal or real property of third parties including employees of IBM, its Affiliates, contractors and subcontractors caused by the negligence or willful misconduct of IBM, its employees, Affiliates, contractors or subcontractors; provided that IBM will have no obligation under this part, to the extent the same arise out of or in connection with the negligence or willful misconduct of a member of the Equifax Group;
(e) any Claims for amounts, including but not limited to taxes, interest and penalties, assessed or claimed against the Equifax Group which are obligations of IBM under this Agreement;
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
49
(f) any Claim for violation of environmental laws or regulations arising out of this Agreement or as a result of the Services performed at the Facilities, the Data Center or the other Equifax Group sites or locations to the extent IBM or its Affiliates or subcontractors has caused the environmental damage or violation of the environmental laws or regulations from which the Claim arises;
(g) any Claims directly attributable to IBM’s decision to * and Equifax’s * and Losses incurred by Equifax associated with *;
(h) any Claims for penalties, interest and other charges imposed by a taxing authority (except the actual taxes payable by Equifax under the terms of this Agreement) arising out of or resulting from IBM * provided to Equifax in writing regarding * to Equifax;
(i) any Claims by any Transferred Employees in respect of which IBM is obliged to indemnify Equifax pursuant to Exhibit X-0, X-0, X-0, X-0 or D-5 of Schedule D (Human Resources); and
(j) any Claims arising out of or resulting from a breach by IBM and/or its Affiliates of * of this Agreement to the extent that such * are of specific application to the provision of the Services by IBM and/or its Affiliates to the Equifax Group under this Agreement.
(k) In the event and to the extent that a Claim is made against an Indemnitee by an employee of IBM, its contractors or subcontractors providing services, products and/or software hereunder, the Parties agree that IBM shall indemnify and hold harmless the Indemnitee to the same extent as if the Claim was made by a non-employee of IBM, its contractors or subcontractors. IBM’s indemnification hereunder shall be *. Accordingly, in addition to other provisions herein, and in order to render the Parties’ intent and this indemnification agreement fully enforceable, IBM, in an indemnification claim hereunder, expressly and without reservation * it may have under any applicable * or any other statute or judicial decision * and consents to *. This waiver and consent * is made irrespective of and specifically * under any statute or judicial decision.
14.2 Indemnity by Equifax
Equifax will indemnify and hold harmless IBM, and its respective officers, directors, employees, agents, successors and assigns (each an “IBM Indemnitee”) harmless from and against any and all Losses incurred by any of them arising from or in connection with:
(a) any Claims of infringement asserted against an IBM Indemnitee as a result of * on or after the Commencement Date;
(b) subject to Section 14.2(a) above, any Claims of infringement of any patent or any copyright, trademark, service xxxx, trade name, trade secret, or similar property right conferred by contract or by common law or by any law of any country, including without limitation, the United States and any other applicable jurisdiction or any state, alleged to have been incurred because of or arising out of any equipment, materials and other resources (including without limitation information technology, information management and communications services equipment, software or other resources) provided to IBM and/or its Affiliates by the Equifax Group in connection with the performance of the Services; provided, however, Equifax will have no obligation with respect to any Losses to the extent arising out of or in connection with Claims for * the Services, committed by an IBM Indemnitee or any employee of an IBM Indemnitee that is not the result of the Equifax Group * including, without limitation, obtaining * for which it has responsibility; and provided, further, that Equifax will have no obligation with respect to any Losses to the extent arising out of or in connection with * provided by the Equifax Group with * by the Equifax Group, or an IBM Indemnitee’s * the Equifax Group to such IBM Indemnitee under this Agreement * or a written notice to IBM from Equifax *;
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
50
(c) any Claims accruing before the Commencement Date or after the termination date of this Agreement regarding any Third Party Agreements between members of the Equifax Group and a third party covered by this Agreement, including without limitation, failure to obtain Required Consents but not including Claims arising or resulting from IBM and/or its Affiliates failing to perform its obligations under this Agreement including, without limitation, obtaining any Required Consent for which it has responsibility;
(d) any Claims for amounts, including without limitation, taxes, interest and penalties assessed or claimed against IBM which are obligations of Equifax under this Agreement;
(e) any Claims for personal injuries, death or damage to tangible personal or real property of third parties including employees of the Equifax Group caused by the negligence or willful misconduct of the Equifax Group or their employees; provided that Equifax will have no obligation, under this part, to the extent the same arise out of or in connection with the negligence or willful misconduct of IBM, its Affiliates or subcontractors;
(f) any Claims arising out of or resulting from the operations of the Equifax Group, including the provision of access to the Services pursuant to Section 17.14, to the extent such Claims do not arise out of a breach of this Agreement by IBM and are not the subject of a specific indemnity provided to Equifax by IBM in Section 14.1; provided, however, that Equifax will have no obligation under this item, to the extent the Claims arise out of or result from the negligence or willful misconduct of IBM, its Affiliates or subcontractors;
(g) any Claim for violation of environmental laws or regulations arising out of the Services performed at the Facilities or other Equifax Group sites or locations to the extent that Equifax or its Affiliates or contractors (other than IBM and its Affiliates and subcontractors) has caused the environmental damage or violation of the environmental laws or regulations from which the Claim arises;
(h) any Claims by any Transferred Employees in respect of which Equifax is obliged to indemnify IBM pursuant to Exhibit X-0, X-0, X-0, X-0 or D-5 of Schedule D (Human Resources); and
(i) any Claims arising out of or resulting from the operations of the Equifax Group and arising from acts of Authorized Users.
In the event and to the extent that a Claim is made by * against an IBM Indemnitee, the Parties agree that Equifax shall indemnify and hold harmless the IBM Indemnitee to the same extent as if *. Equifax’s indemnification hereunder shall be *. Accordingly, in addition to other provisions herein, and in order to render the Parties’ intent and this indemnification agreement fully enforceable, Equifax, in an indemnification Claim hereunder, expressly and without reservation * it may have under any applicable * or any other statute or judicial decision *. This waiver and consent * is made irrespective of and specifically * under any statute or judicial decision.
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
51
14.3 Employment Actions
It is agreed that IBM shall be solely and exclusively responsible for personnel decisions affecting IBM’s employees, contractors, subcontractors and agents (including without limitation, hiring, promotions, training, compensation, evaluation, discipline, and discharge). Equifax shall be solely and exclusively responsible for personnel decisions affecting employees, contractors, and agents of the members of the Equifax Group (including without limitation, hiring, promotion, training, compensation, evaluation, discipline and discharge).
14.4 Exclusive Remedy
Except as provided in Section 14.5, the indemnification rights of each Indemnitee and IBM Indemnitee (individually an “Indemnified Party”) for third party Claims pursuant to Sections 14.1 and 14.2, shall be the sole and exclusive remedy of such Indemnified Party with respect to each such third party Claim to which such indemnification relates.
14.5 Infringement
If any item chosen for use by IBM to provide the Services becomes, or in IBM’s reasonable opinion is likely to become, the subject of an infringement or misappropriation claim or proceeding, IBM shall, in addition to indemnifying Equifax as provided in this Article 14 and to the other rights Equifax may have under this Agreement, (a) promptly at IBM’s expense secure the right to continue using the item, or (b) if this cannot be accomplished with commercially reasonable efforts, then at IBM’s expense, replace or modify the item to make it non-infringing or without misappropriation, provided that any such replacement or modification will not degrade the performance or quality of the affected component of the Services, or (c) if neither of the foregoing can be accomplished by IBM with commercially reasonable efforts, and only in such event, then remove the item from the Services, in which case IBM’s charges shall be equitably adjusted to reflect such removal.
14.6 Indemnification Procedures
(a) Written notice shall be given to the Party that is obligated to provide indemnification under Sections 14.1 and 14.2 (the “Indemnifying Party”), if any civil, criminal, administrative or investigative action or proceeding is commenced or threatened by a third party (any of the above being a “Claim”) against any Indemnified Party. Such notice shall be given as promptly as practicable but in all events, within a period that will not prejudice the rights of the Indemnified Party under this Agreement to defend the Claim. After such notice, if the Indemnifying Party acknowledges in writing to the Indemnified Party that this Agreement applies with respect to such Claim, then the Indemnifying Party shall be entitled to take control of the defense and investigation of such Claim and to employ and engage attorneys of its sole choice to handle and defend the same, at the Indemnifying Party’s sole cost and expense. The Indemnifying Party must deliver written notice of its election of taking such control of the claim to the Indemnified Party not fewer than ten (10) days prior to the date on which a response to such Claim is due or such lesser period as is reasonable given the nature of the Claim and the notice and response time permitted by law or the facts and circumstances. The Indemnified Party shall cooperate in all reasonable respects with the Indemnifying Party and its attorneys in the investigation, trial, defense and settlement of such Claim and any appeal arising therefrom. The Indemnified Party may participate in such investigation, trial, defense and settlement of such Claim and any appeal arising therefrom, through its attorneys or otherwise, at its own cost and expense. No settlement of a Claim that involves a remedy other than
52
the payment of money by the Indemnifying Party shall be entered into without the consent of the Indemnified Party, which consent will not be unreasonably withheld.
(b) After notice to the Indemnified Party of the Indemnifying Party’s election to assume full control of the defense of any such Claim, the Indemnifying Party shall not be liable for any legal expenses incurred thereafter in connection with the defense of that Claim by the Indemnified Party. If the Indemnifying Party does not promptly assume full control over and diligently pursue the defense of a Claim as provided in this Section 14.5, the Indemnified Party shall have the right to defend, settle or otherwise resolve the Claim in such manner as it may deem appropriate, at the cost and expense of the Indemnifying Party, and the Indemnifying Party may participate in such defense, at its sole cost and expense. In no event shall any settlement of the Claim pursuant to this Section 5(b) require the consent of the Indemnifying Party.
14.7 Limitation
Notwithstanding anything to the contrary in this Agreement, the provisions of Section * of this Agreement shall not apply to the indemnification obligations of IBM pursuant to Section 14.1(j) of this Agreement.
15. INSURANCE AND RISK OF LOSS
15.1 IBM Insurance
During the Term of this Agreement, IBM and each IBM contractor and subcontractor shall maintain and keep in force, at its own expense, the following minimum insurance coverages and minimum limits:
(a) workers’ compensation insurance, with statutory limits as required by the various laws and regulations applicable to the employees of IBM or any IBM contractor or subcontractor;
(b) employer’s liability insurance, for employee bodily injuries and deaths, with a limit of $* each accident;
(c) comprehensive or commercial general liability insurance, covering claims for bodily injury, death and property damage, including premises and operations, independent contractors, products, services and completed operations (as applicable to the Services), personal injury, contractual, and broad-form property damage liability coverages, with limits as follows: (1) occurrence/aggregate limit of $* for bodily injury, death and property damage per occurrence of $* combined aggregate; or (2) split liability, without aggregate limits, of (i) $* for bodily injury per person; (ii) $* for bodily injury per occurrence; and (iii) $* per occurrence for property damage;
(d) comprehensive automobile liability insurance, covering owned, non-owned and hired vehicles, with limits as follows (1) combined single limit of $* for bodily injury, death and property damage per occurrence; or (2) split liability limits of (i) $* for bodily injury per person; (ii) $* for bodily injury per occurrence; and (iii) $* for property damage; and
* Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
53
(e) all-risk property insurance, on a replacement cost basis, covering the real and personal property of IBM which IBM is obligated to insure by this Agreement. Such real and personal property may include buildings, equipment, furniture, fixtures and supply inventory.
All such policies of insurance of IBM and its contractors and subcontractors shall provide that the same shall not be canceled nor the coverage modified nor the limits changed without first giving thirty (30) days prior written notice thereof to Equifax. No such cancellation, modification or change shall affect IBM’s obligation to maintain the insurance coverages required by this Agreement. Except for workers’ compensation insurance, Equifax shall be named as an additional insured on all such required policies. All liability insurance policies shall be written on an “occurrence” policy form. Equifax shall be named as loss payee as its interest may appear on the property insurance policies of IBM. IBM shall be responsible for payment of any and all deductibles from insured claims under its policies of insurance. The coverage afforded under any insurance policy obtained by IBM pursuant to this Agreement shall be primary coverage regardless of whether or not Equifax has similar coverage. IBM and its contractors and subcontractors shall not perform under this Agreement without the prerequisite insurance. Upon Equifax’s request, IBM shall provide Equifax with certificates of such insurance including renewals thereof. Unless previously agreed to in writing by Equifax, IBM’s contractors and subcontractors shall comply with the insurance requirements herein. The minimum limits of coverage required by this Agreement may be satisfied by a combination of primary and excess or umbrella insurance policies. If IBM or its contractors or subcontractors shall fail to comply with any of the insurance requirements herein, upon written notice to IBM by Equifax and a ten (10) day cure period, Equifax may, without any obligation to do so, procure such insurance and IBM shall pay Equifax the cost thereof plus a reasonable administrative fee as designated by Equifax. The maintenance of the insurance coverages required under this Agreement shall in no way operate to limit the liability of IBM to Equifax under the provisions of this Agreement.
The Parties do not intend to shift all risk of loss to insurance. The naming of Equifax as additional insured is not intended to be a limitation of IBM’s liability and shall in no event be deemed to, or serve to, limit IBM’s liability to Equifax to available insurance coverage or to the policy limits specified in this Article 14, nor to limit Equifax’s rights to exercise any and all remedies available to Equifax under contract, at law or in equity.
15.2 Risk of Property Loss
IBM is responsible for risk of loss of, or damage to, the Software, Machines, Equifax Provided Office Furnishings and Equifax Data in its possession or control, and Equifax is responsible for risk of loss of, or damage to, the Software, Machines and Equifax Data in its possession or control.
15.3 Mutual Waiver of Subrogation
(a) To the extent permitted by law, IBM and its Affiliates, contractors, subcontractors, and their respective directors, officers, employees, agents and insurers hereby waive their rights of subrogation against the member of the Equifax Group and their respective directors, officers, employees, agents, contractors and subcontractors for any loss or damage to the IBM Machines, IBM Software, and other tangible and intangible, real and personal property of IBM and its Affiliates, contractors and subcontractors resulting from operations in connection with this Agreement. Each property and worker’s compensation insurance policy of IBM and its Affiliates, contractors and subcontractors shall be endorsed to provide a waiver of any and all rights of
54
subrogation against the Equifax Group and their respective directors, officers, employees, agents, contractors and subcontractors for loss resulting from operations in connection with this Agreement.
(b) To the extent permitted by law, Equifax, the other members of the Equifax Group and their respective directors, officers, employees, agents and insurers hereby waive their rights of subrogation against IBM and its Affiliates, contractors and subcontractors for any loss or damage to the Equifax Provided Hardware, Equifax Software, Equifax Provided Office Furnishings and other tangible and intangible, real and personal property of Equifax and the other members of the Equifax Group resulting from operations in connection with this Agreement. Each property and worker’s compensation insurance policy of Equifax shall be endorsed to provide a waiver of any and all rights of subrogation against IBM and its Affiliates, contractors and subcontractors for loss resulting from operations in connection with this Agreement.
16.1 Dispute Resolution Procedures
(a) Subject to Schedule L (Governance), any dispute between the Parties either with respect to the interpretation of any provision of this Agreement or with respect to the performance hereunder by IBM or by Equifax or their respective Affiliates shall be resolved as specified in this Section 16.1.
(i) Upon the written request of either Party, a dispute shall be submitted to the Global Governance Team for resolution.
(ii) The Global Governance Team shall meet as often as necessary to gather and furnish to each Party all non-privileged information with respect to the matter in issue which is appropriate and germane in connection with its resolution.
(iii) The Global Governance Team shall discuss the problem and negotiate in good faith in an effort to resolve the dispute without the necessity of any formal proceeding relating thereto.
(iv) During the course of such negotiation, all reasonable requests made by one Party to the other for non-privileged information reasonably related to this Agreement, will be honored in order that each Party may be fully advised of the other Party’s position.
(v) The specific format for such discussions will be left to the discretion of the Global Governance Team, but may include the preparation of agreed upon statements of fact or written statements of position furnished by each Party to the other Party.
(b) If the Global Governance Team does not resolve the dispute within thirty (30) days after the date of receipt by the other Party of a request to submit the dispute to the Global Governance Team as described in Section 16.1(a)(1) (the “Notice”), then the dispute shall be escalated to an officer of Equifax and an officer of IBM, for their review and resolution within forty-five (45) days after receipt of the Notice.
(c) If the officers referred to in Section 16.1(b) do not resolve the dispute within forty-five (45) days after the Notice, then the dispute shall be escalated to the President of Equifax and the IBM corporate officer in charge of IBM Global Services, for their review and resolution within sixty (60) days after the Notice.
(d) If the dispute is not resolved by the Parties’ representatives identified in Section 16.1(c) within ninety (90) days after the Notice, the Parties agree to try in good faith to resolve the dispute by
55
mediation under the Commercial Mediation Rules of the American Arbitration Association, before resorting to litigation or some other dispute resolution procedure.
(e) If the dispute is not resolved by mediation within one hundred twenty (120) days after the Notice, then the Parties may initiate formal proceedings; however, formal proceedings for the judicial resolution of any such dispute may not be commenced until the earlier of:
(i) the designated representatives concluding in good faith that amicable resolution through continued negotiation of the matter in issue does not appear likely; or
(ii) one hundred twenty (120) days after the Notice; or
(iii) thirty (30) days before the statute of limitations governing any cause of action relating to such dispute would expire.
Notwithstanding anything to the contrary in this Section 16.1(e), the Global Governance Team shall have the authority to stay the time periods set forth in this Section 16.1 upon unanimous vote of its members to take such action.
(f) Notwithstanding any other provision of this Section 16.1, either Party may resort to court action for injunctive relief at any time if the dispute resolution processes set forth in this Section would permit or cause irreparable injury to such Party or any third party claiming against such Party, due to delay arising out of the dispute resolution process.
The Parties agree to continue performing their respective obligations under this Agreement while the dispute is being resolved unless and until such obligations are terminated or expire in accordance with the provisions of this Agreement or unless such performance is prevented by the actions of the other Party; provided that Equifax withholding payment of disputed charges as permitted under Section 8.2 (Disputed Charges/Credits) of Schedule C (Charges) will not considered to be preventing IBM from performing its obligations.
17. GENERAL
This Agreement shall not be construed as constituting either Party or its Affiliates as partner of the other Party and its Affiliates or to create any other form of legal association that would impose liability upon one Party or its Affiliates for the act or failure to act of the other Party and its Affiliates or as providing either Party or its Affiliates with the right, power or authority (express or implied) to create any duty or obligation of the other Party and its Affiliates, except as provided in Section 8.3. Each Party shall be responsible for the management, direction and control of the employees of such Party and its Affiliates and such employees shall not be employees of the other Party or its Affiliates.
Each Party will submit to the other Party all advertising, written sales promotion, press releases and other publicity matters relating to this Agreement in which the other Party’s or its Affiliate’s name or xxxx is mentioned or language from which the connection of said name or xxxx xxx be inferred or implied, and will not publish or use such advertising, sales promotion, press releases, or publicity matters without prior written approval of the other Party. However, either Party may include the other Party’s and/or its Affiliates name and a factual description of the work performed under this Agreement on employee bulletin boards, in its list of references and in the
56
experience Section of proposals to third parties, in internal business planning documents and in its annual report to stockholders, and whenever required by reason of legal, accounting or regulatory requirements.
17.2 Entire Agreement, Updates, Amendments and Modifications
This Agreement (including the Schedules thereto and any Statements of Work issued under it) constitutes the entire agreement of the Parties and their Affiliates with regard to the Services and matters addressed therein. This Agreement supersedes and replaces, the agreements listed in Schedule M (Existing IBM-Equifax Agreements Superseded by the Agreement). All letters, proposals, discussions and other documents regarding the Services and the matters addressed in this Agreement are superseded by and merged into this Agreement. Updates, amendments and modifications to this Agreement may not be made orally, but shall only be made by a written document signed in the case of this Agreement by duly authorized representatives of both Parties. In the case of Equifax, only the Equifax Inc. Chief Technology Officer or his designee shall have contract signature authority with respect to this Agreement. Any terms and conditions varying from this Agreement on any order or written notification from either Party or its Affiliates shall not be effective or binding on the other Party or its Affiliates.
17.3 Force Majeure
(a) Neither Party shall be liable for any default or delay in the performance of its obligations hereunder provided that the non-performing Party is without material fault in causing such default or delay, except for payment defaults, if and to the extent and while such default or delay is caused, directly or indirectly, by fire, flood, earthquake, elements of nature or acts of God, acts of war, terrorism, riots, civil disorders, rebellions or revolutions, strikes, lockouts, or labor difficulties or any other similar cause beyond the reasonable control of such Party and its Affiliates other than strikes, lockouts, non-performance by third parties for which the non-performing party is responsible (provide that such third parties are not subject to a Force Majeure Event) or labor difficulties initiated by such Party’s or its Affiliates or subcontractor’s employees; and provided such default or delay could not have been prevented by reasonable precautions and cannot reasonably be circumvented by the non-performing Party or its Affiliates through the use of alternate sources, work-around plans or other means, (individually, each being a “Force Majeure Event”).
(b) If a Force Majeure Event occurs, the non-performing Party will be excused from any further performance or observance of the obligation(s) so affected for as long as such circumstances prevail and such Party continues to use Commercially Reasonable Efforts to recommence performance or observance whenever and to whatever extent possible without delay. Any Party so delayed in its performance will immediately notify the other by telephone and describe at a reasonable level of detail the circumstances causing such delay (to be confirmed in writing within twenty-four (24) hours after the inception of such delay).
(c) If any Force Majeure Event substantially prevents, hinders, or delays performance of the Services necessary for the performance of the critical functions of the Equifax users, as identified by Equifax, of such Services for more than three (3) consecutive days, then at Equifax’s option:
(i) Equifax may procure such Services from an alternate source. Provided Equifax has not terminated this Agreement to Section 17.3(c)(iii) and Equifax continues to make payment to IBM under this Agreement and Equifax exerts reasonable efforts to mitigate amounts payable to the alternate source, IBM will directly and timely pay the alternate source the full amount charged by such alternate source for the
57
provision of such Services to Equifax until such time as IBM restores the Services and meets the Service Levels but in no event for more than one hundred eighty (180) days; and/or
(ii) Equifax may terminate any portion of this Agreement so affected and the charges payable hereunder shall be equitably adjusted to reflect those terminated Services; and/or
(iii) Until such time as IBM has restored the Services, Equifax may terminate this Agreement as of a date specified by Equifax in a written notice of termination to IBM, and Equifax will pay all charges due and payable through the termination date. If Equifax elects such termination, Equifax shall only pay on account of such termination IBM’s Wind Down Expenses for a period not to exceed one hundred twenty (120) days and shall acquire from IBM, at a cost equal to IBM’s then-current net book value, and hardware or software primarily dedicated to performing Services for Equifax that cannot be redeployed by IBM using Commercially Reasonable Efforts.
(d) This Section 17.3 does not limit or otherwise affect IBM’s obligation to provide Disaster Recovery Services in accordance with Section 3.3. In the event of a Force Majeure Event affecting Equifax, this Section 17.3 will not limit or otherwise relieve Equifax’s obligation to pay any monies due IBM under the terms of this Agreement, except as provided in Section 17.3(c)(iii) and Section 3.3.
17.4 Waiver
No waiver of any breach of any provision of this Agreement shall constitute a waiver of any prior, concurrent or subsequent breach of the same or any other provisions hereof.
17.5 Severability
If any provision of this Agreement shall be held to be invalid, illegal or unenforceable, the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired thereby, and such provision shall be deemed to be restated to reflect the Parties’ original intentions as nearly as possible in accordance with applicable law(s).
17.6 Counterparts
This Agreement shall be executed in counterparts. Each such counterpart shall be an original and together shall constitute but one and the same document.
17.7 Governing Law
This Agreement and any and all claims and disputes arising out of or in connection with or related to the relationships and arrangements between the Equifax Group and IBM and its Affiliates described in this Agreement will be governed by and construed in accordance with the laws of the State of Georgia and the United States of America except where local mandatory law applies. The Parties hereby (a) agree that the U.S. District Court for the Northern District of Georgia, Atlanta Division, or if such court does not have subject matter jurisdiction, the appropriate State or Superior Court sitting in Xxxxxx County, Georgia, shall have exclusive jurisdiction over the actions arising out of or related to or in connection with this Agreement and the subject matter of this Agreement, whether in contract, tort, or any other form of action (“Action”); (b) agree to initiate any such Action against the other Party only in such courts; (c) agree that they shall not raise any defense to the lawful jurisdiction of such courts; and (d) agree that they shall not attempt the removal of any Action to any other court, whether local, state or federal courts of the United States or the courts of any other country.
58
17.8 Binding Nature and Assignment
This Agreement will be binding on the Parties and their respective successors and permitted assigns. Except as provided in this Section 17.8, neither Party may, or will have the power to, assign this Agreement without the prior written consent of the other, which consent shall not be unreasonably withheld, except that either Party may assign its rights and obligations under this Agreement, without the approval of the other Party (i) in whole or in part to an Affiliate which expressly assumes such Party’s obligations and responsibilities hereunder; or (ii) as part of a merger, acquisition or sale of substantially all of the assets of a Party. The assigning Party shall remain fully liable for and shall not be relieved from the full performance of all obligations under this Agreement. Any attempted assignment that does not comply with the terms of this Section 17.8 shall be null and void. Any Party assigning its rights or obligations to an Affiliate in accordance with this Agreement shall provide written notice thereof to the other Party together with a copy of the assignment document, within three (3) business days of such assignment Notices.
17.9 Notices
(a) Whenever one Party is required or permitted to give legal notice to the other Party under this Agreement, such legal notice will be in writing unless otherwise specifically provided herein and will be deemed given when delivered in hand, one (1) day after being given to an express courier with a reliable system for tracking delivery, or five (5) days after the day of mailing, when mailed by United States mail, registered or certified mail, return receipt requested, postage prepaid, or when sent if delivered by facsimile. Operational notices may be sent via email.
(b) Legal notifications, including Contract Change notices, will be addressed as follows:
|
In the case of IBM: |
|
In the case of Equifax: |
|
|
|
|
|
Global Project Executive |
|
Global Program Manager 0000 Xxxxxxxx Xxxxxxxxx Xxxxxxxxxx, Xxxxxxx 00000 Facsimile: 000-000-0000 |
|
|
|
|
|
with a copy to: |
|
with a copy to: |
|
|
|
|
|
IBM Global Services |
|
Equifax Chief Legal Officer |
|
|
|
|
|
|
|
and to: |
|
|
|
|
|
|
|
AVP — Technology Contract Management |
(c) Operational notifications will be addressed to the IBM Regional PE and the Equifax Regional PM in the applicable Country Location.
59
Either Party hereto may from time to time change its address for notification purposes by giving the other prior written notice of the new address and the date upon which it will become effective.
17.10 No Third Party Beneficiaries
The Parties do not intend, nor will any Section hereof be interpreted, to create for any third party beneficiary rights with respect to either of the Parties, except (a) each member of the Equifax Group and each IBM Affiliate shall be a third party beneficiary under this Agreement with respect to enforcement of any rights such member of the Equifax Group or IBM Affiliate may have under Article 10, Article 11, or Article 14 of this Agreement, and (b) an Affiliate of the Parties to which this Agreement has been assigned and accepted, will have the rights and benefits described this Agreement, and (c) the third parties identified in Article 14 will have the rights and benefits described in that Article.
17.11 Other Documents
Upon request of the other Party, on or after the Execution Date and amendments or revisions to any of the foregoing, each Party shall furnish to the other such certificate of its Secretary, certified copy of resolutions of its Board of Directors, or opinion of its counsel as shall evidence that this Agreement or any amendment or revision hereto has been duly executed and delivered on behalf of such Party or its Affiliates.
17.12 Consents and Approvals
The Parties agree that in any instance where a consent, approval or agreement is required of a Party in order for the other Party to perform under or comply with the terms and conditions of this Agreement, then such Party will not unreasonably withhold or delay such consent, approval or agreement and where consent, approval or agreement cannot be provided, the Party shall notify the other Party in a timely manner.
17.13 Headings
All headings herein and the table of contents are not to be considered in the construction or interpretation of any provision of this Agreement. The Agreement was drafted with the joint participation of both Parties and shall be construed neither against nor in favor of either, but rather in accordance with the fair meaning thereof. In the event of any apparent conflicts or inconsistencies between the provisions of this Agreement, the Exhibits, the Schedules or other attachments to this Agreement, such provisions shall be interpreted so as to make them consistent to the extent possible, and if such is not possible, the provisions of the Agreement shall prevail.
17.14 Remarketing
Equifax may not remarket all or any portion of the Services provided under this Agreement, or make all or any portion of the Services available to any party that is not a member of the Equifax Group, without the prior written consent of IBM; provided, however, that Equifax may sell or make available to Authorized Users and persons or entities acquiring portions of the
60
Equifax Business from Equifax or its Affiliates access to elements of the Services under this Agreement (“Elements of the Services”) subject to the following limitations:
(a) Equifax shall independently set its own pricing and policies in connection with any such access to Elements of the Services;
(b) Equifax does not utilize IBM’s name as part of its marketing efforts regarding any such access to Elements of the Services;
(c) Equifax discloses to its customers or Authorized Users accessing Elements of the Services that IBM is running the Systems but that IBM has no liability of any kind to such customers;
(d) if Equifax’s activities for a customer or Authorized User accessing Elements of the Services cause IBM to fail to meet a Service Level, IBM shall be excused from such failure to the extent, and only to the extent, IBM demonstrates that the failure was caused directly by such customer’s or Authorized User’s activities and to the extent such failure was not caused by IBM’s failure to satisfy its obligations under this Agreement; and
(e) Use of Elements of the Services by Authorized Users in connection with the Equifax Business and for the benefit of the Equifax Group is included in IBM’s charges under Schedule C (Charges) except to the extent, if any, that such use of elements of the Services requires the IBM to perform New Services pursuant to Section 10.1 (Prices and Charges for New Services) of Schedule C (Charges).
(f) Nothing herein may be construed to limit or hinder Equifax or the other members of the Equifax Group from (i) marketing, selling or performing its services to and for its customers or potential customers and/or (ii) from providing any portion of the Services to its Affiliates.
17.15 Commencement of Actions
Neither party may bring an action, regardless of form, arising out of this Agreement more than two (2) years after the later to occur of the date on which the cause of action has arisen or the date such cause of action was or should have been discovered.
17.16 IBM Logo Products Warranties
Nothing in this Agreement is intended to replace, supercede or vitiate the warranties and attendant rights and remedies granted to members of the Equifax Group by IBM and/or its Affiliates with respect to IBM Logo Products as set forth in any applicable lease, purchase and/or license arrangement.
17.17 Local Enabling Agreements
(a) It is the intention of the Parties that this Agreement shall provide for the provision of Services at the Country Locations provided herein, including those which may be located outside of the United States. Unless this Agreement expressly provides otherwise, Services to be provided hereunder to Equifax Affiliates outside of the United States shall be provided by the IBM Affiliate in the same country in which the Equifax Affiliate is located.
(b) IBM’s applicable local Affiliate shall enter into an enabling agreement in substantially the form agreed to by the Parties (a “Local Enabling Agreement”). Such Local Enabling Agreements may supplement the Schedules to this Agreement as appropriate (e.g., by updating the list of Systems Software to include any different or additional Systems Software used at the newly included site or
61
by the newly included Affiliate) and may include country-specific terms and conditions that are necessary to comply with local law.
(c) Without Equifax’s consent, no Local Enabling Agreement shall alter the net amounts to be received by IBM, expand the geographic scope, or otherwise alter the Parties’ respective rights and obligations under this Agreement. No Local Enabling Agreement shall be effective unless it is approved by the Equifax Global Program Manager and the IBM Global Project Executive. Each Party shall have joint and several liability for the respective obligations of its Affiliates under Local Enabling Agreements.
(main body of Agreement ends here)
62
Equifax / IBM Confidential
SCHEDULE A – SERVICES
TO
AGREEMENT FOR OPERATIONS SUPPORT SERVICES
BY AND BETWEEN
AND
INTERNATIONAL BUSINESS MACHINES CORPORATION
SCHEDULE A
SERVICES
Table of Contents
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
|
|
|
|
|
|
Table of Exhibits: |
||
|
|
||
|
|
||
|
|
Attachment A-1-1: |
Scope Models – US and Canada |
|
|
Attachment A-1-2: |
Scope Models – UK and Ireland |
|
|
Attachment A-1-3: |
Scope Models – Spain |
|
|
||
|
|
||
|
|
||
|
|
Attachment A-4-1: |
Regulatory Compliance |
|
|
Attachment A-4-2: |
Project Approval Process [TBD] |
|
|
||
A-i
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
A-ii
SCHEDULE A
SERVICES
1. INTRODUCTION
(a) This Schedule A describes Equifax Group’s IT infrastructure in the countries that are within the scope of the Agreement. It does so by means of Scope Models – matrices that map the standard processes (i.e., the functions, responsibilities, activities and tasks) performed by IT organizations (referred to as the “IT Value Chain Processes” or “Processes”) against IT infrastructure hardware and software elements. Each cell of the Scope Models represents the intersection of an Equifax IT infrastructure element with a Process that an “Actor” is responsible for performing with respect to such element. Where IBM is designated as an Actor, the Scope Models describe which Services IBM is responsible for performing under the Agreement (the ‘What”), not the manner in which IBM is responsible for performing them (the ‘How’).
(b) The Actor designated in a Process-Element intersection is responsible not only for performing the indicated Process with respect to such Element, but also for providing the resources (e.g., hardware, software, labor, facilities and third party services) necessary to so perform except where and to the extent, if any, that the Agreement (including the Financial Responsibilities Matrix) expressly designates another Actor as having financial responsibility for providing certain types of resources in specific circumstances. Where IBM is the designated Actor in a Process-Element intersection and the Financial Responsibilities Matrix designates another Actor as having financial responsibility for providing certain types of resources required by IBM to perform the indicated Process with respect to that Element in a specific circumstance, IBM’s obligation to so perform shall be subject to IBM receiving the required resources from the Actor having financial responsibility for them in that circumstance. If the Financial Responsibilities Matrix designates another Actor as having financial responsibility for “Maintenance Agreements” for an Element, but maintenance is not available for such Element (e.g., it is no longer supported by the manufacturer), IBM’s obligation to perform the Maintain Processes shall be limited to using Commercially Reasonable Efforts to maintain and repair such Element and subject to the availability of Spares and Spare Parts.
(c) As to the manner in which IBM is to perform the Services (the ‘How’), IBM shall perform the Services in accordance with provisions of the Agreement and its Schedules that specify or otherwise regulate the manner of IBM’s performance of the Services, including:
(i) Section 3 (The Services) of the Agreement,
(ii) Schedule B (Service Levels);
(iii) Schedule I (*);
(iv) Schedule J (IT Management Process Improvement Program);
(v) Schedule N (Projects);
(vi) the Procedures Manual;
(vii) the Interaction Models attached at Exhibit A-4 (Interaction Models);
(viii) Applicable standards, policies and procedures established or approved by Equifax and communicated to IBM, including as provided in accordance with Sections 2.4.1 (Standards Policies Establishment) and 5.5.1 (Security Policy Development) and Section 6.3 (Procedures Manual) of the Agreement;
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-1
(ix) Laws and regulations applicable to IBM’s business in accordance with Section 4.10 (Regulatory Proceedings and Compliance with Laws) of the Agreement;
(x) Laws and regulations applicable to the Equifax Business, as interpreted by Equifax and communicated to IBM in accordance with Section 4.10 (Regulatory Proceedings and Compliance with Laws) of the Agreement and the Regulatory Compliance Interaction Model attached in Exhibit A-4; and
(xi) In cases where items (i) through (ix) above do not specify the manner of IBM’s performance of the Services, IT industry standard best practices unless expressly specified otherwise in the Agreement.
(d) Schedule I (*) describes: (1) the program for the activities pursuant to which IBM will assume responsibility for delivery and performance of the Services, and (2), together with Schedule J (*), how IBM will carry out and assume responsibility for executing and completing identified * projects, and identifies the associated IBM commitments to evolve the Services in the post * state.
(e) The charges payable to IBM for performance of the Services are set forth in Schedule C.
(f) IBM shall manage and perform the Services between and among the Service Towers and Platforms in an integrated manner.
(g) Any reports described in this Schedule A shall be prepared and delivered in a manner that is consistent with Schedule K (Reports) of the Agreement, to the extent such reports are addressed in such Schedule.
2. ORGANIZATION
(a) This Schedule A is comprised of four interlinking documents, which together describe:
(i) the Equifax Group’s IT Infrastructure in the North American and European Country Locations that are within the scope of the Agreement as of the Commencement Date and
(ii) the roles and responsibilities of the various IT Actors (including Equifax and IBM) that manage and deliver IT Services to the Equifax Group in those Country Locations.
Other geographic locations, such as South America and Italy, are outside the scope of the Agreement as of the Commencement date, and as such are not addressed in this Schedule A, except as specifically provided in Section 4.3(b).
(b) The four components of this Schedule A are:
(i) The Scope Models, which depict using color-coded matrices: (A) the Span of Elements comprising the Equifax IT Infrastructure organized by classification, Country Location and location type; (B) the IT Value Chain Processes applicable to each Span; and (C) at each intersection of a Span Element and a Process, the identification by color code of the IT Actor with responsibility for performing the Process with respect to the Element;
(ii) The definitions of the Processes, which are intended to provide a set of “best practices” processes that comprehensively describe the activities along the IT value chain that are to be performed by IT Actors with respect to the IT Infrastructure;
(iii) The definitions of the Elements, which provide industry standard descriptions of the items and categories of Equipment and Software that comprise the IT Infrastructure as well as identifying “Attributes” of such Equipment and Software that are unique to
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-2
Equifax and/or the Services. The Elements are classified by function into Client, Server, Enabling and Software Elements; and
(iv) Interaction Models, which depict for certain Processes the manner in which the relevant IT Actors will perform their responsibilities and/or interact with other IT Actors with related responsibilities.
3. DEFINITIONS
3.1 Certain Definitions.
The following capitalized terms used in this Schedule A shall have the meanings given below:
(a) “Actor” means the entity or individual identified in the Scope Models as having responsibility for the intersection of a particular Element and Process. The Actors as of the Commencement Date are identified in the Scope Models and include Equifax, IBM, Xerox and Third Party Actors.
(b) “Applications Software” shall have the meaning provided in Section 2 (Definitions) of the Agreement.
(c) “Business Unit” means all or a portion of Equifax or a discrete group of End Users, as designated by Equifax from time-to-time.
(d) “Change” has the meaning provided in Section 5.3.4 of Exhibit A-2 (Process Definitions).
(e) “Client Element” means an Element identified as such in Exhibit A-3 (Element Definitions) and the Scope Models. Client Elements are those Elements that end users directly use to receive services or access Software (i.e., devices that perform client functions under a “client-server” model as that term is understood in the IT industry) and may include Software as Attributes.
(f) “Configuration Item” or “CI” shall have the meaning provided in Section 5.3.3 of Exhibit A-2 (Process Definitions).
(g) “Element” means an item or category of Equipment or Software defined in Exhibit A-3 (Element Definitions) and identified as part of the IT Infrastructure in the Scope Model Span. An Element includes other associated Equipment or Software defined as included in, or identified as Attributes of, such Element.
(h) “Enabling Element” means an Element identified as such in Exhibit A-3 (Element Definitions) and the Scope Models. Enabling Elements are those Elements that enable the functions performed by Client and Server Elements and other Enabling Elements (such as middle-boxes and circuits) and may include Software as Attributes.
(i) “End User” means either (i) an end user of an Element; or (ii) an end user of the services resulting from the Processes, as appropriate.
(j) “Equipment” means the computer and telecommunications equipment (without regard to the entity owning or leasing such equipment) used by Equifax, or on Equifax’s behalf by its service providers, in support of the Equifax Businesses and includes (x) attachments, features, accessories and peripheral devices associated with such Equipment, and (y) related services (e.g., maintenance and support services, upgrades, subscription services) provided by third parties (e.g., manufacturer and lessor) with respect to such Equipment. The term “Equipment” includes the Machines (as defined in Section 2.1 (Certain Defintions) of the Agreement) and is used interchangeably with “Hardware,” whether or not capitalized.
(k) “External Customers” means customers and other business partners of Equifax.
(l) “Incident” has the meaning provided in Section 5.3.1 of Exhibit A-2 (Process Definitions).
A-3
(m) “IT Environment” means collectively the IT Infrastructure and IT Services.
(n) “IT Infrastructure” means the Equipment and Software that comprise the IT infrastructure of Equifax (regardless of ownership).
(o) “IT Services” means those services and functions that are performed upon or with respect to all or part of the IT Infrastructure or that are provided through the execution of the Processes upon the Elements. The IT Services include the Services (as defined in Section 2.1 (Certain Definitions) of the Agreement).
(p) “Infrastructure Software” shall have the meaning provided in Section 4.2 of Exhibit A-3 (Element Definitions). Infrastructure Software is a sub-category of System Software.
(q) “Internal Customers” mean Equifax personnel that are users or beneficiaries of the IT Infrastructure.
(r) “Known Error” means an Incident or Problem for which the root cause is known and for which a temporary work-around or a permanent alternative has been identified.
(s) “Machines” has the meaning provided in Section 2.1 (Certain Definitions) of the Agreement.
(t) “Network” has the meaning provided in Section 5.2.1 of Exhibit A-2 (Process Definitions).
(u) “Platform Software” has the meaning provided in Section 4.1 of Exhibit A-3 (Element Definitions). Platform Software is a sub-category of System Software.
(v) “Problem” has the meaning provided in Section 5.3.2 of Exhibit A-2 (Process Definitions).
(w) “Processes” means the IT value chain processes defined in Exhibit A-2 (Process Definitions), which definitions include three levels of detail. A reference in this Schedule A to “Processes” generally means to the Processes at levels one (e.g., Fulfill), two (e.g., Deploy) and three (e.g., IMAC). A reference in this Schedule A to a specific “Process” means to the named Process and the sub-categories of Processes and activities defined at the levels below the specifically referenced Process.
(x) “Refresh Cycle” means, for each instance of an Equipment Element, the maximum amount of time from the date of initial installation of that instance of the Element within which it will be replaced with new Equipment having at least equivalent functionality.
(y) “Scope Model” means a Process-Span matrix that identifies the various Actors responsible for each intersection of the Elements with the Processes across the entire Span. The Scope Models for the North American (Equifax US and Equifax Canada) and European (Equifax UK, Equifax Ireland, and Equifax Spain) Country Locations as of the Execution Date are set out in Exhibit A-1 (Scope Model).
(z) “Server Element” means an Element identified as such in Exhibit A-3 (Element Definitions) and the Scope Models. Server Elements are those Elements that serve Software or provide services to client devices (i.e., that function as servers under a “client-server” model as that term is understood in the IT industry) and may include Software as attributes.
(aa) “Service Request” shall mean a request to IBM from an Equifax-authorized user to perform a specific service currently included as part of the Services.
(bb) “Software” means Applications Software and Systems Software, unless a more specific reference is required.
(cc) “Software Currency” means and is, for a licensed Software Element, an expression of how current such Software will be kept in relation to the applicable licensor’s issuance of updates,
A-4
upgrades, new releases and new versions of or for such Software. For purposes of expressing Software Currency, “n” means the most current update, upgrade, release and version issued by the applicable licensor.
(dd) “Software Element” means an Element identified as such in Exhibit A-3 (Element Definitions) and the Scope Models.
(ee) “Span” means the heading rows of the Scope Models that describe the geographic, location and Business Unit organization of the Equifax IT Infrastructure and identifies the Elements that comprise the Equifax IT Infrastructure.
(ff) “Spare Parts” means an inventory of Equipment parts that are currently not in use and are maintained in reserve to replace failed Equipment parts.
(gg) “Spares” means an inventory of Equipment, media supplies, or other materials used to provide the IT Services that are currently not in use and are maintained in reserve to replace or supplement failed Equipment, media supplies, or other materials used to provide the IT Services. Spares includes Spare Parts.
(hh) “Third Party Actor” means, for purposes of this Schedule A only, with respect to the intersection of a particular Element and Process an Actor other than Equifax or IBM. Certain Third Party Actors are identified by name in the Scope Models and others are identified by the general designation of “Third Party Actor” only.
(ii) “Third Party Provider” has the meaning given in Section 2.1 (Certain Definitions) of the Agreement.
3.2 Other Defined Terms.
Capitalized terms used but not defined in this Schedule A shall have the meanings given them elsewhere in the Agreement.
4. SERVICES
4.1 General
(a) As part of the Services, IBM shall provide to and perform for Equifax the functions, responsibilities, tasks and activities for which IBM is identified as the responsible Actor in the Scope Models and as otherwise set forth in Section 3 (The Services) of the Agreement. Identification of IBM as the relevant Actor with respect to the intersection of Elements and Processes in the Scope Models means that IBM has responsibility for performing, or causing to be performed, such Processes (including the functions, tasks and activities defined therein) with respect to such Elements. As part of such responsibility IBM shall perform the associated sub-Processes and activities identified in Exhibit A-2 (Process Definitions) that are required or relevant under the circumstances and as provided in Section 3.1(c) of the Agreement.
(b) As a designated Actor, IBM shall proactively interact and coordinate with other Actors (including Third Party Actors and Equifax) responsible for related Elements and/or Processes as needed to drive the IBM Processes to completion and integrate the IBM Processes with the activities of such other Actors, which includes performing those functions, responsibilities, tasks and activities for which IBM is identified as the responsible party in applicable Interaction Model(s). For example, IBM is the designated Actor for the * Processes for the * Applications Servers Elements. Accordingly, IBM shall interact and coordinate with Equifax as the designated Actor for the * Maintenance Processes for * Application Software Elements running on * Servers.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5
(c) If IBM is the designated Actor for a Process-Element intersection for which there is a Third Party Provider, IBM shall be responsible for proactively managing the Third Party Provider’s performance.
(d) IBM’s obligation as the designated Actor to execute the Processes with respect to * Provided Elements is subject IBM’s ability to obtain access and/or consent from the *.
(e) IBM shall provide the Services starting on the Commencement Date unless specified otherwise in the Schedule I (*). IBM will commence providing Services so designated in accordance with the timescales set out in Schedule I (*).
(f) Except as otherwise specified, references to time in this Schedule A shall be in local time for each location. References to Equifax shall be deemed to include Authorized Users.
(g) The Parties agree that references to specific resources in this Schedule A shall include any successor or replacement resources.
4.2 Equifax Retained Functions.
(a) As part of the Equifax Retained Functions, Equifax shall perform those functions, responsibilities, tasks and activities for which Equifax is identified as the responsible Actor in the Scope Models and Section 4.2(b) below. Identification of Equifax as the relevant Actor with respect to the intersection of Elements and Processes in the Scope Models means that, as part of Equifax Retained Functions, Equifax has responsibility for either performing such Processes (including the functions, tasks and activities defined therein) with respect to such Elements or causing such Processes (including the functions, tasks and activities defined therein) to be performed with respect to such Elements.
(b) Although IBM is designated as the * IT Management Actor, Equifax shall have ultimate responsibility for the business relationship between Equifax and its *. Accordingly, Equifax shall assist IBM to resolve * issues escalated by IBM as the * IT Management Actor (including issues relating to * commitments for the implementation of new services, or changes to existing services, provided to such * by Equifax).
(c) At IBM’s request Equifax will designate to IBM a single point of contact or contacts at Equifax Service Locations where there are no IBM on-site support personnel to occasionally assist IBM during Business Hours with the support of Equipment located at such Site by performing simple manual functions such as starting and restarting the Equipment; provided, however, that Equifax shall not be obligated to provided IBM with contacts that have any technical skills or experience. For the avoidance of doubt nothing herein shall relieve IBM of its obligation to perform the Service or meet the Service Levels, including with respect to Incident and Problem Management.
4.3 Locations.
(a) The Scope Models identify in the Spans a number of different location types at which the Services will be performed or received. The locations at which the Services will be provided (the “Services Locations”) as of the Commencement Date are set forth in Exhibit A-5. As of the Commencement Date the types of Services Locations consist of primary Equifax locations (those identified by city name in the Scope Models), Equifax remote locations, * and * locations and third party service provider locations. The Parties acknowledge and agree that although the Services (i.e., Actors, Processes and Elements) may be the same at different types of Service Locations, the manner in which the Services are performed may differ. IBM shall perform the Services at each location in accordance with the Procedures Manual, which will
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-6
identify differences in the manner in which the Services are performed at different Services Locations.
(b) Notwithstanding Section 5.1(a)(ii) of Schedule C (Charges), the Services in the US Country Location include * monitoring and management from the * of certain * and in * regardless of the fact that such * do not terminate in the US.
4.4 Equipment Refresh.
(a) In the case of any Equipment Element for which the Financial Responsibilities Matrix designates IBM as the Actor having financial responsibility for “Pay for *,” IBM shall be required to refresh each instance of such Equipment Element no less frequently than the Refresh Cycle specified for such Equipment Element in Attachment A-3, if the Refresh Cycle is specified. Notwithstanding the foregoing, where Schedule I (*) indicates that IBM will refresh certain Equipment as part of the * or *, Schedule I shall govern the timeframes within which IBM will conduct the initial refresh of such Hardware.
(b) In the case of any Equipment Element for which the Financial Responsibilities Matrix designates Equifax as the Actor having financial responsibility for “Pay for *,” if Attachment A-3 specifies a Refresh Cycle for such Element, that cycle shall be the presumptive frequency at which Equifax is expected to pay for the replacement Equipment required for the designated Scope Model Actor to refresh such Equipment Element. Equifax will not be * to * such Equipment as frequently as specified in Attachment A-3. However, if IBM determines that Equifax’s * to comply with the presumptive Refresh Cycle for any such Equipment Element(s) is * IBM’s ability to perform the Services in accordance with the Agreement, IBM may request that Equifax * the affected Equipment Elements. If Equifax does not agree to any such request by IBM, then IBM * responsible for * Service Level Default if, and * to the extent, such Default is directly attributable to Equifax’s * of IBM’s request.
4.5 Software Currency.
If Attachment A-3 specifies the Software Currency for a licensed Software Element, the stated currency level shall be the presumptive level of Software Currency at which such Software is expected to be kept during the Term. However, since the practicality, and desirability to Equifax, of keeping Software at its presumptive level of currency may depend on the capabilities and capacity of the Equipment on which such Software runs and the release/version level of other Applications Software and Systems Software with which such Software interoperates or interacts, the Parties must agree on the plan and schedule for making currency-related changes to such Software notwithstanding that Attachment A-3 has specified the Software Currency for such Software.
4.6 Ongoing and New Projects.
Subject to Schedules C (Charges) and N (Projects), and except as mutually agreed upon by the Parties in writing, IBM shall complete and manage the in projects in progress by Equifax as of the Commencement Date according to objectives, goals and anticipated capacity changes (including potential Resource Unit volume changes) associated with each of such projects. The projects that exist as of the Commencement Date include those identified in Exhibits N-1 through N-5. Equifax may add new projects and Projects from time-to-time during the Term in accordance with Schedule N.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-7
5. CHANGES TO SCOPE MODELS, PROCESSES, ELEMENTS AND ACTORS.
The Parties shall maintain the Scope Models, Processes, Elements and designated Actors to reflect changes to the IT Environment as follows:
5.1 Annual Review.
(a) The Scope Models, Processes, Elements and designated Actors will be reviewed annually by Equifax and IBM to determine whether any additional changes, beyond the changes made pursuant to Section 5.2, should be made to reflect changes in the IT Environment. To the extent possible, the Parties will perform this review in coordination with the annual Service Level review set out in Schedule B (Service Levels) and the annual contract update process set out in Section 8.1 (Annual Updating of Schedules to the Agreement) of the Agreement. Changes to be considered in this review include:
(i) Changes to the Actors and/or the responsibilities of the Actors identified in the Scope Models;
(ii) Additions, deletions and other modifications to the Spans, including to reflect changes in locations and the composition of Elements;
(iii) Additions and deletions of, and modifications to, the Element definitions and Attributes set forth in Attachment A-3; provided, however, that the Element definitions (but not attributes) as of the Commencement date reflect industry standard definitions that are not intended to be modified unless necessary to capture service delivery requirements that cannot be addressed through the Procedures Manual or other means;
(iv) Additions and deletions of, and modifications to, Process definitions set forth in Attachment A-2; provided, however, that the Process definitions as of the Commencement date are intended to reflect industry standard best practices and are not intended to be modified unless necessary to capture service delivery requirements that cannot be addressed through the Procedures Manual or other means; and
(v) Additions and deletions of, and modifications to, the Interaction Models and the development of new Interaction Models, whether or not needed to reflect changes, including as set forth in Section 6 below.
(b) Changes made pursuant to this review process shall be subject to Section 6.4 (Change Management Process) of the Agreement. In such circumstance, changes to Schedules E (Equipment), F (Software) and G (Third Party Agreements) shall be made in accordance with Section 17.2 (Entire Agreement, Updates, Amendments and Modifications) of the Agreement and Section 10.1 (Prices and Charges for New Services) of Schedule C (Charges), as applicable.
5.2 Scope Model Modifications.
(a) Subject to Section 6.4 (Change Management Process) of the Agreement, and, where applicable, to Sections 8.1 (Annual Updating of Schedules to the Agreement) and 17.2 (Entire Agreement, Updates, Amendments and Modifications) of the Agreement and Sections 10.1 (Prices and Charges for New Services) and 10.2 (Termination and Services Transfer Charges) of Schedule C (Charges), Equifax may modify the Scope Models by (i) adding or deleting Elements (including the addition of new Elements to Exhibit A-3 (Element Definitions), or (ii) changing the designated Actors, upon at least thirty (30) days’ advance written notice to IBM.
(b) The addition of more instances of a particular Element at a location or location type shall not require any modification of the Scope Models but shall be subject to Section 6.4 (Change Management Process) of the Agreement. In such circumstance, changes to
A-8
Schedules E (Equipment), F (Software) and G (Third Party Agreements) shall be made in accordance with Sections 8.1 (Annual Updating of Schedules to the Agreement) and 17.2 (Entire Agreement, Updates, Amendments and Modifications) of the Agreement and Section 10.1 (Prices and Charges for New Services) of Schedule C (Charges), as applicable.
5.3 New Services.
The Parties shall determine whether a change to the Scope Models, Elements, Processes or designated Actors is a New Service pursuant to Section 10.1 (Prices and Charges for New Services) of Schedule C (Charges).
6. INTERACTION MODELS
The Parties have developed a number of models describing how the Parties will interact with each other and other Actors in certain areas of activity under the Agreement that are expected to involve significant interactions between the Parties. The Interaction Models the Parties have developed and agreed to as of the Commencement Date are attached in Exhibit A-4 (Interaction Models). By mutual written agreement of the Parties’ Global Project Executives, the Parties may modify the attached Interaction Models or develop additional Interaction Models without requiring amendment of the Agreement.
A-9
SCOPE MODELS
[Attached]
X-0-0
PROCESS DEFINITIONS
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
1 |
|
RELATE |
|
|
|
|
|||
|
|
1.1 |
|
Relationship Management |
|
|
|
|
|||
|
|
1.1.1 |
|
Internal Customer IT Management |
|
|
|
The
purpose of the “Internal Customer IT Management” process is to coordinate
with Internal Customer End Users and Business Units regarding the IT
Environment, including, as necessary, producing IT-related business missions,
objectives and concepts that can be refined and analyzed as part of the design
of a solution. |
|||
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
|
1 |
Coordinating IT-related activities with Business Units and Internal Customer End Users; |
|
|
|
|
|
|
|
|
|
|
2 |
Advising Business Units regarding potential opportunities to create value using the IT Environment, including coordinating Internal Customer communications regarding system enhancements; and |
|
|
|
|
|
|
|
|
|
|
3 |
Working with Business Units and Internal Customer End Users to identify and specify high level IT-related business missions, objectives and concepts, including by obtaining the input and guidance of other Actors. |
|
|
|
1.1.2 |
|
External Customer IT Management |
|
|
|
The
purpose of the “External Customer IT Management” process is to coordinate and
manage (including interacting with Equifax’s external sales function and
business partners) the IT activities necessary to support Equifax’s business
relationships with its External Customers (i.e., sales support), including,
as necessary, producing IT -related business missions, objectives and
concepts that can be refined and analyzed as part of the design of a
solution. |
|||
|
|
|
|
|
|
|
|
|
1 |
Coordinating and project managing IT activities with External Customers, including through the use of business systems analysts (“BSAs”) that are knowledgeable regarding the IT Infrastructure, Equifax Businesses and External Customers; |
|
|
|
|
|
|
|
|
|
|
2 |
Delivering to External Customers new IT Services and changes to existing IT Services, including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
providing product and services marketing and training materials and performing technical consulting; |
|
|
|
|
|
|
|
|
|
|
(b) |
coordinate the implementation of data network solutions and connectivity; |
|
|
|
|
|
|
|
|
|
|
(c) |
assisting External Customers in establishing access to Equifax products, data and services, including for example for System-to-System customers, assisting with the set up of new network connections, providing and consulting on application technical specifications and interface requirements, auditing customer coding and troubleshooting application and network error messages; |
|
|
|
|
|
|
|
|
|
|
(d) |
supporting disaster recovery planning and testing; |
|
|
|
|
|
|
|
|
|
|
(e) |
providing application consulting for new or existing issues, such as: |
A-2-1
|
IT Value Chain |
|
IM |
|
Description |
|||||||
|
|
|
|
|
|
|
|
|
|
|
(1) |
changes to be made by External Customers to maintain compatibility to the IT Environment in response to legislation changes; |
|
|
|
|
|
|
|
|
|
|
|
(2) |
new product testing and roll-out; |
|
|
|
|
|
|
|
|
|
|
|
(3) |
System-to-System release participation; |
|
|
|
|
|
|
|
|
|
|
|
(4) |
pTest – score validations/updates; |
|
|
|
|
|
|
|
|
|
|
|
(5) |
building databases; and |
|
|
|
|
|
|
|
|
|
|
|
(6) |
building test files; |
|
|
|
|
|
|
|
|
|
|
(f) |
assisting with new and existing network issues, such as: |
|
|
|
|
|
|
|
|
|
|
|
|
(1) |
discovery; |
|
|
|
|
|
|
|
|
|
|
|
(2) |
gather business/technical requirements; |
|
|
|
|
|
|
|
|
|
|
|
(3) |
network investigations; |
|
|
|
|
|
|
|
|
|
|
|
(4) |
design review; |
|
|
|
|
|
|
|
|
|
|
|
(5) |
circuit order and approval; |
|
|
|
|
|
|
|
|
|
|
|
(6) |
end-to-end testing; |
|
|
|
|
|
|
|
|
|
|
|
(7) |
application testing; |
|
|
|
|
|
|
|
|
|
|
|
(8) |
complete project documentation and follow-up; |
|
|
|
|
|
|
|
|
|
|
|
(9) |
LU additions/deletions; and |
|
|
|
|
|
|
|
|
|
|
|
(10) |
de-installs; and |
|
|
|
|
|
|
|
|
|
|
(g) |
causing the completion and return to Equifax of appropriate documentation by the External Customer Loan and Custody Agreements where Equifax is providing Equipment; |
|
|
|
|
|
|
|
|
|
|
3 |
Working with External Customers on a day to day basis to resolve issues related to the IT Environment, including: |
||
|
|
|
|
|
|
|
|
|
|
(a) |
providing a single point of contact for External Customers inquiries and support (both Equifax and third party), including coordinating directly with third party providers to identify problem and obtain solutions; |
|
|
|
|
|
|
|
|
|
|
|
(b) |
trouble shooting End User and technical problems (both network and applications), including in support of development and test environments; |
|
|
|
|
|
|
|
|
|
|
|
(c) |
creating customer friendly root cause analysis reports; and |
|
|
|
|
|
|
|
|
|
|
|
(d) |
escalating External Customer issues as necessary to Equifax IT senior leadership and/or sales function; |
|
|
|
|
|
|
|
|
|
|
4 |
Working with External Customers to identify and specify IT business objectives, missions and concepts; and |
||
|
|
|
|
|
|
|
|
|
5 |
Performing quality assurance, training, customer communication and documentation functions in support of the foregoing, including: |
||
|
|
|
|
|
|
|
|
|
|
(a) |
coordinating with Equifax marketing external communications (to External Customers, suppliers and Equifax sales) regarding field releases related to new products and system enhancements; |
|
A-2-2
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(b) |
development and distribution of External Customer “Welcome Packages” and other services documentation; |
|
|
|
|
|
|
|
|
|
|
(c) |
Working with Equifax and third party providers to maintain adequate level of training for BSAs; |
|
|
|
|
|
|
|
|
|
|
(d) |
coordinating customer satisfaction surveys completed by third party, including determining that proper samples are taken and reviewing results with Equifax IT senior leadership and sales function; |
|
|
|
|
|
|
|
|
|
|
(e) |
maintaining External Customer disaster recovery and business continuity plans Equifax is required to support; and |
|
|
|
|
|
|
|
|
|
|
(f) |
creating and maintaining up to date system manuals and managing Equifax websites used to distribute manuals to External Customers. |
|
|
1.1.3 |
|
Relationship Management Technical Support |
|
|
|
The
purpose of the “Relationship Management Technical Support” process is to
provide technical input into and support for the Internal Customer IT
Management and External Customer IT Management processes. |
|||
|
|
|
|
|
|
|
|
|
1 |
Working with Business Units, BSAs and External Customers to identify and specify high level IT-related business missions, objectives and concepts; |
|
|
|
|
|
|
|
|
|
|
2 |
Providing technical input and guidance regarding new business opportunities that may affect the IT Environment, including general guidance on technical solutions in the pre-Business Requirements phase and generating related sourcing and price information; |
|
|
|
|
|
|
|
|
|
|
3 |
Attending periodic Business Unit management meetings to provide IT support and feedback on systems plans and status; and |
|
|
|
|
|
|
|
|
|
|
4 |
Providing technical input and guidance into the development of Equifax responses to requests for proposals and the like. |
|
|
|
2 |
|
DEVELOP |
|
|
|
|
|
|
|
|
|
2.1 |
|
Requirements |
|
|
|
|
|
|
|
|
|
2.1.1 |
|
Business Requirements Development |
|
|
|
The
purpose of the “Business Requirements Development” process is to identify,
develop and document business requirements of Equifax, including inputs and
outputs and schedule requirements and the identification of actors
providing inputs to or receiving outputs from the requirements (“Business
Requirements”). |
|||
|
|
|
|
|
|
|
|
|
1 |
Identifying and documenting business stakeholder needs, expectations and constraints; |
|
|
|
|
|
|
|
|
|
|
2 |
Identifying and documenting business drivers and business interfaces (both internal and external); |
|
|
|
|
|
|
|
|
|
|
3 |
Identifying and documenting schedule and business case requirements; |
|
|
|
|
|
|
|
|
|
|
4 |
Transforming stakeholder needs, expectations, constraints, and interfaces into business requirements; |
|
A-2-3
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
5 |
Defining constraints for verification and validation; and |
|
|
|
|
|
|
|
|
|
|
6 |
Providing business requirements to the Implementation Requirements process. |
|
|
|
2.1.2 |
|
Implementation Requirements Development |
|
|
|
The
purpose of the “Implementation Requirements Development” process is to
analyze the Business Requirements and refine them to a sufficient level of
technical and functional detail that a solution can be developed
(“Implementation Requirements”). |
|||
|
|
|
|
|
|
|
|
|
1 |
Establishing and maintaining operational concepts and associated scenarios, including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Developing operational concepts and associated scenarios that include functionality, performance, operations, maintenance, support and disposal, as appropriate; |
|
|
|
|
|
|
|
|
|
|
(b) |
Defining the environment that the solution will operate in, including boundaries and constraints; |
|
|
|
|
|
|
|
|
|
|
(c) |
Reviewing operational concepts and scenarios (including with the Business Requirements Actors) to refine the Business Requirements and discover additional Implementation Requirements; and |
|
|
|
|
|
|
|
|
|
|
(d) |
Developing detailed operational concepts, as the solution and solution components are selected, that define the interaction of the solution, End User and the environment, and that satisfies the functionality, performance, operational, maintenance, support and disposal needs; |
|
|
|
|
|
|
|
|
|
2 |
Establishing and maintaining a definition of required functionality, including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Analyzing and quantifying functionality required by End Users; |
|
|
|
|
|
|
|
|
|
|
(b) |
Analyzing requirements to identify logical or functional partitions (e.g., subfunctions); |
|
|
|
|
|
|
|
|
|
|
(c) |
Partitioning requirements into groups, based on established criteria, to facilitate and focus the requirements analysis; |
|
|
|
|
|
|
|
|
|
|
(d) |
Allocating Business Requirements to functional partitions, objects, people, or support elements to facilitate the synthesis of solutions; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Allocating functional and performance requirements to functions and subfunctions; |
|
|
|
|
|
|
|
|
|
3 |
As required, establishing technical solution and solution-component requirements based upon Business Requirements, including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Developing requirements in technical terms necessary for solution and solution-component design; |
|
|
|
|
|
|
|
|
|
|
(b) |
Deriving requirements that result from design decisions; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Establishing relationships between requirements for consideration during change management and requirements allocation; |
|
|
|
|
|
|
|
|
|
4 |
Identifying interface requirements, including: |
|
A-2-4
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying interfaces both internal and external to the solution; and |
|
|
|
|
|
|
|
|
|
|
(b) |
Developing the requirements for the identified interfaces; |
|
|
|
|
|
|
|
|
|
5 |
Allocating requirements for each solution component, including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Allocating requirements to functions and to solution components; and |
|
|
|
|
|
|
|
|
|
|
(b) |
Allocating design constraints to solution components; and |
|
|
|
|
|
|
|
|
|
6 |
Identifying key requirements that have a strong influence on cost; |
|
|
|
|
|
|
|
|
|
|
7 |
Identifying key requirements that have a strong influence on schedule and timing; |
|
|
|
|
|
|
|
|
|
|
8 |
Identifying key requirements that have a strong influence on functionality or performance; |
|
|
|
|
|
|
|
|
|
|
9 |
Identifying key requirements that have a strong influence on risk; |
|
|
|
|
|
|
|
|
|
|
10 |
Analyzing Implementation Requirements to confirm that they are necessary and sufficient and balance stakeholder needs and constraints; |
|
|
|
|
|
|
|
|
|
|
11 |
Validating Implementation Requirements to confirm that the resulting solution will perform as intended in the user’s environment; |
|
|
|
|
|
|
|
|
|
|
12 |
Reviewing, elaborating and refining Implementation Requirements and proposed solutions and requirements, as applicable; and |
|
|
|
|
|
|
|
|
|
|
13 |
Performing a risk analysis for the development, implementation, operation and disposal of the solution. |
|
|
|
2.1.3 |
|
Solution Development |
|
|
|
The
purpose of the “Solution Development” process is to design an IT solution
that satisfies the Business and Implementation Requirements. |
|||
|
|
|
|
|
|
|
|
|
1 |
Designing a solution that complies with relevant organizational architectures, policies and standards and that will satisfy the Business and Implementation Requirements; |
|
|
|
|
|
|
|
|
|
|
2 |
Identifying the activities necessary to develop the solution; |
|
|
|
|
|
|
|
|
|
|
3 |
Identifying the ongoing maintenance and support requirements of the solution; |
|
|
|
|
|
|
|
|
|
|
4 |
Identifying any interactivity dependencies; |
|
|
|
|
|
|
|
|
|
|
5 |
Obtaining stakeholder buy-in for the solution design (including through Equifax where the Solution Development Actor is other than Equifax); and |
|
|
|
|
|
|
|
|
|
|
6 |
Interfacing with Solution Approval process. |
|
|
|
2.1.4 |
|
Time and Resources Estimation |
|
|
|
The purpose of the “Time and Resources Estimation” process is to perform those activities necessary to estimate the time and resources required to develop, implement, operate and dispose of the solution. |
|||
A-2-5
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
The “Time and Resources Estimation” process includes the following activities: |
|||
|
|
|
|
|
|
|
|
|
1 |
Identifying the resources required to perform the development, maintenance and support activities for the solution; |
|
|
|
|
|
|
|
|
|
|
2 |
Estimating the amount of time necessary to complete the individual activities necessary to perform the development, maintenance and support activities for the solution; and |
|
|
|
|
|
|
|
|
|
|
3 |
Obtaining stakeholder buy-in for the time and resources estimates (through Equifax where the Solution Development Actor is other than Equifax). |
|
|
|
2.1.5 |
|
Solution Approval |
|
|
|
The
purpose of the “Solution Approval” process is to perform those activities
necessary to evaluate the design of the solution and time and resource
estimates. |
|||
|
|
|
|
|
|
|
|
|
1 |
Confirming that the Implementation Requirements are necessary and sufficient and balance stakeholder needs and constraints; |
|
|
|
|
|
|
|
|
|
|
2 |
Confirming that the time and resources estimates satisfy the business case and are otherwise reasonable; |
|
|
|
|
|
|
|
|
|
|
3 |
Confirming that the costs and benefits of the solution meet Equifax’s hurdles for investment approval; |
|
|
|
|
|
|
|
|
|
|
4 |
Confirming that the risk analysis is reasonable and is in line with organizational standards; |
|
|
|
|
|
|
|
|
|
|
5 |
Confirming that the solution will satisfy the Business Requirements; |
|
|
|
|
|
|
|
|
|
|
6 |
Confirming that the solution will comply with relevant organizational architectures, policies and standards; and |
|
|
|
|
|
|
|
|
|
|
7 |
Interface with Solution Development process. |
|
|
|
2.2 |
|
Enterprise IT Architecture |
|
|
|
|
|
|
|
|
|
2.2.1 |
|
Enterprise IT Architecture Development |
|
|
|
The
purpose of the “Enterprise IT Architecture Development” process is to design
the underlying IT framework of a business, which defines and describes the
platform required by Equifax to attain its objectives and achieve its
business vision. |
|||
|
|
|
|
|
|
|
|
|
1 |
Defining guiding principles, high level objectives and scope of architecture development; |
|
|
|
|
|
|
|
|
|
|
2 |
Identifying stakeholders; |
|
|
|
|
|
|
|
|
|
|
3 |
Identifying, documenting and assessing: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Internal business requirements, drivers and mandates; and |
|
|
|
|
|
|
|
|
|
|
(b) |
External business requirements, drivers and mandates (including regulatory and other compliance mandates (e.g., industry, confederation , third party, etc.)); |
|
|
|
|
|
|
|
|
|
4 |
Identifying high-level alternative approaches; |
|
A-2-6
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
5 |
Defining architecture deliverables for Domain Architectures, including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Architecture level deliverables (e.g., vision statement, best practices); |
|
|
|
|
|
|
|
|
|
|
(b) |
Conceptual level deliverables (e.g., conceptual models, high-level event process models, event-process matrices); |
|
|
|
|
|
|
|
|
|
|
(c) |
Solution level deliverables (e.g., logical models, detailed event process models); and |
|
|
|
|
|
|
|
|
|
|
(d) |
Implementation level deliverables (e.g., detailed designs); |
|
|
|
|
|
|
|
|
|
6 |
Managing the Domain Architecture development process by: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Defining Enterprise IT Architecture deliverables for Domain Architecture development teams; |
|
|
|
|
|
|
|
|
|
|
(b) |
Establishing timelines; |
|
|
|
|
|
|
|
|
|
|
(c) |
Instructing actors with regard to deliverable contents, timing and quality expectations; and |
|
|
|
|
|
|
|
|
|
|
(d) |
Measuring performance of Domain Architecture development teams; and |
|
|
|
|
|
|
|
|
|
7 |
Completing the Enterprise IT Architecture deliverables. |
|
|
|
2.2.2 |
|
Domain Architecture Approval |
|
|
|
The
purpose of the “Domain Architecture Approval” process is to perform the
activities necessary to evaluate and approve each Domain Architecture. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Confirming that the Domain Architecture deliverables will satisfy the requirements, drivers and mandates identified by the Enterprise IT Architecture; and |
|
|
|
|
|
|
|
|
|
2 |
|
Confirming that the Domain Architecture does not conflict with other Domain Architectures; |
|
|
|
|
|
|
|
|
|
3 |
|
Approving the Domain Architecture; and |
|
|
|
|
|
|
|
|
|
4 |
|
Providing the Domain Architecture to the relevant Engineering process. |
|
|
2.2.3 |
|
Enterprise IT Architecture Approval |
|
|
|
The
purpose of the “Enterprise IT Architecture Approval” process is to perform
the activities necessary to evaluate and approve the Enterprise IT
Architecture. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Confirming that the requirements, drivers and mandates are necessary and sufficient and balance stakeholder needs and constraints; |
|
|
|
|
|
|
|
|
|
2 |
|
Confirming that the Enterprise IT Architecture will satisfy the requirements, drivers and mandates; and |
|
|
|
|
|
|
|
|
|
3 |
|
Obtaining the approval of the “Chief” level (e.g., CIO) or other authority within Equifax designated to approve the Enterprise IT Architecture. |
A-2-7
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
2.3 |
|
Domain Architecture |
|
|
|
“Domain Architecture” means the IT domain-specific architectures that form part of the Enterprise IT Architecture. The Domain Architectures consist of Information Architecture, Application Architecture, Technology Architecture, and Security Architecture. |
|||
|
|
2.3.1 |
|
Information Architecture Development |
|
|
|
The
purpose of the “Information Architecture Development” process is to develop
data models and databases that serve the participants in Equifax’s business
environment, and the strategies, standards and policies required to develop
and implement them, which will enable Equifax to develop a common, shared,
distributed, accurate and consistent data resource, (the “Information
Architecture”). |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Developing high level alternatives that comply with the Enterprise IT Architecture and selecting from among the alternatives, including by: |
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying benefits, and potential risks and mitigating responses, for each alternative; |
|
|
|
|
|
|
|
|
|
|
(b) |
Documenting the rationale for using each alternative; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Selecting the best alternative based on the foregoing. |
|
|
|
|
|
|
|
|
|
2 |
|
Based on the alternative selected, completing the Information Architecture deliverables defined by Enterprise IT Architecture, which may include: |
|
|
|
|
|
|
|
|
|
|
(a) |
Architecture level deliverables (e.g., vision statement, best practices); |
|
|
|
|
|
|
|
|
|
|
(b) |
Conceptual level deliverables (e.g., conceptual data models, high-level use cases, high-level event process models, data entity-process matrices); |
|
|
|
|
|
|
|
|
|
|
(c) |
Solution level deliverables (e.g., logical data model, detailed event process models, package evaluation criteria, data attribute-process matrix); and |
|
|
|
|
|
|
|
|
|
|
(d) |
Implementation level deliverables (e.g., database design, presentation layer design, designed application modules). |
|
|
2.3.2 |
|
Application Architecture Development |
|
|
|
The
purpose of the “Application Architecture Development” process is to design
the data and business process models to reflect applications, which will: (a)
simplify and facilitate the work activities of the business processes and
provide automated procedures; (b) specify the management of information
storage and retrieval required to accommodate Equifax objectives; and (c)
address location considerations and how information is utilized, (the
“Application Architecture”). |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Developing high level alternatives that comply with the Enterprise IT Architecture and selecting from among the alternatives, including by: |
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying benefits, and potential risks and mitigating responses, for each alternative; |
|
|
|
|
|
|
|
|
|
|
(b) |
Documenting the rationale for using each alternative; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Selecting the best alternative based on the foregoing. |
A-2-8
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
2 |
|
Based on the alternative selected, completing the Application Architecture deliverables defined by Enterprise IT Architecture, which may include: |
|
|
|
|
|
|
|
|
|
|
(a) |
Architecture level deliverables (e.g., vision statement, best practices); |
|
|
|
|
|
|
|
|
|
|
(b) |
Conceptual level deliverables (e.g., high-level application - major business process diagrams, high-level event process models); |
|
|
|
|
|
|
|
|
|
|
(c) |
Solution level deliverables (e.g., application system evaluation matrix, middleware design diagrams and solution requirements, detailed event process models); and |
|
|
|
|
|
|
|
|
|
|
(d) |
Implementation level deliverables (e.g., distributed systems diagram, application - server mapping diagram). |
|
|
2.3.3 |
|
Technology Architecture Development |
|
|
|
The
purpose of the “Technology Architecture Development” process is to design the
interoperable technology platforms that will link the Information
Architecture and the Application Architecture and meet the needs of the
various user roles at identified work locations (the “Technology
Architecture”). |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Developing high level alternatives that comply with the Enterprise IT Architecture and selecting from among the alternatives, including by: |
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying benefits, and potential risks and mitigating responses, for each alternative; |
|
|
|
|
|
|
|
|
|
|
(b) |
Documenting the rationale for using each alternative; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Selecting the best alternative based on the foregoing. |
|
|
|
|
|
|
|
|
|
2 |
|
Based on the alternative selected, completing the Technology Architecture deliverables defined by Enterprise IT Architecture, which may include: |
|
|
|
|
|
|
|
|
|
|
(a) |
Architecture level deliverables (e.g., vision statement, best practices); |
|
|
|
|
|
|
|
|
|
|
(b) |
Conceptual level deliverables (e.g., high-level technology - major business process diagrams, high-level technology - application models); |
|
|
|
|
|
|
|
|
|
|
(c) |
Solution level deliverables (e.g., system technology evaluation matrix, network topology diagram); and |
|
|
|
|
|
|
|
|
|
|
(d) |
Implementation level deliverables (e.g., client location map, server location map, object expected/maximum volume requirements). |
|
|
2.3.4 |
|
Security Architecture Development |
|
|
|
The
purpose of the “Security Architecture Development” process is to develop a
plan and set of principles that describe: (a) the security services that a
system is required to provide to meet the needs of its users; (b) the system
elements required to implement the services; and (c) the performance levels
required in the elements to deal with the threat environment, (the “Security
Architecture”). |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Receiving the Security Policy; |
A-2-9
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
2 |
|
Developing high level alternatives that comply with the Enterprise IT Architecture and selecting from among the alternatives, including by: |
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying benefits, and potential risks and mitigating responses, for each alternative; |
|
|
|
|
|
|
|
|
|
|
(b) |
Documenting the rationale for using each alternative; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Selecting the best alternative based on the foregoing. |
|
|
|
|
|
|
|
|
|
3 |
|
Based on the alternative selected, completing Security Architecture deliverables identified by Enterprise IT Architecture, which may include: |
|
|
|
|
|
|
|
|
|
|
(a) |
Architecture level deliverables; |
|
|
|
|
|
|
|
|
|
|
(b) |
Conceptual level deliverables; |
|
|
|
|
|
|
|
|
|
|
(c) |
Solution level deliverables; and |
|
|
|
|
|
|
|
|
|
|
(d) |
Implementation level deliverables. |
|
|
2.4 |
|
Standards |
|
X |
|
|
|
|
|
|
|
2.4.1 |
|
Standards Policies Establishment |
|
X |
|
The purpose of the “Standards
Policies Establishment” process is to develop, document and maintain policies
(meaning guiding principles) for the development of standards. |
|||
|
|
|
|
|
|
X |
|
|
1 |
|
Identifying and developing standards policies. Standards policies may include polices with respect to: |
|
|
|
|
|
|
|
|
|
|
(a) |
systems and facilities access; |
|
|
|
|
|
|
|
|
|
|
(b) |
technology (equipment, software and telecommunications); |
|
|
|
|
|
|
|
|
|
|
(c) |
information; |
|
|
|
|
|
|
|
|
|
|
(d) |
data; |
|
|
|
|
|
|
|
|
|
|
(e) |
email and groupware; |
|
|
|
|
|
|
|
|
|
|
(f) |
environmental requirements; |
|
|
|
|
|
|
|
|
|
|
(g) |
security (including through the Security Policy Development Process); |
|
|
|
|
|
|
|
|
|
|
(h) |
procurement; |
|
|
|
|
|
|
|
|
|
|
(i) |
planning; |
|
|
|
|
|
|
|
|
|
|
(j) |
project methodology; and |
|
|
|
|
|
|
|
|
|
|
(k) |
quality. |
|
|
|
|
|
|
* |
|
|
2 |
|
Establishing timelines for standards development, review and maintenance; |
A-2-10
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
* |
|
|
3 |
|
Instructing standards development actors with respect to standards content, timing and quality expectations; and |
|
|
|
|
|
|
* |
|
|
4 |
|
Identifying and establishing policies for measuring compliance with standards. |
|
|
2.4.2 |
|
Standards Development |
|
* |
|
The purpose of the “Standards
Development” process is to develop, document and maintain standards (meaning
concrete technical specifications, practices and procedures) to implement the
policies identified in Section 2.4.1 |
|||
|
|
|
|
|
|
* |
|
|
1 |
|
Developing, documenting and maintaining standards that will apply to the configuration or selection of the element; |
|
|
|
|
|
|
* |
|
|
2 |
|
Developing, documenting and maintaining standards that will apply to the acquisition or procurement of the element; |
|
|
|
|
|
|
* |
|
|
3 |
|
Developing, documenting and maintaining standards that will apply to the development of applications, data sets, databases and interfaces; |
|
|
|
|
|
|
* |
|
|
4 |
|
Developing, documenting and maintaining standards that will apply to the operation of the element; and |
|
|
|
|
|
|
* |
|
|
5 |
|
Developing, documenting and maintaining standards that will apply to the retirement or disposal of the element; |
|
|
|
|
|
|
* |
|
|
6 |
|
Developing, documenting and maintaining standards that will apply to documentation, reporting and communications; |
|
|
|
|
|
|
* |
|
|
7 |
|
Developing, documenting and maintaining standards that will apply to security. |
|
|
2.4.3 |
|
Standards Approval |
|
* |
|
The purpose of the “Standards
Approval” process is to perform activities necessary to evaluate and approve
the standards (initially developed or updated). |
|||
|
|
|
|
|
|
* |
|
|
1 |
|
Confirming that the standard complies with the requirements of the Enterprise IT Architecture; |
|
|
|
|
|
|
* |
|
|
2 |
|
Confirming that the standard complies with the requirements of the relevant Domain Architecture; |
|
|
|
|
|
|
* |
|
|
3 |
|
Confirming that the standard complies with the policies established in Standards Policies Establishment; and |
|
|
|
|
|
|
X |
|
|
4 |
|
Confirming that the standard does not create operational or technical conflicts with the requirements of any other previously approved standard. |
|
|
2.4.4 |
|
Standards Publication |
|
* |
|
The purpose of the “Standards
Publication” process is to disseminate approved standards to relevant
personnel via appropriate mechanisms. |
|||
|
|
|
|
|
|
* |
|
|
1 |
|
Collecting approved standards; |
|
|
|
|
|
|
* |
|
|
2 |
|
Editing approved standards for consistent format and content; |
|
|
|
|
|
|
* |
|
|
3 |
|
Identifying the appropriate recipients for standards; |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-2-11
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
* |
|
|
4 |
|
Identifying appropriate mechanisms for distributing standards (e.g., letter, e-mail, update to web page, update to employee handbook, update to Procedures Manual); |
|
|
|
|
|
|
* |
|
|
5 |
|
Implementing the selected distribution mechanisms; and |
|
|
|
|
|
|
* |
|
|
6 |
|
Reflecting approved changes by updating previously published standards. |
|
|
2.5 |
|
Infrastructure Engineering |
|
|
|
|
|
|
|
|
|
2.5.1 |
|
Platform Engineering |
|
|
|
The purpose of the “Platform
Engineering” process is to design, develop and manage the various technology
platforms in use as part of Equifax’s business operations. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Evaluating and specifying platform equipment; |
|
|
|
|
|
|
|
|
|
2 |
|
Evaluating and specifying platform software (including O/S, NOS, data communications tools, systems management tools and data management systems); |
|
|
|
|
|
|
|
|
|
3 |
|
Performing optimal matching of requirements for IT Services with the equipment, software and services available in the marketplace; |
|
|
|
|
|
|
|
|
|
4 |
|
Testing the standard software configuration and the standard hardware configurations for incompatibilities with each other; |
|
|
|
|
|
|
|
|
|
5 |
|
Testing the standard software configuration for disabling codes and other similar items, to the extent possible; |
|
|
|
|
|
|
|
|
|
6 |
|
Testing manufacturer’s in-model revisions to distributed Equipment to confirm proper operation with Applications; |
|
|
|
|
|
|
|
|
|
7 |
|
Evaluating and recommending solutions to the Requirements and/or Governance process for platform performance; |
|
|
|
|
|
|
|
|
|
8 |
|
Tuning and optimizing platform performance; |
|
|
|
|
|
|
|
|
|
9 |
|
Evaluating, recommending solutions to the Requirements and/or Governance process for and performing economic optimization, including device placement and consolidation; |
|
|
|
|
|
|
|
|
|
10 |
Testing to verify the successful inclusion of availability mechanisms (e.g. redundancy, failover, disaster recovery planning); |
|
|
|
|
|
|
|
|
|
|
11 |
Creating standard implementations, including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Specifying the implementation; |
|
|
|
|
|
|
|
|
|
|
(b) |
Designing the implementation; |
|
|
|
|
|
|
|
|
|
|
(c) |
Developing the implementation; |
|
|
|
|
|
|
|
|
|
|
(d) |
Testing the implementation; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Pre-release staging the implementation; |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-2-12
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
12 |
Creating remote connectivity capabilities, including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Specifying remote connectivity capabilities; |
|
|
|
|
|
|
|
|
|
|
(b) |
Designing remote connectivity capabilities; |
|
|
|
|
|
|
|
|
|
|
(c) |
Developing remote connectivity capabilities; |
|
|
|
|
|
|
|
|
|
|
(d) |
Testing remote connectivity capabilities; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Pre-release staging remote connectivity capabilities; |
|
|
|
|
|
|
|
|
|
13 |
Specifying the equipment, environmental requirements (e.g., power, HVAC) and services required for the construction and operation of the environment; |
|
|
|
|
|
|
|
|
|
|
14 |
Performing the modification or introduction of systems management program products by: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Configuring such products; |
|
|
|
|
|
|
|
|
|
|
(b) |
Implementing upgrades to or new releases of such products; |
|
|
|
|
|
|
|
|
|
|
(c) |
Testing such products to confirm that they comply with the relevant standards and requirements; |
|
|
|
|
|
|
|
|
|
|
(d) |
Preparing and updating documentation related to such products; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Pre-release staging of such products; |
|
|
|
|
|
|
|
|
|
15 |
Performing the introduction of new types of Equipment (e.g. new Equipment models and Equipment whose component parts have been modified or reconfigured) and new Software (including new releases and version updates to existing releases) by: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Configuring such Equipment; |
|
|
|
|
|
|
|
|
|
|
(b) |
Certifying that such Equipment complies with the relevant standards and requirements; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Pre-release staging of such Equipment.; |
|
|
|
|
|
|
|
|
|
16 |
Performing physical database administration, including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Specifying recovery procedures for databases associated with each Application; |
|
|
|
|
|
|
|
|
|
|
(b) |
Analyzing database activity; |
|
|
|
|
|
|
|
|
|
|
(c) |
Performing database maintenance activities including performance tuning, space management, index analysis, and partitioning; |
|
|
|
|
|
|
|
|
|
17 |
Evaluating, recommending, deploying and supporting new tools and technology solutions related to the Equipment as necessary to meet business requirements; |
|
|
|
|
|
|
|
|
|
|
18 |
Providing a solution that keeps data assets accessible recoverable and conforms to security standards; |
|
|
|
|
|
|
|
|
|
|
19 |
Providing input to and assisting with the Standards Development process and applying approved standards in the |
|
A-2-13
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
specification of the IT Environment; and |
|
|
|
|
|
|
|
|
|
|
20 |
Performing a forward-looking assessment of relevant emerging platform technology to assess its applicability and potential benefit. |
|
|
|
2.5.2 |
|
Network Engineering |
|
|
|
The purpose of the “Network
Engineering” process is to design and operate the communications devices used
by Equifax’s business operations. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Evaluating and optimizing network performance; |
|
|
|
|
|
|
|
|
|
2 |
|
Evaluating, recommending solutions to the Requirements and/or Governance process for and optimizing network resilience; |
|
|
|
|
|
|
|
|
|
3 |
|
Recommending solutions to the Requirements and/or Governance process for optimizing the economics of the network; |
|
|
|
|
|
|
|
|
|
4 |
|
Designing and specifying type/quality of service schemes; |
|
|
|
|
|
|
|
|
|
5 |
|
Managing network addresses for physical and logical networks, developing specifications for the implementation of address provisioning, resolution and translation implementations and coordinating with other interconnected and third party networks; |
|
|
|
|
|
|
|
|
|
6 |
|
Specifying the devices, facilities and services required for the design, construction and operation of the network; |
|
|
|
|
|
|
|
|
|
7 |
|
Creating logical network connections, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Specifying the connections; |
|
|
|
|
|
|
|
|
|
|
(b) |
Designing the connections; |
|
|
|
|
|
|
|
|
|
|
(c) |
Developing the connections; |
|
|
|
|
|
|
|
|
|
|
(d) |
Documenting the connections; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Pre-release staging of the connections; |
|
|
|
|
|
|
|
|
|
8 |
|
Providing telecommunications resources so that they are available in appropriate size, speed and number to meet actual and forecasted business demand; |
|
|
|
|
|
|
|
|
|
9 |
|
Performing the modification or introduction of network and security devices by: |
|
|
|
|
|
|
|
|
|
|
(a) |
Configuring such devices; |
|
|
|
|
|
|
|
|
|
|
(b) |
Implementing upgrades to or new releases of such devices; |
|
|
|
|
|
|
|
|
|
|
(c) |
Testing such devices to confirm that they comply with the relevant standards and requirements; |
|
|
|
|
|
|
|
|
|
|
(d) |
Preparing and updating documentation related to such devices; and |
A-2-14
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(e) |
Pre-release staging of such devices; |
|
|
|
|
|
|
|
|
|
10 |
Creating and maintaining an electronic record, with reporting capabilities, describing the physical and logical topology of the Network and security mechanisms with adequate detail as needed to perform IT Services related to the Network; |
|
|
|
|
|
|
|
|
|
|
11 |
Providing input to and assisting with the standards activities applying relevant standards in the specification of the IT Environment; and |
|
|
|
|
|
|
|
|
|
|
12 |
Designing and implementing solutions required to meet requirements for protocol conversion and translation. |
|
|
|
2.5.3 |
|
Process Engineering |
|
|
|
The purpose of the “Process
Engineering” process is to perform those activities necessary to maintain the
underlying IT work processes and how they interface with other business
processes, with an objective of implementing industry best practices. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Identifying the applicable process objectives (e.g., * output speed, quality improvement, etc.); |
|
|
|
|
|
|
|
|
|
2 |
|
Documenting, measuring and evaluating the existing processes; |
|
|
|
|
|
|
|
|
|
3 |
|
Identifying business processes dependencies; |
|
|
|
|
|
|
|
|
|
4 |
|
Identifying technology and other changes that require the design of new process; |
|
|
|
|
|
|
|
|
|
5 |
|
Identifying technology and other enablers that can enhance the processes; |
|
|
|
|
|
|
|
|
|
6 |
|
Designing new processes to produce the desired objectives; |
|
|
|
|
|
|
|
|
|
7 |
|
Documenting the new processes, including by developing process maps, textual write-ups, etc.; |
|
|
|
|
|
|
|
|
|
8 |
|
Prototyping or testing the new processes before wide-scale release; |
|
|
|
|
|
|
|
|
|
9 |
|
Developing the resource requirements and functional roles of the personnel to perform the processes; |
|
|
|
|
|
|
|
|
|
10 |
Designing the organizational changes necessary to achieve the desired outcome; |
|
|
|
|
|
|
|
|
|
|
11 |
Testing and revising as necessary new processes and changes to existing processes; |
|
|
|
|
|
|
|
|
|
|
12 |
Enhancing processing capabilities and efficiencies through system tuning and other run-time improvements; |
|
|
|
|
|
|
|
|
|
|
13 |
Specifying the technology and/or other enabler requirements for new processes; |
|
|
|
|
|
|
|
|
|
|
14 |
Performing a risk assessment of the process, organizational, technological or other changes associated with new processes; and |
|
|
|
|
|
|
|
|
|
|
15 |
Interacting with other process stakeholders to create effective and efficient linkages between the process components performed by each of the individual stakeholders; |
|
|
|
|
|
|
|
|
|
|
16 |
Documenting the finalized processes. |
|
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-2-15
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
2.6 |
|
Software Engineering |
|
|
|
|
|
|
|
|
|
2.6.1 |
|
Software Design |
|
|
|
The purpose of the “Software
Design” process is to transform requirements into complete, detailed Software
system specifications. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Identifying the operational concept, scenarios, and design environment; |
|
|
|
|
|
|
|
|
|
2 |
|
Developing detailed alternative solutions and selection criteria (e.g., price, technical performance, complexity, risk), including by: |
|
|
|
|
|
|
|
|
|
|
(a) |
Establishing and maintaining a process or processes for identifying solution alternatives, selection criteria, and design issues; |
|
|
|
|
|
|
|
|
|
|
(b) |
Identifying for consideration a set of solution alternatives; |
|
|
|
|
|
|
|
|
|
|
(c) |
Developing the criteria for selecting the best solution alternative; |
|
|
|
|
|
|
|
|
|
|
(d) |
Identifying and characterizing design issues for each solution alternative; |
|
|
|
|
|
|
|
|
|
|
(e) |
Identifying technologies currently in use and new technologies for competitive advantage as they relate to each solution alternative; |
|
|
|
|
|
|
|
|
|
|
(f) |
Identifying potential risks and defining mitigating design features for each solution alternative; |
|
|
|
|
|
|
|
|
|
|
(g) |
Obtaining a complete requirements allocation for each solution alternative; |
|
|
|
|
|
|
|
|
|
|
(h) |
Documenting the rationale for using each solution alternative; and |
|
|
|
|
|
|
|
|
|
|
(i) |
Developing timeline scenarios for operation and user interaction for each solution alternative; |
|
|
|
|
|
|
|
|
|
3 |
|
Evolving the operational concept, scenarios, and environments to describe the conditions, operating modes, and operating states specific to each solution component, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Evolving the operational concepts and scenarios to an appropriate degree of detail for the solution component; and |
|
|
|
|
|
|
|
|
|
|
(b) |
Evolving the operational environments for the solution components; |
|
|
|
|
|
|
|
|
|
4 |
|
Selecting the solution or solutions that best satisfy the selection criteria, including by: |
|
|
|
|
|
|
|
|
|
|
(a) |
Evaluating each alternative solution against the selection criteria; |
|
|
|
|
|
|
|
|
|
|
(b) |
Based on the evaluation of the alternatives, assessing the adequacy of the selection criteria and updating these criteria as necessary; |
|
|
|
|
|
|
|
|
|
|
(c) |
Identifying and resolving issues with the alternative solutions and requirements; |
|
|
|
|
|
|
|
|
|
|
(d) |
Selecting the best set of alternative solutions that satisfy the established selection criteria; |
|
|
|
|
|
|
|
|
|
|
(e) |
Establishing the requirements associated with the selected set of alternatives as the set of allocated requirements to |
A-2-16
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
|
those solution components; |
|
|
|
|
|
|
|
|
|
|
(f) |
Identifying the solution components that will be reused or acquired; and |
|
|
|
|
|
|
|
|
|
|
(g) |
Establishing and maintaining the documentation of the solutions, evaluations, and rationale; |
|
|
|
|
|
|
|
|
|
5 |
|
Developing a design for the solution or solution component, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Designing the data storage and access for the data layer; |
|
|
|
|
|
|
|
|
|
|
(b) |
Designing the user interface at the presentation layer; |
|
|
|
|
|
|
|
|
|
|
(c) |
Designing the business rules layer and the application logic; |
|
|
|
|
|
|
|
|
|
|
(d) |
Identifying, designing and documenting interfaces associated with other solution components, including those from application to application and application to database; |
|
|
|
|
|
|
|
|
|
|
(e) |
Identifying and designing interfaces associated with external applications or data sources; |
|
|
|
|
|
|
|
|
|
|
(f) |
Identifying interfaces between solution components and the solution-related life-cycle processes; |
|
|
|
|
|
|
|
|
|
|
(g) |
Establishing and maintaining criteria against which the design can be evaluated; |
|
|
|
|
|
|
|
|
|
|
(h) |
Identifying, developing, or acquiring the design methods appropriate for the solution; |
|
|
|
|
|
|
|
|
|
|
(i) |
Adhering to the applicable design standards and criteria; |
|
|
|
|
|
|
|
|
|
|
(j) |
Adhering to the allocated requirements; and |
|
|
|
|
|
|
|
|
|
|
(k) |
Documenting the design; |
|
|
|
|
|
|
|
|
|
6 |
|
Establishing and maintaining a technical data package (e.g., solution architecture description, allocated requirements, solution-component descriptions, solution-related life-cycle process descriptions, key solution characteristics, interface requirements, rationale for decisions and characteristics), including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Determining the number of levels of design and the appropriate level of documentation for each design level; |
|
|
|
|
|
|
|
|
|
|
(b) |
Basing detailed design descriptions on the allocated solution-component requirements, architecture, and higher level designs; |
|
|
|
|
|
|
|
|
|
|
(c) |
Documenting the design in the technical data package; |
|
|
|
|
|
|
|
|
|
|
(d) |
Documenting the rationale for significant decisions affecting *, schedule, or technical performance; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Revising the technical data package as necessary; |
|
|
|
|
|
|
|
|
|
7 |
|
Developing an application design document that identifies the steps used in the design of the application; |
|
|
|
|
|
|
|
|
|
8 |
|
Developing and documenting design conversion/ migration/ transition strategies; |
|
|
|
|
|
|
|
|
|
9 |
|
Evaluating whether the solution components should be developed, purchased, or reused based on established criteria, including: |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-2-17
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(a) |
Developing criteria for the reuse of solution-component designs; |
|
|
|
|
|
|
|
|
|
|
(b) |
Analyzing designs to determine if solution components should be developed, reused, or purchased; and |
|
|
|
|
|
|
|
|
|
|
(c) |
When purchased or non-developmental (e.g., commercial off-the-shelf, reuse) items are selected, planning for their maintenance. |
|
|
|
|
|
|
|
|
|
10 |
Specifying emergency response procedures, backup procedures, and post-disaster recovery procedures as directed by the Service Continuity Actor. |
|
|
|
2.6.2 |
|
Software Development |
|
|
|
The purpose of the “Software
Development” process is to convert a design into a complete information
system. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Implementing the Application Development process by: |
|
|
|
|
|
|
|
|
|
|
(a) |
Selecting, tailoring and using those standards, methods, tools, and computer programming languages that are documented, appropriate, and established by the organization for performing development activities; and |
|
|
|
|
|
|
|
|
|
|
(b) |
Developing, documenting, and executing plans for the conducting the development activities; |
|
|
|
|
|
|
|
|
|
2 |
|
Developing the code by: |
|
|
|
|
|
|
|
|
|
|
(a) |
Developing and documenting each unit of the solution; |
|
|
|
|
|
|
|
|
|
|
(b) |
Developing and documenting databases associated with the solution; |
|
|
|
|
|
|
|
|
|
|
(c) |
Developing and documenting test procedures for testing each unit and database; |
|
|
|
|
|
|
|
|
|
|
(d) |
Updating the test requirements and the schedule for integration; |
|
|
|
|
|
|
|
|
|
|
(e) |
Evaluating code to confirm internal consistency, feasibility of operation and integration, and consistency with the requirements; |
|
|
|
|
|
|
|
|
|
|
(f) |
Conducting quality review of the selected solution components; |
|
|
|
|
|
|
|
|
|
|
(g) |
Revising the solution component as necessary; and |
|
|
|
|
|
|
|
|
|
|
(h) |
Performing unit testing (e.g., statement coverage testing, branch coverage testing, predicate coverage testing, path coverage testing, boundary value testing, special value testing) of the solution component as appropriate; |
|
|
|
|
|
|
|
|
|
3 |
|
Developing a plan to integrate the units and components into the solution; |
|
|
|
|
|
|
|
|
|
4 |
|
Developing instructions for installing the solution in the target environment as designed; |
|
|
|
|
|
|
|
|
|
5 |
|
Developing and maintaining the end-use documentation, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Reviewing the requirements, design, product, and test results to confirm that issues affecting the installation, operation, and maintenance documentation have been identified and resolved; |
|
|
|
|
|
|
|
|
|
|
(b) |
Developing the installation, operation, and maintenance documentation; |
A-2-18
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(c) |
Adhering to the applicable documentation standards; |
|
|
|
|
|
|
|
|
|
|
(d) |
Developing preliminary versions of the installation, operation, and maintenance documentation in early phases of the project life cycle for review by the relevant stakeholders; |
|
|
|
|
|
|
|
|
|
|
(e) |
Conducting peer reviews of the installation, operation, and maintenance documentation; and |
|
|
|
|
|
|
|
|
|
|
(f) |
Revising the installation, operation, and maintenance documentation as necessary. |
|
|
2.6.3 |
|
Software Integration |
|
|
|
The purpose of the “Software
Integration” process is to assemble the solution from the solution
components, confirm that that solution, as integrated, functions properly,
and deliver the solution. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Determining the solution-component integration sequence, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying the solution components to be integrated; |
|
|
|
|
|
|
|
|
|
|
(b) |
Identifying the methods by which the definition of the interfaces between the solution components will be verified; |
|
|
|
|
|
|
|
|
|
|
(c) |
Identifying alternative solution-component integration sequences; |
|
|
|
|
|
|
|
|
|
|
(d) |
Selecting the optimal integration sequence; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Periodically reviewing the product integration sequence and revising as appropriate. |
|
|
|
|
|
|
|
|
|
2 |
|
Establishing and maintaining the environment required for the integration of the solution components, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying the requirements for the solution integration environment; |
|
|
|
|
|
|
|
|
|
|
(b) |
Identifying verification criteria and procedures for the solution integration environment; |
|
|
|
|
|
|
|
|
|
|
(c) |
Deciding whether to make or buy the needed solution integration environment; |
|
|
|
|
|
|
|
|
|
|
(d) |
Developing an integration environment if a suitable environment cannot be acquired; |
|
|
|
|
|
|
|
|
|
|
(e) |
Maintaining the solution integration environment throughout the project; and |
|
|
|
|
|
|
|
|
|
|
(f) |
Disposing of those portions of the environment that are no longer useful; |
|
|
|
|
|
|
|
|
|
3 |
|
Establishing and maintaining procedures and criteria for integration of the solution components, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Establishing and maintaining solution integration procedures for the solution components; |
|
|
|
|
|
|
|
|
|
|
(b) |
Establishing and maintaining criteria for solution-component integration and evaluation; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Establishing and maintaining criteria for validation and delivery of the integrated solution; |
|
|
|
|
|
|
|
|
|
4 |
|
Reviewing interface descriptions for coverage and completeness, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Reviewing interface data for completeness and confirming complete coverage of all interfaces; |
|
|
|
|
|
|
|
|
|
|
(b) |
Confirming that solution components and interfaces are marked so that it is easy to make the correct connection to |
A-2-19
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
|
the joining solution component; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Periodically reviewing the adequacy of interface descriptions; |
|
|
|
|
|
|
|
|
|
5 |
|
Managing internal and external interface definitions, designs, and changes for solutions and solution components, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Maintaining the compatibility of the interfaces throughout the life of the solution; |
|
|
|
|
|
|
|
|
|
|
(b) |
Resolving conflict, noncompliance, and change issues; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Maintaining a repository for interface data; |
|
|
|
|
|
|
|
|
|
6 |
|
Confirming, prior to assembly, that each component required to assemble the product has been properly identified, functions according to its description, and that the component interfaces comply with the interface description, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Tracking the status of components as soon as they become available for integration; |
|
|
|
|
|
|
|
|
|
|
(b) |
Delivering the components are delivered to the integration environment in accordance with the integration sequence and available procedures; |
|
|
|
|
|
|
|
|
|
|
(c) |
Confirming the receipt of each component; |
|
|
|
|
|
|
|
|
|
|
(d) |
Confirming that each received component meets its description; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Checking the configuration status against the expected configuration; |
|
|
|
|
|
|
|
|
|
7 |
|
Assembling components according to the integration sequence and available procedures, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Confirming the readiness of the integration environment; |
|
|
|
|
|
|
|
|
|
|
(b) |
Performing the assembly sequence properly; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Revising the product integration sequence and available procedures as appropriate; |
|
|
|
|
|
|
|
|
|
8 |
|
Evaluating assembled components for interface compatibility, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Conducting the evaluation of assembled components following the integration sequence and available procedures; and |
|
|
|
|
|
|
|
|
|
|
(b) |
Recording the evaluation results; |
|
|
|
|
|
|
|
|
|
9 |
|
Packaging the assembled solution or component and delivering it to the appropriate Actor, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Reviewing the requirements, design, solution, verification results, and documentation so that issues affecting the packaging and delivery of the solution or component are identified and resolved; |
|
|
|
|
|
|
|
|
|
|
(b) |
Packaging and delivering the assembled solution or component; |
|
|
|
|
|
|
|
|
|
|
(c) |
Satisfying the applicable requirements and standards (e.g., type of storage and delivery media, required documentation, copyrights, license provisions, security of the software) for packing and delivering the solution or |
A-2-20
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
|
component; |
|
|
|
|
|
|
|
|
|
|
(d) |
Providing instructions for preparing the operational site for installation of the solution or component; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Delivering the solution or component and related documentation to the appropriate Actor and confirming receipt. |
|
|
2.7 |
|
Software Maintenance |
|
|
|
|
|
|
|
|
|
2.7.1 |
|
Corrective Maintenance |
|
|
|
The purpose of the “Corrective
Maintenance” process is to resolve and correct errors or invalid data in
Software. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Creating temporary “fixes” to facilitate short-term Problem resolution; |
|
|
|
|
|
|
|
|
|
2 |
|
Correcting Application defects with permanent fixes so that Problems do not recur; |
|
|
|
|
|
|
|
|
|
3 |
|
Correcting the nonconformance of an Application to its requirements or specifications; |
|
|
|
|
|
|
|
|
|
4 |
|
Providing specialized tools to repair contaminated data and perform data recovery and back-outs; and |
|
|
|
|
|
|
|
|
|
5 |
|
Testing the defect corrections. |
|
|
2.7.2 |
|
Adaptive Maintenance |
|
|
|
The purpose of the “Adaptive
Maintenance” process is to perform special modifications to Software. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Performing modifications required for regulatory compliance purposes; |
|
|
|
|
|
|
|
|
|
2 |
|
Providing input to and assisting with any litigation reviews, regulatory reviews, audits, compliance assessments and data-gathering exercises; |
|
|
2.7.3 |
|
Perfective Maintenance |
|
|
|
The purpose of the “Perfective
Maintenance” process is to perform Applications tuning, code restructuring,
and other efforts to improve the efficiency and reliability of Software and
to minimize on-going maintenance requirements. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Tuning Applications systems to improve operational performance and optimize computing and networking resource usage; |
|
|
|
|
|
|
|
|
|
2 |
|
Analyzing trends to identify potential Problems. |
|
|
2.7.4 |
|
Functional Enhancements |
|
|
|
The purpose of the “Functional Enhancements” process is to design, develop and test enhancements and customization to Software, utilizing Software Development processes and controls appropriate for such work. |
|||
|
|
2.7.5 |
|
Product Review |
|
|
|
The purpose of the “Product
Review” process is to periodically review the use and performance of Software
to ascertain whether the Software is continuing to meet the ongoing needs of
the business or the technical requirements of the infrastructure that it is
operating within. |
|||
A-2-21
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
1 |
|
Conducting an assessment to determine if a change is required or if the Software should be retired: |
|
|
|
|
|
|
|
|
|
2 |
|
If the assessment concludes that a change is required, preparing a proposal that details which changes are required in the Software, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
The change required; |
|
|
|
|
|
|
|
|
|
|
(b) |
Business need and business justification; |
|
|
|
|
|
|
|
|
|
|
(c) |
Who is responsible for the change; |
|
|
|
|
|
|
|
|
|
|
(d) |
The amount of effort needed to complete the change; |
|
|
|
|
|
|
|
|
|
|
(e) |
The prerequisites for the change; |
|
|
|
|
|
|
|
|
|
|
(f) |
When the change needs to be completed; |
|
|
|
|
|
|
|
|
|
|
(g) |
Who the stakeholders are; and |
|
|
|
|
|
|
|
|
|
|
(h) |
The success criterion for the change; |
|
|
|
|
|
|
|
|
|
3 |
|
If the Software is identified as no longer being required, preparing a retirement proposal that provides a roadmap of how the Software will be removed from service; |
|
|
|
|
|
|
|
|
|
4 |
|
For retired Software, notifying the Change Management Actor of the need to remove from the production environment Software components, such as executables, configuration files, source code, log files, and references to the Software; and |
|
|
|
|
|
|
|
|
|
5 |
|
Archiving retired Software to allow retrieval of archived data in accordance with legal and regulatory requirements as directed by Equifax. |
|
|
2.7.6 |
|
Logical Database Administration |
|
|
|
The purpose of the “Logical
Database Administration” process is to provide the logical database support
required by the Applications Development and Maintenance processes. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Design, implement and maintain database schema; |
|
|
|
|
|
|
|
|
|
2 |
|
Maintaining design consistency across databases associated with different Applications and identifying data redundancies; |
|
|
|
|
|
|
|
|
|
3 |
|
Designing, creating and maintaining entity relationship diagrams; and |
|
|
|
|
|
|
|
|
|
4 |
|
Updating existing documentation to document changes to database schemas. |
|
|
2.8 |
|
Quality Assurance |
|
|
|
|
|
|
|
|
|
2.8.1 |
|
Verification |
|
|
|
The purpose of the “Verification” process is to confirm that a solution or solution-component meets its specified requirements. |
|||
A-2-22
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
The Verification process includes the following activities: |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Selecting the work products to be tested and the testing methods (e.g., path coverage testing; load, stress, and performance testing; decision-table-based testing; functional-decomposition testing; test-case reuse; acceptance tests) that will be used for each, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying work products for testing; |
|
|
|
|
|
|
|
|
|
|
(b) |
Identifying the requirements to be satisfied by each selected work product; |
|
|
|
|
|
|
|
|
|
|
(c) |
Identifying the testing methods that are available for use; |
|
|
|
|
|
|
|
|
|
|
(d) |
Defining the testing methods to be used for each selected work product; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Submitting for integration with the project plan the identification of work products to be tested, the requirements to be satisfied, and the methods to be used; |
|
|
|
|
|
|
|
|
|
2 |
|
Establishing and maintaining the environment needed for testing, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying testing environment responsibilities; |
|
|
|
|
|
|
|
|
|
|
(b) |
Establishing the test team and creating the test files/data; |
|
|
|
|
|
|
|
|
|
|
(c) |
Identifying testing resources that are available for reuse and modification; |
|
|
|
|
|
|
|
|
|
|
(d) |
Identifying testing equipment and tools; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Acquiring testing equipment and an environment; |
|
|
|
|
|
|
|
|
|
3 |
|
Establishing and maintaining testing procedures and criteria for the selected work products, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Generating the set of comprehensive, integrated verification procedures for work products and any commercial off-the-shelf products, as necessary; |
|
|
|
|
|
|
|
|
|
|
(b) |
Developing and refining the verification criteria when necessary; |
|
|
|
|
|
|
|
|
|
|
(c) |
Identifying the expected results, any tolerances allowed in observation, and other criteria for satisfying the requirements; and |
|
|
|
|
|
|
|
|
|
|
(d) |
Identifying the equipment and environmental components needed for verification; |
|
|
|
|
|
|
|
|
|
4 |
|
Preparing for peer reviews of selected work products, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Determining the type of peer review (e.g., inspections, structured walkthroughs, active reviews) to be conducted; |
|
|
|
|
|
|
|
|
|
|
(b) |
Defining requirements for collecting data during the peer review; |
|
|
|
|
|
|
|
|
|
|
(c) |
Establishing and maintaining entry and exit criteria for the peer review; |
|
|
|
|
|
|
|
|
|
|
(d) |
Establishing and maintaining criteria for requiring another peer review; |
|
|
|
|
|
|
|
|
|
|
(e) |
Establishing and maintaining checklists so that the work products are reviewed consistently; |
A-2-23
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(f) |
Developing a detailed review schedule, including the dates for any pre-review training and when materials for reviews will be available; |
|
|
|
|
|
|
|
|
|
|
(g) |
Confirming that the work product satisfies the review entry criteria prior to distribution; |
|
|
|
|
|
|
|
|
|
|
(h) |
Distributing the work product to be reviewed and its related information to the participants; |
|
|
|
|
|
|
|
|
|
|
(i) |
Assigning roles for the review as appropriate; and |
|
|
|
|
|
|
|
|
|
|
(j) |
Preparing for the review; |
|
|
|
|
|
|
|
|
|
5 |
|
Conducting reviews on selected work products and identifying issues resulting from the review, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Performing the assigned roles in the review; |
|
|
|
|
|
|
|
|
|
|
(b) |
Identifying and documenting defects and other issues in the work product; |
|
|
|
|
|
|
|
|
|
|
(c) |
Recording the results of the review, including the action items; |
|
|
|
|
|
|
|
|
|
|
(d) |
Collecting review data; |
|
|
|
|
|
|
|
|
|
|
(e) |
Identifying action items and communicating the issues to relevant stakeholders; |
|
|
|
|
|
|
|
|
|
|
(f) |
Conducting an additional review if defined criteria indicate the need; and |
|
|
|
|
|
|
|
|
|
|
(g) |
Confirming that the exit criteria for the review are satisfied; |
|
|
|
|
|
|
|
|
|
6 |
|
Analyzing data about preparation, conduct, and results of the reviews, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Recording data related to the preparation, conduct, and results of the reviews; |
|
|
|
|
|
|
|
|
|
|
(b) |
Storing the data for future reference and analysis; |
|
|
|
|
|
|
|
|
|
|
(c) |
Protecting the data so that review data are not used inappropriately; and |
|
|
|
|
|
|
|
|
|
|
(d) |
Analyzing the review data; |
|
|
|
|
|
|
|
|
|
7 |
|
Performing verification on the selected work products, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Performing verification of selected work products against their requirements; |
|
|
|
|
|
|
|
|
|
|
(b) |
Recording the results of verification activities; |
|
|
|
|
|
|
|
|
|
|
(c) |
Identifying action items resulting from verification of work products; and |
|
|
|
|
|
|
|
|
|
|
(d) |
Documenting the “as-run” verification method and the deviations from the available methods and procedures discovered during its performance; |
|
|
|
|
|
|
|
|
|
8 |
|
Analyzing the results of verification activities and identifying corrective actions, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Comparing the actual results to expected results; |
|
|
|
|
|
|
|
|
|
|
(b) |
Based on the established verification criteria, identifying solutions or components that have not met their |
A-2-24
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
|
requirements or identifying issues with the methods, procedures, criteria, and verification environment; |
|
|
|
|
|
|
|
|
|
|
(c) |
Analyzing the verification data related to defects; |
|
|
|
|
|
|
|
|
|
|
(d) |
Recording results of the analysis in a report; |
|
|
|
|
|
|
|
|
|
|
(e) |
Using verification results to compare actual measurements and performance to technical performance parameters; |
|
|
|
|
|
|
|
|
|
|
(f) |
Providing information on how defects may be resolved (e.g., verification methods, criteria, and verification environment) and preparing a plan for such resolution; and |
|
|
|
|
|
|
|
|
|
|
(g) |
Confirming that the solution satisfied the verification criteria; |
|
|
2.8.2 |
|
Validation |
|
|
|
The purpose of the “Validation”
process is to demonstrate that a solution or solution-component fulfills its
intended use when placed in its intended environment. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Selecting solutions or components to be validated and the validation methods that will be used for each, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying key principles, features, and phases for solution or component validation throughout the life of the project; |
|
|
|
|
|
|
|
|
|
|
(b) |
Determining which categories of user needs (operational, maintenance, training, or support) are to be validated; |
|
|
|
|
|
|
|
|
|
|
(c) |
Selecting the solution or component to be validated; |
|
|
|
|
|
|
|
|
|
|
(d) |
Selecting the evaluation methods for solution or component validation; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Reviewing the validation selection, constraints, and methods with relevant stakeholders; |
|
|
|
|
|
|
|
|
|
2 |
|
Establishing and maintaining the environment needed for validation, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying validation environment requirements; |
|
|
|
|
|
|
|
|
|
|
(b) |
Identifying internally-supplied items or components; |
|
|
|
|
|
|
|
|
|
|
(c) |
Identifying reuse items; |
|
|
|
|
|
|
|
|
|
|
(d) |
Identifying test equipment and tools; |
|
|
|
|
|
|
|
|
|
|
(e) |
Identifying validation resources that are available for reuse and modification; and |
|
|
|
|
|
|
|
|
|
|
(f) |
Planning the availability of resources in detail; |
|
|
|
|
|
|
|
|
|
3 |
|
Establishing and maintaining procedures and criteria for validation, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Reviewing solution requirements so that issues affecting validation of the solution or component are identified and resolved; |
|
|
|
|
|
|
|
|
|
|
(b) |
Documenting the environment, operational scenario, procedures, inputs, outputs, and criteria for the validation of the selected solution or component; and |
A-2-25
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(c) |
Assessing the design as it matures in the context of the validation environment to identify validation issues; |
|
|
|
|
|
|
|
|
|
4 |
|
Performing validation on the selected solution or component; |
|
|
|
|
|
|
|
|
|
5 |
|
Analyzing the results of the validation activities and identifying issues, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Comparing actual results to expected results; |
|
|
|
|
|
|
|
|
|
|
(b) |
Based on the established validation criteria, identifying solutions and/or components that do not perform suitably in their intended operating environments, or identifying problems with the methods, criteria, and/or environment; |
|
|
|
|
|
|
|
|
|
|
(c) |
Analyzing the validation data for defects; |
|
|
|
|
|
|
|
|
|
|
(d) |
Recording the results of the analysis and identifying issues; |
|
|
|
|
|
|
|
|
|
|
(e) |
Using validation results to compare actual measurements and performance to intended use or operational need; and |
|
|
|
|
|
|
|
|
|
|
(f) |
Confirming that the solution satisfied the validation criteria. |
|
|
2.8.3 |
|
Environment Integration Testing |
|
|
|
The purpose of the “Environment
Integration Testing” process is to perform those activities necessary to
confirm that a solution or solution-component will perform in the proposed
environment. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
apply the solution or solution-component to the appropriate test environment; and |
|
|
|
|
|
|
|
|
|
2 |
|
obtain Equifax concurrence that critical functions are still operable. |
|
|
2.8.4 |
|
Acceptance |
|
|
|
The purpose of the “Acceptance”
process is to perform those activities necessary to confirm that a solution
or solution-component will perform as required to meet the End User and/or
Business Requirements. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Confirming that the solution satisfied the End User acceptance criteria; |
|
|
|
|
|
|
|
|
|
2 |
|
Confirming that the solution documentation is adequate for use by end users and technical users; and |
|
|
|
|
|
|
|
|
|
3 |
|
Confirming that the solution otherwise satisfies the applicable Business Requirements. |
|
|
3 |
|
CONTACT |
|
|
|
|
|
|
|
|
|
3.1 |
|
Service Desk |
|
|
|
|
|
|
|
|
|
3.1.1 |
|
Receipt – Internal and External |
|
|
|
The purpose of the “Receipt” process is to provide the primary point of contact with the IT organization for Internal and External Customers (respectively, “Receipt - Internal” and “Receipt - External”). This process is a key driver for internal and external customer satisfaction. The Receipt Process includes multiple channels (e.g., phone, web, email) for customer requests for information, IMACs, Incidents and Problems, maintains priorty routing of calls in accordance with priority categories established by Equifax and maintains an information link between and among internal and external customers, IT, other parts of Equifax, and third party resources. |
|||
A-2-26
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
The Receipt process includes the following activities: |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Providing a facility for users of the IT Environment to: |
|
|
|
|
|
|
|
|
|
|
(a) |
Report Problems, Incidents and complaints regarding the IT Environment (e.g. non-functioning equipment, system access needs, or other issues with Equipment or Software); |
|
|
|
|
|
|
|
|
|
|
(b) |
Ask questions (i.e., traditional help desk queries); and |
|
|
|
|
|
|
|
|
|
|
(c) |
Submit orders for new or changed IT Services and IT Infrastructure (e.g., IMACs); and |
|
|
|
|
|
|
|
|
|
2 |
|
Collecting from providers of IT Services information regarding resolution status and other IT Services activities that may impact users of the IT Environment; |
|
|
|
|
|
|
|
|
|
3 |
|
Notifying the contacting users (or their designees), either in response to a request received for update or automatically in accordance with policies and procedures, of : |
|
|
|
|
|
|
|
|
|
|
(a) |
When the subject matter of the contact is to be resolved (e.g., Incident or Problem resolution time); |
|
|
|
|
|
|
|
|
|
|
(b) |
The time for which an IMAC or other service request is scheduled for completion; |
|
|
|
|
|
|
|
|
|
|
(c) |
The time for which a new release is planned; |
|
|
|
|
|
|
|
|
|
|
(d) |
Whether a service enhancement request been accepted; |
|
|
|
|
|
|
|
|
|
|
(e) |
Where to get further information on a subject; |
|
|
|
|
|
|
|
|
|
|
(f) |
Information regarding IT systems’ weekend availability; and |
|
|
|
|
|
|
|
|
|
|
(g) |
Information regarding planned and short-term changes to service levels; and |
|
|
|
|
|
|
|
|
|
4 |
|
Confirming closure of Incidents with the contacting users (or their designees). |
|
|
3.1.2 |
|
Resolution |
|
|
|
The purpose of the “Resolution”
process is to resolve Problems, Incidents and questions reported by End
Users. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Making an initial assessment of a request, ; |
|
|
|
|
|
|
|
|
|
2 |
|
Resolving the request or transferring responsibility for the resolution to the appropriate process; |
|
|
|
|
|
|
|
|
|
3 |
|
Coordinating internal and external second-line and third-party support groups, including scheduling and dispatching appropriate technicians; |
|
|
|
|
|
|
|
|
|
4 |
|
Optimizing the performance of IMACs (from both a financial perspective and an End User-disruption perspective) by combining resolution efforts where possible (e.g., coordinating various IMAC Actors for related Elements to the extent possible); |
|
|
|
|
|
|
|
|
|
5 |
|
Managing the request life-cycle, including closure and verification; and |
|
|
|
|
|
|
|
|
|
6 |
|
Obtaining approval for orders submitted to the Service Desk. |
A-2-27
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
3.1.3 |
|
Service Desk Reporting |
|
|
|
The purpose of the “Service Desk
Reporting” process is to produce the reports required to provide Equifax and
other Actors with relevant information regarding the operation and
performance of the IT Environment. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Producing reports required to confirm Service Desk charges and performance with respect to the Service Levels; |
|
|
|
|
|
|
|
|
|
2 |
|
Producing reports, which reports will include: |
|
|
|
|
|
|
|
|
|
|
(a) |
the * reports in the US in accordance with the methodology and process therefore in effect as of the Commencement Date and modified thereafter from time to time; |
|
|
|
|
|
|
|
|
|
|
(b) |
applicable reports set forth in Schedule K; and |
|
|
|
|
|
|
|
|
|
|
(c) |
such other reports as agreed and/or set out in the Procedures Manual; |
|
|
|
|
|
|
|
|
|
3 |
|
Providing ad hoc report reporting capabilities via access to a reporting database and tool; |
|
|
|
|
|
|
|
|
|
4 |
|
Performing communication activities for other IT processes, such as release notification and Change schedule notification; and |
|
|
|
|
|
|
|
|
|
5 |
|
Providing management information and recommendations for service improvement; |
|
|
4 |
|
FULFILL |
|
|
|
|
|
|
|
|
|
4.1 |
|
Acquire |
|
|
|
|
|
|
|
|
|
4.1.1 |
|
Procurement Management |
|
|
|
The purpose of the “Procurement
Management” process is to develop, enter into (or facilitate the execution of
and manage agreements entered into by Equifax as the case may be), and
administer purchasing agreements (including master purchasing agreements and
item-specific agreements under existing master purchasing agreements) and to
use such agreements to fulfill specific acquisition requirements. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Maintaining a knowledge base of the supplier community (e.g., companies, pricing, procurement issues and trends, and new services/products, etc.); |
|
|
|
|
|
|
|
|
|
2 |
|
Negotiating competitive pricing and purchase agreements with third party suppliers, including utilizing existing master agreements; |
|
|
|
|
|
|
|
|
|
3 |
|
Converting negotiated deals into contracts where an existing contract is not utilized; and |
|
|
|
|
|
|
|
|
|
4 |
|
Acquiring from inventory or Third Parties the Equipment, Software and related services required to perform the IT Services, which includes: |
|
|
|
|
|
|
|
|
|
|
(a) |
Receiving orders for Equipment and Software from the Service Desk or other appropriate organization; |
|
|
|
|
|
|
|
|
|
|
(b) |
Querying Warehouse Management to determine whether the items requested by the order are in inventory; |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-2-28
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(c) |
Directing the Distribution process to deliver items that are in inventory; |
|
|
|
|
|
|
|
|
|
|
(d) |
Creating purchase orders f or items that are not in inventory; |
|
|
|
|
|
|
|
|
|
|
(e) |
Tracking the status of each order; |
|
|
|
|
|
|
|
|
|
|
(f) |
Processing order changes; and |
|
|
|
|
|
|
|
|
|
|
(g) |
Reporting to the Service Desk or other appropriate organization of the status of each order. |
|
|
4.2 |
|
Deploy |
|
|
|
|
|
|
|
|
|
4.2.1 |
|
Configuration |
|
|
|
The purpose of the
“Configuration” process is to make an Element compliant with the relevant
standards, and, in the case of non-standard configurations, making them
capable of being used in conjunction with the balance of the IT Environment
to the extent possible. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Performing the Configure process in accordance with the relevant standards, including initially integrating software , hardware and making any operational selections required; |
|
|
|
|
|
|
|
|
|
2 |
|
Documenting the configuration of an element and providing the configuration to Configuration Management; |
|
|
|
|
|
|
|
|
|
3 |
|
Determining the product structure, the selection of configuration options and the documentation of the configuration’s physical and functional characteristics, including interfaces and subsequent changes and the allocation of identification characters or numbers to the elements and their configuration documents, and the unique numbering of configuration control forms associated with changes and Problems; |
|
|
|
|
|
|
|
|
|
4 |
|
Creating, maintaining, and updating the configuration documentation; and |
|
|
|
|
|
|
|
|
|
5 |
|
Controlling changes to configuration items and supporting documents after formally establishing the configuration documents; |
|
|
4.2.2 |
|
IMAC |
|
|
|
The purpose of the “IMAC” process
is to coordinate, manage and execute the installation, movement, addition and
change of Elements. For External
Customer Provided Elements, unless specified otherwise in the Agreement
(including Schedule I), IBM’s obligation as the IMAC Actor does not
apply with respect to those Elements located on External Customer premises. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Receiving IMAC orders from the Service Desk and validating orders for correctness and proper authorization; |
|
|
|
|
|
|
|
|
|
2 |
|
Coordinating and executing the IMAC, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
As appropriate, conducting site surveys and informing the Service Desk of any issues (e.g., physical space limitations/requirements, changes to the cabling infrastructure, etc.); |
|
|
|
|
|
|
|
|
|
|
(b) |
Develop and review, as appropriate, installation plans; |
A-2-29
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(c) |
Coordinating physical space requirements; |
|
|
|
|
|
|
|
|
|
|
(d) |
Coordinating and installing changes to the cabling infrastructure (if applicable); |
|
|
|
|
|
|
|
|
|
|
(e) |
Scheduling and dispatching appropriate technicians; |
|
|
|
|
|
|
|
|
|
|
(f) |
Installing and connecting Elements to the Network (e.g., LANs); |
|
|
|
|
|
|
|
|
|
|
(g) |
Installing Software changes to the initial configuration (including new Software and upgrades to existing Software); |
|
|
|
|
|
|
|
|
|
|
(h) |
As necessary and to the extent possible and in accordance with the Procedures Manual, performing the functions required to copy data from the Element subject to the IMAC, including notifying End Users of self-service data restoration procedures (e.g., copying files between a hard drive and a file server); |
|
|
|
|
|
|
|
|
|
|
(i) |
Performing changes to initial configurations of Elements; |
|
|
|
|
|
|
|
|
|
|
(j) |
Setting up security, file access and other administrative procedures required as a result of IMACs; and |
|
|
|
|
|
|
|
|
|
|
(k) |
In accordance with applicable Standards, tagging or loading each physical Element with a bar-code label or similar device for purposes of identification and tracking or (as an alternative to tagging) using a unique existing identifier (e.g., serial number) to track the Element; |
|
|
|
|
|
|
|
|
|
3 |
|
Confirming compatibility of any replacement Element or existing Element that has been repaired, reconfigured or otherwise modified with production environment; |
|
|
|
|
|
|
|
|
|
4 |
|
Tracking and logging IMAC activity, including tracking the IMAC orders from initiation to completion, and submitting the same to the Service Desk; |
|
|
|
|
|
|
|
|
|
5 |
|
Providing the necessary technical support to complete the IMAC; |
|
|
|
|
|
|
|
|
|
6 |
|
Performing installation testing and providing and executing appropriate back-out procedures; |
|
|
|
|
|
|
|
|
|
7 |
|
Performing such that the End User’s operational capabilities are not adversely impacted as a consequence of the IMAC; |
|
|
|
|
|
|
|
|
|
8 |
|
Pursuant to established procedures, sending to inventory, or identifying for Disposal, Elements removed as a result of the IMAC after backing up or otherwise preserving data included thereon, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
purging applicable storage media (either fixed or removable) to remove data and Software from Elements identified for Disposal and placing the Elements in the designated storage or pick-up location for removal by the Disposal Actor; |
|
|
|
|
|
|
|
|
|
|
(b) |
if Elements are to be redeployed, upgrading such Equipment in accordance with relevant policies and procedures and placing the Elements in the designated inventory location; and |
|
|
|
|
|
|
|
|
|
|
(c) |
with respect to Elements coming off lease, taking such steps as are necessary to return such leased Elements to leassors in accordance with leassor guidelines; |
A-2-30
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
9 |
|
Notifying the Service Desk or other appropriate organization of the completion of IMACs; and |
|
|
|
|
|
|
|
|
|
10 |
Updating the asset management records to reflect the disposition of Elements. |
|
|
|
4.2.3 |
|
Disposal |
|
|
|
The purpose of the “Disposal” process is to remove from the premises and dispose of de-installed Elements that have been identified for disposal. |
|||
|
|
4.3 |
|
Maintain |
|
|
|
|
|
|
|
|
|
4.3.1 |
|
Scheduled Maintenance |
|
|
|
The purpose of the “Scheduled
Maintenance” process is to perform the activities necessary to maintain
Elements so that they are in good operating condition and operate in
accordance with their specifications. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Scheduling maintenance windows; |
|
|
|
|
|
|
|
|
|
2 |
|
Performing maintenance activities on Elements in accordance with the applicable Element manufacturer’s or Application Maintenance Actor’s recommendations, including for Software Elements applying Application Maintenance Actor-provided patches, fixes and other maintenance releases (“Service Packs”) and assessing the impact of Service Packs on customizations, interfaces, other Software, and production operations; |
|
|
|
|
|
|
|
|
|
3 |
|
Managing the third party service providers that provide maintenance support for Elements; and |
|
|
|
|
|
|
|
|
|
4 |
|
Updating the applicable configuration documentation to reflect any configuration changes. |
|
|
4.3.2 |
|
Repair |
|
|
|
The purpose of the “Repair”
process is to perform break-fix and correct Problems associated with Element
failure or maintenance. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Dispatching repair teams as instructed by the Service Desk; |
|
|
|
|
|
|
|
|
|
2 |
|
Performing a root cause analysis for the purpose of identifying appropriate repair activities; |
|
|
|
|
|
|
|
|
|
3 |
|
Repairing Equipment Elements that are no longer functioning as required, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Identifying the nature of repair needed; |
|
|
|
|
|
|
|
|
|
|
(b) |
Maintaining spare Elements or Element components as necessary to meet the Service Levels; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Subject to approval processes set out in the Procedures Manual, replacing an Element (or a component of an Element) if such element (or component) cannot be successfully repaired, which may be accomplished through the IMAC process; |
|
|
|
|
|
|
|
|
|
4 |
|
Repairing Software Elements that are no longer functioning as required, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Reviewing and determining the applicability of available Service Packs available from the Application Maintenance Actor and assessing the impact of Service Packs on customizations, interfaces, other Software, and production operations and applying the Service Packs as appropriate; |
A-2-31
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(b) |
Determining if there are changes to existing functionality (or customized functionality) as a result of a Service Packs; and |
|
|
|
|
|
|
|
|
|
|
(c) |
Assisting End Users in developing new operational procedures when affected by Service Packs. |
|
|
|
|
|
|
|
|
|
5 |
|
To the extent possible and in accordance with the Procedures Manual, performing the functions required to copy data from a malfunctioning Element to the replacement Element, including notifying End Users of self-service data restoration procedures (e.g., copying files between a hard drive and a file server); |
|
|
|
|
|
|
|
|
|
6 |
|
Updating the applicable configuration documentation to reflect any configuration changes; and |
|
|
|
|
|
|
|
|
|
7 |
|
Submitting Problem resolution status to the Service Desk. |
|
|
5 |
|
OPERATE |
|
|
|
|
|
|
|
|
|
5.1 |
|
Server Operations |
|
|
|
|
|
|
|
|
|
5.1.1 |
|
Schedule Operations |
|
|
|
The purpose of the
“Schedule Operations” process is to develop and maintain a
schedule for Software and services being run on Server Elements (e.g.,
production control) in response to criteria provided by the relevant Actors
with respect to such Software and services (including
dependencies and business priorities. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Developing overall processing schedules and running and monitoring such processing pursuant to such schedules and resolving scheduling conflicts; |
|
|
|
|
|
|
|
|
|
2 |
|
Identifying job dependencies and establishing priorities for batch job and report distribution schedules; |
|
|
|
|
|
|
|
|
|
3 |
|
Developing and distributing schedules prior to implementation and providing schedule status updates; |
|
|
|
|
|
|
|
|
|
4 |
|
Implementing changes to processing on a one-time or recurring basis as requested, including requests in the form of special operating instructions and change request authorizations; and |
|
|
|
|
|
|
|
|
|
5 |
|
Proactively preparing for processing deadlines to meet business requirements, including contacting External Customers to agree production scheduling requirements during UK Bank Holidays period and submitting such requirements to Equifax for approval prior to imlplementation. |
|
|
5.1.2 |
|
Computer Operations |
|
|
|
The purpose of the “Computer
Operations” process is to perform the functions necessary for the operation
of Server Elements. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Providing the required production, development, quality assurance and training environments, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Making online Software for such environments available for access during scheduled hours; and |
|
|
|
|
|
|
|
|
|
|
(b) |
Making online regions or processes available and operating properly; and |
A-2-32
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(c) |
Resolving abnormal terminations and recovering from errors, including recovering production systems and performing such functions as are necessary to reinstate service to the business (e.g., re-running jobs); |
|
|
|
|
|
|
|
|
|
2 |
|
Assisting with the introduction of new systems, platforms and Software in a controlled manner by: |
|
|
|
|
|
|
|
|
|
|
(a) |
Communicating with Platform Engineering, Application Engineering and/or Applications Maintenance, as appropriate, Change Management and Release Management Actors regarding the change; |
|
|
|
|
|
|
|
|
|
|
(b) |
Facilitating the orderly turnover of systems, platforms and Software; |
|
|
|
|
|
|
|
|
|
|
(c) |
Enforcing documentation standards; |
|
|
|
|
|
|
|
|
|
|
(d) |
Informing appropriate staff of the changes to the environment; and |
|
|
|
|
|
|
|
|
|
|
(e) |
Providing coordination of the implementation, integration, testing and acceptance of the new systems, platforms and Software; |
|
|
|
|
|
|
|
|
|
3 |
|
Maintaining production, development, quality assurance and training environments at the required release levels; |
|
|
|
|
|
|
|
|
|
4 |
|
Initiating and executing on-line and batch Software, including scheduled, unscheduled and on-request Software delivery functions and End User initiated processing; |
|
|
|
|
|
|
|
|
|
5 |
|
Terminating Software that is not performing in an expected manner; |
|
|
|
|
|
|
|
|
|
6 |
|
Completing processing within scheduled time periods; |
|
|
|
|
|
|
|
|
|
7 |
|
Issuing operator commands using designated tools; |
|
|
|
|
|
|
|
|
|
8 |
|
Developing and documenting automated console operations procedures; |
|
|
|
|
|
|
|
|
|
9 |
|
Logging off End Users in accordance with developed procedures; |
|
|
|
|
|
|
|
|
|
10 |
Initiating and terminating utilities in accordance with developed procedures; |
|
|
|
|
|
|
|
|
|
|
11 |
Canceling OLTP and OLAP transactions in accordance with developed procedures; |
|
|
|
|
|
|
|
|
|
|
12 |
Maintaining and updating the operational documentation for operations procedures and services, Software procedures that affect operations, and End-User procedures that affect operations; |
|
|
|
|
|
|
|
|
|
|
13 |
Transmitting and receiving information to and from outside organizations; |
|
|
|
|
|
|
|
|
|
|
14 |
Operating master console functions, including responding to program requests for intervention; |
|
|
|
|
|
|
|
|
|
|
15 |
Performing computer shutdowns and restarts as required, and executing customary server utility functions; and |
|
|
|
|
|
|
|
|
|
|
16 |
Using available tools to repair contaminated data and perform data recovery and back-outs. |
|
|
|
5.1.3 |
|
Media Operations |
|
|
|
The purpose of the “Media
Operations” process is the management of the media providing input to and
producing output from Server Element peripherals, including tapes, optical
disks and printers. |
|||
A-2-33
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
1 |
|
Checking job outputs and print queues; changing print priorities; taking printers and terminals in and out of service; and displaying, starting, spooling and draining printers; |
|
|
|
|
|
|
|
|
|
2 |
|
Monitoring the printing performance and taking remedial action where required to meet printing performance objectives, including control of print queues, queue capacity and print request prioritization; |
|
|
|
|
|
|
|
|
|
3 |
|
Initiating and completing media mounts; |
|
|
|
|
|
|
|
|
|
4 |
|
Executing off-site media storage processes, including: logging and tracking of media on- and off-site, compliance with physical specifications, retention periods, required rotation of media and security, packaging and transportation of media (and/or electronic transmission of information and data) to and from storage and remote computer recovery centers; |
|
|
|
|
|
|
|
|
|
5 |
|
In accordance with the Procedures Manual, cycling/rotating media to meet media retention periods (including for auditing purposes); |
|
|
|
|
|
|
|
|
|
6 |
|
Notifying the media storage provider when it is time to return media; |
|
|
|
|
|
|
|
|
|
7 |
|
Maintaining the media library system and monitoring media for reliability; |
|
|
|
|
|
|
|
|
|
8 |
|
Archiving “Old” media and implementing and executing programs to revitalize archived media as requested; |
|
|
|
|
|
|
|
|
|
9 |
|
Initializing new media and obtaining through the Procurement Management process media inventories as required to fulfill operational needs; |
|
|
|
|
|
|
|
|
|
10 |
Monitoring and reporting media utilization; |
|
|
|
|
|
|
|
|
|
|
11 |
Periodically testing retrieval and restoration capabilities (e.g., retrieving a randomly selected data file as a test and verifying that the data can be restored in a usable fashion); |
|
|
|
|
|
|
|
|
|
|
12 |
Separate, package, label and track printed output; |
|
|
|
|
|
|
|
|
|
|
13 |
Deliver printed output to the local distribution system co-located with the print facilities or transmit electronic print files to remote sites; |
|
|
|
|
|
|
|
|
|
|
14 |
Assist the Equifax output distribution personnel to find, trace or replace lost or missing printed output; and |
|
|
|
|
|
|
|
|
|
|
15 |
Execute reruns of jobs to recreate lost or mislaid output as requested by Equifax. |
|
|
|
5.1.4 |
|
Monitor Operations |
|
|
|
The purpose of the “Monitor
Operations” process is to monitor and report on the operation of the Server
Elements. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Performing Element functional and performance monitoring (including monitoring of related manual processes) to verify operational compliance with service objectives and initiate remedial actions |
|
|
|
|
|
|
|
|
|
2 |
|
Detecting Incidents related to operations functions; |
|
|
|
|
|
|
|
|
|
3 |
|
Responding to Service Desk requests; |
A-2-34
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
4 |
|
Monitoring alarm systems and environmental controls; |
|
|
|
|
|
|
|
|
|
5 |
|
Monitoring performance of systems and transactions; and |
|
|
|
|
|
|
|
|
|
6 |
|
Responding to errors within Software, including notifying the appropriate Actors (including Service Desk and/or Applications Maintenance) of Incidents. |
|
|
5.1.5 |
|
Physical Database Administration |
|
|
|
The purpose of the “Physical
Database Administration” process is the management of data including but not
limited to data contained in files and databases managed by database
management systems. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Plan for and change the size of databases caused by changes in business volume, the addition or retirement of new Software, or Software capabilities; |
|
|
|
|
|
|
|
|
|
2 |
|
Monitor database and file performance and space utilization; |
|
|
|
|
|
|
|
|
|
3 |
|
Implement changes to improve database and file access performance; |
|
|
|
|
|
|
|
|
|
4 |
|
Design, implement and maintain database and file archive processes to provide data integrity and meet Equifax’s business and regulatory compliance requirements as directed by Equifax; |
|
|
|
|
|
|
|
|
|
5 |
|
Recover damaged or corrupted databases and files; |
|
|
|
|
|
|
|
|
|
6 |
|
Maintain physical database definitions; |
|
|
|
|
|
|
|
|
|
7 |
|
Implement, test and promote into production database structural changes; |
|
|
|
|
|
|
|
|
|
8 |
|
Reorganize databases to meet performance, reliability and Software requirements; |
|
|
|
|
|
|
|
|
|
9 |
|
Copy, move and update database contents to meet the needs of Software Development and Maintenance activities; and |
|
|
|
|
|
|
|
|
|
10 |
Diagnose and repair damage to databases and files. |
|
|
|
5.1.6 |
|
Media Fulfillment |
|
|
|
The purpose of the “Media
Fulfillment” process is to receive and process data received from other
parties on various forms of removable media. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Accepting machine information readable data from customers and information providers; |
|
|
|
|
|
|
|
|
|
2 |
|
Executing programs which cause the data to be retrieved from the supplied media and stored on an Equifax operated computer; and |
|
|
|
|
|
|
|
|
|
3 |
|
Verifying the accuracy of, and correctness of format of, the data and transmiting it to an Application Server for processing and updating of application database(s); and |
|
|
|
|
|
|
|
|
|
4 |
|
Preparing printed reports and recorded data materials in a manner suitable for use by customers and information providers and packaging these materials for distribution. |
A-2-35
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
5.2 |
|
Network Operations |
|
|
|
|
|
|
|
|
|
5.2.1 |
|
Communications Operations |
|
|
|
The purpose of the
“Communications Operations” process is to operate the Elements that deliver
communications services (collectively, the “Network”). |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Executing the activities necessary to replace or circumvent failed Elements, including by: |
|
|
|
|
|
|
|
|
|
|
(a) |
Employing available alternative routing and back-up facilities; |
|
|
|
|
|
|
|
|
|
|
(b) |
Troubleshooting and executing diagnostic tests |
|
|
|
|
|
|
|
|
|
|
(c) |
Providing requested diagnostic information to other suppliers and managing the performance of such suppliers; and |
|
|
|
|
|
|
|
|
|
|
(d) |
Activating available back-up equipment for failed data terminal equipment if required to remedy such failure. |
|
|
5.2.2 |
|
Monitor Network Operations |
|
|
|
The purpose of the “Monitor
Network Operations” process is to monitor and report on the operations of the
Network. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Monitoring, managing and evaluating the principal performance indicators of Network operation, including circuit quality and utilization, in order to verify service levels, identify bottlenecks, and report on trends for decision making and planning; |
|
|
|
|
|
|
|
|
|
2 |
|
Proactively (if permitted and technically possible) and/or reactively monitoring the Network for service degradation, including detection, isolation, diagnosis and correction of Problems and initiating corrective action when degradation is identified; |
|
|
|
|
|
|
|
|
|
3 |
|
Reporting Network outages to the appropriate vendor and tracking and escalating as required for timely resolution; |
|
|
|
|
|
|
|
|
|
4 |
|
Toll fraud monitoring and management activities designed to reduce the risks of toll fraud to the Equifax Group; and |
|
|
|
|
|
|
|
|
|
5 |
|
Providing reports on the status of the Network, which reports will be agreed and/or set out in the Procedures Manual. |
|
|
5.3 |
|
Service Support |
|
|
|
|
|
|
|
|
|
5.3.1 |
|
Incident Management |
|
|
|
The purpose of the “Incident
Management” process is to
restore normal IT Infrastructure operation and IT Services as quickly as
possible in response to Incidents, and to minimise the adverse impact on
business operations of Incidents, thus ensuring that the required levels of
service quality and availability are maintained. “Incident” means an event which causes or
may cause interruption to or a reduction in the quality of service delivered
to, though or by an Element. |
|||
A-2-36
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
1 |
|
Detecting Incidents (including as reported to the Service Desk); |
|
|
|
|
|
|
|
|
|
2 |
|
Recording Incident details and updating knowledge management systems; |
|
|
|
|
|
|
|
|
|
3 |
|
Providing notification of the Incident (including details of Incident and impact analysis) to appropriate personnel; |
|
|
|
|
|
|
|
|
|
4 |
|
Assigning a Severity Level to each Incident; |
|
|
|
|
|
|
|
|
|
5 |
|
Matching each Incident against Known Errors and Problems; informing Problem Management of the existence of new Problems and of unmatched or multiple Incidents; |
|
|
|
|
|
|
|
|
|
6 |
|
Minimizing the adverse impact of the Incident on business operations but leading the effort to take corrective action |
|
|
|
|
|
|
|
|
|
7 |
|
Closing Incidents or routing to a specialist support group (creating service request); |
|
|
|
|
|
|
|
|
|
8 |
|
Investigating and diagnosing Incidents; |
|
|
|
|
|
|
|
|
|
9 |
|
Identifying End User training and education needs and notifying the appropriate Training Process Actor; |
|
|
|
|
|
|
|
|
|
10 |
Resolving and recovering from Incidents, including restoring service following an Incident; |
|
|
|
|
|
|
|
|
|
|
11 |
Confirming Incident closure; |
|
|
|
|
|
|
|
|
|
|
12 |
Participating in regular Incident Management reviews; and |
|
|
|
|
|
|
|
|
|
|
13 |
Defining, maintaining and following an Incident escalation and notification procedure, which specifies individuals authorized to escalate unresolved Incidents. |
|
|
|
5.3.2 |
|
Problem Management |
|
|
|
The purpose of the “Problem
Management” process is to
proactively and reactively minimise the adverse impact of Incidents and
Problems on business operations (as appropriate based on the severity and
nature of such Incidents and Problems), and to prevent recurrence of
Incidents related to Problems. “Problem”
means an underlying cause of one or more Incidents, which may include defects
related to or arising from the IT Infrastructure, the IT Services, human
errors and external events. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Identifying the existence of Problems, including as a result of the Incident Management Process; |
|
|
|
|
|
|
|
|
|
2 |
|
Classifying Problems in terms of their adverse impact on the business; |
|
|
|
|
|
|
|
|
|
3 |
|
Minimizing the adverse impact of Problems on the business; |
|
|
|
|
|
|
|
|
|
4 |
|
Resolving Problems, including providing or dispatching support specialists to perform on-site troubleshooting and maintenance response as necessary to assess and resolve problems; |
|
|
|
|
|
|
|
|
|
5 |
|
Identifying the root cause of Problems (including performing formal root cause analysis as appropriate based on the severity of the Problem) and initiating actions to improve or correct the situation; |
|
|
|
|
|
|
|
|
|
6 |
|
Identifying actions and/or potential areas of change to prevent the recurrence of Incidents related to identified |
A-2-37
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
|
Problems, including through performing historical Problem trend analysis; |
|
|
|
|
|
|
|
|
|
7 |
|
Developing and maintaining recovery procedures to be followed when a Problem occurs, as well as determine the roles and responsibilities of other parties necessary for resolution; |
|
|
|
|
|
|
|
|
|
8 |
|
Defining, maintaining, and adhering to a Problem escalation, response and notification procedure; and |
|
|
|
|
|
|
|
|
|
9 |
|
Communicating the existence and nature of any workarounds and/or circumventions necessary to eliminate or reduce the adverse effects of the Problem while a more permanent solution is developed. |
|
|
5.3.3 |
|
Configuration Management |
|
|
|
The purpose of the “Configuration
Management” process is to create, and verify the completeness and correctness
of, the configuration records of the Elements and their components
(“Configuration Items” or “CIs”), including relationships between Configuration Items, and to provide accurate
information regarding the same to support other Processes, including Incident
Management, Problem Management, Change Management, and Release
Management. CIs may vary widely in complexity, size and type - from
an entire system (including hardware, software and documentation) to a single
module or a minor hardware component. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Identifying Configuration Items and configurations of the same, including as part of the Transition; |
|
|
|
|
|
|
|
|
|
2 |
|
Recording details of the Configuration Items and their configurations, and relationships between and among Configuration Items, in a Configuration Management database (except with respect to those Configuration Items that will be removed from the IT Environment during Transition and therefore do not need to be included in the Configuration Management database); |
|
|
|
|
|
|
|
|
|
3 |
|
Performing audits of Elements, which will be used to define and check for particular software signatures, monitor the use of Software, and check the presence and version of Software present on a particular non-Software Element (or component thereof); |
|
|
|
|
|
|
|
|
|
4 |
|
Publishing configuration status reports that include baselines, histories, and current status for each Configuration Item in the Configuration Management database; |
|
|
|
|
|
|
|
|
|
5 |
|
Conducting regular configuration audits, especially following major changes to the IT Infrastructure and prior to the introduction of new Software; |
|
|
|
|
|
|
|
|
|
6 |
|
Developing, implementing and maintaining configuration management tools that facilitate effective deployment and re-use of Configuration Item; |
|
|
|
|
|
|
|
|
|
7 |
|
Managing, maintaining and making available for review a current configuration inventory of the Configuration Items; and |
|
|
|
|
|
|
|
|
|
8 |
|
Producing periodic reports and responding to queries and requests concerning Equifax’s IT Infrastructure configuration and asset information regarding Elements. |
|
|
5.3.4 |
|
Change Management |
|
|
|
The purpose of the “Change Management” process is to control Changes to the IT Environment in a controlled manner with minimum disruption. Activities covers from receipt of the request for Change, to assessment, to scheduling, to |
|||
A-2-38
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
implementing,
and finally to the review. The Change
Management process produces approval (or otherwise) for any proposed Change. “Change” means the addition, modification
or removal of any aspect of the IT Environment. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Developing and maintaining Change Management documentation (e.g., within the Procedures Manual), which will define the Change Management procedures; |
|
|
|
|
|
|
|
|
|
2 |
|
Receiving/initiating and recording a request for a Change; |
|
|
|
|
|
|
|
|
|
3 |
|
Assessing the requested Change; |
|
|
|
|
|
|
|
|
|
4 |
|
Identifying impractical or unnecessary requests for Change and providing feedback to issuers; |
|
|
|
|
|
|
|
|
|
5 |
|
Classifying/prioritizing requests for Change by assessing the risk, cost to Equifax and impact (including possible security impact) of Changes; |
|
|
|
|
|
|
|
|
|
6 |
|
Developing and maintaining Change plans with input from affected parties (e.g., Business Units, Applications and other suppliers), and obtaining the required approval for Changes pursuant to the Procedures Manual; |
|
|
|
|
|
|
|
|
|
7 |
|
Coordinate the building and testing of Changes, including coordinating input and support from Application Engineering and/or Maintenance Actors and End Users as appropriate; |
|
|
|
|
|
|
|
|
|
8 |
|
Scheduling Changes; |
|
|
|
|
|
|
|
|
|
9 |
|
Performing quality control, including back out procedures, and complying with requests for post-implementation reviews when problems occur during a Change; |
|
|
|
|
|
|
|
|
|
10 |
Registering completed Changes and closing requests for Change; and |
|
|
|
|
|
|
|
|
|
|
11 |
Reviewing (on a post-implementation basis) the requests for Change and verifying that Changes meet objectives and do not have negative impacts. |
|
|
|
5.3.5 |
|
Release Management |
|
|
|
The purpose of the “Release
Management” process is to plan,
prepare and schedule Releases. “Release” means a collection of new
and/or changed Configuration Items, which are tested and introduced into the
production environment together. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Monitoring patches and fixes for Software issued by third-party vendors; |
|
|
|
|
|
|
|
|
|
2 |
|
Coordinating and implementing roll-outs, upgrades and new releases of Configuration Items; |
|
|
|
|
|
|
|
|
|
3 |
|
Coordinating any testing, scheduling, or systems integration of these Configuration Items; |
|
|
|
|
|
|
|
|
|
4 |
|
Providing implementation notification prior to delivery of a new release; |
|
|
|
|
|
|
|
|
|
5 |
|
Obtaining from Change Management the required approval for the release; |
|
|
|
|
|
|
|
|
|
6 |
|
Distributing and installing the release; |
A-2-39
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
7 |
|
Verifying the operation of the Configuration Items after roll-out and providing proper back-out procedures. |
|
|
|
|
|
|
|
|
|
8 |
|
Providing appropriate information and documentation for any new, enhanced or modified Configuration Items installed; |
|
|
|
|
|
|
|
|
|
9 |
|
Performing such other non-programming functions as are required to implement the release, including executing utilities in support of the release; and |
|
|
|
|
|
|
|
|
|
10 |
Cataloging and archiving the release. |
|
|
|
5.4 |
|
Service Delivery |
|
|
|
|
|
|
|
|
|
5.4.1 |
|
Capacity Management |
|
|
|
The purpose of the “Capacity
Management” process is to perform the functions necessary to monitor resource
requirements and plan for any resource adjustments required to accommodate
changes in usage or other modifications to the IT environment. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Monitoring and measuring the availability and utilization of capacity of finite resources; |
|
|
|
|
|
|
|
|
|
2 |
|
Tracking performance of operational IT Services, including confirming that collected data is recorded, analyzed, and reported; |
|
|
|
|
|
|
|
|
|
3 |
|
Providing both reactive capacity management (e.g., identifying to Applications Development and Applications Maintenance organizations capacity and capacity-related performance issues) and proactive capacity management (e.g., assessing risk and potential impact on capacity requirements of Software and providing advice regarding the same); |
|
|
|
|
|
|
|
|
|
4 |
|
Interacting with Applications Development and Applications Maintenance organizations to evaluate the impact of application changes on capacity; |
|
|
|
|
|
|
|
|
|
5 |
|
Managing system resources so that the IT Services they support meet the requirements of Equifax’s business; |
|
|
|
|
|
|
|
|
|
6 |
|
Managing current workload and providing forecasting of the expectation of the future capacity needs; and |
|
|
|
|
|
|
|
|
|
7 |
|
Forecasting processing requirements and other IT Services requirements; |
|
|
|
|
|
|
|
|
|
8 |
|
Considering and planning for future requirements of Equifax’s business (as identified by Equifax) for IT Services. |
|
|
5.4.2 |
|
Availability Management |
|
|
|
The purpose of the “Availability
Management” process is to consider the design, implementation, measurement
and management of those aspects of the IT Infrastructure and supporting
organizations (including other Actors) that may impact availability so that
business requirements for availability are consistently met. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Determining availability requirements by collecting input from the Service Level Management organization; |
|
|
|
|
|
|
|
|
|
2 |
|
Determining vital business functions by collecting input from the Service Continuity Management organization; |
A-2-40
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
3 |
|
Analyzing the impact on the business (where the relevant business information is available) of potential increases and decreases in availability of the IT infrastructure; |
|
|
|
|
|
|
|
|
|
4 |
|
Defining availability objectives (other than Service Levels); |
|
|
|
|
|
|
|
|
|
5 |
|
Monitoring availability (where permitted and technically feasible) and conducting trend analysis; |
|
|
|
|
|
|
|
|
|
6 |
|
Reviewing and auditing scheduled downtime and unscheduled downtime; and |
|
|
|
|
|
|
|
|
|
7 |
|
Conducting root cause analysis of low availability in conjunction with the Problem Management Actor. |
|
|
5.4.3 |
|
Service Level Management |
|
|
|
The purpose of the “Service Level
Management” process is to monitor and report on applicable service levels and
assist Equifax with the development of service levels relating to the IT
Environment (“SLAs”). |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Providing technical support to Equifax in planning, coordinating, drafting and negotiating SLAs with Business Units, other delivery Actors and third parties who are recipients of, or who provide a constituent part of and for whom Equifax has financial responsibility, the IT Services; |
|
|
|
|
|
|
|
|
|
2 |
|
Measuring and reporting actual performance against SLAs between Equifax and the Service Level Management Actor; |
|
|
|
|
|
|
|
|
|
3 |
|
Conducting ongoing reviews of actual service achievements so that the required and cost-justifiable service quality is maintained or where necessary improved; and |
|
|
|
|
|
|
|
|
|
4 |
|
Adjusting services as necessary to comply with SLAs. |
|
|
5.5 |
|
Security Management |
|
|
|
|
|
|
|
|
|
5.5.1 |
|
Security Policy Development |
|
|
|
The purpose of the “Security
Policy Development” process is to develop and document Equifax’s high level
policies and strategies related to security. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Identifying guiding principles and enterprise level drivers (e.g., legal, industrial, environmental and corporate drivers) that impact Equifax’s security decisions; |
|
|
|
|
|
|
|
|
|
2 |
|
Balancing the various drivers to create an enterprise-level security policy; and |
|
|
|
|
|
|
|
|
|
3 |
|
Providing the Security Policy to the Security Architecture Development and Standards Processes Actors. |
|
|
5.5.2 |
|
Security Implementation |
|
|
|
The purpose of the “Security
Implementation” process is to implement the mechanisms and devices necessary
to comply with the Security Policy and Standards. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Developing specific security models to implement the Security Policy and Standards; |
A-2-41
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
2 |
|
Implementing security mechanisms, including the development and deployment of security rules to be used in conjunction with security devices and software; and |
|
|
|
|
|
|
|
|
|
3 |
|
Implementing security devices and Software, including configuration and maintenance of security devices and Software. |
|
|
5.5.3 |
|
Security Enforcement |
|
|
|
The purpose of the “Security
Enforcement” process is to manage the IT Infrastructure and IT Services
compliance with the Security Policy and Standards. With respect to Equifax Owned Applications Software, the
performance of this Process is subject to Equifax making available to the
designated Actor any necessary monitoring, alerting and logging capabilities |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Monitoring for, handling and registering security-related Incidents (including viruses, intrusion and hacking (e.g. *) in accordance with security management procedures; |
|
|
|
|
|
|
|
|
|
2 |
|
Enforcing security standards, including the deployment of anti-virus protection and testing for vulnerabilities and misuse of the IT Infrastructure (as defined in the Security Policies and Standards) and reporting detected viruses, vulnerabilities and misuse to the Problem Management process; |
|
|
|
|
|
|
|
|
|
3 |
|
Notifying the Service Level Management Process Actors on security issues related to Service Levels; |
|
|
|
|
|
|
|
|
|
4 |
|
Storing historical data and performing periodic and as needed trend analysis; and |
|
|
|
|
|
|
|
|
|
5 |
|
Updating the security management procedures, in conjunction with Change Management, to reflect new policies and issues. |
|
|
5.5.4 |
|
Credentials Management |
|
|
|
The purpose of the “Credentials Management” process is to authorize the granting of (including issuance, replacement and revocation) security credentials and access entitlements, individual access authentication and authorization credentials, by the Security Administration for the IT Environment in compliance with the Security Policy and Standards. |
|||
|
|
5.5.5 |
|
Security Administration |
|
|
|
The purpose of the “Security
Administration” process is to administer the granting of security credentials
and access. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Issuing, replacing and revoking individual access and authentication and authorization credentials as directed by the Credentials Management Actor (which may be through the establishment of profiles, customer attribute tables or the like); |
|
|
|
|
|
|
|
|
|
2 |
|
Performing password resets at the request of a verified authorized users when a tool or facility exists to perform such resets in a manner that protects the authorization credentials from view by password reset personnel (e.g., using a “shared secret”) or through use of a “one-time” password. This activity shall be deemed “Not Applicable” with respect to any Element for which such a tool or facility does not exist; |
|
|
|
|
|
|
|
|
|
3 |
|
Notifying users of changes to their access and authentication and authorization credentials; |
|
|
|
|
|
|
|
|
|
4 |
|
Screening system files for inactive accounts and problem (e.g., weak) passwords using available tools and system scripts and researching to validate screening results; and |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-2-42
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
5 |
|
Periodic reporting to the Credentials Management Actor regarding changes to security credentials and access, inactive accounts and other relevant issues. |
|
|
5.5.6 |
|
Password Reset - External Customer |
|
|
|
The purpose of the “Password Reset - External Customer” process is to perform password resets at the request of authorized External Customers when a tool or facility exists to perform such resets without requiring system administrator level priviledges. |
|||
|
|
5.6 |
|
Logistics |
|
|
|
|
|
|
|
|
|
5.6.1 |
|
Warehouse Management |
|
|
|
The purpose of the “Warehouse
Management” process is to perform the functions necessary to operate, track
and maintain inventories of Spares and Spare parts. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Providing physical storage; and |
|
|
|
|
|
|
|
|
|
2 |
|
Maintaining secure storage facilities for surplus, redeployable Spares, Spare parts and Software. |
|
|
5.6.2 |
|
Distribution |
|
|
|
The purpose of the “Distribution” process is to move Spares and Spare Parts from the physical storage location to the locations where they are required for use and return unused or surplus Spares and Spare Parts to the physical storage location. |
|||
|
|
6 |
|
ADVISE |
|
|
|
|
|
|
|
|
|
6.1 |
|
Advisory Services |
|
|
|
|
|
|
|
|
|
6.1.1 |
|
Consulting |
|
|
|
The purpose of the “Consulting”
process is to advise Equifax on approaches to take advantage of opportunities
for quality improvements *, and increased efficiencies within the IT
Environment. Consultants are able to
offer such assistance to an enterprise in many different ways, all of which
are designed to positively affect the operational and/or financial
performance of the IT Environment and Equifax in general. Consulting looks beyond the existing day
to day operations of the IT Environment and maps a vision for an improved
operation that will provide Equifax with some type of competitive advantage. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Assisting Equifax in developing its technology strategy, direction, and architecture; |
|
|
|
|
|
|
|
|
|
2 |
|
Providing input for Equifax’s * and * IT budgets; |
|
|
|
|
|
|
|
|
|
3 |
|
Conducting evaluations of Equifax existing technologies (both hardware and software) and proposing new and different technologies to achieve the same or improved functionality while improving service * performance; |
|
|
|
|
|
|
|
|
|
4 |
|
Analyzing Equifax’s current business processes and proposing more cost-effective and efficient ways of executing such processes, including increased use of * and * mechanisms; |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-2-43
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
5 |
|
Analyzing anticipated or potential changes in Equifax’s IT needs and proposing new technologies to address such changing business requirements; |
|
|
|
|
|
|
|
|
|
6 |
|
Analyzing and planning for changes in Equifax’s required IT capacity or configuration while providing overall integration and compatibility of systems and equipment; |
|
|
|
|
|
|
|
|
|
7 |
|
Analyzing Equifax’s current technology requirements to assist the procurement of additional quantities of such hardware and software. |
|
|
|
|
|
|
|
|
|
8 |
|
Researching new technologies and leveraging such knowledge to assist Equifax’s procurement of new technologies; and |
|
|
|
|
|
|
|
|
|
9 |
|
Sharing industry knowledge and expertise regarding Equifax’s existing technologies and those technologies proposed for future implementation. |
|
|
7 |
|
MANAGE |
|
|
|
|
|
|
|
|
|
7.1 |
|
Programs |
|
* |
|
|
|
|
|
|
|
7.1.1 |
|
Program Management |
|
|
|
The purpose of the “Program
Management” process is to serve as the single point of accountability for
change (e.g., projects) and issues related to the IT Environment, including
allocating resources, establishing priorities and performing oversight of
project proposals and implementations. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Working with designated representatives to manage and deliver the IT Environment; |
|
|
|
|
|
|
|
|
|
2 |
|
Serving as the central point of contact for delivery related issues; |
|
|
|
|
|
|
|
|
|
3 |
|
Serving as the principal point of communications between Actors involved in delivering the IT Environment; |
|
|
|
|
|
|
|
|
|
4 |
|
Coordinating individual projects along a critical path; |
|
|
|
|
|
|
|
|
|
5 |
|
Prioritizing projects; |
|
|
|
|
|
|
|
|
|
6 |
|
Developing business cases required for new projects, including, for each business case, cost/benefit analysis, allocation of responsibilities, timelines, deliverables and budgets; |
|
|
|
|
|
|
|
|
|
7 |
|
Incorporating change management and communications management best practices so that projects succeed; |
|
|
|
|
|
|
|
|
|
8 |
|
Performing high-level project management functions for key initiatives where desired; |
|
|
|
|
|
|
|
|
|
9 |
|
Monitoring, auditing, and advising Business Units on key, strategic initiatives, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Reviewing initial project plans; |
|
|
|
|
|
|
|
|
|
|
(b) |
Periodically monitoring project progress based on major milestones in the project management and project life cycle methodologies; and |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-2-44
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
|
|
|
|
|
|
|
|
(c) |
Periodically meeting with Business Unit management and project managers to discuss review findings and recommendations. |
|
|
|
|
|
|
|
|
|
10 |
Evaluating, for each business case, cost/benefit analysis, allocation of responsibilities, timelines, deliverables and budgets and approving or rejecting (or obtaining approval for or rejection of) business cases required for new projects; |
|
|
|
|
|
|
|
|
|
|
11 |
Providing communications management which includes: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Providing timely and appropriate generation, collection, dissemination, storage, and ultimate disposition of project information; |
|
|
|
|
|
|
|
|
|
|
(b) |
Determining the information and communications needs of the project stakeholders (e.g., who needs what information, when will they need it, and how will it be given to them); and |
|
|
|
|
|
|
|
|
|
|
(c) |
Making needed information available to project stakeholders in a timely manner; |
|
|
|
|
|
|
|
|
|
12 |
Providing integration management so that various projects are properly coordinated; and |
|
|
|
|
|
|
|
|
|
|
13 |
Providing scope management so that the project includes all the work required, and only the work required, to complete the project successfully; |
|
|
|
7.1.2 |
|
Project Management |
|
* |
|
The purpose of the “Project
Management” process is the application of standardized management knowledge,
skills, tools, and techniques to a broad range of activities in order to meet
the requirements of a particular project and meet the project customers’ or
constituents’ needs by both standardizing and reducing the basic tasks
necessary to complete a project in an effective and efficient manner. A project is a temporary endeavor
undertaken to achieve a particular aim and to which project management can be
applied, regardless of the project’s size, budget, or timeline. The Project Management process consists of
five sub-processes – initiation, planning, execution, control, and closure. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Execute the initiation stage of the project, including: |
|
|
|
|
|
|
|
|
|
|
(a) |
Defining the project, which includes performing a feasibility review to analyze the business problem at issue, identifying the scope of the project and identifying an initial approach to the project; |
|
|
|
|
|
|
|
|
|
|
(b) |
Initiating the Requirements Development process; |
|
|
|
|
|
|
|
|
|
|
(c) |
Receiving high level business and technical requirements from the Requirements Development process and submitting them to the Requirements Refinement process; |
|
|
|
|
|
|
|
|
|
|
(d) |
Defining each project’s scope, which includes developing a written scope statement as the basis for future project decisions; |
|
|
|
|
|
|
|
|
|
|
(e) |
Refining each project’s scope, which includes subdividing the major project deliverables into smaller, more manageable components; |
|
|
|
|
|
|
|
|
|
|
(f) |
Providing input to the Program Management Actor as needed to develop business cases required for new projects, including, for each business case, input regarding cost/benefit analysis, allocation of responsibilities, timelines, |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-2-45
|
IT Value Chain |
|
IM |
|
Description |
|||||||
|
|
|
|
|
|
|
|
|
|
|
deliverables and budgets; |
|
|
|
|
|
|
|
|
|
|
|
(g) |
Estimating the project’s scope, schedule, and required resources and determine return on investment and cost/benefit justification for projects; |
|
|
|
|
|
|
|
|
|
|
|
(h) |
Developing project proposals to include functional and /or technical requirements; and |
|
|
|
|
|
|
|
|
|
|
|
(i) |
Developing project plans to include cost, ongoing maintenance requirements, risk, alternatives, and recommendations, with specific references to any variances from standards. |
|
|
|
|
|
|
|
|
|
|
2 |
|
Executing the project planning stage including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Forming project teams; |
|
|
|
|
|
|
|
|
|
|
|
(b) |
Defining activities by identifying the specific activities that must be performed to produce the various project deliverables; |
|
|
|
|
|
|
|
|
|
|
|
(c) |
Sequencing activities by identifying and documenting interactivity dependencies; |
|
|
|
|
|
|
|
|
|
|
|
(d) |
Estimating activity duration by estimating the number of work periods that will be needed to complete individual activities; |
|
|
|
|
|
|
|
|
|
|
|
(e) |
Developing a schedule by analyzing the activity sequences, activity durations, and resource requirements to create a project schedule; |
|
|
|
|
|
|
|
|
|
|
|
(f) |
Providing risk management planning by deciding how to approach and plan for risk management in a project; |
|
|
|
|
|
|
|
|
|
|
|
(g) |
Assigning the human resources needed to work on the project and providing human resource management which includes; |
|
|
|
|
|
|
|
|
|
|
|
|
(1) |
Making the most effective use of the people (including the project stakeholders) involved with the project; and |
|
|
|
|
|
|
|
|
|
|
|
(2) |
Identifying, documenting, and assigning project roles, responsibilities and reporting relationships; |
|
|
|
|
|
|
|
|
|
|
(h) |
Providing cost management, which includes: |
|
|
|
|
|
|
|
|
|
|
|
|
(1) |
Planning resources by determining which resources (e.g., people, equipment, and materials) and which quantities of each should be used to perform project activities; |
|
|
|
|
|
|
|
|
|
|
|
(2) |
Estimating costs by developing an estimate of the costs of the resources required to complete project activities; |
|
|
|
|
|
|
|
|
|
|
|
(3) |
Budgeting costs by allocating the overall cost estimate to individual work packages; |
|
|
|
|
|
|
|
|
|
|
|
(4) |
Provide cost control by controlling changes to the project budget; |
|
|
|
|
|
|
|
|
|
|
(i) |
Providing quality planning by identifying which quality standards are relevant to the project and how to satisfy them; |
|
|
|
|
|
|
|
|
|
|
|
(j) |
Providing organizational planning by identifying, documenting, and assigning project roles, responsibilities, and |
|
A-2-46
|
IT Value Chain |
|
IM |
|
Description |
|||||||
|
|
|
|
|
|
|
|
|
|
|
reporting relationships; |
|
|
|
|
|
|
|
|
|
|
|
(k) |
Providing communications planning by determining the information and communications needs of the stakeholders, who needs what information, when will they need it, and how will it be given to them; |
|
|
|
|
|
|
|
|
|
|
|
(l) |
Identifying risks to determine which risks are likely to affect the project and documenting the characteristics of each; |
|
|
|
|
|
|
|
|
|
|
|
(m) |
Performing qualitative risk analysis of risks and conditions to prioritize their effects on project objectives; |
|
|
|
|
|
|
|
|
|
|
|
(n) |
Performing quantitative risk analysis by measuring the probability and impact of risks and estimating their implications for project objectives; |
|
|
|
|
|
|
|
|
|
|
|
(o) |
Performing risk response planning by developing procedures and techniques to enhance opportunities and to reduce threats posed by threats to the project’s objectives; |
|
|
|
|
|
|
|
|
|
|
|
(p) |
Providing procurement planning by determining what to procure, how much to procure, and when to procure; |
|
|
|
|
|
|
|
|
|
|
|
(q) |
Documenting product requirements and identify potential sources; |
|
|
|
|
|
|
|
|
|
|
|
(r) |
Developing a Project Plan by taking the results of the above planning processes and putting them into a consistent, coherent document that can be used to guide both project execution and project control. The Project Plan includes planning inputs, historical information, organizational policies, constraints, and assumptions. The Project Plan is used to: guide project execution; document project planning assumptions; document project planning decisions regarding alternatives chosen; facilitate communication among stakeholders; define key management reviews as to content, extent, and timing; and provide a baseline for progress measurement and project control; and |
|
|
|
|
|
|
|
|
|
|
|
(s) |
Submitting the Project Plan to * for approval; |
|
|
|
|
|
|
|
|
|
|
3 |
|
Monitoring and controlling project status by: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Managing IT Services and third party vendor tasks across service families, coordinating with appropriate personnel as necessary; |
|
|
|
|
|
|
|
|
|
|
|
(b) |
Implementing a project management methodology including the use of approved project management tools; |
|
|
|
|
|
|
|
|
|
|
|
(c) |
Preparing performance, financial, utilization and status reports; and |
|
|
|
|
|
|
|
|
|
|
|
(d) |
Providing access to database information and project management templates in an electronic format. |
|
|
|
|
|
|
|
|
|
|
|
(e) |
Providing integrated Change Control by coordinating changes across the entire project; |
|
|
|
|
|
|
|
|
|
|
|
(f) |
Verifying scope and formalize acceptance of the project scope; |
|
|
|
|
|
|
|
|
|
|
|
(g) |
Utilizing project change control procedures to address any changes in scope, requirements, or schedules in respect of the ongoing projects, including: |
|
|
|
|
|
|
|
|
|
|
|
|
(1) |
Controlling changes to project scope; |
|
|
|
|
|
|
|
|
|
|
|
(2) |
Controlling changes to the project schedule |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-2-47
|
IT Value Chain |
|
IM |
|
Description |
|||||||
|
|
|
|
|
|
|
|
|
|
|
(3) |
Controlling changes to the project budget; |
|
|
|
|
|
|
|
|
|
|
(h) |
Monitoring specific project results to determine if they comply with relevant quality standards and identify ways to eliminate unsatisfactory performance; |
|
|
|
|
|
|
|
|
|
|
|
(i) |
Providing performance reporting by collecting and disseminating performance information. This includes status reporting, progress measurement, and forecasting; and |
|
|
|
|
|
|
|
|
|
|
|
(j) |
Tracking identified risks, monitoring residual risks and identifying new risks, executing risk plans, and evaluating their effectiveness in reducing risk. |
|
|
|
|
|
|
|
|
|
|
4 |
|
Executing the project execution phase including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Executing the Project Plan by performing the activities therein, |
|
|
|
|
|
|
|
|
|
|
|
(b) |
Completing project deliverables and delivering the project; |
|
|
|
|
|
|
|
|
|
|
|
(c) |
Providing quality assurance by evaluating overall project performance on a regular basis to provide confidence that the project will satisfy the relevant quality standards; |
|
|
|
|
|
|
|
|
|
|
|
(d) |
Developing individual and group skills/competencies to enhance project performance; and |
|
|
|
|
|
|
|
|
|
|
|
(e) |
Conducting acceptance activities (e.g., testing and quality assurance activities); |
|
|
|
|
|
|
|
|
|
|
5 |
|
Executing the project closure phase including: |
|
|
|
|
|
|
|
|
|
|
|
(a) |
Closing out the contract and resolving any open items; and |
|
|
|
|
|
|
|
|
|
|
|
(b) |
Providing administrative closure by generating, gathering, and disseminating information and formalizing phase or project completion, including evaluating the project and compiling lessons learned for use in planning future projects or phases. |
|
A-2-48
|
IT Value Chain |
|
IM |
|
Description |
||||||
|
|
7.2 |
|
Training |
|
|
|
|
|
|
|
|
|
7.2.1 |
|
Technology Delivery Training |
|
|
|
The purpose of the “Technology
Delivery Training” process is to provide training to Actors related to
features, functions, operations and processes associated with the Elements
and Processes used or provided by such Actors to provide the IT Services. |
|||
|
|
|
|
|
|
|
|
|
1 |
|
Providing feature overview and product update documentation whenever Elements (or new releases thereof) are introduced into the IT Environment; and |
|
|
|
|
|
|
|
|
|
2 |
|
Working with third party vendors to obtain information regarding new and existing Elements . |
|
|
7.2.2 |
|
Train the Trainer |
|
|
|
The purpose of the “Train the Trainer” process is to provide training to individuals who will subsequently be engaged in performed the End User Training process. |
|||
|
|
7.2.3 |
|
End User Training |
|
|
|
The purpose of the “End User Training” process is to provide End Users training in the effective usage of the IT Environment (including new or revised technology and business processes) and associated user guide documentation. |
|||
X-0-00
XXXXXXX X-0
ELEMENTS DEFINITIONS
Country Location specific Attributes are denoted as follows: CAN=*; IRE=*; SPA=*; US=*; UK=*; EUR= *; XxXx= *
|
Reference |
|
Element |
|
Definition |
|
Attributes |
1. CLIENT ELEMENTS |
|
|
|
|
||
|
1.1. |
|
Personal Computer (PC) |
|
“Personal Computer” means a computing platform the primary purpose of which is use directly by an end user, whether networked or standalone, desk-based or mobile. A Personal Computer includes a central processing unit, Operating System, video display monitor, modem and related cables (e.g., patch cords) and related peripherals (e.g., keyboard, pointing device). |
|
|
|
1.1.1. |
|
Desktop PC |
|
“Desktop PC” means a PC used for typical office productivity functions, including desktop and portable notebook sized PCs. |
|
• EUR: Refresh
Cycle: *; |
|
1.2. |
|
Terminal |
|
“Terminal” means an end-use device (with display monitor and keyboard) with little or no software of its own that that (a) enables end users to remotely enter information into one or more Computing Platforms, (b) displays but does not process data, and (c) does not include a web browser. |
|
Communications protocol: *,, , asynchronous or one compatible with any of the
foregoing. |
|
1.3. |
|
Mobile Handheld Device |
|
“Mobile Handheld Device” means a mobile device designed/intended for comfortable use in a user’s hand. |
|
|
|
1.3.1. |
|
PDA |
|
“PDA” means a Mobile Handheld Device the primary purpose of which is to perform specific end user related tasks (e.g., electronic diary, address book, notepad, web browser). |
|
Refresh Cycle: * |
|
1.3.2. |
|
Mobile Phone |
|
“Cell Phone” means a Mobile Handheld Device the primary purpose of which is to enable voice communication over a wireless network. |
|
Refresh Cycle: * |
|
1.3.3. |
|
Pager |
|
“Pager” means a Mobile Handheld Device the primary purpose of which is to enable the receipt and transmission of text messages over a wireless network. |
|
Refresh Cycle: * |
|
1.3.4. |
|
Calling Card Services |
|
“Calling Card Services” means a service provided by a long distance telecommunications service provider that permits end users to place long distance calls using an access number and unique password, which are distributed through pre-printed cards. |
|
Refresh Cycle: * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-1
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
1.4. |
|
Telephone |
|
N/A |
|
N/A |
|
1.4.1. |
|
Standard Handset |
|
“Standard Handset” means a wired telephone handset that utilizes circuit switching technology for the transportation of voice signals. |
|
• Refresh
Cycle: * |
|
1.4.2. |
|
VoIP Handset |
|
“VoIP Handset” means a digital telephone handset that utilizes packet switching technology for the transportation of voice signals. |
|
* |
|
1.4.3. |
|
Voice Client |
|
“Voice Client” means a speakerphone the primary purpose of which is to support conference calls. A Voice Client enables full duplex operation and includes mixers, remote microphones and speakers and noise cancellers. |
|
Refresh Cycle: * |
|
1.4.4. |
|
Fax Machine |
|
“Fax Machine” means a device the primary purpose of which is to scan printed documents into a format that can be transmitted over communications lines and transmits, receives and prints such documents. |
|
Refresh Cycle: * |
|
1.4.5. |
|
Telex |
|
“Telex” means a printing telegraph that operates like a typewriter. |
|
Refresh Cycle: * |
|
1.5. |
|
Peripherals |
|
N/A |
|
|
|
1.5.1. |
|
Network Printer |
|
“Network Printer” means a printer (including required cords) shared by multiple computers over a LAN, but does not include “LAN High Speed Printers”. Network Printers include built in scanning, copying, facsimile and similar features and functionality. |
|
• EUR:
Refresh Cycle: *; |
|
1.5.2. |
|
Local Printer |
|
“Local Printer” means a printer (including required cords) that is directly connected to a Desktop PC or other similar end user device. Local Printers include built in scanning, copying, facsimile and similar features and functionality. |
|
• Refresh
Cycle: * |
|
1.5.3. |
|
LAN High Speed Printers |
|
“LAN High Speed Printers” means a printing device (including required cords) that is used to print large volume print jobs, typically associated with mainframe batch processing jobs, that is connected over a LAN. |
|
Refresh Cycle: * |
|
1.5.4. |
|
Scanner |
|
“Scanner” means an input device the primary purposes of which is (a) to digitize graphic images; and/or (b) extract data using optical character recognition (OCR), from printed pages. |
|
• Refresh
Cycle: * |
|
1.5.5. |
|
Plotter |
|
“Plotter” means an output device the primary purpose of which is to print two-dimensional graphics. |
|
Refresh Cycle: * |
|
1.5.6. |
|
Wallboard |
|
“Wallboard” is a video device (or software) designed to display data for multiple people. |
|
Refresh Cycle: * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-2
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
1.6. |
|
Video Conferencing |
|
N/A |
|
|
|
1.6.1. |
|
Video Client |
|
“Video Client” means a device that is used to digitize moving images for purposes of video conferencing across a network, including related control devices and cabling. |
|
Refresh Cycle: * |
|
1.6.2. |
|
Video Conference Display |
|
“Video Conference Display” means a device installed in a room that is used to display the images of participants of a video conference. |
|
Refresh Cycle: * |
|
1.7. |
|
* Connectivity and DTE (Data Terminal Equipment) |
|
“* Connectivity and DTE” means Equipment used by a third party (e.g., customer) to facilitate the sending/receiving of data to/from Equifax that is located beyond Equifax’s data communications point of presence. |
|
Refresh Cycle: Determined by the relevant * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-3
|
Reference |
|
Element |
|
Definition |
|
Attributes |
2. SERVER & SERVICES ELEMENTS |
|
|
||||
|
2.1. |
|
Application Server |
|
“Application Server” means any computing platform (mainframe, midrange, entry level/blade) the primary purpose of which is to serve applications. |
|
|
|
2.1.1. |
|
Enterprise Application Server |
|
“Enterprise Applications Server” means an Applications Server that is generally regarded by the computing industry as being mainframe technology (e.g., OS/390, z/OS, z/VM). An Enterprise Applications Server includes the CPU, memory, associated facilities and attachments, related peripherals, channels, channel extenders, cables (eg. Bus & Tag, ESCON) and network interfaces. |
|
• Refresh
Cycle: * |
|
2.1.2. |
|
Specialized Application Server |
|
“Specialized Application Server” means any Application Server generally regarded by the computing industry as being designed to meet a specific purpose other than serving applications, e.g.: fault tolerant operation, ease of operation, middle-market applications.A Specialized Application Server may include the CPU, memory, internal hard disk, related peripherals, cables and NIC. |
|
|
|
2.1.2.1. |
|
AS/400 |
|
“AS/400” means a Specialized Application Server that is an IBM midrange capable of running various operating systems. |
|
• Refresh
Cycle: * |
|
2.1.2.2. |
|
Tandem |
|
“Tandem” means a Specialized Application Server that serves as a protocol converter, and has been designed to maximize availability through the use of redundant and fault tolerant hardware components controlled through an operating system designed for this purpose. |
|
Refresh Cycle: None |
|
2.1.2.3. |
|
* |
|
“*”“” means a collection of * grouped into a configuration of tightly coupled *. |
|
• As of
the Commencement Date the US Scope Model reflects a single instance of this
Element, which is located at the * location
and described in Schedule E-4 |
|
2.1.3. |
|
Distributed Application Server |
|
“Distributed Applications Server” means any Applications Server generally regarded by the computing industry as being (i) a midrange server (other than a Specialized Application Server), (ii) an entry-level server, or (iii) a blade server. A Distributed Applications Server may include the CPU, memory, internal hard disk, related peripherals, KVM cabling, and the NIC. |
|
|
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-4
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
2.1.3.1. |
|
General Midrange |
|
“General Midrange” means a Distributed Applications Server other than a Parallel Applications Server, Naviant Application Server or Email/Groupware Server. General Midrange includes database servers, which is the class of server with the primary purpose of performing database functions.. |
|
• Refresh
Cycle: * |
|
2.1.3.2. |
|
* Server |
|
“* Server” means a Distributed Applications Server that serves applications used to run Equifax’s * operation. |
|
• Refresh
Cycle: * |
|
2.1.3.3. |
|
Email/Groupware Server |
|
“Email/Groupware Server” means a Distributed Applications Server the primary purpose of which is to manage (i) the distribution of electronic messages, including receipt, delivery, and prioritization, and/or (ii) the use of groupware programs that facilitate information sharing, including through databases and workflows. |
|
•
* or * |
|
2.1.4. |
|
High Speed Printer |
|
“High Speed Printer” means a centralized printing device directly attached to a server (rather than being access through a LAN) that is used to print large volume print jobs, typically associated with mainframe batch processing jobs. |
|
• Refresh
cycle: *; |
|
2.1.5. |
|
Correspondence Print Fulfillment |
|
[TBD] |
|
Applies to * only. Need to understand if still in scope. |
|
2.2. |
|
Infrastructure Server |
|
“Infrastructure Server” means any computing platform (mainframe, midrange, entry level/blade) the primary purpose of which is to serve traditional infrastructure services. An Infrastructure Server may include the CPU, memory, internal hard disk, related peripherals KVM cabling, the NIC, and other cards installed within chassis. |
|
|
|
2.2.1. |
|
File/Print Server |
|
“File/Print Server” means an Infrastructure Server the primary purpose of which is to control the movement of files and data between workstations across the network and/or centrally store network files and allow users to freely access such files. |
|
EUR: - Refresh |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-5
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
2.3. |
|
Voice Communications Server (P2P) |
|
“Voice Communications Server” means any computing platform (e.g., midrange, entry level/blade) the primary purpose of which is to serve voice telephony and/or related functionality. |
|
|
|
2.3.1. |
|
PBX |
|
“PBX” means a Voice Communications Server the primary purpose of which is to manage and operate the switches, internal lines, and pooled external lines of a private branch exchange telephone system. |
|
•
Failover capability varies by device |
|
2.3.2. |
|
Key System |
|
“Key System” means a Voice Communications Server the primary purpose of which is to manage and operate a private phone system that does not contain switches, but instead requires users to directly select an available external line. |
|
• Refresh
Cycle: * |
|
2.3.3. |
|
VRU (Voice Response Unit) |
|
“VRU” means a Voice Communications Server the primary purpose of which is to host VRU Software, which provide a telephony interface to host-based Applications. |
|
•
Failover capability varies by device |
|
2.3.4. |
|
ACD (Automated Call Distributor) |
|
“ACD” means a Voice Communications Server and Software, whether standalone or PBX-based, that routes incoming telephone calls among multiple personnel. |
|
• Refresh
Cycle: * |
|
2.3.5. |
|
Call Recorder |
|
“Call Recorder” means a Voice Communications Server and Software that records telephone conversations. |
|
• Refresh
Cycle: * |
|
2.3.6. |
|
Voice Mail or vMail Server |
|
“Voice Mail Server” or “vMail Server” means a Voice Communications Server and Software that manages the creation, transmission, storage and receipt of voice messages. |
|
• Refresh
Cycle: * |
|
2.3.7. |
|
Centrex System |
|
“Centrex System” means a PBX service providing switching at a telephone company central office instead of at the company (i.e., Equifax) premises where the telephone company owns and manages all the communications equipment necessary to implement the PBX and then sells various services. |
|
Refresh Cycle: * |
|
2.3.8. |
|
CMS Server/Service |
|
“CMS Server/Service” means the Voice Communications Server or service that manages call center operations using the Call Management System (as defined below). CMS Server/Service may include “soft” wallboard functionality. |
|
• Refresh
Cycle: * |
|
2.3.9. |
|
Audio Conferencing |
|
“Audio Conferencing Services” means services that facilitate voice conferences |
|
• Refresh Cycle: N/A |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-6
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
|
|
Services |
|
of two or more people. |
|
• Software Currency: N/A |
|
2.3.10. |
|
Video Conferencing Services |
|
“Video Conferencing Services” means services that facilitate the audio and video transmissions of two or more people over either dedicated audio-visual equipment or publicly switched equipment. |
|
• Refresh
Cycle: N/A |
|
2.3.11. |
|
Web Conferencing Services |
|
“Web Conferencing Services” means means services that facilitate the audio and video transmissions of two or more people over the Internet or intranet using publicly switched equipment. |
|
• Refresh
Cycle: N/A |
|
2.4. |
|
External Storage |
|
N/A |
|
|
|
2.4.1. |
|
DASD (Direct Access Storage Device) |
|
“DASD” means a device used to store, read and or write data on on-line magnetic medium (e.g., disks) that is access directly by a server. |
|
•
Enterprise server connected |
|
2.4.2. |
|
Tape Device |
|
“Tape Device” is a device used to read and/or write data to magnetic tapes, and may include virtual tape. Tape Devices include tape robots, which are mechanical handlers capable of storing multiple pieces of removable media and loading and unloading them from one or more drives in arbitrary order in response to electronic commands. |
|
• XxXx
Refresh Cycle: * |
|
2.4.3. |
|
Optical Disk Device |
|
“Optical Disk Device” means a device used to read and/or write data to optical disks. |
|
Not in the Scope Models as of the Commencement Date |
|
2.4.4. |
|
SAN (Storage Area Network) |
|
“SAN” means a high-speed special-purpose network (or sub-network) that interconnects different kinds of data storage devices with associated data servers on behalf of a larger network of users. A SAN may be clustered in close proximity to other computing resources such as Enterprise Servers or may extend to remote locations for backup and archival storage using wide area network carrier technologies such as asynchronous transfer mode or Synchronous Optical. |
|
• Refresh
Cycle * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-7
|
Reference |
|
Element |
|
Definition |
|
Attributes |
3. ENABLING ELEMENTS |
|
|
||||
|
3.1. |
|
Middlebox |
|
N/A |
|
|
|
3.1.1. |
|
Router |
|
“Router” means a networking device or a router card within a switch that transmits data to multiple network connected devices and that provides Layer 1, Layer 2, and Layer 3 functionality (as defined by the OSI Reference Model). |
|
• Refresh
Cycle: * |
|
3.1.2. |
|
LAN Switch |
|
“LAN Switch” means a networking device that transmits data to multiple network connected devices that primarily provide Layer 2 functionality (as defined by the OSI Reference Model). |
|
•
Blades |
|
3.1.3. |
|
LAN Hub |
|
“LAN Hub” means a networking device that transmits data to multiple network connected devices and that primarily provides Layer 1 functionality (as defined by the OSI Reference Model). |
|
•
Refresh Cycle: * |
|
3.1.4. |
|
FEP |
|
“FEP” or “Front-End Processor” means a device that is connected to an Enterprise Application Server that manages the routing of data between such Server and input and output devices. A Front End Processor includes network interfaces. |
|
•
Refresh Cycle: * |
|
3.1.5. |
|
VPN Concentrator |
|
“VPN Concentrator” means a network appliance that uses IP protocols to host a secure network for authorized users on either privately or publicly owned equipment and infrastructure. |
|
•
Refresh Cycle: * |
|
3.1.6. |
|
Facsimile Gateway |
|
“Facsimile Gateway” means a server that facilitates the transmission of hard copy materials though the switched phone system and the reprinting of the transmission at the place of receipt. A Facsimile Gateway includes the CPU, memory, related peripherals, and network interfaces. |
|
•
Refresh Cycle: * |
|
3.1.7. |
|
PAD |
|
“PAD” or “Packet Assembler/Disassembler” is a device that interfaces between an X.25 network and an asynchronous device (e.g., a personal computer). A PAD includes the network interfaces. |
|
•
Refresh Cycle: * |
|
3.1.8. |
|
Cache |
|
“Cache” is an integrated system that (a) is between a web hosting server and the users who access such server and (b) hosts internet content at geographically disperse locations. |
|
•
Refresh Cycle: * |
|
3.1.9. |
|
Terminal Controller |
|
“Terminal Controller” means a device that interfaces between asynchronous |
|
•
Refresh Cycle: * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-8
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
|
|
|
|
and or a synchronous devices and a LAN or a serial connection. A Terminal Controller includes the network interfaces. |
|
maintenance * |
|
3.1.10. |
|
Interconnect Controller |
|
“ Interconnect Controller” means a device that interfaces between an Enterprise Server and one or more LANs (e.g., an IBM 3172). An Interconnect Controller includes the network interfaces. |
|
•
Refresh Cycle: * |
|
3.1.11. |
|
Security Device |
|
“Security Device” means a device that prevents unauthorized access to a network such as firewall servers and challenge response units. A Security Device includes the network interfaces. |
|
•
Refresh Cycle * |
|
3.1.12. |
|
Intrusion Detection Device |
|
“Intrusion Detection Device” means a device that monitors and analyzes user and system activities and configuration to detect unauthorized access to a network or other attacks designed to adversely affect the performance of the network or systems connected to such network. An Intrusion Detection Device includes the NIC. |
|
•
Feature or component of the LAN Switch |
|
3.1.13. |
|
Gateway |
|
“Gateway” means a device that converts from one form of telecommunications media (e.g., WAN to LAN) and/or from one protocol to another (e.g., Async to SNA). |
|
•
Refresh Cycle: * |
|
3.1.14. |
|
Load Balancers |
|
“Load Balancers” means a device that intelligently directs TCP/IP traffic across multiple servers in manner that seeks to manage the level of demand on each of the applicable servers. |
|
•
Refresh Cycle: * |
|
3.1.15. |
|
Naming Server |
|
“Naming Server” means an Infrastructure Server that centrally supervises and manages the automatic assignment and distribution of DNS addresses to devices attached to a network, and includes network interfaces. |
|
•
Refresh Cycle: EUR: *; CAN & US: * |
|
3.1.16. |
|
Addressing Server |
|
“Addressing Server” means an Infrastructure Server that centrally supervises and manages the automatic assignment and distribution of DHCP addresses to devices attached to a network, and includes network interfaces. |
|
•
Refresh Cycle: EUR: 4 yrs; CAN & US:
* |
|
3.1.17. |
|
Proxy Server |
|
“Proxy Server” means a server that sits between a client application, such as a web browser, and a real server. It intercepts all requests to the real server and provides the ability to authenticate users and deny access to computers, |
|
•
Refresh Cycle: * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-9
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
|
|
|
|
URLs and IP Addresses. Proxy Servers include reverse proxies, which are used to abstract the web server from the client for security reasons, as opposed to abstracting the client from the Internet for outbound browsing. |
|
|
|
3.1.18. |
|
Terminal Server |
|
Terminal Server means a computer or controller that connects multiple terminals to a network or host computer. |
|
•
Refresh Cycle: * |
|
3.1.19. |
|
IBM Series 1 |
|
“IBM Series 1” means a general purpose system marketed by IBM under this name that offers both communications and sensor-based capabilities and enables users to attach a large number and variety of input and output units, including custom-built devices for special applications. The Series/1 includes data processing units, fixed disk storage, diskette units, printer, a display station, a sensor Input/Output unit, an I/O expansion unit to attach additional devices, various communications features, and OEM attachment features. |
|
•
Refresh Cycle: * |
|
3.2. |
|
Link and Link Devices |
|
N/A |
|
|
|
3.2.1. |
|
WAN Circuit |
|
“WAN Circuit” means a physical (i.e., not logical or virtual) telecommunications connection that is between two client buildings or between a client building and a point of presence of a third party and the logical voice or data communications circuit or path (i.e., PVC) used to carry voice, video and/or data signals across the physical connection. |
|
•
Type of Circuit: includes frame relay, point-to-point, VPN, ISDN |
|
3.2.2. |
|
MAN Circuit |
|
“MAN Circuit” means a physical (i.e., not logical or virtual) telecommunications connection that is used to carry voice, video and/or data signals between two client buildings located in the same metropolitan area or between a client building and a building of a third party located in the same metropolitan area and the logical voice or data communications circuit or path (i.e., PVC) used to carry voice, video and/or data signals across the physical connection. |
|
•
Type of Circuit: includes frame relay, point-to-point, VPN, ISDN |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-10
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
3.2.3. |
|
Voice Circuit |
|
“Voice Circuit” means a circuit used to carry one or more telephone conversations or analog data. |
|
•
Refresh Cycle: N/A |
|
3.2.4. |
|
VPN Tunnel |
|
“VPN Tunnel” means a secure connection that uses IP as its communications protocol. |
|
•
Refresh Cycle: N/A |
|
3.2.5. |
|
LAN Cabling |
|
“LAN Cabling” means a cable or fiber used to carry voice, video or data signals over a LAN. |
|
•
Refresh Cycle: N/A |
|
3.2.5.1. |
|
Vertical Cabling |
|
“Vertical Cabling” means cabling between two floors of a facility. |
|
•
Fiber or wire |
|
3.2.5.2. |
|
Horizontal Cabling |
|
“Horizontal Cabling” means cabling between (i) a wiring closet in a building or campus and (ii) a wall-plate, hub, switch, router, telephone handset, PBX, voice mail system, fax or other device at such building or campus. |
|
• Fiber or wire •
Refresh Cycle: N/A |
|
3.2.6. |
|
Modem |
|
“Modem” means a device that enables a terminal or computer to communicate across a telephone line, including modem banks. |
|
•
Type: * and * |
|
3.2.7. |
|
CSU/DSU (Channel Service Unit/ Data Service Unit) |
|
“CSU/DSU” means a hardware device that interfaces between telco or in house circuit and a WAN DTE device. |
|
•
Refresh Cycle: * |
|
3.2.8. |
|
PSU (Port Sharing Unit) |
|
“PSU” means a device that attaches between digital terminal equipment and a network that enables each port on such equipment to connect to multiple asynchronous devices. |
|
•
Refresh Cycle: * |
|
3.2.9. |
|
Link Encryptor |
|
“Link Encryptor” means a device that is used to create a secure connection on a point to point or dial up network. |
|
•
As of the Commencement Date, all are * Provided |
|
3.2.10. |
|
Channel Extender |
|
“Channel Extender” means a device used with Enterprise Application Servers to increase the maximum communication distances between channel-connected Enterprise Application Servers, or between an Enterprise Application Server and peripheral devices. |
|
•
Refresh Cycle: * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-11
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
3.2.11. |
|
Balun (BALanced/UNbalanced) |
|
“Balun” means a device that connects (i) a line in which the impedance of each signal is equal to (ii) a line in which the impedance of each signal is not equal (e.g., connecting a twisted pair to a coaxial cable). |
|
•
Refresh Cycle: * |
|
3.2.12. |
|
Multiplexer |
|
“Multiplexer” means a device that merges several low-speed transmissions into one high-speed transmission and vice versa. |
|
•
Refresh Cycle: * |
|
3.2.13. |
|
Fiber Mux |
|
“Fiber Mux” means a multiplexer device that consolidates several transmission streams into one optical transmission stream and vice versa. |
|
•
Refresh Cycle: * |
|
3.2.14. |
|
Internet Access |
|
“Internet Access” means any dedicated connection (e.g., *) from a specific location to an Internet access provider or an Internet Point of Presence. |
|
•
* |
|
3.3. |
|
Environmental Equipment |
|
|
|
|
|
3.3.1. |
|
Backup Generator |
|
“Backup Generator” means a device that supplies power to a computer or other electrical equipment on a continuous basis when electricity from the primary power source is lost or degraded. |
|
•
Not in the Scope Models as of the Commencement Date. |
|
3.3.2. |
|
Facility UPS |
|
“UPS” means a device that is part of the facilities infrastructure supplies power to a computer or other electrical equipment on a temporary basis when electricity from a primary power source is lost or degraded. |
|
•
Not in the Scope Models as of the Commencement Date. |
|
3.3.3. |
|
Portable UPS |
|
“UPS” means a portable device that supplies power to a computer or other electrical equipment on a temporary basis when electricity from a primary power source is lost or degraded. |
|
•
Approximately * kva or less, except in * where the * is
larger and not portable |
|
3.3.4. |
|
HVAC |
|
“HVAC” means devices that control temperature, humidity, air cleanliness and air motion within a physical space. |
|
•
Refresh Cycle: N/A |
|
3.3.5. |
|
Equipment Rack |
|
“Equipment Rack” means a cabinet that holds IT infrastructure devices (e.g., routers, servers). |
|
•
Refresh Cycle: N/A |
|
3.3.6. |
|
KVM Switch |
|
“KVM Switch” means a switchbox used to control multiple computers or other devices from a centrally located console. |
|
•
Refresh Cycle: N/A |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-12
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
3.3.7. |
|
Electrical |
|
“Electrical” means access to electricity sources and a means for distributing electricity. |
|
•
Refresh Cycle: N/A |
|
3.4. |
|
* Provided |
|
“* Provided” as a Span collector is used to designate instances of certain Enabling Elements that are provided by an *. Generally these Elements are used to facilitate the sending/receiving of data to/from Equifax. |
|
Refresh and Software Currency is determined by the relevant * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-13
|
Reference |
|
Element |
|
Definition |
|
Attributes |
4. SOFTWARE ELEMENTS |
|
|
|
|
||
|
4.1. |
|
Platform Software |
|
“Platform Software” means System Software (including the supporting documentation, media, on-line help facilities, tutorials, device drivers, access methods and embedded application developer tools) that perform tasks basic to the functioning of equipment and which are required to operate other software. If programs and programming supporting the Services are not Infrastructure Software, or Applications Software, they shall be deemed to be Platform Software. Platform Software includes mainframe and mid-range server operating systems, other server operating systems, network operating systems, and database management systems. |
|
|
|
4.1.1. |
|
Operating Systems or O/S |
|
“Operating Systems” or “O/S” means Platform Software that is the main control program of a computer device and manages communication between the hardware and other software, including scheduling tasks, managing storage, and handling communication with peripherals. |
|
•
Software Currency: *,, unless required by or specified otherwise in the
Attributes of the associated Client, Server, Enabling or other Software
Element. |
|
4.1.2. |
|
Database Manager |
|
“Database Manager” means Platform Software that stores information in organized manner such that data can be added, updated and retrieved as individual items or queried in a structured manner. The collection of data stored by the Database Manager is called a database. Additionally the Database Manager maintains information called metadata which describes the schema or the organization and relationships between the individual data items. |
|
•
E.g., includes *, *, *, * and * server |
|
4.2. |
|
Infrastructure Software |
|
“Infrastructure Software” means System Software (including the supporting documentation, media, on-line help facilities, tutorials and embedded application developer tools) the primary purpose of which is to operate, monitor or control an IT environment. Infrastructure Software includes systems utilities (including measuring and monitoring tools), data security software and telecommunications monitors. |
|
|
|
4.2.1. |
|
Application Server |
|
“Application Server” means Infrastructure Software that handles all |
|
•
Includes e.g., * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-14
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
|
|
|
|
Application operations between users and an organization’s backend Applications or databases. Application Servers are typically used for complex transaction-based Applications. To support high-end needs, an Application Server also generally includes features for redundancy, monitors for high-availability, high-performance distributed application services and support for complex database access. |
|
• Software Currency: *, unless specified otherwise by Client, Server, Enabling or other Software Element. |
|
4.2.2. |
|
Batch Processing Tool |
|
“Batch Processing Tool” means Infrastructure Software that is used to manage and execute a series of non-interactive data processing jobs all at one time. |
|
•
Includes e.g., * for Enterprise Servers |
|
4.2.3. |
|
Database Administration |
|
“Database Administration” means Infrastructure Software used for configuring and controlling databases and the restructuring, back-up and restoring of data contained with the database |
|
• Software Currency: determined by support requirements of the related Database Manager Software |
|
4.2.4. |
|
Diagnostic Tool |
|
“Diagnostic Tool” means Infrastructure Software that assists operations or development personnel to investigate and perform problem determination and isolation. |
|
• Software Currency: determined by support requirements of installed Operating System |
|
4.2.5. |
|
File Utility |
|
“File Utility” means Infrastructure Application Software that provides functions for the viewing, back-up, restoration, copying , moving or manipulating of data and files. |
|
• Software Currency: determined by support requirements of installed Operating System |
|
4.2.6. |
|
File Transfer |
|
“File Transfer” means Infrastructure Software [ that is used to transmit data files to or from a computer system to one or more other computer systems, generally over telecommunications (LAN, MAN or WAN) facilities. |
|
•
Includes e.g., * |
|
4.2.7. |
|
Messaging |
|
“Messaging” (also known as business integration software) means Infrastructure Software that provides a communication mechanism to transmit data messages between applications on different platforms. Messaging Software is intended to connect different computer systems, diverse geographical locations, and dissimilar IT infrastructures. |
|
•
Includes e.g., * |
|
4.2.8. |
|
OL Transaction Processing |
|
“OL Transaction Processing” means Infrastructure Software that facilitates and manages transaction-oriented Applications, typically for data entry and retrieval transactions. |
|
•
Includes e.g., * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-15
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
4.2.9. |
|
Output Management |
|
“Output Management” means Infrastructure Software that controls the packaging and distribution of printed reports or maintains a structured repository of reports in electronic form and controls viewing access. |
|
•
Includes e.g., * |
|
4.2.10. |
|
Query/Analysis/OLAP |
|
“Query/Analysis/OLAP” means Infrastructure Software that enables a user to selectively extract, view and report data from different points-of-view. |
|
•
Includes e.g., * |
|
4.2.11. |
|
Systems Management |
|
“Systems Management” means Infrastructure Software that provides the ability to monitor, control and report on the computing and network infrastructure. This includes tools that are used to automate processes including problem, incident, change, performance, capacity management. |
|
•
Includes e.g., *, * |
|
4.2.12. |
|
Sort |
|
“Sort” means Infrastructure Software that rearranges the sequence of individual records in data files. |
|
•
Includes e.g., * |
|
4.2.13. |
|
Storage Management |
|
“Storage Management” means Infrastructure Software that allows the monitoring and control of data storage devices, including identification of occupied and available space and its owners. |
|
• Software Currency: determined by support requirements of installed Operating System and storage sub-systems |
|
4.2.14. |
|
Time Sharing |
|
“Time Sharing” means Infrastructure Software that allows multiple remote users to access a shared computer system in a session-oriented manner. Frequent uses are file editing, remote batch job entry, program development and testing and individual computing |
|
•
Includes e.g., * |
|
4.2.15. |
|
Tape Utilities |
|
“Tape Utilities” means Infrastructure Software that is used to manipulate data encoded on tapes, including modification and copying. |
|
• Software Currency: determined by support requirements of installed Operating System |
|
4.2.16. |
|
Tape Management |
|
“Tape Management” means Infrastructure Software that keeps track of and controls the inventory of tape media and may catalog the contents of selected units of media. |
|
•
Includes e.g., * |
|
4.2.17. |
|
Quality Assurance /Test Tool |
|
“Quality Assurance /Test Tool” means Infrastructure Software that control or assist in the process of testing infrastructure and/or programs, including test data generators, automated testing agents, test planners and result tracking tools. |
|
•
Includes e.g., *, Compuware |
|
4.2.18. |
|
VRU Software |
|
“VRU Software” means Infrastructure Software which provides pre-recorded |
|
•
Software Currency: * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-16
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
|
|
|
|
human or computer generated voice instructions and responses to DTMF encoded telephony inquiries under the direction of specialized scripts that access data stored on the host server or on a computer other than the host. |
|
• US & CAN: * ACIS programming that sends commands to the VRU is retained * |
|
4.2.19. |
|
Voice Recognition |
|
“Voice Recognition” means Infrastructure Software that provides the ability to communicate information to a user using telephony based devices by recognizing the spoken word in lieu of DTMF interpretation. Like VRU software, Voice Recognition Software also provides pre-recorded human or computer generated voice instructions and responses to telephony inquiries under the direction of specialized scripts that access data stored on the host server or on a computer other than the host. |
|
• Software Currency: * |
|
4.2.20. |
|
FAX |
|
“FAX” means Infrastructure Software that allows the reception and transmission of facsimile documents on a server (e.g., Facsimile Gateway). Frequently this Software provides routing of inbound facsimile documents through the use of DNIS or other mechanisms. |
|
• Software Currency: * |
|
4.2.21. |
|
Citrix |
|
“Citrix” means Infrastructure Software that executes Windows Applications at a central location and allows access to them from remote locations by transmitting only the users’ input and the systems presentation layer response. |
|
• Software Currency: * |
|
4.2.22. |
|
Call Management System |
|
“Call Management System” (or “CMS”) means Infrastructure Software that provides information and management tools to monitor and analyze the performance of call center operations. CMS provides real-time and historical management reports and enables call center supervisors to analyze the performance of agents and statistics for specific call groups. |
|
• Software Currency: * |
|
4.2.23. |
|
Global Dialer |
|
“Global Dialer” means Infrastructure Software that allows a user to connect to the internet via an ISP using a analog or IDSN subscriber line or extension . |
|
• Software Currency: * |
|
4.2.24. |
|
Anti-Virus |
|
“Anti-Virus” means Infrastructure Software that monitors for, scans, detects, quarantines and removes Viruses (as defined in Section 2 of the Agreement). Anti-Virus Software includes virus signature files. |
|
•
Software Currency: n for signature files and
n-1 for the core Software |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-17
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
4.2.25. |
|
Security - General |
|
“Security – General” means Infrastructure Software that enables controlled sharing of computers and data through administrative tools, automatic logging facilities, and reporting and monitoring capabilities. Typically can be used to control user access and entitlements, identifies and authenticates users, determines the resources to which the user is authorized, and logs and reports attempts to get access to protected resources by unauthorized users. The Security — General Element does not include *. |
|
•
Software Currency: n |
|
|
|
|
|
|
|
|
|
4.2.26. |
|
Security * |
|
“Security * means the Infrastructure Software that is licensed by Computer Associates under this name, which enables controlled sharing of computers and data, with administrative tools, automatic logging facilities, and extensive reporting and online monitoring capabilities and features that prevent accidental or deliberate destruction, modification, disclosure and/or misuse of computer resources. * controls user access and entitlements, monitors unauthorized attempts to access resources (which are automatically denied and logged) and authorized use of sensitive resources. |
|
•
Software Currency: n |
|
4.2.27. |
|
* XXX |
|
* or ,” means the * that performs certain security functions in both online and offline (batch) modes. As of the Commencement Date, * is utilized to establish a users acid base, house personal information of Equifax employees, contractors and suppliers, track contractors and vendors, administer * Application security, administer * Application security, administer basic * security shell records, administer employee terminations and transfers, and fraud investigation. The * system production batch processes * run * to update the * online region with employee personnel information from HR and produce |
|
|
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-18
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
|
|
|
|
* reports. |
|
|
|
4.2.28. |
|
Security Exits |
|
“Security Exits” means Infrastructure Software that interfaces to * Security-TSS and authenticates access and entitlements to users of certain Software via the implementation of custom programming in the security and other exits of such Software. |
|
•
Software Currency: to maintain compatibility with the Operating System, *, and the Software for which it is an exit. |
|
4.2.29. |
|
Application Developer Tools |
|
“Application Developer Tools” means Infrastructure Software the primary purpose of which is to assist in the create of software programs and programming, such as development environments, compilers, debuggers, and editors. “Application Developer Tools” do not include application-specific developer tools embedded in Application Software. |
|
• Software Currency: * |
|
4.2.30. |
|
Load Libraries |
|
“Load Libraries” means the contents of the OS/390 executable program libraries containing custom developed programs and routines that have been developed to adapt certain Equifax Applications to allow the use of Systems Software other than the Systems Software for which such Equifax Applications have been implemented. |
|
• Software Currency: N/A |
|
4.2.31. |
|
Other IS |
|
“Other IS” means all other Infrastructure Software that is not identified in one of the specific Infrastructure Software categories above. |
|
• Software Currency: *, , unless specified otherwise by Client, Server, Enabling or other Software Element. |
|
4.3. |
|
Applications Software |
|
“Applications Software” has the meaning provided in Section 2 of the Agreement. Applications Software includes supporting documentation, media, on-line help facilities, tutorials and embedded application developer tools. |
|
|
|
4.3.1. |
|
MS Office |
|
“MS Office” means the Applications Software that is a suite of desktop personal office productivity Applications licensed by MicroSoft Corp. Designation of MS Office as “Equifax Owned” refers to those works created by Equifax using the capabilities of the MS Office products (e.g., Access databases) |
|
• EUR: Desktop PC - no more than * licensor supported versions, which must comply with applicable Standards |
|
4.3.2. |
|
Email/Groupware |
|
“Email/Groupware” means Applications Software the primary purpose of which is to manage (i) the distribution of electronic messages, including receipt, delivery, and prioritization, and/or (ii) |
|
• * or * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-3-19
|
Reference |
|
Element |
|
Definition |
|
Attributes |
|
|
|
|
|
the use of groupware programs that facilitate information sharing, including through databases and workflows. Designation of Email/Groupware as “Equifax Owned” refers to those works created by Equifax using the capabilities of the Email/Groupware products (e.g., databases and work flows). |
|
|
|
4.3.3. |
|
DMS |
|
“DMS” means the Application Software defined as such in Schedule B. |
|
|
|
4.3.4. |
|
FIN * |
|
“FIN *” means the Application Software defined as such in Schedule B. |
|
|
|
4.3.5. |
|
HR * |
|
“HR *” means the Application Software defined as such in Schedule B. |
|
|
|
4.3.6. |
|
Images |
|
N/A |
|
N/A |
|
4.3.6.1. |
|
Legacy Images |
|
“Legacy Images” means those Software images in use on the Desktop PC Platform as of the Commencement Date and until the deployment of the Standard Images. |
|
|
|
4.3.6.2. |
|
Standard Images |
|
“Standard Images” means the Software image the Parties agree shall be the standard images in use on the Desktop PC Platform following Transition, which may be amended through the Change Management Process. The Standard Images consist of (i) core images for desktops; (ii) core images for notebooks; (iii) pre-defined Software packages based on line of business requirements; and (iv) unique Software requirements. |
|
• UK
& IRE: Up to * Standard Image core
for each of desktops and notebooks in concurrent use |
|
4.3.7. |
|
Image Content |
|
“Image Content” means the Software comprising the Legacy Images and Standard Images. |
|
|
|
4.3.8. |
|
Other AS |
|
“Other AS” means all other Applications Software that is not identified in one of the specific Applications Software categories above. |
|
Software Currency: As needed to support Equifax business requirements |
|
4.4. |
|
Equifax Owned |
|
“Equifax Owned” means a Software Element that is owned by (rather than licensed to) Equifax. |
|
|
|
4.5. |
|
Third Party |
|
“Third Party” means a Software Element that is not Equifax Owned. This category includes Software owned by or licensed to IBM. |
|
|
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
X-0-00
INTERACTION MODELS
The attachments hereto set forth interaction models the Parties have developed and agreed to follow to guide their interactions in certain key areas. The interaction models shall be considered to be operational documents, which may be revised by mutual written agreement of the IBM Global Project Executive and the Equifax Global Program Manager without the need for a formal amendment of the Agreement.
A-4-1
|
Legal and Regulatory Compliance |
|
Exhibit A-4-1 |
||||||||||
|
|
|
|
||||||||||
|
Equifax |
|
|
|
|
|
Receive Report |
|
|
|
Provide Additional Input Regarding Implementation of Compliance |
|
|
|
Interaction |
|
|
|
|
|
|
|
IBM Must Report |
|
EFX May Provide |
|
|
|
IBM |
|
2.1 |
|
* |
|
Create Compliance Implementation Report |
|
Report on Implementation of Compliance Requirements |
|
* |
|
Incorporate Specific Solution into the Compliance Portfolio |
|
Legal and Regulatory Compliance |
|
Exhibit A-4-1 |
||||||||||||||
|
|
|
|
||||||||||||||
|
Equifax |
|
Legal or Regulatory Requirement Applicable to the Equifax Bsns |
|
Determine Compliance Requirements and Policies |
|
Summary of Compliance and Requirements and Policies |
|
|
|
Receive Compliance Status Report |
|
Provide Additional Operational Data, If Necessary |
|
|
|
|
|
Interaction |
|
|
|
|
|
EFX Must Provide |
|
|
|
IBM Must Report |
|
EFX May Supply |
|
|
|
|
|
IBM |
|
|
|
|
|
Identify Operational Data to Document Compliance Status |
|
Collect Required Operational Compliance Data |
|
Describe State of Compliance with Supporting Data |
|
Implement Compliance Requirements |
|
Test Compliance Solution |
|
2.1 |
SERVICES LOCATIONS
The Services Locations as of the Execution Date are set out by Country Location in the Attachments hereto.
IBM is responsible for the accuracy of the information contained in the Attachments to this Exhibit to the extent the locations are ones at which IBM was providing services prior to the Execution Date under the then existing outsourcing services agreement.
Equifax is responsible for the accuracy of the information contained in the Attachments to this Exhibit to the extent the locations are ones at which IBM was not providing services prior to the Execution Date under the then existing outsourcing services agreement.
A-5-1
|
Interaction Model |
|||
|
Name |
|||
|
Third Party Contract Management |
|||
|
Purpose |
|||
|
Describes the interactions between the Actors to establish responsibility for the management and administration of, and compliance with, Equifax contracts with third party providers whose products (hardware and software) and services are required by IBM for its provision of the Services in cases where the contract is not being formally assigned to IBM. |
|||
|
Actors |
|||
|
Name |
|
General Description of Role |
|
|
Equifax |
|
Equifax is the signatory to contracts with third parties for resources (hardware, software and/or services) required by IBM for its provision of the Services. Equifax’s role is to identify and communicate to IBM the contractual legal and regulatory requirements that apply specifically to the Equifax Business, and with respect to which Equifax’s compliance will depend, in part, on IBM performing relevant portions of the Services in a manner that will not cause Equifax to be non-compliant. Equifax’s role is to develop corporate compliance policies describing the policies and procedures to be followed to comply with such requirements and to communicate such compliance policies in writing to IBM to the extent they are pertinent to IBM’s performance of the Services. Equifax is also responsible for enriching operational data and providing implementation guidelines to IBM upon request. |
|
|
IBM |
|
Responsible for management of the services provided under the third party contract, provider of operational information relevant to compliance with the terms of the contract and under certain circumstances responsible for compliance with the terms of the contract. |
|
ATTACHMENT
A-5-1
SERVICES LOCATIONS - CANADA
|
Location Type |
|
Location Purpose |
|
Address |
|
Service Provider (IBM) |
|
Data Center |
|
* |
|
Service Provider (IBM) |
|
Disaster Recovery Site |
|
* |
|
Service Provider |
|
Disaster Recovery Site |
|
* |
|
Equifax Location |
|
Call Center |
|
* |
|
Equifax Location / Service Provider |
|
* Montreal |
|
* |
|
Equifax Location |
|
Equifax Canada |
|
* |
|
Equifax Location |
|
Equifax Corporate |
|
* |
|
Service Provider |
|
* Call Center |
|
* |
|
Service Provider |
|
* Call Center |
|
* |
|
Service Provider |
|
* |
|
* |
|
Equifax Location |
|
Equifax - Burnaby |
|
* |
|
Equifax Location |
|
Equifax - Ottawa |
|
* |
|
Equifax Location |
|
Equifax - Halifax |
|
* |
|
Equifax Location |
|
|
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-1-1
|
Location Type |
|
Location Purpose |
|
Address |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
|
External Customer |
|
* |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-1-2
ATTACHMENT A-5-2
SERVICES LOCATIONS - SPAIN
|
Location Type |
|
Location Purpose |
|
Address |
|
Service Provider (IBM) |
|
Data Center |
|
* |
|
Service Provider |
|
Mainframe and Disaster Recovery Site |
|
* |
|
Equifax Location |
|
Equifax Iberica, S.L. - Corporate |
|
* |
|
Equifax Location |
|
Equifax Barcelona |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-2-3
ATTACHMENT A-5-3
SERVICES LOCATIONS - UK
|
Location Type |
|
Location Purpose |
|
Address |
|
3rd Party Provider |
|
* |
|
* |
|
3rd Party Provider |
|
* |
|
|
|
3rd Party |
|
* Service Provider |
|
* |
|
Equifax |
|
Equifax – London Corporate office |
|
* |
|
Equifax |
|
* Information Technology Centre |
|
* |
|
IBM |
|
Equifax – Mainframe Data Centre |
|
* |
|
IBM |
|
IBM Back Up Site |
|
* |
|
IBM |
|
IBM |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-3-4
ATTACHMENT A-5-4
SERVICES LOCATIONS - US
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-5
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-6
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-7
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-8
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-9
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-10
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-11
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-12
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-13
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-14
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-15
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-16
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-17
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-18
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-19
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-20
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-21
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-22
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-23
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-24
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-25
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-26
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-27
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-28
|
* |
|
Location Type |
|
Location Purpose |
|
Address |
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-4-29
|
Location Type |
|
Location Purpose |
|
Address |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3rd Party |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A-5-4-30
|
Location Type |
|
Location Purpose |
|
Address |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
A-5-4-31
|
Location Type |
|
Location Purpose |
|
Address |
|
Customer |
|
|
|
|
|
Customer* |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A-5-4-32
|
Location Type |
|
Location Purpose |
|
Address |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Affiliate |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Affiliate |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Affiliate |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer* |
|
|
|
|
|
Customer |
|
|
|
|
|
Affiliate |
|
|
|
|
A-5-4-33
|
Location Type |
|
Location Purpose |
|
Address |
|
EFX Office |
|
Dealer Marketing (DM Services) |
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer* |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EFX Office |
|
EFX - Birmingham |
|
|
|
EFX Office |
|
EFX - Brea |
|
|
|
EFX Office |
|
EFX - CDC New York |
|
|
|
EFX Office |
|
EFX - CDC Zephyr Cove |
|
|
|
EFX Office |
|
EFX - Charlotte |
|
|
|
EFX Office |
|
EFX - Xxxxxx |
|
|
|
EFX Office |
|
EFX - Denver |
|
|
|
EFX Office |
|
EFX - ECIS (Metarie) |
|
|
|
EFX Office |
|
EFX - Gibbsboro |
|
|
|
EFX Office |
|
EFX - Xxxxxxx |
|
|
|
EFX Office |
|
EFX - HOST PRI (ISDN) |
|
|
|
EFX Office |
|
EFX - Houston |
|
|
|
EFX Office* |
|
EFX - Italy (aka Equifax Rome)* |
|
|
|
EFX Office |
|
EFX - Knoxville - Choice Data (48 MEG) |
|
|
A-5-4-34
|
Location Type |
|
Location Purpose |
|
Address |
|
EFX Office |
|
EFX - Lombard Primary |
|
|
|
EFX Office |
|
EFX - Montvale |
|
|
|
EFX Office |
|
EFX - Naviant (Prod) |
|
|
|
EFX Office |
|
EFX - Naviant miami |
|
|
|
EFX Office |
|
EFX - New York - Sales |
|
|
|
EFX Office |
|
EFX - Newark |
|
|
|
EFX Office |
|
EFX - Orlando |
|
|
|
EFX Office |
|
EFX - Southfield |
|
|
|
EFX Office* |
|
EFX - Spain* |
|
|
|
EFX Office |
|
EFX - Tech Services TEST BRI (ISDN) |
|
|
|
EFX Office |
|
EFX - Tinton Falls |
|
|
|
EFX Office* |
|
EFX - Uruguay* |
|
|
|
EFX Office |
|
EFX - Woburn |
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A-5-4-35
|
Location Type |
|
Location Purpose |
|
Address |
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3rd Party |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Efx Procssing |
|
GRID - IBM eBHC - Atlanta (PROD) |
|
|
|
Efx Procssing |
|
GRID - IBM eBHC - Sterling (DR) |
|
|
|
Efx Procssing |
|
GRID - River Green |
|
|
|
|
|
GTE Data Services |
|
|
|
|
|
Xxxxxxx Bank |
|
|
A-5-4-36
|
Location Type |
|
Location Purpose |
|
Address |
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer* |
|
|
|
|
|
Customer* |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer* |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
A-5-4-37
|
Location Type |
|
Location Purpose |
|
Address |
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
A-5-4-38
|
Location Type |
|
Location Purpose |
|
Address |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A-5-4-39
|
Location Type |
|
Location Purpose |
|
Address |
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer* |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A-5-4-40
|
Location Type |
|
Location Purpose |
|
Address |
|
|
|
|
|
|
|
|
|
|
|
|
|
3rd Party |
|
|
|
|
|
3rd Party |
|
|
|
|
|
EFX Processing Center |
|
Test Router in Y2K Lab |
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3rd Party |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A-5-4-41
|
Location Type |
|
Location Purpose |
|
Address |
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Customer |
|
|
|
|
* These Services Locations are * connections that are monitored and managed *.
X-0-0-00
XXXXXXXXXX X-0-0
XXXXXXXX XXXXXXXXX - XXXXXXX
|
Location Type |
|
Location Purpose |
|
Address |
|
Equifax |
|
Equifax Database Company Ltd |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
A-5-5-43
SCHEDULE B - SERVICE LEVELS
TO
AGREEMENT FOR OPERATIONS SUPPORT SERVICES
BY AND BETWEEN
AND
INTERNATIONAL BUSINESS MACHINES CORPORATION
SCHEDULE B
Service Levels
1. |
INTRODUCTION. |
|
|
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
Multiple Service Level Conditions and Multiple Month Measurement Periods. |
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
||
TABLE OF EXHIBITS AND ATTACHMENTS:
|
|
|||
|
|
|
||
|
|
|
||
|
|
Service Request Classifications and Completion Time Requirements |
|
|
|
|
|
||
|
|
|
||
B-ii
B-iii
1. INTRODUCTION.
This Schedule B sets forth the Service Levels that IBM is required to meet or exceed in performing the Services. This Schedule also describes the methodology for calculating Service Level Credits that will be provided to Equifax by IBM if IBM fails to meet any Service Levels designated as Critical Service Levels.
The principal purpose of the Service Levels is to provide a mechanism for the Parties to assess the degree to which the Services meet the needs of the Equifax Business and to realign the Services with the Equifax Business as it changes and as its needs and priorities change and evolve over time.
During the Term, new Service Levels may be added or substituted by the Parties in order to achieve a fair, accurate, and consistent measurement of IBM’s performance of the Services. For example, such additions or substitutions may occur in conjunction with changes to the technology environments managed by IBM and the introduction of new applications. Where the changes to the technology environments managed by IBM are made via a replacement, successor or upgrade of existing technology, there shall be a presumption (subject, if appropriate, to an initial Baselining Period) of equivalent or improved performance. It is also the expectation of the Parties that the Service Levels will be improved over time as described in Section 5.
2. DEFINITIONS.
2.1 Certain Definitions.
The following capitalized terms used in this Schedule B and its Exhibits shall have the meanings given below.
(a) “Abandon Rate” means, for live telephone calls to the Service Desk during a calendar month (i.e., excluding contacts received via HelpNow, or facsimile), the percentage of such calls: (i) that are not answered by a Service Desk agent responsible for problem resolution efforts after the caller selects the option on the voice response unit to speak to a Service Desk representative; and (ii) that are subsequently terminated by the caller or in which the caller is directed to leave a voicemail without speaking to a live Service Desk representative.
(b) “Amount at Risk” means, for any calendar month during the Term, the amount equal to * (* %) of the aggregate charges payable in the affected Country Location by Equifax under the Agreement corresponding to such month (*).
(c) “Application Response Time” means the elapsed time to process a measured transaction * , measured as the elapsed time between the moment when a transaction is * and the moment that such transaction is *.
(d) “Availability” of particular equipment, software, services or data is the extent to which such equipment, software, services and data are actually Available for Use by * during the Scheduled Uptime for such equipment, software, services and data, including where Available for Use through redundancy in the equipment, software, services and data being measured. Availability shall be expressed as a percentage, by subtracting aggregate Downtime for the calendar month from the aggregate Scheduled Uptime for such
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1
month, and expressing the result as a percentage of the aggregate Scheduled Uptime for such month (i.e., Availability % = ((aggregate Scheduled Uptime - aggregate Downtime) / aggregate Scheduled Uptime) x 100).
(e) “Available for Use” shall mean the ability of equipment, software, services and data, which are used to provide the IT Services and for which IBM is responsible, to be utilized in accordance with normal operations (including applicable equipment and software specifications and committed levels of service) and without degradation of performance.
(f) “Average Speed of Answer” means, for all live telephone calls to the Service Desk during a calendar month (i.e., excluding contacts received via HelpNow, or facsimile), the average elapsed time in seconds between: (i) the end user’s selection of the option on the voice response unit to speak to a Service Desk agent; and (ii) the moment that such call is answered by a live agent responsible for receiving such call. The Average Speed of Answer Service Level shall be measured *.
(g) “Backbone LAN Failure Rate” means the aggregate number of Backbone LAN Failure Events detected by or reported to IBM per calendar month at each Equifax Site hosting Application Server(s). A “Backbone LAN Failure Event” means a Problem with the network infrastructure * between and among, and including, LAN switches at such Equifax Site.
(h) “Baselining Period” has the meaning given in Section 3.5(d)(i).
(i) “Business Day” means Monday through Friday from * to * , local time, excluding holidays observed by Equifax.
(j) “Blocked” means the return of a busy signal to a user, or a failure to connect a call to the intended recipient, on a voice network, each that is due to a failure for which IBM is responsible under the Agreement.
(k) “Change Control Process” has the meaning given in the Agreement.
(l) “Change Management Timeliness Rate” means, for all Changes that are required to be performed through the Change Management Process, the percentage of such Changes that IBM performs within the timeframe set out in the applicable Change Management procedures.
(m) “Change Success Rate” means, for all Changes that are required to be performed in accordance with the Change Management Process, the percentage of such Changes that are performed correctly and without the need to perform the fall-back procedures (*), and within the applicable timeframes.
(n) “Chargeback Information Errors” means, for the data required to be sent to Equifax to enable Equifax’s accurate chargeback of IBM’s charges (*) during the applicable invoice period, the number of errors made by IBM in the applicable IBM invoice.
(o) “Circuit” means for purposes of this Schedule B only, the network connection commencing with and including the host data communications equipment
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-2
(*) and termination at and including the remote data communications equipment (*).
(p) “Commencement Date” has the meaning given in the Agreement.
(q) “Commercially Reasonable Efforts” has the meaning given in the Agreement.
(r) “Contract Year” has the meaning given in the Agreement.
(s) “Critical Service Level” means any Service Level designated as such in Exhibit B-2.
(t) “Critical Service Level Default” shall mean a Service Level Default in respect of a Critical Service Level.
(u) “Customer Satisfaction * ” means the percentage of * satisfaction survey scores that receive the required average score or higher. Equifax shall perform * satisfaction surveys using a third party service and in accordance with the processes and timing set forth in Attachment B-4-6.
(v) “Customer Satisfaction * ” means the percentage of * satisfaction survey scores Equifax that receive the required average score higher. IBM shall perform * satisfaction surveys in accordance with the processes and timing set forth in Attachment B-4-6.
(w) “Customer Satisfaction * ” means the percentage of * satisfaction survey scores for projects that receive the required average score or higher. Equifax shall perform * satisfaction surveys using a third party service and in accordance with the processes and timing set forth in Attachment B-4-6.
(x) “Downtime” shall mean the aggregate time during the Scheduled Uptime for a calendar month that specified equipment, software, services or data is not Available for Use.
(y) “Effective Date” has the meaning given in the Agreement.
(z) “Equifax Retained Function” has the meaning given in the Agreement.
(aa) “Escalation Time” means, with respect to a particular Incident or Problem, the elapsed time between: (i)(1) if IBM has not previously escalated such Incident or Problem, the earlier of the moment that an end user reports such Incident or Problem to IBM or the moment that IBM otherwise becomes aware of such Incident or Problem; or (2) if IBM has previously escalated such Incident or Problem, the moment that IBM escalated resolution efforts with respect to such Incident or Problem to the current support level; and (ii) the moment that IBM appropriately contacts and escalates resolution efforts for such Incident or Problem to a higher support level.
(bb) “First Call Problem Resolution Percentage” means, for all initial Incidents and Problems reported to the Service Desk during a calendar month via telephone call (*), the percentage of such initial problems that are resolved by the Help Desk: (i) without transferring the caller to level 2 or level 3 support, or incurring callback or other similar disruption to the initial call; and (ii) with the caller’s verbal concurrence prior to the termination of the call.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-3
(cc) “High Risk Security Audit Findings” means the number of security-related audit findings categorized as “High Risk” by an Equifax or IBM security audit (*)(each a “High Risk Finding”). *
(dd) “Hours of Operation” means * hours, a day * days a week unless specified otherwise.
(ee) “Invoice Accuracy” means for each monthly invoice submitted by IBM to Equifax, the percentage of IBM’s Monthly Charges for each line item that are completely and accurately presented in the invoice.
(ff) “Measurement Period” has the meaning given in Section 3.4(a).
(gg) “Miss” means the incompletion of an initiated batch processing job by the scheduled time or within the scheduled time frame.
(hh) “Outage” means with respect to particular equipment, software, services or data a discrete event where such equipment, software, services and data are actually not * during the Scheduled Uptime for such equipment, software, services and data.
(ii) “Packet Error Rate” means the quantity calculated as: (i) the aggregate number of data packets introduced at a data Network ingress point during the aggregate Scheduled Uptime during a calendar month for the data Network that reach the intended data Network egress point with any data corruption in such packets, divided by (ii) the aggregate number of data packets introduced at a Data Network ingress point during such aggregate Scheduled Uptime during a calendar month, the result expressed as a percentage.
(jj) “Password Reset Time “ means the elapsed amount of time between an Internal or External Customer request for a password reset and the moment IBM completes such password reset.
(kk) “Password-ID Deactivation Time “ means the elapsed amount of time between (i) the earlier of (A) an Equifax request to have a user’s system access deactivated and (B) other notice to IBM of the need to deactivate an user’s system access and (ii) the moment IBM deactivates such system access.
(ll) “Password-ID Activation Time “ means the elapsed amount of time between (i) an authorized request to have a user’s system access activated and (ii) the moment IBM activates such system access.
(mm) “Pool Percentage Available for Allocation” shall mean * percentage points in each Country Location.
(nn) “Problem Resolution Notification Process” means the process set out in Attachment B-4-4.
(oo) “Problem Resolution Time” means the elapsed time between: (i) the earlier of the moment that an Incident or Problem is reported to IBM (*) or the moment that IBM otherwise becomes aware of such Incident or Problem; and (ii) the moment that the affected equipment, software, data or services for which IBM is responsible are restored to normal operations in accordance with applicable specifications, or IBM implements a commercially
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-4
reasonable workaround, such that a user or users of the corresponding IT Services incur(s) no more than a de minimis, insignificant degradation of service that does not affect such user or users’ ability to perform their work, and the corresponding ticket is updated to reflect that such Incident or Problem has been resolved. A ticket associated with a particular Incident or Problem shall not be closed until the end user reporting the Incident or Problem or other appropriate Equifax-designated personnel agrees that such ticket may be closed, or, if the end user is unavailable, IBM has provided notification to the end user by following the Equifax Notification Process.
(pp) “Problem Response Time” means the elapsed time between: (i) the earlier of the moment that an Incident or Problem is reported to IBM (*) or the moment that IBM otherwise becomes aware of such Incident or Problem; and (ii) notification of acknowledgement to the applicable External Customer or Equifax contact and the commencement of resolution efforts by the group responsible for resolution (e.g., dispatch of technician or commencement of remote diagnostic activity, or, in the case of problems that are not within the scope of the Services, the handoff of resolution efforts to the appropriate Equifax or third party personnel); mere scheduling of resolution efforts shall not be deemed to be “commencement of resolution efforts”.
(qq) “Project On-Budget Accuracy” means, for each Project and project performed by IBM with a governance level of Senior Management or higher, the percentage difference between (i) IBM’s estimate of the IBM and third party charges to Equifax for non-Equifax labor, hardware and software for such Project or project (as such estimate may be amended to reflect agreed scope changes and changes in third party estimates due to the lapse in time between the estimate and the time of the actual purchase where Equifax is responsible for such purchase) and (ii) the final charges incurred by Equifax for the elements of such Project or project that were the subject of the estimate.
(rr) “Project On-Time Delivery Accuracy” means, for Projects and projects performed by IBM with a governance level of Senior Management or higher, the percentage of such Projects and projects that are delivered by IBM within the timeframe contained in the applicable Projects or projects plan estimate (as such estimate may be amended to reflect agreed scope changes).
(ss) “Release Implementation Timeframe Accuracy” means the percentage of Releases that are implemented within the timeframe specified for such activities. “Releases” has the meaning provided in Section 5.3.5 of Attachment A-2 (Process Definitions).
(tt) “Remote Access” means Equifax’s then-current access methods for providing system access to External and Internal Customers not accessing systems through a LAN, WAN or MAN. Remote Access includes access through *.
(uu) “Requirements Solution Customer Satisfaction” means, for all Requirements Solutions delivered by IBM to Equifax during the Measurement Period, the percentage of such Requirements Solutions that receive the average required score on the customer satisfaction survey. The customer satisfaction survey for Requirements Solutions shall address at a minimum: (i) the speed and accuracy with which IBM provides estimates for delivering Requirements Solutions that
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-5
address Business Requirements; (ii) the speed with which IBM actually delivers Requirements Solutions that address Business Requirements; and (iii) the quality, creativity and thoroughness with which Requirements Solutions address Business Requirements.
(vv) “Requirements Solution” means the collected deliverables to be provided by IBM to Equifax as output of the Develop Implementation Requirements, Develop Solution and Estimate Time and Resources Processes in response to Equifax’s submission to IBM of Business Requirements in accordance with the Requirements Process.
(ww) “Root Cause Analysis Time” means the elapsed time between: (i) (a) the resolution of a Severity 1, 2 Incident or Problem or a Severity 3 Incident or Problem affecting any External Customer, or for all other Incidents and Problems, (b) IBM receipt of an Equifax request for an RCA; and (ii) Equifax’s receipt of an IBM action plan for root cause remediation that: (1) identifies, in a level of detail and at a level of accuracy that is reasonably complete under the circumstances, the root cause(s) of such Incident or Problem; and (2) describes a detailed, effective and efficient means of addressing such root cause(s) of such Incident or Problem (including appropriate measures to prevent recurrence of such Incidents or Problems and minimize risks to Equifax).
(xx) “Scheduled Downtime” shall mean of the aggregate amount of time during Equifax-approved maintenance windows in any calendar month during which equipment, software, services or data are scheduled to not be Available for Use, to the extent approved by Equifax (e.g. for such activities as preventive maintenance and system upgrades, each as approved by Equifax). Certain Equifax-approved maintenance windows as of the Commencement Date are set forth in Attachments X-0-0, X-0-0, X-0-0, X-0-0 and B-5-1.
(yy) “Scheduled Uptime” shall mean, with respect to a Service Level, the time during which equipment, software, services or data are to be Available for Use during a calendar month, excluding Scheduled Downtime.
(zz) “Security Incident Reporting Time” means, for all security Incidents during the Measurement Period, the average of the elapsed amount of time between (i) the moment each security Incident is detected by IBM and (ii) the moment such Incident is reported to Equifax.
(aaa) “Security Software Change Identification To Release Time” means the elapsed amount of time between (i) the later of the moment when IBM or Equifax identifies or communicates to IBM, or IBM identifies (respectively) a non-remedial change that should be made to security Software (*), or when the pattern file that addresses such change is made available to IBM, and (ii) the moment when such change has been provided to the Change Management process for implementation.
(bbb) “Service Desk” means the IBM service organization(s) that perform(s) the Receipt Process activities of the Service Desk Process, which includes receiving Incident and Problem notifications and Service Requests from External and Internal Customers.
(ccc) “Service Level Credit” has the meaning given in Section 3.7(c).
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-6
(ddd) “Service Level Default” has the meaning given in Section 3.7.
(eee) “Service Request” means a request to IBM to perform a specific service currently included as part of the Services.
(fff) “Service Request Completion Time Percentage” means the percentage of Service Requests during the Measurement Period for which the Service Request Completion Time corresponding to each such classification set forth in such Attachment B-4-3 is achieved. “Service Request Completion Time” means the elapsed time between: (i) IBM’s receipt of a Service Request; and (ii) the time such Service Request is completed in accordance with the Procedures Manual. At a minimum, completion of the request shall be satisfied when the corresponding IT Services are fully functional and ready for use by the end user who made the Service Request, and such end user agrees the Service Request has been satisfactorily completed, or if the end user is unavailable, IBM has provided notification to the end user by following the Equifax Notification Process. Service Request Completion Time includes the time necessary to implement, test, configure and tune the requested services in a production environment.
(ggg) “Severity Level” means, with respect to an Incident or Problem, the highest-priority level that is applicable based on the classifications set forth in Attachments X-0-0, X-0-0, X-0-0, X-0-0 and B-5-5.
(hhh) “Site” means any location to which IBM is responsible for delivering Services, including External Customer locations.
(iii) “Standards Implementation Accuracy” means the percentage of standards applicable to IBM as a Process Actor that IBM accurately implements. Standards Implementation Accuracy is be measured * using data from the Configuration Management system.
(jjj) “Status Update Time” means, with respect to a particular Incident or Problem, the elapsed time between: (i) (1) if IBM has not received previous notification of such Incident or Problem, the earlier of the moment that an end user reports such Incident or Problem to IBM or the moment that IBM otherwise becomes aware of such problem; or (2) if IBM has received previous notification of such Incident or Problem, the moment that IBM provided the most recent previous status update to appropriate Equifax-designated personnel and the end user who reported the problem with respect to resolution efforts for such Incident or Problem; and (ii) the moment that IBM provides an initial status update or subsequent status update, as applicable, to appropriate Equifax-designated personnel and the end user who reported the Incident or Problem with respect to the corresponding resolution efforts. Status updates shall be made by e-mail, telephone, voicemail, or other contact, as appropriate, and shall include information regarding the status of the Incident or Problem, next steps, and estimated time of resolution.
(kkk) “Tape Mount Time” means the elapsed time from (i) receipt of a system generated tape mount request to (ii) system generated notice of fulfillment of the request.
(lll) “Unauthorized Network Penetration Attempts” means any unsuccessful attempt to access or otherwise penetration Equifax’s network detected by IBM.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-7
(mmm) “Unauthorized Successful Network Penetration Incidents” means successful penetrations of Equifax’s network, either intentional or otherwise due to (i) IBM’s failure to implement the applicable security policies and standards for which IBM is the Security Implementation Process Actor, or (ii) IBM’s failure to identify previously known potential or existing areas of exposure with Equifax’s security policies and standards prior to any implementation thereof.
(nnn) “Virus Signature File Deployment” means the percentage of virus signature files published by the virus protection service provider during the Measurement Period that are completely deployed (meaning, in the case of networked Desktop PCs, “pushed”) to the Desktop PCs within one week of the date such files are published.
(ooo) “Voice Grade of Service” or “VGOS” means the probability that a call originating from or terminating at a location for which IBM is obligated to provide Services during * will be Blocked. VGOS is calculated by dividing: (i) the * originating from or terminating at a location for which IBM is obligated to provide Network Services that are Blocked during the Voice Network Busy Hour by (ii) the * calls originating from or terminating at such location during the Voice Network Busy Hour, expressed as a decimal preceded by “P” (e.g., P.010”).
(ppp) “Weighting Factor” means for any Critical Service Level, the portion of the Pool Percentage Available for Allocation that is allocated to that Critical Service Level by Equifax. The Weighting Factors for the Critical Service Levels as of the Commencement Date are set forth in Attachments X-0-0, X-0-0, X-0-0, X-0-0 and B-5-2.
2.2 Other Defined Terms.
Capitalized terms used but not defined in this Schedule B shall have the meanings given them elsewhere in the Agreement.
3.1 General.
Subject to Section 3.8(a), IBM shall perform the Services in a manner that meets or exceeds each of the Service Levels.
3.2 Performance Monitoring, Reporting and Management.
(a) IBM shall perform the Services for Equifax:
(i) taking a proactive role in managing Equifax Retained Functions, including by promptly escalating, with Equifax or with the applicable third-party supplier, problems corresponding to Equifax Retained Functions, and managing the resolution of such problems;
(ii) measuring and reporting performance of the Service Levels as described herein;
(iii) participating in the Equifax business-focused service level agreement process by providing performance data which relates to the Services that will be consolidated to provide an end-to-end view of service, and provide such other relevant information as IBM may have that may be
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-8
necessary for Equifax to assure end-to-end service delivery to business customers; and
(iv) providing a single point of contact for the prompt resolution of all Service Level failures and other failures that produce a degradation of service detectable by IBM, regardless of whether the reason for such failures were caused by IBM or third parties.
(b) The Parties expect that over time the current “componentized” Service Level regime will be transformed from one that focuses on the delivery of discrete IT Infrastructure Elements (e.g., Circuits and Servers) to Service Levels that measure the delivery of Equifax services to Internal and External Customers in an “end to end” manner. Accordingly, the Parties will work in good faith to plan for and implement end to end Service Levels over time as the necessary monitoring and reporting technology is implemented by IBM.
3.3 Measurement Tools.
(a) IBM shall measure its performance with respect to each Service Level using the corresponding measurement tools and methodologies identified for such Service Level in Attachments X-0-0, X-0-0, X-0-0, X-0-0 and B-5-1, or such other means as are mutually agreed upon by the Parties. IBM shall have * responsibility for existing tools required to measure performance against the Service Levels, including as the Service Levels and/or measurement tools may be modified or added, subject to the Change Control Process. If Equifax exercises its rights under this Schedule B to remove or add a Service Level, the Change Control Process shall apply. The provisions of Section 10.1 (Prices and Charges for New Services) of Schedule C (Charges) shall be used to determine whether IBM’s implementation of the changes requested by Equifax would require IBM to perform New Services.
(b) If, after the Commencement Date, IBM desires to use a different measuring tool for any Service Level, IBM shall provide written notice to Equifax describing the tool, IBM’s rationale for proposing the change and the likely effects on Equifax of switching to such tool. If IBM believes that switching to the proposed tool would warrant making any adjustments to the affected Service Levels, IBM’s notice to Equifax will so indicate. IBM may not switch to the proposed tool unless its use (and, where applicable, any associated Service Level adjustments) are approved in advance by Equifax.
(c) IBM shall provide Equifax, where feasible, with real-time, read-only access to the monitoring and performance management data and tools used by IBM to monitor the Services and measure performance against the Service Levels.
3.4 Measurement and Reporting.
(a) “Measurement Period” for a Service Level shall mean the period during which IBM shall measure and report on performance against such Service Level. Except as otherwise specified in Exhibit B-1, the Measurement Period for each Service Level shall be a calendar month.
(b) The data used to measure IBM’s performance of the Services against the Service Levels shall be data reflecting IBM’s actual performance, not merely a sampling
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-9
of its performance, unless otherwise specifically stated in the measurement methodology for a specific Service Level.
(c) IBM shall provide to Equifax by the * day of the month immediately following the relevant Measurement Period a report for each Country Location (in an agreed format) assessing IBM’s performance against the Critical Service Levels and those additional Service Levels for which completely automated measurements are possible. IBM shall provide to Equifax by the * day of the month immediately following the relevant Measurement Period a report for each Country Location (in an agreed format) assessing IBM’s performance against those Service Levels requiring manual measurement calculations. Such reports shall include notification to Equifax of any Service Level Default during the month, including an analysis of the root causes of such defaults, the extent to which the same Service Level Default has occurred on previous occasions, associated trend analyses and a description of remedial and/or preventative steps taken or planned to be taken by IBM. The reports, as well as the data and detailed supporting information, shall be Equifax/IBM Confidential Information, and Equifax may access such information on-line, to the extent such information is available, at any time during the Term.
(d) Upon Equifax’s request, IBM shall provide, and Equifax shall have access to, Service Level data as requested by Equifax to verify the accuracy of IBM’s Service Level reports, in machine-readable form suitable for use on a personal computer where practicable without material additional expense.
(e) Except as otherwise specified, all references in this Schedule B and its Exhibits to hours shall be to actual hours during a calendar day and not to business hours; all references to time shall be to local time at the Equifax Group site at which the Service in question is being received; and all references to days, months and quarters shall be to calendar days, calendar months and calendar quarters.
3.5 Service Level Codes.
(a) The Service Levels shall be categorized as follows for purposes of determining commencement dates and Baselining Periods (if any):
(i) * Service Levels for which acceptable measurement tools exist as of the Commencement Date and for which the Parties have agreed to the applicable Performance Standard based on some period of raw historical performance data;
(ii) * Service Levels for which acceptable measurement tools exist as of the Commencement Date but for which the Parties have not yet agreed to the applicable Performance Standard because additional time is required to gather and review raw historical performance data;
(iii) * Service Levels for which historical performance data or measurement tools are lacking and which will be measured following the Commencement Date in order to establish sufficient historical data.
(iv) * Service Levels for which historical performance data and measurement tools are lacking and which require changes to the existing IT Environment infrastructure or processes and which will be measured following the deployment of the necessary measurement tools and/or
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-10
implementation of the necessary changes to the IT Environment infrastructure or processes in order to establish sufficient historical data.
(v) * Service Levels for which IBM’s responsibility is limited to monitoring, measuring and reporting (rather than achieving). A Service Level may be coded as “C/D” if the tools or processes needed to provide the report are not available as of the Commencement Date.
For each of the Service Levels set forth in Attachments X-0-0, X-0-0, X-0-0, X-0-0 and B-5-1, one of the codes above has been designated in the “Code” column of the applicable table.
(b) For each Service Level metric designated as a * Service Level, IBM shall meet or exceed the corresponding Service Level as of the Commencement Date and for the remainder of the Term.
(c) For each Service Level designated as a * Service Level, the Parties shall work to determine the applicable Performance Standard no later than * calculated based on historic performance data for: (A) * for Service Levels that are subject to substantial fluctuation during the year (e.g., due to peak season demand) and (B) * otherwise. This calculation shall average the historic performance data for each month of the period, excluding the highest and the lowest months from the calculation if the historic performance data period is * or more months. At any time the Parties may agree to change a * Service Level to a * Service Level. * Service Levels, and the associated Service Level Credits for Service Level Defaults, shall be effective as of the month following the Parties agreement to the applicable Performance Standards
(d) For each Service Level designated as * (which may be further designated as either a * or * ) Service Level, the following shall apply:
(i) The Parties have established a provisional Performance Standard based on their mutual expectations of what is reasonably achievable. IBM shall measure and report against, and use Commercially Reasonable Efforts to meet or exceed, the provisional Performance Standard during the Baselining Period.
(ii) “Baselining Period” means the period commencing on the applicable “Measurement Date” (as specified in Attachments X-0-0, X-0-0, X-0-0, X-0-0 and B-5-1) and continuing thereafter for: (A) * months for each * Service Level and (B) * months for each * Service Level; provided, however, that as of the end of any existing Baselining Period, Equifax may extend the Baselining Period one or more additional calendar months, and in such event, the “Baselining Period” shall mean the period ending as of the end of the last additional calendar month of the Equifax-specified extension to the original period. For each * Service Level that has not been designated * or * as of the Commencement Date, the Parties shall agree whether the applicable Baselining Period will be * or * months. The Baselining Period will be * months for Service Levels that are subject to substantial fluctuation during the year (e.g., due to peak season demand) and * months otherwise.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-11
(iii) Prior to the Measurement Date specified for such Service Level, IBM shall implement measurement tools and processes sufficient to enable the measurement of IBM’s actual performance of the Services against the Service Level.
(iv) Commencing with the first calendar month following the Baselining Period, the Performance Standard for the Service Level shall be set at the average of the monthly measurements during the Baselining Period, excluding the highest and the lowest months from the calculation of the average if the Baselining Period was * or more months. IBM will be obligated to meet or exceed such Service Level starting with the calendar month after the end of the Baselining Period.
(e) For each Service Level designated as a * Service Level, the following shall apply:
(i) IBM shall implement measurement tools, infrastructure or processes sufficient to enable the measurement of IBM’s actual performance of the Services against the Service Level.
(ii) The Parties will establish a provisional Performance Standard based on their mutual expectations of what is reasonably achievable. IBM shall measure and report against, and use Commercially Reasonable Efforts to meet or exceed, the provisional Performance Standard during the Baselining Period.
(iii) “Baselining Period” means the period commencing on the first day of the month following the implementation of the necessary measurement tools, infrastructure or processes and continuing thereafter for: (A) * months for Service Levels that are subject to substantial fluctuation during the year (e.g., due to peak season demand) and (B) * months otherwise; provided, however, that as of the end of any existing Baselining Period, Equifax may extend the Baselining Period one or more additional calendar months, and in such event, the “Baselining Period” shall mean the period ending as of the end of the last additional calendar month of the Equifax-specified extension to the original period.
(iv) Commencing with the first calendar month following the Baselining Period, the Performance Standard for the Service Level shall be set at the average of the monthly measurements during the Baselining Period, excluding the highest and the lowest months from the calculation of the average if the Baselining Period was * or more months. IBM will be obligated to meet or exceed such Service Level starting with the calendar month after the end of the Baselining Period.
(f) For each Service Level metric designated as a * Service Level, IBM shall monitor, measure and report against the Service Level as of the Commencement Date and for the remainder of the Term; provided, however, for * Service Levels, such IBM shall IBM shall implement measurement tools, infrastructure or processes sufficient to enable IBM to report on the Service Level if they are not already available as of the Commencement Date and shall commence monitoring, measuring and reporting against the Service Level on the first day of the month following the implementation of the measurement tools, infrastructure or processes necessary to do so.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-12
3.6 Multiple Service Level Conditions and Multiple Month Measurement Periods.
(a) Where a Service Level includes multiple conditions or components (e.g., components x, y and z), satisfaction of each condition or component (i.e., components x, y and z in the foregoing example) is necessary to meet the corresponding Service Level.
(b) If IBM fails a rolling multiple month measurement (*) for a Critical Service Level in a particular month and pays a Service Level Credit for such Critical Service Level Default , the rolling month measurement period shall be * and the number of failure events, minutes or other units of measure being aggregated over the rolling multiple month period shall be *.
(a) Each of the following circumstances shall constitute a Service Level Default unless excused under Section 3.8:
(i) if the Service Level is not met or exceeded for any Measurement Period;
(ii) if IBM fails to properly monitor or measure performance with respect to the Service Level for any Measurement Period; or
(iii) if IBM fails to timely report its actual performance against the Service Level and such failure to report impacts the timeliness of receipt by Equifax of a Service Level Credit that is owed to Equifax by IBM.
(b) In the event of a Service Level Default, IBM shall perform a root cause analysis to determine the source of the default and provide Equifax with relevant information as to the cause of the default. To the extent such analysis reveals that the default was caused by circumstances under IBM’s control, IBM shall: (i) advise Equifax of feasible remedial efforts; (ii) take steps to minimize the adverse effects of the default and any continuing problems; and (iii) institute measures to prevent or minimize the potential of recurrences. The foregoing shall not limit IBM’s obligations with respect to Incident Management and Problem Management under Schedule A.
(c) In the event of a * Default, Equifax may elect to receive a monetary credit in an amount determined under Section 4.3 (each, a “Service Credit”; collectively, the “Service Credits”). The Parties agree that the Service Credits are a fair estimate of the damages that the Equifax Group will incur for each event for which a Service Credit is granted in the Agreement, that the actual damages incurred by the Equifax Group in each such event would be difficult and costly to determine, and that the Service Credits are liquidated damages awarded in lieu of actual damages incurred by the Equifax Group. The Parties agree that the Service Credits are not penalties and are the sole and exclusive monetary remedy of Equifax with respect to the incident or event with respect to which such Service Credits are paid or credited by IBM to Equifax. However, the preceding sentence shall not be construed to limit Equifax’s rights with respect to the events upon which Equifax may rely as a basis for Equifax’s termination of the Agreement for cause or to seek damages in connection with Equifax’s termination of the Agreement for cause. If Equifax seeks to recover damages in connection with Equifax’s termination of the Agreement (in whole or
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-13
in part) for cause, the provisions of Section 13.5 (Remedies) of the Agreement will govern.
(d) For any Service Level Default, IBM shall report such default in writing to Equifax. Such report shall, at a minimum: (A) identify and describe as a “ * Default * ” each * Default that occurred; and (B) for each * Default, calculate the Service Level Credit applicable to such * Default.
3.8 Excusable Failure to Meet Service Levels.
IBM’s failure to meet a Service Level shall not constitute a Service Level Default if IBM establishes that :
(a) (i) Equifax’s failure to perform an Equifax Retained Function or its other responsibilities set forth in this Agreement was the root cause of IBM’s failure to meet such Service Level; (ii) IBM would have achieved such Service Level but for such Equifax failure; (iii) IBM used Commercially Reasonable Efforts to perform and achieve the Service Level notwithstanding the presence and impact of such Equifax failure; (iv) the root cause proves to be indeterminant (but this clause (iv) shall not apply in circumstances where IBM has end-to-end responsibility for the affected process); and (v) IBM was without fault in causing such Equifax failure (e.g. IBM performed its management responsibilities with respect to a Third Party Provider, but the Service Level was missed as a result of the performance of the Third Party Provider for reasons outside the control of IBM); or
(b) such failure is expressly excused pursuant to the Sections 4.9(d)(iv) (Euro-ready Service Relief), 12.7 (Savings Clause), and 17.3(b) (Force Majeure) of the Agreement.
3.9 Service Level Credit Earn-back.
With respect to any * Default of an availability measurement (i.e, percentage of Availability or allowable minutes of Downtime), IBM may earn back the Service Level Credit it has paid to Equifax for such Default if IBM exceeds the failed * by at least five percent (*) for the * (*) consecutive months following the month in which the * Default occurred. For example, if a * requires * Availability, IBM must achieve at least * Availability for the following * consecutive months to earn back the Service Level Credit. Similarly, if a * prohibits more than * minutes of Downtime per month, IBM must achieve less than * minutes of Downtime for the following * consecutive months to earn back the Service Level Credit. For the avoidance of doubt, this provision does not excuse IBM from paying Service Level Credits when due pursuant to Section 4.3(b). If IBM becomes entitled to repayment of a previously paid Service Level Credit under this paragraph, IBM may include the amount earned back in IBM’s next invoice to Equifax under the Agreement.
4.1 Designation of Critical Service Levels.
(a) Those Service Levels that have been designated as Critical Service Levels as of the Commencement Date are set forth in Attachments X-0-0, X-0-0, X-0-0, X-0-0, and B-5-2. The Parties agree that * Service Levels may not be designated as Critical Service Levels during their respective Baselining Periods.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-14
Equifax may designate IBM’s failure to provide a * Service Level report as Critical Service Level. For the avoidance of doubt, Service Level Credits shall not apply to provisional Service Levels.
(b) Equifax shall have the right from time to time to change, in its sole discretion, the designation of any Service Level to a Critical Service Level, or to change the designation of any Critical Service Level to a non-Critical Service Level upon at least ninety (90) days’ advance written notice to IBM (or at least * days’ advance written notice to IBM in the case of a Service Level that applies to the Mid-Range Platform); provided, however, that Equifax may provide * (which notice may contain multiple changes) during any calendar quarter. For any Service Level changed to a Critical Service Level, Equifax may in its discretion designate the applicable Weighting Factor, subject to the limitations described in Section 4.2.
4.2 Modification of Weighting Factors.
Subject to Section 4.2(c), Equifax shall have the right from time to time to change, in its sole discretion, any one or more of the Weighting Factors upon at least * (*) days’ advance written notice to IBM (or at least * (*) days’ advance written notice to IBM in the case of a Service Level that applies to the Mid-Range Platform); provided, however, that:
(a) Equifax may provide * (which notice may contain multiple changes) during any calendar quarter;
(b) the sum of the Weighting Factors for all Critical Service Levels shall not exceed the Pool Percentage Available for Allocation for each Service Tower in each Country Location; and
(c) in each Country Location the Weighting Factors must be allocated between the Operations Service Tower Critical Service Levels and the Network Service Tower Critical Service Levels in proportion to the ratio of the Operations Service Tower IBM Monthly Charges to the Network Service Tower IBM Monthly Charges. For example, if the Operations Service Tower accounts for * % of the total IBM Monthly Charges for a Country Location, Equifax will allocate * of the * Weighting Factor percentage points for such Country Location, or potentially * of the total Amount at Risk to the Operations Service Tower and * of the * Weighting Factor percentage points, or potentially * of the total Amount at Risk, to the Network Service Tower. Equifax’s allocation of the Weighting Factors in a Country Location shall be deemed accepted by IBM if IBM does not notify Equifax of its objection to such allocation within * (*) days after Equifax provides notice thereof to IBM.
(a) Calculation. The Service Level Credit for any Critical Service Level Default during a calendar month shall be calculated in accordance with the following formula:
Service Level Credit = *
Where:
* = the applicable Weighting Factor; and
* = the Amount at Risk for such month.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-15
(b) Credit or Payment. IBM shall identify the Service Level Credit(s) that Equifax may elect to receive with respect to Critical Service Level Defaults occurring during a calendar month (i) on the invoice submitted * following the Service Level Default (which invoice is described in Schedule C to the Agreement) for Service Levels for which completely automated measurements are possible; and (ii) on the invoice submitted in the * month following the Service Level Default (which invoice is described in Schedule C to the Agreement) for Service Levels for which completely automated measurements are not possible. Subject to Section 4.3(c), with respect to those Service Level Credits elected by Equifax, IBM shall credit to Equifax such Service Level Credits on * invoice following such election, or if there will be no further invoices, IBM shall pay the amount of such Service Level Credits to Equifax within * (*) calendar days after such election.
(c) Limitations.
(i) In no event shall the total amount of Service Level Credits payable by IBM for Critical Service Level Defaults occurring during a calendar month exceed the Amount at Risk for such calendar month.
(ii) If a single triggering event causes more than one Critical Service Level Default during a calendar month, then Equifax may elect to recover any one, but only one, of the Service Level Credits corresponding to such Critical Service Level Defaults during such calendar month.
5. MODIFICATION OF SERVICE LEVELS.
5.1 Expectation of Continuous Improvement.
The Parties expect and intend that the Service Levels will be improved over time to reflect improved performance capabilities of the technology infrastructure, systems and applications used in providing the Services, as well as the evolution of the processes used in performing the Services from those processes used by Equifax as of the Commencement Date to industry best practices employed by IBM. Accordingly, the Service Levels will be adjusted automatically as provided in Section 5.2. In addition, the Service Levels may be adjusted, by mutual agreement, through an annual review process as provided in Section 5.3. Service Levels may also be added and deleted by Equifax as provided in Section 5.4.
5.2 Automatic Annual Improvement in Service Levels.
At the commencement of each Contract Year beginning with the second Contract Year, each Service Level will be reset to the better of: (a) the average of the monthly measurements for such Service Level for the * (*) months of the previous * (*) months that reflect the best performance for such * (*) period, and (b)(i) for Service Levels measured as percentages, the existing Service Level plus * percent (*) of the difference between the Service Level and * percent (*), or (ii) for Service Levels measured as the number of minutes of Downtime, the existing Service Level minus * percent (*) of the difference between the Service Level and * (*). Notwithstanding the foregoing, no Service Level will be increased by more than * percent (*) of the difference between the existing Service Level and * percent (* %) unless the Parties specifically agree to waive the * percent (* %) limitation. For the avoidance of doubt, in no event shall the foregoing automatic adjustment result in a worsening of a Service Level from Equifax’s perspective. The
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-16
provisions of Section 10.1 (Prices and Charges for New Services) of Schedule C (Charges) shall be used to determine whether IBM’s implementation of any automatic adjustment of Service Levels under this paragraph would require IBM to perform New Services.
5.3 Annual Review.
The Service Levels will be reviewed annually by Equifax and IBM to determine whether any additional changes or adjustments, beyond the automatic Service Level adjustments made pursuant to Section 5.2, should be made to reflect (i) improvements in the technology infrastructure and systems used to provide the Services, (ii) changes to the Applications environment, and (iii) improvements made by IBM to the processes used to provide and manage the Services. Notwithstanding any other provisions of the Agreement, including Sections 3 and 5 of this Schedule, no Service Level or Critical Service Level will be initially established at or adjusted to a level of * (e.g., * % availability) unless the operational infrastructure corresponding to such Service Level or Critical Service Level is fault tolerant and fully redundant at the time the standard would become applicable.
5.4 Addition and Deletion of Service Levels.
(a) Subject to Section 5.4(c), Equifax may delete any one or more Service Levels upon at least ninety (90) days’ advance written notice to IBM (or at least * (*) days’ advance written notice to IBM in the case of a Service Level that applies to the Mid-Range Platform).
(b) Subject to Section 5.4(c), and to the terms of this Section 5.4(b), Equifax may add one or more Service Levels upon at least * (*) days’ advance written notice to IBM (or at least * (*) days’ advance written notice to IBM in the case of a Service Level that applies to Distributed Applications Servers).
(i) Where (*) consecutive months’ of raw historical performance measurements exist, as of the date of Equifax’s notice to IBM, for the Service Level metric to be added in the case of a Service Level metric that is subject to substantial fluctuation during the year — e.g., due to peak season demand - or * (*) months’ of raw historical performance measurements in other cases:
(1) The Service Level for such additional Service Level metric shall initially be set at the average of the monthly service measurements for the immediately preceding * (*) month period (or * (*) month period, as applicable), excluding the highest and lowest monthly measurements, respectively, from the calculation of the average if the historic performance data period is * or more months;
(2) The Service Level for such Service Level metric shall be effective as of the first day of the first month commencing after the applicable notice period following Equifax’s notice to IBM; and
(3) The Measurement Period for such Service Level shall be a month, unless otherwise designated by Equifax;
(ii) Where the required number of consecutive months’ of performance measurements do not exist, as of the date of Equifax’s notice to IBM, for
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-17
the Service Level it shall be considered a * or * Service Level, the Parties shall establish a provisional Performance Standard using industry standard measures, third-party advisory services (e.g., Gartner Group, Yankee Group, etc.), and the provisions of Section 3.5(d) shall apply.
(c) Equifax may provide * (which may contain multiple requests) to add or delete Service Levels during any calendar quarter.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-18
SERVICE LEVELS – CANADA
Table of Contents
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
ONLINE APPLICATIONS UPTIME – DISTRIBUTED APPLICATIONS SERVER. |
|
|
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
|
Table of Attachments: |
|
|
Service Request Classifications and Completion Time Requirements |
|
i
1. INTRODUCTION
This Exhibit B-1 sets forth the Service Levels applicable to IBM’s performance of the Services in Canada.
2. DEFINITIONS
The following capitalized terms used in this Exhibit B-1 shall have the meanings given below:
2.1 Certain Definitions.
(a) “* ” means the customized * Application processing system of this name, including the components from the initial data entry point through to the final output.
(b) * ““ means a real-time transaction processing Application with multiple components and subsystems (e.g., *, *, *, * and * ) that operate collectively to deliver * reports and related services.
(c) * ““ means a real-time transaction processing Application with multiple components and subsystems that operate collectively to deliver * reports and related services, including data management, search capability, product delivery, basic report delivery, credit reports, scores, and various batch products (e.g., account monitoring).
(d) “* / * ” means the Software packages * and that operate on both the midrange and mainframe platforms.
(e) “* ” means the offline batch processing system that utilizes * data, statistical models and customer provided data to provide data back to customers, including as a sub-component the tape mounts that contain data to process jobs to produce lists/reports for customers.
(f) * ““ means a system that consists of an interactive and batch transaction processing application and database and a web-based tracking and analysis tool that provides * clients an easy-to-use method for viewing and analyzing attrition within their * portfolio, including the type and number of accounts experiencing attrition as well as the * products aggregated data by industry, postal code, etc (products such as *
(g) * ““ means the * Application that is licensed from * , which provides a statistical system using neural network technology that produces a risk score predicting the likelihood of identity deception or
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
1
“* ,” including as a sub component the tape mounts that contain consumer data to process jobs to produce lists/reports for customers.
(h) “* ” means the Internet browser interface and IP (Extranet) interface with system and member security that is used by * to retrieve * reports (* ), report distribution, data exchange and other related services.
(i) “* ” means the process by which the * cartridges (* ) are created during the last phase of the process and are shipped to customers.
2.2 Other Defined Terms.
Capitalized terms used but not defined in this Exhibit B-1 shall have the meanings given them elsewhere in the Agreement.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
2
SERVICE LEVELS - SPAIN
Table of Contents
|
Table of Attachments: |
|
|
Service Request Classifications and Completion Time Requirements |
|
B-2-i
1. INTRODUCTION
This Exhibit B-2 sets forth the Service Levels applicable to IBM’s performance of the Services in Spain.
2. DEFINITIONS
2.1 Certain Definitions.
The following capitalized terms used in this Exhibit B-2 shall have the meanings given below:
(a) * “ ” for purposes of the Service Levels herein shall mean the* regions on the Enterprise Server(s) in Spain.
(b) “Scheduled Batch Failure Rate” means the number of (*) batch processing jobs scheduled by* that are Misses during the Measurement Period expressed as a percentage of the total number of such batch processing jobs during the Measurement Period.
(c) “Enterprise Server Systems” means the mainframe hardware and System Software and related connectivity facilities (*) used to run and provide access to online Applications.
(d) “Iberian * Tunnels” means the * Tunnels between Madrid and Barcelona and Madrid and Lisbon which consist of* servers and software creating a secure connection over * .
(e) “Midrange Batch Failure Rate” means the number of [ ] batch processing jobs that are Misses during the Measurement Period expressed as a percentage of the total number of such batch processing jobs during the Measurement Period.
(f) “Scheduled Batch Failure Rate” means the percentage of (*) jobs scheduled by the batch scheduling tool that fail to execute successfully and require re-running or intervention to complete.
(g) “* Server” means the hardware and System Software used to operate the * Package for * Application.
(h) “Web Application Server Systems” means the midrange hardware and system software (*) used for providing web services.
(i) * Server systems means the hardware and software (*) used to run * e-mail and* applications.
(j) “Web Application Logon Page” means the logon page of the Equifax e-commerce portal for the Internet business channel, which includes database access to the Enterprise Server.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-2-1
2.2 Other Defined Terms.
Capitalized terms used but not defined in this Exhibit B-2 shall have the meanings given them elsewhere in the Agreement.
B-2-2
SERVICE LEVELS – UK
Table of Contents
|
Table of Attachments: |
|
|
Service Request Classifications and Completion Time Requirements |
|
B-3-i
1. INTRODUCTION
This Exhibit B-3 sets forth the Service Levels applicable to IBM’s performance of the Services in the UK.
2. DEFINITIONS
2.1 Certain Definitions.
The following capitalized terms used in this Exhibit B-3 shall have the meanings given below:
(a) * “” means the nightly * scheduled to be completed by* , the weekly batch jobs scheduled to be completed by* and the monthly batch jobs scheduled to be completed by* .
(b) “*” means the production database and Application that is used to provide* reporting services.
(c) * “” means the load of * reports data to the production* database.
(d) * “” means the consumer call center incoming call voice service (“0845” numbers).
(e) * “” means the monthly batch processing jobs known as the*, *, *, *, *, *, *,* and.
(f) * “” means the Enterprise to Enterprise delivery channel.
(g) * “” means a decisioning application that utilises Equifax * and the* engine to allow clients to make informed decisions regarding* . These decisions may relate to, amongst other uses, to* ,* .* runs on a midrange platform and utilises Internet and database technologies.
(h) * “” means the midrange environment (hardware and operating system) used by the statistical analysis and retrospective solutions organization.
(i) * “” means the application which provides access to Equifax’s * via an* .* runs on a midrange platform and utilises Internet and database technologies.
(j) * “” means the* (as defined in Attachment A-3) in production at the relevant Site.
(k) * “” means the rules based decision engine supplied by * (now part of* ). The product can be configured via a Windows based
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-3-1
administration tool. * runs on a * platform and utilises an* database.
(l) * “” means the nightly “* Letters* “ batch jobs scheduled to be completed by * .
(m) * “” means the Third Party Email/Groupware Software licensed by * (which is defined in Attachment A-3).
(n) * “” means, at each relevant Site, the* servers used to run Equifax internal production Applications.
(o) * “” means the Application of the same name running on the Distributed Application Server platform in the UK.
(p) * “” means the percentage of (* ) jobs scheduled by the batch scheduling tool (* ) that fail to execute successfully and require re-running or intervention to complete.
2.2 Other Defined Terms.
Capitalized terms used but not defined in this Exhibit B-3 shall have the meanings given them elsewhere in the Agreement.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-3-2
SERVICE LEVELS - US
Table of Contents
|
Table of Attachments: |
|
|
Service Request Classifications and Completion Time Requirements |
|
B-4-i
1. INTRODUCTION
This Exhibit B-4 sets forth the Service Levels applicable to IBM’s performance of the Services in the US.
2. DEFINITIONS
2.1 Certain Definitions.
The following capitalized terms used in this Exhibit B-4 shall have the meanings given below:
(a) * “” means the Application system that provides automated consumer information, interfaces with * , Equifax customers, * and other credit agencies and includes the* database.
(b) * “” means the front-end Application processing and decisioning system that combines the data from* and other third party data providers to produce customized consumer credit reports.
(c) “* Uptime” means the on-line customized transactional database for * .
(d) * “” means the* application system that performs billing, pricing, taxing and revenue sharing processing.
(e) * “” means the Application and* database system that provides time tracking for Equifax employees, the cost accounting system for projects and daily/monthly reporting functions for products and services for certain Equifax divisions, including * .
(f) * “” means a real-time transaction processing Application with multiple components and subsystems (e.g., * , * ,* and * ) that operate collectively to deliver* reports and related services.
(g) * “” means the* application that allows (i) consumers to interactively view their credit report and obtain other financial related services online* ; and (ii) third parties to obtain reports in a system to system manner.
(h) * “” means the Application used to perform data analysis to determine the quality of the nightly * update process.
(i) * “” means the batch processing program that obtains output files from * and other third parties and produces a “delta” notification to a consumer should their information contained within the file * ..
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-4-1
(j) * “” means the Application that edits and transforms data from a receiving data source such as a metro format tape,* format and Canadian format to the Equifax master database record format and quality checks to prevent customer data from corrupting Equifax* and* databases, which includes multiple components (including the* databases) that enable the system to feed the* and * .
(k) * “” means the development system that is used perform back-up production jobs for customer validations and statistical* models and that utilizes both Equifax* and customer data to create statistical consumer models in* Software.
(l) * “” or * “” means the Applications that provides a web front end to the Equifax* processing environment,* (*) systems, as well as interactive* to collect information on consumers and their purchasing habits.
(m) * “” means the* Application that performs the front end identification verification prior to an individual becoming a customer to the Equifax * .
(n) * “” is a* application that allows Equifax customers to obtain information services online over the Internet in a secure manner. This includes both interactive activity (end user use) as well as non-interactive activity (system to system).
(o) * “” means the * Application system that performs financial processing, including Accounts Payable, Accounts Receivable, General Ledger, Payroll, Fixed Assets and Financial Controller.
(p) * “” means an * database repository that contains data utilized by North America* and Corporate finance* and is used for back-end processing and notification of the daily trip-wires.
(q) * “” means the * Application that is the Equifax corporate* system.
(r) * “” means the Application processing system that produces a consolidated credit report by merging data from different credit reporting repositories and includes a maintenance component that captures credit files changes during the * process.
(s) “* Exchange” means the mainframe Application system that processes telecommunications default commerce account information.
(t) “* Exchange Batch” means the* Exchange Application* daily batch processing job that must complete * for daily processing and the* Exchange Application month-end batch processing job.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-4-2
(u) * “” means the Application that contains utility default commerce account information, which runs * and* .
(v) * “” is a midrange platform that contains the* ,* Exchange and Decision Power customized Application programs.
(w) * “” means the Application system that provides a searching algorithm against a list of individuals that is provided by* , which is updated * by the* and is accessed by both * and * .
(x) * “” means the event based system that transmits address and inquiry information within* hours of availability to customers and interfaces and has file transfers with * .
(y) * “” or * “” means the Application system that is a complete credit reporting system for small business data, which runs * and includes the * and* databases.
(z) “Static Web Sites” are the web portals serving static images and text and through which information is provided to consumers and Equifax business customers and include corporate sites such as xxx.xxxxxxx.xxx and product specific sites, ie xxx.xxxxxxxxxxxxx.xxx. For purposes of this Schedule B the Static Web Sites do not include interactive Applications accessed via such Sites.
(aa) Contains all the components for *, * and* customized applications programs that allows the customers to process transactions
2.2 Other Defined Terms.
Capitalized terms used but not defined in this Exhibit B-4 shall have the meanings given them elsewhere in the Agreement.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
X-0-0
XXXXXXX XXXXXX - XXXXXXX
Table of Contents
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
ONLINE APPLICATIONS UPTIME – DISTRIBUTED APPLICATION SERVERS. |
|
|
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
|
Table of Attachments: |
|
|
Service Request Classifications and Completion Time Requirements |
|
B-5-i
1. INTRODUCTION
This Exhibit B-2 sets forth the Service Levels applicable to IBM’s performance of the Services in Spain.
2. DEFINITIONS
2.1 Certain Definitions.
The following capitalized terms used in this Exhibit B-5 shall have the meanings given below:
(a) * “” means the consumer call center incoming call voice service (“* 845” numbers).
(b) “* Server” means the * Servers (as defined in Attachment A-3) in production at the relevant Site.
(c) * “” means the Third Party Email/Groupware Software licensed by * (which is defined in Attachment A-3).
(d) “* Server” means, at each relevant Site, the NT servers used to run Equifax internal production Applications.
2.2 Other Defined Terms.
Capitalized terms used but not defined in this Exhibit B-5 shall have the meanings given them elsewhere in the Agreement.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-5-1
1. APPLICATIONS SERVICE LEVELS
1.1 Online Applications Uptime – Enterprise
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement |
|
Prime
Hours, |
|
Maintenance |
|
Code |
|
* Availability |
|
|
|
Monthly |
|
T: * P: Availability is measured by * region and calculated using the minutes of Downtime taken from the various logs. MD: N/A |
|
|
|
* |
|
|
|
Prime |
|
• > [ ] % Availability ; and |
|
|
|
|
|
|
|
|
|
|
|
|
|
• > Max No. Outages: [ ] |
|
|
|
|
|
|
|
|
|
|
|
Non-Prime |
|
• >[ ]% Availability; and |
|
|
|
|
|
|
|
|
|
|
|
|
|
• Max No. Outages: |
|
|
|
|
|
|
|
|
|
|
1.2 Online Applications Uptime – Distributed Applications Server.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement |
|
Prime
Hours, |
|
Maintenance |
|
Code |
|
* Availability |
|
• > [ ]% Availability; and • Max No. Outages: [ ] |
|
Monthly |
|
T: System logs P: Monitor of Application and Hardware component Outages by alerts to system log. Calculate Availability using the total * of Downtime taken from the system log. MD: N/A |
|
N/A |
|
None |
|
* |
|
* Availability |
|
|
|
Monthly |
|
T: System logs P: Monitor of Application and Hardware component Outages by alerts to system log. Calculate Availability using the total* of |
|
|
|
* |
|
|
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-1
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement |
|
Prime
Hours, |
|
Maintenance |
|
Code |
|
|
|
|
|
|
|
Downtime taken from the system log MD: N/A |
|
|
|
|
|
|
|
• Prime |
|
• > [ ]% Availability; and • Max No. Outages: [1] |
|
|
|
|
|
|
|
|
|
|
|
• Non-Prime |
|
• % Availability; and • Max No. Outages: [*] |
|
|
|
|
|
|
|
|
|
|
|
* Availability |
|
|
|
Monthly |
|
T: System logs; problem management system P: Monitor application and hardware component Outages by alerts to system logs. Availability is calculated using* of Downtime taken from incident reports and system logs. MD: N/A |
|
* |
|
None |
|
* |
|
• Prime |
|
• >[ ]% Availability; and • Max No. Outages: [*] |
|
Monthly |
|
|
|
|
|
|
|
|
|
• Non-Prime |
|
• >[ ]% Availability; and • Max No. Outages: [*] |
|
Monthly |
|
|
|
|
|
|
|
|
|
* Availability |
|
|
|
|
|
T: System logs for * component P: Availability is calculated using the* of Downtime in the individual outage incident reports. MD: N/A |
|
* |
|
* ; and * planned outage |
|
* |
|
• Prime |
|
• % Availability; and • Max No. Outages: [ ] |
|
Monthly |
|
|
|
|
|
|
|
|
|
• Non-Prime |
|
• >[ ]% Availability; and • Max No. Outages: [ ] |
|
Monthly |
|
|
|
|
|
|
|
|
|
* Availability |
|
|
|
|
|
* T: Weekly and monthly scripts and system logs; P: Monitor of Software and Hardware component Outages by alerts to the * application and by manually (by on-call personnel) updating the * “”.Availability is calculated by dividing the total* of Downtime taken from the log when both locations are not Available for Use. |
|
* |
|
N/A |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-2
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement |
|
Prime
Hours, |
|
Maintenance |
|
Code |
|
|
|
|
|
|
|
* is also coded within the Application.Although statistics are maintained by site for Browser access and IP (*) access separately, “Downtime” for purposes of this Service Level applies to when * sites* not available. MD: N/A |
|
|
|
|
|
|
|
• |
|
• >[ ]% Availability; and • Max No. Outages: [ ] |
|
|
|
|
|
|
|
|
|
|
|
• |
|
• >[ ]% Availability; and • Max No. Outages: [ ] |
|
|
|
|
|
|
|
|
|
|
|
Internet Distribution Channel Uptime |
|
Outage date and times, Downtime minutes, reason for Outage and resolution for each of the redundant components. |
|
|
|
T: Weekly and monthly scripts and system logs;* after * P: As stated above for Availability MD: N/A |
|
|
|
|
|
* |
1.3 Online Application Response Time.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
* Response Time |
|
• Response Time: < to [*] seconds for [*]% of transactions |
|
Monthly |
|
T: * P: TBD MD: TBD |
|
* |
|
* Response Time |
|
• Response Time: < to [*] seconds for [*]% of transactions; and • Response Time: < to [] seconds for []% of transactions; and • Response Time: < to [*] seconds for [*]% of transactions* * |
|
Monthly |
|
T: * P: TBD MD: TBD |
|
* |
|
* Response Time |
|
• Average Response Time: < to [*] second |
|
Monthly |
|
T:* and logs P: Monitor Response Time for selected transactions and overall Response Time for all transactions using. Average Response Time is measured by |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-3
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
|
|
|
|
|
|
dividing the total number of * for the month into the total* for the transactions MD: N/A |
|
|
|
* Response Time |
|
• Response Time: < to [*] seconds for [*]% of transactions |
|
Monthly |
|
T: * P: MD: N/A |
|
* |
|
* Response Time |
|
• Average Response Time: < to [*] seconds during Prime Hours only |
|
Monthly |
|
T: System logs; time stamp log P: Average transaction Response Time is measured by* the total number of transactions completed for the month * the total processing time for the transactions. * MD: |
|
* |
|
* Response Time – Consumer Transactions |
|
• Average Response Time: < to* seconds for *% of transactions |
|
Monthly |
|
T: Web server logs P: Monitor Response * on activity logs for consumer transactions separately. Average transaction Response Time is calculated * the total number of consumer transactions completed for the month * the total processing time (*) for such transactions. During the* analysis the Parties will reconcile the Service Level as written to be consistent with the current measurement process. MD: N/A |
|
* |
|
* Response Time – Commercial Transactions |
|
• Average Response Time: < to* seconds for *% of transactions |
|
Monthly |
|
T: Web server logs P: Monitor Response Time * on activity logs for commercial transactions |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-4
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
|
|
|
|
|
|
separately. Average transaction Response Time is calculated * the total number of commercial transactions completed for the * total processing time * for such transactions. During the* analysis the Parties will reconcile the Service Level as written to be consistent with the current measurement process. MD: N/A |
|
|
1.4 * Service Levels.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
* Outages |
|
No more than [ ] Outages per LPAR of any component that prevents all or any portion of production processing from initiation or completion. (*). |
|
Monthly |
|
T: System Logs P: MD: N/A |
|
* |
|
* Tape Subsystem Outages |
|
• No more than [ ] Outages of tape subsystem components per month that prevents any production processing from initiation or completion (*); and • No single Outage of a tape subsystem that prevents any production processing from initiation or completion (*) shall be greater than [ ] hours. |
|
Monthly |
|
As of the Commencement Date tape subsystems include * and all robotics associated with the same. * to include in* the addition of spare tape drive equipment to be paid * elects not to purchase the additional equipment then* will baseline on the current environment. |
|
* |
|
* DASD Subsystem Outages |
|
No more than [ ] Outages of any DASD subsystem component per month that prevents any production processing from initiation or completion* . |
|
Monthly |
|
T: System Logs and problem management data P: Calculate Outages based on system logs and problem mgmt data MD: * |
|
* |
|
* Tape Mount Time |
|
For on-site tapes:
|
|
Monthly |
|
T/P: * /Measure to cover* , |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-5
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
|
|
• [ ]% of Tape Mount Times < [ ] minutes • [ ]% of Tape Mount Times < [ ]minutes • [ ]% of Tape Mount Times < [ ]minutes |
|
|
|
* , and manual. |
|
|
|
* Availability |
|
• [ ]% of requests for the removal of * media shall be fulfilled (including made available to *) within* hour for each block of* from the time of the submission of the removal form to the tape library; and • [ ]% of requests for * volumes shall be fulfilled (including made available for production processing) within* hour for each block of* from the time the request is submitting to the tape library. |
|
Monthly |
|
T : Manual P: Calculate based on data from the tape removal forms MD: N/A |
|
* |
1.5 General Operations
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Change Management Timeliness Rate |
|
* []% |
|
Monthly |
|
T: TBD P: TBD MD: TBD |
|
* |
|
Change Success Rate |
|
* []% |
|
Monthly |
|
T: TBD P: TBD MD: TBD |
|
* |
|
Release Implementation Timeframe Accuracy* |
|
Less than [* ]% |
|
Monthly |
|
T: TBD P: TBD MD: TBD |
|
* |
|
Standards Implementation Accuracy* |
|
* []% |
|
Monthly |
|
T: TBD P: TBD MD: TBD |
|
* |
|
*These Service Levels are objectives of and subject to certain of the IT Management Process transformation activities |
1.6 Pre-Commencement Date Service Levels
IBM shall monitor, measure, report and achieve the service levels set forth in Attachment B-1-7 that were applicable immediately prior to the Commencement Date (the “Pre-Commencement Date Service Levels”). IBM shall continue to do so until the conclusion of the relevant applicable Baselining Periods for the Service Levels in this Section 1 applicable to the Services and/or Applications measured by the Pre-Commencement Date Service Levels.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-6
2. VOICE NETWORK SERVICE LEVELS
2.1 Voice Network Service Availability.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
* Systems(1) Uptime |
|
Downtime: < [ ] minutes per month for each * system |
|
Monthly |
|
T/P: (*) pinging each device that has an * and is on a * or (*) duration tracked in Problem mgmt system for devices without * . MD: N/A |
|
* |
|
Voicemail Systems(3) Uptime |
|
Downtime: < [ ] minutes per month for each voicemail system |
|
Monthly |
|
T/P: (*) pinging each device that has an * and is on a * or (*) duration tracked in Problem mgmt system for devices without * . MD: |
|
* |
|
Call Management Components(4) Availability |
|
• > [ ]% for the call management components; and • no more than [ ] minutes of Downtime for any single call management component supporting a consumer call center |
|
Monthly |
|
T/P: (*) pinging each device that has an * and is on * or (*) duration tracked in Problem mgmt system for devices without * . MD: N/A |
|
* |
Notes:
(1) For purposes of this Service Level, the demarcations of measurement for “PBX system” shall begin at and include the Site telco interface (e.g., main distribution frame) and end at and include the station ports on the PBX Equipment, and shall include the PBX Equipment (excluding the handsets) and Software, as well as associated trunking Equipment and Software. Scheduled Uptime for each PBX system shall be* hours per day,* days per week.
(2) Reserved
(3) For purposes of this Service Level, the demarcations of measurement for “voicemail system” shall begin at the interface to the corresponding PBX Equipment or the interface to the corresponding LAN switch, as applicable (but shall exclude such PBX Equipment and LAN switch), and shall include the voicemail Equipment and Software. Scheduled Uptime for each voicemail system shall be* hours per day,* days per week.
(4) For purposes of this Service Level, a “call management component” shall mean any of the following Elements: (i) ACD Server and Software; (ii) VRU Server and Software; and (iii) CMS Servers/Services & Software; and (iv) call detail recorders. Scheduled Uptime for each call management component shall be* hours per day,* days per week.
2.2 Voice Grade of Service.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Voice Grade of Service |
|
IBM shall monitor, analyze and report on Voice Grade of Service for an approximate* sample (rotating the sample) of the IT Infrastructure. |
|
Monthly |
|
T/P: IBM shall measure performance against this Service Level by assessing Voice Grade of Service for each Site using automated traffic collection software to the extent available, or otherwise using a* process based involving requests for data from telco providers and data collection from * , systems. * are excluded. MD: N/A |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-7
3. DATA NETWORK SERVICE LEVELS (WAN, MAN AND LAN)
3.1 Circuit and Site Availability, Outages and Latency.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Frame Relay Circuit Availability |
|
• The aggregate Availability of the Frame-relay Circuits shall be > [ ]%; and • * |
|
Monthly |
|
T: IBM shall measure performance against these Service Level using Network management tools (including * and *) monitored real-time, tracking Downtime. P: The process in place as of the Commencement Date MD: N/A |
|
* |
|
VPN Circuit Availability |
|
• The aggregate Availability of the VPN Circuits shall be > [ ]%; and • * |
|
Monthly |
|
T: * P: The process in place as of the Commencement Date MD: N/A |
|
* |
|
Point to Point Circuit Availability |
|
• The aggregate Availability of the Point to Point Circuits shall be > [ ]%; and • * |
|
Monthly |
|
T: IBM shall measure performance against these Service Level using Network management tools (including* and *) monitored real-time, tracking Downtime. P: The process in place as of the Commencement Date MD: N/A |
|
* |
|
External Customer Provided Circuits |
|
Downtime minutes by Outage event by External Customer |
|
Monthly |
|
T: Network monitoring tools P: Ability to measure an report subject to External Customer grant of access MD: N/A |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-8
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
ISDN Circuit Availability |
|
IBM to test monthly each ISDN Circuit and report on failures. |
|
Monthly |
|
T/P: Network management tools; monitoring of * devices for carrier availability. MD: N/A |
|
* |
|
Latency for Frame Relay and VPN Circuits >56K (North America) |
|
Average latency for all Frame Relay and VPN Circuits < to [ ] milliseconds |
|
Monthly |
|
T/P: Reports from * for VPN Circuits and* for Frame Relay MD: TBD |
|
* |
|
Latency for Frame Relay and VPN Circuits s <56K (North America) |
|
Average latency for all Frame Relay and VPN Circuits < to [ ] milliseconds |
|
Monthly |
|
T/P: Reports from * for VPN Circuits and* for Frame Relay MD: TBD |
|
* |
|
Remote Access Availability |
|
* > * []% |
|
Monthly |
|
T: TBD P: TBD MD: TBD |
|
* |
|
* / * Availability |
|
* > []% |
|
Monthly |
|
T/P: Network management tools monitored real-time, tracking Downtime MD: N/A |
|
* |
Notes:
Scheduled Uptime for each Circuit shall be* hours per day,* days per week.
3.2 LAN Backbone Failure Rate.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Backbone LAN Failure Rate |
|
The Data Network Backbone Failure Rate shall be < [ ]2 per month. |
|
Monthly |
|
T/P: Monitoring and logging of Outages using problem management data; and * and* after * . MD: N/A |
|
* |
Notes:
Scheduled Uptime for the Backbone LAN shall be* hours per day,* days per week.
3.3 Packet Error Rate.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Packet Error Rate |
|
The Packet Error Rate shall be < to *% |
|
|
|
T/P: VPN: * and then * after* MD: TBD |
|
A-VPN only & * |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-9
3.4 Front-end Processor (FEP) Availability.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Front-end Processor Availability |
|
Availability of each FEP shall be > [ ]%. |
|
|
|
T/P: IBM shall measure performance against this Service Level using* and Problem Mgmt system.MD: N/A |
|
* |
3.5 Internet Infrastructure Availability, Access and Capacity.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Availability of Internet Access |
|
Availability of Internet Access at each Equifax Site shall be > [ ]%. “Internet Access” means outbound connectivity from the host at * Site to any ISP * . |
|
Monthly |
|
T/P: Scripting that logs and pages providing message and severity (* “”) in accordance with process in place as of the Commencement Date; and * after* .MD: N/A |
|
* |
|
Internet Infrastructure Availability |
|
Availability of the Internet Infrastructure at each Site shall be > [ ]%. “Internet Infrastructure” means collectively the * Devices. |
|
Monthly |
|
T/P: * scripting that logs and pages providing message and severity in accordance with process in place as of the Commencement Date, however, during the * analysis the Parties will clarify which components measured by the* ; * after* .MD: N/A |
|
* |
|
Internet Utilization |
|
Percentage utilization of Internet Access (i) during peak periods and (ii) average during the Measurement Period. |
|
Monthly |
|
T/P: * if applicable in accordance with process in place as of the Commencement Date; * after * .MD: N/A |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-10
4. CROSS-FUNCTIONAL SERVICE LEVELS
4.1 Security Management.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Security Device & Active Intrusion Detection Device Availability |
|
Availability each Security Device and active (rather than passive) Intrusion Detection Device shall be > [ ]%. .A Security Device or Intrusion Detection Device is Available for purposes of this Service Level if either it or its redundant/backup device are Available. |
|
Monthly |
|
T: Network monitoring tools P: Monitored real-time and calculated based on the actual number detected MD: * |
|
* |
|
* Attempts |
|
Number of * Attempts during the Measurement Period. |
|
Monthly |
|
T: Network monitoring tools P: Monitored real-time and calculated based on the actual number detected MD: N/A |
|
* |
|
* Incidents |
|
Number of * Incidents during the Measurement Period. |
|
Monthly |
|
T: Network monitoring tools P: Monitored real-time and calculated based on the actual number detected MD: N/A |
|
* |
|
High Risk Security Audit Findings |
|
Number of High Risk Security Audit Findings during the Measurement Period. |
|
Monthly |
|
T/P: Manual MD: N/A |
|
* |
|
Password Reset Time |
|
Less than* minutes for [*]% of requests. |
|
Monthly |
|
T: System logs; problem management data P: As defined. MD: * |
|
* |
|
Security Incident Reporting Time – Severity 1 |
|
< [*] minutes |
|
Monthly |
|
T: Problem management data P: As defined. MD: * |
|
* |
|
Security Incident Reporting Time – Severity 2 |
|
< [*] minutes |
|
Monthly |
|
T: Problem management data P: As defined. MD: * |
|
* |
|
Security Incident Reporting Time – Severity 3 |
|
< [*] minutes |
|
Monthly |
|
T: Problem management data P: As defined. MD: * |
|
* |
4.2 Service Request Completion Times.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Service Request |
|
< [*]% of each of the Service Request classifications set forth in |
|
Monthly |
|
T/P: IBM shall measure performance against |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-11
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Completion Time Percentages |
|
Attachment B-1-3, except that the calculation shall exclude MAC “Projects”, the completion times for which shall be as agreed by the Parties. |
|
|
|
these Service Levels using existing tools, processes utilized by Equifax immediately prior to the Effective Date; provided, however, that if the existing tools are not capable of measuring these Service Levels, IBM shall implement a manual process using a flat file or spreadsheet. MD: N/A |
|
|
4.3 Service Desk.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
First Call Problem Resolution Percentage |
|
The First Call Problem Resolution Percentage shall be greater than or equal to *% for External Customer calls. |
|
. |
|
T: Heat; IBM shall measure performance against this Service Level using * after Service Desk * P: As defined MD:* |
|
* |
|
|
|
First Call Problem Resolution Percentage shall be greater than or equal to *% for Internal Customer calls. |
|
|
|
T: Heat; IBM shall measure performance against this Service Level using * after Service Desk * P: As defined MD: N/A |
|
* |
|
Average Speed of Answer– External Customer |
|
The Average Speed of Answer for External Customer calls shall be <* seconds |
|
|
|
T: IBM shall measure performance against this Service Level using Symposium;* after Service Desk* . P: Average of calls from External Customers during the month. MD: |
|
* |
|
Average Speed of Answer –Internal Customer |
|
The Average Speed of Answer for Internal Customer calls shall be <[ ] seconds |
|
|
|
T: Symposium ;* after Service Desk * P: As defined MD: * |
|
* |
|
Abandon Rate – External Customer |
|
The Abandon Rate shall be < to *% for External Customer calls. |
|
|
|
T: Symposium ;* after Service Desk * . P: As defined. |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-12
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
|
|
|
|
|
|
MD: N/A |
|
|
|
Abandon Rate –Internal Customer |
|
The Abandon Rate shall be < to [ ]%for Internal Customer calls. |
|
|
|
T: Symposium ;* after Service Desk * P: As defined MD:* |
|
* |
|
Customer Satisfaction Survey – Category 1 |
|
The Customer Satisfaction Survey – Category(1) scores shall be > [ ] for > *% of respondents. |
|
Monthly |
|
T: This Service Level is measured by a third party provided managed by Equifax. P: To be agreed during * MD:* |
|
* |
|
Customer Satisfaction Survey – Category 2 |
|
The Customer Satisfaction Survey score shall be [ ] for > [ ]% of the surveys completed during the Measurement Period. |
|
Monthly |
|
T:* after Service Desk * P: To be agreed during* * MD: |
|
* |
|
Customer Satisfaction Survey – Category 3 |
|
The Customer Satisfaction Survey – Category(3) scores shall be > [ ] for [each project]. |
|
|
|
T: This Service Level is measured by a third party provided managed by Equifax P: Sample of at least* projects per month; to be agreed during * . MD: * |
|
* |
4.4 Problem Management.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Status Update Time – Severity 1 |
|
*% of Status Update Times shall be < to the following timeframes: (i) 15 minutes for each initial status update; and (ii)* minutes for each subsequent status update. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
|
Status Update Time – Severity 2 |
|
*% of Status Update Times shall be < to* hours. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
|
Status Update Time – Severity 3 |
|
*% of Status Update Times shall be < to* Business Day. This Service Level shall be measured for External Customers only. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
|
Escalation Time – Severity 1 and 2 |
|
*% of Escalation Times for the first level of escalation shall be < to* minutes. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
|
|
|
*% of Escalation Times for the second level of escalation shall |
|
Monthly |
|
T:* after Service Desk * |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-13
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
|
|
be < to* minutes. |
|
|
|
P: As defined MD:* |
|
|
|
|
|
*% of Escalation Times for the third level of escalation shall be < to* minutes. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
|
Problem Response – Severity 1 and 2 |
|
*% of Problem Response Times shall be < to* minutes. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
|
Problem Response – Severity 3 |
|
*% of Problem Response Times shall be < to* Business Day. This Service Level shall be measured for External Customers only. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
|
Problem Resolution – Severity 1 |
|
Problem Resolution Times for Severity* problems shall meet the following requirements: (a) *% of Problem Resolution Times for Severity 1 problems shall be < to* minutes; and (b) *% of Problem Resolution Times for Severity 1 problems to be measured under part (a) shall be < to* minutes. |
|
Monthly |
|
T: * after Service Desk * P: As defined MD:* |
|
* |
|
Problem Resolution – Severity 2 |
|
Problem Resolution Times for Severity* problems shall meet the following requirements: (a) *% of Problem Resolution Times for Severity 2 problems shall be < to* minutes; and (b) *% of Problem Resolution Times for Severity 2 problems to be measured under part (a) shall be < to* hours. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
|
Problem Resolution – Severity 3 |
|
Problem Resolution Times for Severity 3 problems shall meet the following requirements: (a) *% of Problem Resolution Times for Severity 3 problems shall be < to* Business Days; and (b) *% of Problem Resolution Times for Severity 3 problems to be measured under part (a) shall be < to* Business Days. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
|
Root Cause Analysis Time(3) – External Customer Impacting |
|
*% of Root Cause Analysis Times shall be < to* hours Days for External Customer impacting Incidents and Problems regardless of Severity Level; provided, however, that if IBM is not responsible for resolution of the Problem, then the Problem resolution actor shall provide IBM the technical RCA input w/in* hours and IBM shall have 24 hours from receipt of the technical RCA to complete the External Customer RCA. The External Customer RCA is a customer-friendly (rather than technical) report on the root cause of an Incident or Problem. |
|
Monthly |
|
T: * after Service Desk * P: As defined; the content and form of the External Customer RCA shall be as performed by Equifax prior to the Commencement Date. MD:* |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-1-14
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Root Cause Analysis Time – Internal Customer Impacting – Severity Xxxxx 0 |
|
*% of Root Cause Analysis Times shall be < to* Business Days for Severity Level 1 Incidents and Problems impacting Internal Customers only. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
|
Root Cause Analysis Time – Internal Customer Impacting – Severity Xxxxx 0 |
|
*% of Root Cause Analysis Times shall be < to* Business Days for Severity Level 2 Incidents and Problems impacting Internal Customers only. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
|
Root Cause Analysis Time – Internal Customer Impacting – Severity Xxxxx 0 |
|
*% of Root Cause Analysis Times shall be < to* Business Days for Severity Level 3 Incidents and Problems impacting Internal Customers only.RCAs for Severity 3 Incidents and Problems that do not affect* and do not relate to Service Level Defaults will be performed by IBM only upon request by Equifax. |
|
Monthly |
|
T:* after Service Desk * P: As defined MD:* |
|
* |
4.5 Project Management/Requirements
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Project On-Budget Accuracy |
|
* ± * []% |
|
Monthly |
|
T/P: Manual MD: * |
|
* |
|
Project On-Time Delivery Accuracy |
|
* [%] |
|
Rolling 6 month period |
|
T/P: Manual MD: * |
|
* |
|
Requirements Solution Customer Satisfaction |
|
The Customer Satisfaction Survey score shall be [ ] for > [ ]% of the surveys. |
|
Monthly |
|
T/P: Manual MD: * |
|
* |
4.6 Services Management.
|
Service Measure |
|
Performance Standard |
|
Measurement |
|
Measurement
Tool/Process & |
|
Code |
|
Chargeback Information Accuracy |
|
<* for chargeback data provided by Equifax within at least* Business Days before the last day of the calendar month |
|
Monthly |
|
T/P: Manual MD: * |
|
* |
|
Invoice Accuracy |
|
>*% |
|
Monthly |
|
T/P: Manual MD: * |
|
* |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
X-0-0-00
|
SERVICE LEVEL |
|
WEIGHTING |
|
* Availability |
|
70 |
|
* Availability |
|
46 |
|
* Availability |
|
20 |
|
* Availability |
|
0 |
|
* Availability |
|
0 |
|
* Outages |
|
0 |
|
* Availability |
|
0 |
|
* Circuit Availability |
|
16 |
|
* Circuit Availability |
|
16 |
|
* Circuit Availability |
|
8 |
|
* Availability |
|
4 |
|
* Percentage |
|
4 |
|
* |
|
16 |
|
* |
|
0 |
|
TOTAL: |
|
200 |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
X-0-0-0
Service Request Classifications and Completion Time Requirements
The Service Request classifications referenced in Section 4.2 above, and the corresponding “ Service Level Time Period” for each, shall be as set forth in the table below.
# |
|
Service Request Classification |
|
Service Level Time Period |
|
1. |
|
Desktop Data Network Connection |
|
* Business Days |
|
2. |
|
Phone Move |
|
* Business Days |
|
3. |
|
New Handset/ Headset |
|
* Business Days |
|
4. |
|
Order Placement for New Office Phone Line |
|
* Business Days |
|
5. |
|
Office Phone Software Change - PBX |
|
* Business Days |
|
6. |
|
Office Phone Software Change - LEC |
|
* Business Days |
|
7. |
|
Adhoc Telephone Reports/ Modifications |
|
By agreed date |
|
8. |
|
New Voicemail Account |
|
* Business Days |
|
9. |
|
Order Placement for New Calling Card Account |
|
* Business Days |
|
10. |
|
Orders placement for provisioning connectivity or de-install |
|
* Business Day |
|
11. |
|
Installation of a new Internet dedicated Circuit |
|
* Business Days |
|
12. |
|
Installation of a new Frame Relay Circuit |
|
* days |
|
13. |
|
Installation of a new PVC |
|
* days |
|
14. |
|
Install time for Site-to-Site VPN Services1 at each VPN gateway location where customer provides connectivity, without regard to if customer or VPN provides the router |
|
* (*) working days |
|
15. |
|
Install time for Site-to-Site VPN Services1 at each VPN gateway location where service provider provides connectivity |
|
* days |
|
16. |
|
Circuit de-installs |
|
* days |
|
17. |
|
External Customer Provided Circuit connection |
|
* days |
|
18. |
|
* adds |
|
* Days |
|
19. |
|
Equifax * changes |
|
* Business Days |
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
X-0-0-0
Problem Resolution Notification Process
“Problem Resolution Notification Process “ means:
(a) (a) For cases in which IBM must contact an end user regarding an Incident or Service Request (each an “End User Request”) that IBM believes, in good faith, has been resolved or completed (as applicable), the following process:
• IBM shall place the applicable End User Request in a “pending close” status, thereby stopping measurement against the applicable Problem Resolution Time metric or Service Request Completion Time metric.
• IBM will attempt to contact the end user via phone and, if the end user is unavailable, IBM will leave a voice mail seeking contact (or, if the end user does not have voicemail, IBM will send an e-mail to the end user). At such time as the end user contacts IBM with respect to the End User Request, measurement against the applicable Problem Resolution Time metric or Service Request Completion Time metric for such End User Request will continue.
• If the end user does not respond to the voicemail or e-mail from IBM, IBM will make* additional attempts to contact the end user in a similar manner once on each of the next* Business Days.
• If, after such attempts, the end user has not contacted IBM, the End User Request will be closed no sooner than* Business Day after the final attempt and IBM will send an e-mail to the end user notifying him or her of such closure.
• If the end user subsequently notifies IBM within five Business Days of closure of the End User Request that the work associated with the initial End User Request was not completed, the End User Request will be reopened with the same ticket number and measurement of the applicable Problem Resolution Time metric or Service Request Completion Time metric for such End User Request will continue at that time; provided, however, that such reopening shall not cause a retroactive adjustment to: (A) Service Level reports corresponding to the preceding calendar month; or (B) the determination of IBM’s compliance with Service Levels for the preceding calendar month. If the end user notifies IBM after the five Business Day period described above, a new Incident or Service Request ticket will be opened, as applicable.
(b) For cases in which IBM must contact the end user regarding End User Requests that have not been resolved or completed (as applicable) and that require end user feedback in order for problem resolution or Service Request completion efforts to continue, the following process:
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-4-1
• IBM shall place the applicable End User Request in a “pending contact” status, thereby stopping measurement against the applicable Problem Resolution Time metric or Service Request Completion Time metric.
• IBM will attempt to contact the end user via phone and, if the end user is unavailable, IBM will leave a voice mail seeking contact (or, if the end user does not have voicemail, IBM will send an e-mail to the end user). At such time as the end user contacts IBM with respect to the End User Request, measurement against the applicable Problem Resolution Time metric or Service Request Completion Time metric for such End User Request will continue.
• If the end user does not respond to the voicemail or e-mail from IBM, IBM will make* additional attempts to contact the end user in a similar manner once on each of the next* Business Days.
• If, after such attempts, the end user has not contacted IBM, the End User Request will be placed on hold and IBM will send an e-mail to the end user notifying him or her of such hold. At such time as the End User Request is placed on hold (no sooner than* Business Day after the final attempt), measurement against the applicable Problem Resolution Time metric or Service Request Completion Time metric will be suspended. At such time as the end user contacts IBM with respect to the End User Request, measurement against the applicable Problem Resolution Time metric or Service Request Completion Time metric for such End User Request will continue; provided, however that End User Requests placed on hold will be closed if, after* Business Days, the end user does not respond to IBM. If the end user responds to IBM after such* Business Day period, a new problem or Service Request ticket will be opened, as applicable.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
X-0-0-0
Severity Level Classifications
“Severity Level” means, with respect to an Incident or Problem (referred to herein interchangeably with “problem”), the highest-priority level that is applicable based on the following classifications (such classifications are in descending order of priority):
1. Severity 1
1.1 “Severity 1” means a critical Incident or Problem, including an Incident or Problem that causes or threatens to cause any of the following:
• A business critical problem with * impact as determined by * ;
• An external* to the Equifax * ;
• A* to Equifax, including any Problem adversely affecting the ability of Equifax * to receive and response to* ;
• A * ;
• An unauthorized * ;
• Scheduled * which have reached their* (i.e., exceeded the * ); or
• A problem that potentially affects a * of Equifax * .
1.2 Without limiting the generality of the foregoing, the following shall be deemed to be Severity 1 problems:
• A problem affecting the ability of * to * the * or an* .
2. Severity 2
“Severity 2” means a serious problem, including a problem that causes or threatens to cause any of the following:
• An * (e.g., the failure of a * where the * available for use) affecting* ;
• A serious outage impacting a system utilized* ; or
• * of a major * .
Without limiting the generality of the foregoing, problems that are not classified as Severity 1 shall be deemed Severity 2 problems.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
B-1-5-1
3. Severity 3
“Severity 3” means a limited problem, including a problem that causes or threatens to cause any of the following:
• A problem affecting a * ; or
• A low impact problem.
Without limiting the generality of the foregoing, all problems not classified as Severity 1 or Severity 2 problems shall be deemed Severity 3 problems.
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
X-0-0-0
Customer Satisfaction Survey Procedures
1. Customer Satisfaction - Category 1 and Category 3 are attached hereto.
2. Customer Satisfaction - Category 2 to be agreed by the Parties during * .
*Information omitted pursuant to a confidential treatment request under Rule 24b-2 of the Securities Exchange Act of 1934 and filed separately with the SEC.
X-0-0-0
Pre-Commencement Date Service Levels
[Attached]
X-0-0-0
PERFORMANCE STANDARDS
1. APPLICATIONS SERVICE LEVELS
1.1 Online Applications Uptime – Enterprise.
|
Service Measure |
