Appendix I RELATIONSHIP MODEL for the Outsourcing of Computer Services
CONTRACT
for
the Outsourcing of Computer Services
“BSS
Data Processing Service”
by and
between
PRODUBAN,
Servicios Informáticos Generales, S.L.
and
BANCO
SANTANDER – CHILE
Xxxxxxxx
de Chile and Madrid, December 3, 2007
Ref.:
BSS_GENV0_ACMR00_20070715
[Ink
stamp appears on bottom of every page:
“Produban
Servicios Informáticos Generales S.L.]
Page 1
of 20
In Madrid,
Spain and Santiago, Chile, on December 3, 2007,
BY AND
BETWEEN
PRODUBAN SERVICIOS INFORMÁTICOS
GENERALES, S.L. (hereinafter PRODUBAN, the Vendor or the Lessee), Tax
I.D. No. B-82077751 and with corporate address in Madrid, at Boadilla del
Monte, Avda. de Cantabria, s/n, represented in these proceedings by Francisco
Xxxxxx del Xxxxx Xxxxxxx, holder of I.D. No. 694509R, in his capacity as
Sole Administrator and in exercise of the authority granted by the power of
attorney issued to him on April 8, 2005, before Madrid Civil Law Notary
Xxxxxxx Xxxxxxxxx-Xxxxxx, with notary circle number 917, for the party of the
first part
and
BANCO SANTANDER - CHILE, a
sociedad anónima bancaria
[Chilean banking corporation], Taxpayer I.D. No. 97,036,000-K,
hereinafter the Bank or the Customer, with corporate address at Calle Bandera
No. 140, municipality and city of Xxxxxxxx, represented in these
proceedings by its Manager of Operations and Administration, Xxxx Xxxxxxxxx
Xxxxxxxxx, National I.D. document No. 5,473,633-9, and by its Manager of
Administration Xxxxx Xxxxxxx Xxxxxxx, National I.D. document
No. 9,830,559-9, in their capacity as attorneys-in-fact and in exercise of
the authority granted to them by the power of attorney issued to them, by means
of public instrument index number 5648-2005, dated June 14, 2005, issued in the
city of Xxxxxxxx, Chile, before Civil Law Notary Public Xxxxx de la Fuente
Xxxxxxxxx, the party of the second part.
Both
parties, in their respective capacities, mutually acknowledge the legal standing
necessary to enter into this Contract, for which purpose,
THEY HAVE
REPRESENTED
I.
That the Customer is interested in the Vendor providing it with the services
specified in Appendix II “Catalog of Service” of this Contract (hereinafter the
“Services”), and the Vendor is also interested in providing the referenced
Services to the Customer.
II.
That the Customer’s interest in the Services is based on its need for data
processing and the use and operation of centralized systems, with defined and
approved safety standards, auditable contingency plans, high quality standards
and levels of service (SLA), at low market costs that the Vendor has
offered.
III.
That, as a result, both parties have agreed to enter into this contract
(hereinafter the “Contract”), in order to establish and govern their
relationship for the aforementioned purposes, which shall become effective
subject to the following
Page 2 of 20
CLAUSES:
FIRST: Purpose of the
Contract
1.
The purpose of this Contract is the uninterrupted provision by the Vendor to the
Customer of all and every one of the computer services specified in the Catalog
of Service that, for all purposes, is a part of the same and is subscribed by
the parties.
2.
“Services” shall be understood to mean all and every one of the actions,
activities and components that is specified in the aforementioned Catalog of
Service.
3.
The Vendor, in these same proceedings, represents that it has all the equipment
and material and human resources (hereinafter the “Equipment") necessary for the
provision of the Services.
4.
The provision of the Services by the Vendor shall be carried out per the terms
and conditions specified in the Contract and the Appendices
thereto.
SECOND: Customization
and modifications to Services and Incorporation of New Technologies
1.
|
The
Vendor agrees to undertake, assigning to the Customer the corresponding
costs, the customization of the Services required by the Customer, in
order to accommodate any possible changes in standards, official
regulations or technological innovations, provided that it is so
established in the technical appendices specific to the service and based
on the conditions of cost, schedule and procedures established therein, as
applicable.
|
2.
|
In
the event that the Customer decides, during the term of this Contract, to
interconnect or add new changes, improvements or technologies, in order to
make them part of the Service or other data processing services, the
Customer may acquire them from the Vendor or from third
parties. Nevertheless, in the latter case, the Customer must
inform the Vendor in advance, so that it may take the measures necessary
in order to customize the Services as required by the
Customer.
|
3.
|
Furthermore,
in the event that the Customer acquires the changes and improvements,
either through the Vendor or third parties, the Vendor must supply all the
facilities necessary for the Customer to be able to interconnect or add
them. As a result, this Contract shall not grant any right of
exclusivity to the Vendor when the Customer needs to incorporate changes
and improvements or technologies for all the purposes of the contracted
Services.
|
THIRD: Warranty on
the Services
The Vendor
ensures and guarantees the Customer that the Services covered y this Contract
shall be suitable for the corresponding purposes and that it will provide the
same with the proper quality and diligence.
In the
event that malfunctions, interruptions or any interference occurs in the
Services, the Vendor agrees to give an adequate response to the needs of the
Customer, resolving any issue within the shortest possible term.
FOURTH: Liability of
the Vendor for Data Security
The Vendor
represents that it is familiar with and accepts the files called “General Data
Security Policy” (Operations Risk Management MN020) and “Policies and Standards
for Data Protection and Classification” (Operational Risk Management MN118) and
that are part of Appendix IV, which the parties are familiar with and is
understood to be an integral part of this contract. Said policies are
of Banco Santander Chile. These files may change from time to time
and will be available on the Customer’s intranet. As of the date of
publication of any amendments and/or new files on the Customer's intranet, it
shall be understood that the Vendor has become aware of the same.
For the
provision of the Services the Vendor agrees to perform the same by taking into
consideration and using the policies indicated in the foregoing
paragraph.
Any
information that comes form the Vendor for the provision of the Services shall
be considered to be confidential per the file “Policies and Standards for Data
Protection and Classification.”
FIFTH: Customer’s
Liability
Without
prejudice to the Services rendered by the Vendor in accordance with the
provisions of this Contract, the Customer shall continue to be the sole party
liable vis-à-vis its customers, the officials and competent public entities and,
as applicable, any third parties, for each and every one of the obligations and
liabilities imposed by current legislation, and specifically, in regards to the
protection of personal data.
SIXTH: Remuneration,
Method of Payment, Consequences of Non-payment. Other
Expenses.
In
consideration for the Services covered by the Contract, the Customer shall pay
to the Vendor the amount in Euros (EUR) and United States Dollars that the
Vendor and the Customer agree to in the Financial Terms that are attached to
this Contract (Appendix V). The method and terms for the payment of
this amount shall also be set forth in the aforementioned Financial Terms
(Appendix V).
Every
year, the Vendor may communicate to the Customer, at least thirty (30) calendar
days in advance of the starting date of the new annual period, the new amount to
be invoiced. In such a case, the Customer shall have a term of thirty
(30) calendar days to notify the Vendor whether it agrees to said
amount. The failure to provide notification during the specified term
shall be considered acceptance of the amount. If the Customer does
not agree to the new remuneration amount communicated by the Vendor, it may
terminate the Contract, with no penalty, subject to notification delivered to
the Vendor at least six (6) calendar months in advance of the date on which it
wishes to terminate the contract. During said six-month period, the
Customer shall pay the monthly amount or prorated amount for the corresponding
six-month period that was paid during the immediately prior payment
period.
Page 4
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Until the
parties agree on a new remuneration amount, the remuneration amount
corresponding to the previous period shall remain in force.
The
aforementioned payments shall be made by the Customer to the Vendor every month
in arrears. The Vendor shall submit invoices to the Customer for
payment within the first ten (10) calendar days of the month following the end
of the period. The invoice must comply with all legal requirements,
in particular those related to fiscal matters.
SEVENTH: Limitations
regarding Use
1.
|
The
Services shall be provided by the Vendor for the sole benefit of the
Customer, which agrees, vis-à-vis the Vendor, to make appropriate use of
the means placed at its disposal for the provision of the Services by the
Vendor, always through those areas, departments, units or supervisors
previously designated by the Customer to make use of the same, and whose
relationship model is established in the Appendix “Relationship Model for
the Service” corresponding to this Contract and in any others that in the
future may replace them, subject to notification made to the
Vendor.
|
2.
|
Except
for subsidiaries of the Customer, under no circumstances may the resources
placed at its disposal for the provision of the Services by the Vendor be
the subject of transfer or conveyance by the Customer to third parties,
nor may they be installed on other platforms or equipment, without the
prior, express authorization of the
Vendor.
|
3.
|
Without
prejudice to the foregoing, the Customer may use at its sole discretion
the information and documentation obtained in virtue of the Services
rendered by the Vendor, either on printed media or on editable electronic
media. The Customer may manipulate and make use of all
information and documentation received from the Vendor, within the
limitations established in Clauses Nine and
Sixteen.
|
|
EIGHTH: Provision
of Data by the Customer
|
1.
|
The
quality standard for the Services assumed by the Vendor in this Contract
shall be in function of the information provided by the
Customer.
|
2.
|
The
Customer shall provide the Vendor with all the periodic or random
information that it may reasonably request and shall provide the
appropriate collaboration
to allow the Vendor to carry out its contractual obligations
without interruption.
|
3.
|
The
Customer shall release the Vendor and hold it harmless from any liability
for any damages that may occur, to the Customer as well as to third
parties, as the result of inaccurate and insufficient information provided
by the Customer.
|
|
NINTH: Intellectual
and Industrial Property
|
1.
|
During
the provision of the Services, the Vendor may use or periodically refer to
names or products
or other names and trademarks owned by third parties, such as
programs, equipment, markets
|
Page 5
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
|
indexes,
etc. The Customer is aware of this and agrees to provide proper
respect for them.
|
2.
|
All
intellectual property rights for the Services, Computer Programs and
Equipment used by the vendor for the provision of the Service shall be and
shall remain the absolute property of the Vendor. Likewise, the
Customer acknowledges that any computer applications that the Vendor may
research and design, as applicable, for the account of the Customer, shall
be the property of the Vendor, unless expressly agreed otherwise by the
parties, but in any case they must be conveyed to the Customer, at no
cost, in the event of the termination of the
Contract.
|
|
TENTH:
Subcontracting
|
1.
|
When
the Vendor deems it appropriate to guarantee the best performance of its
obligations, it may subcontract third parties to carry out, in whole or in
part, the services covered by the Contract. In all cases, the
Vendor must have prior, written approval of the customer, who must issue a
decision within a term of 10 calendar days following receipt of the
request. Denial by the Customer shall be duly justified,
stating the corresponding grounds. Furthermore, the Customer
shall have the authority to request that the Vendor remove or replace any
subcontracted companies, duly justified by stating the grounds for the
request, in virtue of the research carried out by the Customer of the list
of subcontracts that the Vendor shall make available to the Customer, per
the terms set forth in Item No. 4 of this
clause.
|
2.
|
If
work is subcontracted, the Vendor shall be liable vis-à-vis the Customer
and/or any third party for the actions of the subcontracted
company. IT shall at all times warrant the correct performance,
by said subcontracted company, of the provisions of all the clauses of
this Contract, including any matter related to the disclosure of
information or confidentiality, with the understanding that the Vendor and
the Customer agree that any party to which the Vendor subcontracts work
must expressly assume obligations of confidentiality vis-à-vis the
Customer that are substantially in accordance with the conditions set
forth by Clause Sixteen of the Contract, and that the absence of said
clause or failure to comply with its terms shall be grounds for immediate
termination of the subcontract in question, regardless of any other
actions which may be applicable.
|
3.
|
If
the tasks entrusted to the subcontracted company involved or are related
to the processing of personal data referenced by this document, the Vendor
agrees to inform said company of the obligations assumed in virtue of this
Contract, in particular those relative to the protection of personal
data.
|
4.
|
Within
ten (10) calendar days following the date on which the Customer so
requests in writing of the Vendor, the Vendor shall make available to the
Customer and deliver to the same, the list of subcontracts that the Vendor
has entered into under this Clause, that are in force at the time of the
request, and as applicable the terms of such Contracts that document said
subcontracting, provided that the measures or resolutions necessary are
adopted so that no obligation regarding confidentiality assumed by the
parties is violated.
|
Page 6
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
ELEVENTH:
Responsibilities and Indemnification
1.
Based on the reserved and confidential nature of the information that the Vendor
will process, the Vendor shall be liable for the most minor breach of
contract. Furthermore, with respect to other duties that are the
subject of this contract, other than the duty of confidentiality, the Vendor
shall be liable for the ordinary negligence.
2.
Either of the parties to this Contract shall indemnify the other vis-à-vis any
claim, damage, loss, liability, prejudice or expense (Including Attorney and
Prosecutor fees) which may be incurred as a result of the failure to comply with
any obligations that, per the provisions of this Contract, may be attributable
to the non-compliant party.
The Vendor
shall fully indemnify the Customer for any damages cause due to interruptions in
Service and/or non-compliance with the service levels detailed in the
Appendices, and those that it may experience in virtue of any action, recourse,
claim, demand or judicial proceeding initiated by the customers of the Customer
in virtue of damage or prejudice caused as the result of the Services provide by
the Vendor, its personnel and those of any subcontractors, including violations
relative to banking confidentiality and secrecy and privileged
information.
The
parties shall be exempt from liability from any non-compliance that is due to
chance or force majeure, considering the same to be as defined by law, and in
particular, those circumstances listed below:
FOR
THE CUSTOMER:
The
Customer shall be exonerated from any civil, administrative or criminal
liability for facts, actions or omissions that the Vendor or any of its
employees, whether personnel with a subordination and employment tie or
Subcontractors of the Vendor, perform or fail to perform and that incur any type
of liability for the Customer and/or that may cause damage or prejudice to third
parties.
Inasmuch
as it is expressly agreed that the Vendor shall be liable vis-à-vis the Customer
for any damage, prejudice, contingency, sanction or loss that the Customer or
its personnel may experience in regards to its assets, goods, honor or dignity
based on the non-compliance or the late, partial or imperfect compliance with
any of the obligations assumed by the Vendor based on this contract, as well as
for any equity losses that the Customer may experience as a result of claims by
personnel hired under the liability of the Vendor, or any others that although
they are not explicitly mentioned are understood to be an integral part of the
contracted services and processes.
In the
event that the Customer is the subject of a claim, sanction or fine in relation
to or because of any worker of the Vendor, by any Auditing, Regulatory, Labor,
Social Security or Judicial Entity, the Superintendency of Banks and Financial
Institutions (SBIF) or the Superintendency of Stocks and Insurance (SVS), the
Vendor must immediately pay the amount claimed and indemnify the Customer for
the amount equivalent to the amount of the claim, fine or sanction, and the
Customer may
Page 7
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
deduct the
appropriate amounts in this regard from the amount of any of the services
rendered, based on this Contract or the Appendices to the same.
No
liability shall be implied for the customer in the event that due to any
contingency the Vendor is prevented fro providing the service or performing the
work that it is required to do by this instrument, and the Customer reserves the
right to subcontract other companies to do it, and the Vendor shall be
responsible for any greater cost that the Customer must assume in this regard if
the Vendor had been previously informed and had approved the selection of the
new service provider.
FOR
THE VENDOR
a)
The Vendor shall be exempt from any liability derived directly from a delay in
providing the service, when said delay occurs due to any of the following
causes:
•
Flood
• Fire
• Earthquake
• Explosion
• Disturbances
• Coups
• Strikes
b)
The inability or delay in obtaining export or import permits, for the
installation or receipt of goods sold, hardware and/or software, when applicable
by law, regulation or other Government standard;
c)
In general, any other similar event of an extraordinary nature that could not be
anticipated or that if anticipated, could not be avoided.
If one
party believes that it has been affected by chance or force majeure that does
not impede the complete and permanent provision of the Services, that party
shall inform the other party in writing within 3 calendar days following the
date on which the instance of chance or force majeure occurred, indicating the
starting and anticipated ending date of said conditions, a description of the
same and how it affects the performance of this Contract. Then the
parties shall endeavor to determine by mutual agreement the term of the
interruption or suspension of the Services that are affected, and they shall
make the necessary efforts to resume the Service, in whole or in part, within
the term agreed upon, either with the same components or devices or with others
that are similar. As soon as the conditions that caused the instance
of chance or force majeure have ceased their effects, the obligations that were
affected shall be resumed.
Page 8
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
In the
event that the instance of chance or force majeure prevents or delays the
provision of the Services in the manner agreed upon, for more than 30 calendar
days and for up to a maximum of 180 calendar days, the parties shall have the
option of contracting the services from third parties based on the
following:
a)
The Vendor shall first have the option of contracting the affected Services from
a third party, and if it calls upon this option, it must so demonstrate to the
satisfaction of the Customer, within 5 calendar days following the date on which
the conditions of chance or force majeure take place. Any contract with third
parties shall be executed within 30 days from the aforementioned
date. Such contract shall be for the sole account, charge and risk of
the Vendor, and the Customer shall in any event maintain the payment of the
price specified in this Contract.
b)
If the Vendor cannot or does not use the option referenced above, or if it does
not in a timely or satisfactory manner demonstrate to the Customer that it has
perfected the contract with a third party, the Customer shall have the option of
directly assuming or contracting with third parties the performance of the
Services affected by the instance of chance or force majeure. In such
cases, if the Customer directly assumes the performance of the affected
Services, and if it contracts the services with third parties, the price or rate
of this Contract must be decreased by the corresponding amount, to the level of
the lesser quantity between that specified in this Contract or the price that
the Customer must effectively pay to the referenced third parties, which
discount may take the form of a corresponding credit notice(s).
1.
Under no circumstances, except in the case of fraud, negligence or bad faith on
the part of the Vendor, shall the Vendor be liable vis-à-vis the Customer or
third parties, with respect to any indirect loss or damage (including lost
income, profits, business, contracts, expected savings or lost profits), related
to or resulting from the use of the Services that are the subject of this
Contract.
2.
The Vendor shall not be liable for failures in the transmission of data,
interference, interruptions or disconnections that may occur as the result of
damages, line overload, etc. as well as errors in the transmitted information,
that are not attributable to the Vendor.
Without
prejudice to the foregoing, the Vendor must possess a contingency plan that
guarantees the proper performance of the contracted services. The Contingency
Plan is the one prepared for the Data Processing Centers of the Santander Group
that is made available to the Customer in the Appendix to this
Contract.
3.
In any event, the liability of the Vendor with respect to the Customer that
arises from or in connection with the Contract shall be limited and shall not
exceed the amount agreed upon as remuneration for that year in accordance with
the sixth clause,
Page 9
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
except in
the event that there is fraud, serious negligence or bad faith on the part of
the Vendor, in which case it shall not be subject to any limitation
whatsoever.
TWELFTH: Labor
Relations and Prohibition from Hiring Employees from the Vendor
1.
|
The
Vendor shall, at all times, maintain ownership of the legal relationship
with the personnel for which it is responsible, as are necessary for the
correct and appropriate provision of the Services, without any transfer of
the same to the Customer and without this creating any direct labor
relationship whatsoever with them.
|
2.
|
The
Customer shall not, without the express, written consent of the Vendor,
offer any employment position and shall ensure that no party of which it
exercises control does so, to any employee of the Vendor involved in the
Services or performing any of the obligations of the Vendor, or working
for it during the Contract term or during the twelve (12) month period
following the end of said term, for any
reason.
|
3.
|
Furthermore,
without the prior, written authorization of the Customer, the Vendor may
not make an offer of work to employees of the Customer working in areas
that exchange information or that work for it either during the Contract
term or during the twelve (12) month period following the end of said
term.
|
4.
|
The
parties expressly acknowledge that the performance of this Contract shall
not create any employment relationship whatsoever between the Customer and
the workers that the Vendor or any other subcontractor may
employee. As a result, the Customer shall not be liable in any
way with respect to the performance of labor or other obligations that the
Vendor or any other subcontracted company enters into with the referenced
workers, whether they were contracted by the Vendor in Chile or abroad,
therefore the Vendor shall be the sole party directly bound to pay, in
full and in a timely manner, the following
items:
|
|
a) Remuneration,
contributions and other benefits specified by law and by contracts owed to
the workers employed to provide the
Services;
|
|
b) Any
taxes and charges that are owed to the corresponding
institutions;
|
|
c) Any
income taxes and any other tax owed that by law must be withheld from the
compensation of the personnel employed to provide the services, and train
them in fiscal areas; and
|
|
d) Any alternate
indemnification previously notified, if it is not given, based on years of
service and any other factors that may correspond to the workers employed
to provide the Services, as
applicable.
|
5.
|
It
shall be a condition of the start-up of the Contract that working
personnel that the Vendor or any other subcontracted company employs for
the performance of Services, must be duly affiliated with a social
security entity that is applicable based on the place of origin, and that
the tax or social security contributions are duly covered by workplace
accident and occupational illness insurance, according to the
corresponding legislation.
|
Page 10
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Before
paying the remuneration specified in Clause Six of this contract, the Customer
may require that the Vendor present the proof issued and authorized by the
corresponding office of the location where the services are rendered, showing
compliance with its corporate laws, and the certificates issued by the
corresponding social security institutions, including for these effects, labor
inspectors, administrators of pension funds, etc., regarding the absence of
claims outstanding by its personnel. The same shall be applicable in
the case of the final or early termination of this contract.
The
Customer shall not pay remuneration to the Vendor as long as the Vendor has not
confirmed that it is current in its payments referenced above, and based on the
sole fact of being jointly and severally or secondarily the subject of a claim
for the payment of remuneration, compensation and social security
payments. In addition, when, by trial court ruling, it is declared
that it must pay any service of the Vendor or its subcontractors in favor of its
workers. The Customer shall require that said party provides a guarantee on the
consequences of its joint and several or secondary liability that may be
applicable, or provide resources for payment to the complete satisfaction of the
Customer.
Similarly,
the parties expressly acknowledge that the Customer shall not have any liability
whatsoever for any type of injuries, accidents or damages that may affect the
personnel of the Vendor or of its subcontractors in the course of performing the
tasks that are directly or indirectly related to the performance of the
Services, all of which shall be the sole liability of the Vendor, all without
prejudice to the corresponding health and safety provisions.
The
Customer may request in writing that the Vendor, at any time and as often as is
deemed necessary, present the corresponding employment contracts for its
personnel or the personnel of its subcontractors, forms demonstrating the
payment of compensation and social security assessments, assistance records
corresponding to workers, the releases granted for the legal formalities by
employees who have left their positions, verification of payment of family
benefits and of withheld income taxes, etc.
6.
|
Failure
to comply with the contractual obligations referenced by this clause shall
authorize the Customer to request early termination of the Contract, with
the corresponding indemnification of
damages.
|
THIRTEENTH: Revisions
to and/or Auditing of the Service
1.
|
The
Customer reserves the right to periodically carry out audits, by means of
independent audits, subject to scheduling with the Vendor and knowledge of
the methodology and objectives in relation to the Services, in order to
determine the
|
Page 11
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
|
correct
performance by the Vendor of all the obligations entered into in virtue of
this Contract. Furthermore the SBIF may also conduct the audits
it deems expedient in order to comply with current legislation and to
identify and evaluate any risks that the transaction may involve for the
customer.
|
2.
|
The
parties agree that the Customer or SBIF may, at any time during the term
of the Contract, be authorized to carry out visits to the facilities of
the Vendor in Spain, for which purpose the Vendor states its approval,
with the understanding that any visit conducted by the Customer pursuant
to the terms of this paragraph shall be subject to the following
conditions:
|
|
(i) it
shall require advance, written notice sent by the Customer to the Vendor,
at least 10 calendar days in advance of the date on which the visit will
take place;
|
|
(ii) it
shall be subject to the safety standards and policies of the Vendor;
and
|
|
(iii) it must cover
subjects related to the Services related to this
Contract.
|
3.
|
Any
reviews may be carried out through the units that supervise the functions
covered by the Service, such as the Office of the Controller, Human
Resources, Technologies or others that the Customer may specify, whether
they are internal to the Customer or through external
companies. Any comments and/or recommendations shall be
collected and performed by the Vendor, per the terms of the written
agreement between the parties.
|
4.
|
Any
reviews may be carried out using consulting, auditing, specialized
outsourcing or other companies contained on a list previously agreed upon
by the parties, provided that said companies are not competitors of the
Vendor and its companies related to the provision of these
services.
|
5.
|
The
Customer reserves the right to verify that the comments and/or
recommendations may be applied within the terms agreed upon by the
parties.
|
6.
|
For
the purpose of complying with requests from competent authorities, such as
the delivery of information that may be requested by SBIF at any time, and
to determine the correct performance by the Vendor of its obligations
assumed under this Contract, the Customer may at any time obtain, either
directly or via a request, from the Vendor, any data, information and/or
the data records necessary using the technological tools provided by the
Service.
|
Any costs
incurred by the SBIF, for the supervision of data processing at another
location, understanding such to be a location other than the offices of the
Customer or of SBIF itself, shall be charged to the Customer.
FOURTEENTH: Term and
Grounds for Rescission of the Contract
This
contract shall be effective as of January 1, 2007 and shall have a term of
5 years. After said term has passed, the contract shall be tacitly,
automatically and subsequently renewed for 1-year periods, unless either of the
parties communicates to the other party its desire to terminate it by registered
letter,
Page 12
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
sent to
the address of the other party indicated in this contract, at least 180 calendar
days in advance of the end of the period that was in force.
Without
prejudice to the foregoing, the Customer shall have the authority to immediately
and automatically terminate the Contract or any one of the Appendices hereto,
without requirement of judicial, arbitration or any other type of ruling, in the
following cases, without the following list being exhaustive:
a)
|
Non-performance
by the Vendor, in whole or in part, or inability or negligence in
performing the obligations assumed in this contract or in any of the
appendices hereto.
|
b)
|
Delay
of more than thirty (30) days in the delivery term for the Services or
projects contracted, without prejudice to the right of the Customer to
collect the late fines specified in this
instrument.
|
c)
|
Dissolution
or termination of the Vendor
company.
|
d)
|
Declaration
of insolvency or a meeting of creditors of the Vendor, or if the Vendor
enters into judicial or extrajudicial agreements with its
creditors.
|
e)
|
Lack
of technical suitability on the part of the Vendor, as considered by the
customer.
|
f)
|
If
the Vendor or any of its subcontractors fails to pay its workers the
corresponding wages, compensation or fees, or fails to comply with any
other labor, social security or tax obligation related to them, which it
is obligated to respect by law or contract
provision.
|
g)
|
If
the Customer is acquired, merges, is absorbed by a third party, is
transformed or is divided, or if all or part of its assets are
sold.
|
h)
|
If
the Vendor or any of its subcontractors fails to comply with one or more
of its obligations to maintain confidentiality, as described in Clause
Sixteen hereof.
|
i)
|
If
the Vendor no longer belongs to the Santander
Group.
|
In order
to terminate the Contract or one [or] more of the Appendices hereto for any of
the reasons mentioned above, the Customer shall only have to submit a registered
letter to the Vendor, at its address indicated in the identification of parties
above, at least 180 days in advance of the date specified as the termination
date, without incurring any liability for the Customer, and without the Customer
being obligated to pay any amount or indemnification for any
reason.
Notwithstanding
all the foregoing, with respect to the term of the contract, either of the
parties shall be authorized to unilaterally terminate this contract early, at
any time during its term, without being required to pay any fine,
indemnification or amount in any regard whatsoever. It shall suffice
for this purpose to give notice by registered letter sent to the address of the
other party as indicated in this contract, at least one hundred eighty calendar
days in advance of the date specified for termination of the
contract.
Page 13
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
|
Commitments in the
event of termination of the Contract or Appendices, for any
reason:
|
|
The
Vendor agrees to provide all the facilities necessary to ensure the
continuity of the service or the project, the management of all
information and to ensure the transfer of the service or the project to a
third party.
|
|
In
addition, the Vendor shall continue to provide services to the Customer
for at least 180 days, following the date of delivery of the registered
letter in which the Customer communicates its intent to terminate the
contract for the aforementioned reasons. This term may be less
if the Customer so declares. During this time period, the
contract fees shall continue in force for the services provided by the
Vendor.
|
|
If
any circumstances arise that constitute chance or force majeure and that
make it impossible to continue the services agreed upon or assumed in the
Contract or its Appendices, once they have been started, the Customer
agrees to pay the Vendor for the work performed, only up to such time as
such facts occurred.
|
|
FIFTEENTH:
Practical Effects of Termination of the
Contract
|
1.
|
Once
the Contract has been terminated for any reason, the Customer shall assist
and cooperate with the Vendor in order to recover the computer equipment
owned by the Vendor that is physically located at locations owned,
controlled or maintained by the Customer, and the Customer shall return
the computer programs and copies of the same to which it may have had
access in virtue of the Contract.
|
2.
|
At
the request of the Customer, the Vendor shall assist and cooperate with
the Customer to search for other companies that may assume the provision
of the Services performed to that point by the Vendor. In any
case, the Vendor shall be required to provide the Customer with any
information that it may request and that has been prepared by the Vendor,
based on the Contract, within six years following the termination date of
the Contract. Regardless of the cause, reason or grounds for
the early termination of this Contract, even if for non-performance of
obligations by the Customer, the Vendor shall cooperate with the Customer
for the orderly transfer to the Customer or the vendors designated by the
Customer, of the Services described in this
Contract.
|
3.
|
Subject
to written agreement by the parties, the Customer may purchase form the
Vendor the computer programs and equipment used for the provision of the
Services for a price that shall be agreed to by both of them in function
of the financial consideration specified in this Contract and the ratio of
the date initially specified for the normal termination of the Contract
and the actual termination date of the
same.
|
4.
|
In
addition to the provisions of Item 2 of this Fifteenth Clause of the
Contract, the parties agree that in the event of termination of the same,
the Vendor shall continue to provide the services to the Customer for a
term of one hundred eighty (180) calendar days, following the termination
date, regardless of the reason that resulted in said
termination.
|
Page 14
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
SIXTEENTH: Confidentiality
1. Confidential
Information. Confidential information is defined as any
information related to:
a)
|
Transactions
of the customers of the Customer and its subsidiaries, whether they are
individuals or legal entities, involving either assets or liabilities,
expressly including nay current account and credit transactions that they
carry out with the Bank and its subsidiaries, its commercial and/or
financial predecessors, their projects, plans or businesses and in general
any background information that is not accessible to the
public.
|
b)
|
In
regards to the Customer and its subsidiaries, any information on the
business and its transactions and, therefore, not limited to processes,
techniques, computer programs, information or management systems,
businesses, market practices, marketing, products, services, documents,
contracts, customer lists, financial information, plans or projects,
whether strategic or otherwise.
|
2. Confidentiality, Reservation
and Secrecy: (a) The Vendor acknowledges that, in relation to
the services that it shall provide to the Customer, it may have access to
proprietary and confidential, secret or reserved information regarding the
customers of the Customer and of its subsidiaries, and of the Customer itself
and its subsidiaries, in accordance with the legal standards and in particular
DFL No. 707 regarding Current Bank and Checking Accounts, DFL No. 3
dated 1997 that established the amended text of the General Banking Act of Chile
and Law 19,628 regarding the Protection of Private Life. (b) The
Vendor may not use this information for its own benefit and agrees to maintain
the confidentiality, reservation and secrecy of such information, agreeing to
use it only for the purpose of processing Customer data and it shall not
disclose this information to third parties. It must, furthermore,
protect it with the same degree of care that it protects its own private and
confidential information, and it may only be disclosed or used with the written
consent of the Customer, subject to liability for the most minor breach of
contract. (c) The obligation of confidentiality, reservation and secrecy
established in this section shall not be extinguished upon the termination of
this Contract, but rather it shall be on-going with respect to any information
obtained or prepared during the term of this contract. (d) Without this being
understood as a limitation, the Vendor agrees that all information that the
Customer may provide it shall be the sole property of the Customer and its
subsidiaries. (e) The employees of the Vendor and of any
subcontractor that requires familiarity with confidential information in order
to correctly perform its services, shall review and sign Appendix IV to this
contract or any other document or agreement with similar or identical provisions
that provides sufficient coverage of the obligations specified in this
clause. In the event that the Vendor wishes to add other employees,
agents or consultants with access to the confidential information, it must enter
into an instrument that confirms that its employees, agents or consultants have
reviewed and executed Appendix IV to this Contract or an equivalent document as
described above.
The
obligations described above shall not be applied or extended to (i) any
information required by an authority duly authorized by law or based on a
judicial proceeding, but only within the limits of said request; or (ii) that
approved by its publication or disclosure in writing by the
Customer. In the event that the situation described in Item (i)
above, and if it is legally applicable, the Vendor agrees to immediately inform
the Customer of such a circumstance, in order that it may take measures for
preservation or appeal that are applicable to prevent or minimize any negative
impact by such
Page 15
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
disclosure
and allow filing all actions and implementing the efforts that are appropriate
in order to prevent the disclosure of such confidential
information.
3. Termination. In
the event that a violation of the provisions of this Sixteenth Clause occurs,
this Contract shall be immediately terminated. In the event of any
termination of the Contract for any reason, the Vendor shall not continue to use
any confidential information provided, and it must return the same and all its
copies within a term of twenty (20) days following the
termination. In any event the obligation regarding confidentiality,
reservation and secrecy assumed by the Vendor, as noted above, shall remain in
force even after and in spite of the termination of the Agreement.
4. Indemnification. The
Vendor shall release, indemnify and hold the Customer harmless for any cost,
loss, claim, complaint, demand or damage of any nature (including attorney’s
fees) to which the Customer, its shareholders, directors, employees, agents or
representatives may be subjected, and that arises as the result of any
non-performance by the Vendor or its employees, agents, subcontractors or
consultants with the provisions of this Contract.
5. Extension of the
Confidentiality Agreement: The Vendor agrees to incorporate
into any contracts, agreements and in general into its relationships with its
units, departments, divisions, subsidiaries, partners, contractors,
subcontractors, consultants and any other entity with which it has a
relationship and which may have access to Confidential information, clauses that
shall protect the confidentiality, secrecy and reservation of information
delivered by the Customer, consistent with the terms of this
Contract.
SEVENTEENTH: Ownership
of Information
Any
information resulting from the processes that the Vendor may perform pursuant to
this contract shall be the property of the Customer. Similarly, if
any Customer information exists in units of the Vendor, the information must be
maintained by the Vendor in a safe location, and the Vendor shall be liable in
the event that a loss, theft or destruction of the same occurs.
EIGHTEENTH: Transfer
of Rights and Obligations
The
transfer, by any of the parties, of any of its obligations or rights arising
from this Contract in favor of other persons or entities, must be agreed upon in
advance and in writing by both parties. Nevertheless, this
requirement shall not be applicable and therefore the transfer may be carried
out, by the simple notification by the Customer to the Vendor, to any company of
the Santander Group. Any company in which Banco Santander Central
Hispano, S.A. or Banco Santander – Chile holds at least a 50% capital stake or
in which it exercises direct or indirect control shall be considered to be a
company of the Santander Group. The Vendor, however, may only
transfer its rights in this Contract by maintaining its capacity as surety or
joint and several co-debtor of the transferee with respect to all its
obligations, charges or encumbrances assumed under this Contract.
Page 16
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
NINETEENTH:
Penalties, Sanctions and Fines
PRODUBAN
must comply with a minimum level of service equivalent to the amount established
for the indicator of availability. In the event that the availability
is below the agreed upon level, PRODUBAN shall be subject to a
penalty.
Penalty
shall be understood to mean the amount of the credit that the CUSTOMER shall
have vis-à-vis PRODUBAN and by means of which the latter shall compensate the
CUSTOMER as a fine for failing to comply with the agreed upon service
levels. Any credits in favor of the CUSTOMER shall be referenced at
the monthly value of the service affected by the unavailability and shall be
calculated per the provisions of the following table:
Actual
availability of the BSS
box
service
|
Service
Bonuses in percent of the
monthly
invoice (total)
|
Between
99.90 and 100%
|
0%
of the monthly service amount
|
Between
99.60% and 99.89%
|
2%
of the service amount
|
Between
99.40% and 99.59%
|
5%
of the service amount
|
Between
99.01% and 99.39%
|
10%
of the service amount
|
Between
98.50% and 99.00%
|
15%
of the service amount
|
Between
98.01% and 98.49%
|
20%
of the service amount
|
Between
97.50% and 98.00%
|
25%
of the service amount
|
Between
0% and 97.49%
|
30%
of the service amount
|
Availability,
which is calculated on a monthly basis, is defined as the time during which the
box service supported on the PRODUBAN infrastructure must be available to the
CUSTOMER, i.e.:
Availability (monthly) =
(Ttotal – Tnodisp /
Ttotal) * 100(%)
where:
|
Ttotal =
Total time of the period in question
(minutes)
|
|
Tnodisp
= Time unavailable (total lack of communication over the PRODUBAN network)
within the Ttotal period in question
(minutes)
|
Page 17
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
The
Service by PRODUBAN shall guarantee a minimum availability defined
as follows:
Service
Environment
|
Guaranteed
Availability
|
Availability
of the Box
|
99.90%
|
Without
prejudice to the obligations set forth in this contract, the parties agree that
the Vendor is required to pay a fine consisting of paying the Customer, based on
the table set forth above, and in the corresponding percentages of the total
amount of this contract, for each day of delay attributable to it with respect
to the date and/or standards on which the provision of the services has been
agreed, in accordance with the terms or schedule specified herein or in the
corresponding Appendix, and that have no relation to the penalty established in
the preceding paragraphs. Instances of chance, force majeure or other
cause waiving liability as set forth in this contract shall provide an exemption
from the fine.
The
parties agree that the Vendor shall be considered in default by the sole fact of
having failed to comply with the term for delivery of the services or projects
set forth in the contract or the corresponding appendix, for which reason the
Customer shall not, in order to assess the payment of the fine, require prior
notice, judicial or otherwise, which notice the Vendor hereby expressly
waives.
Furthermore,
if as the result of the defective provision of the Services by the Vendor, the
Customer is the subject of sanctions or fines by the Superintendency of Banks
and Financial Institutions, the Vendor shall be liable for the payment of said
fines and for any prejudice related to the same.
Any fines
that are accrued in accordance with the provisions set for the above, they must
be paid by the Vendor upon simple request by the Customer, and in particular,
the Customer is authorized to discount the value of the same form outstanding
invoices owed to the Vendor, and from future invoices to be issued, until the
total amount of the fines has been offset, and if necessary, the Vendor shall
issue a Credit Notice. The foregoing shall be without prejudice to
any legal action that will allow the Customer to collect the penalties in
full.
Based on
the foregoing, and without prejudice to the provisions set forth above, the
parties agree that any time that the Vendor delays in redoing or modifying the
work that is not approved by the Customer, as specified in this contract or
appendices hereto, shall be considered non-compliance with the terms of the same
and shall entitle the Customer to carry out the corresponding actions and to
collect the specified fines.
If the
delay in compliance with the terms specified in the contract or appendices
thereto is due to causes attributable to the Customer and the same reasons are
not the result of a previous, justifying delay exclusively attributed to the
Vendor, the parties by mutual agreement shall decide to extend the same
terms.
Page 18
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
TWENTIETH: Expenses and
Taxes
Any taxes
that arise from this Contract shall be paid by the parties as specified by
Law.
All
expenses arising from this Contract shall be for the account of the Customer and
shall be paid subject to authorization of the Customer and based on the policies
it has in effect for that purpose.
TWENTY-FIRST: Non-exclusivity
The
relationship between the Vendor and the Customer as described in this Contract
shall not exclude or limit in any way the right of the Vendor to offer or
provide services that are similar or identical to those set forth herein to
other banks or institutions that are not Chilean, although in such a case the
Vendor shall exercise diligence in complying with each and every one of the
obligations set forth in the Contract and, in particular, those that relate to
the confidentiality and protection of personal data.
Notwithstanding
the foregoing, in virtue of the type of services covered by this Contract, the
Customer agrees not to contract with third parties not expressly authorized by
the Vendor, for any service related directly or indirectly to those specified in
the Appendix titled “Catalog of Service” and if it does so the Vendor shall be
exempt from any liability for errors or defects in the provision of the
[Services] that are the subject of this contract.
TWENTY-SECOND: Method
and Addresses for Communications
1.
|
Any
communication related to the Contract must be made in writing delivered in
person with acknowledgement of receipt, by mail with return receipt or by
any other means that allows receipt and the date of the same to be
verified.
|
2.
|
For
the purposes of this Contract, the parties expressly designate as their
business addresses for communication those addresses indicated
below:
|
Vendor:
|
Francisco
del Xxxxx Xxxxxxx
|
Address:
|
Parque
Empresarial La Finca, Edificio 16
|
P°
del Club Deportivo, 1, 28223 – Pozuelo de Alarcón, Madrid,
Spain
|
|
Telephone
No.:
|
(00)
00 000 00 00
|
Fax
No.:
|
(00)
00 000 0000
|
Email:
|
xxxxxxxxxx@xxxxxxxx.xxx
|
Customer:
|
Xxxxxxxx
Xxxxx Xxxx
|
Address:
|
Bombero
Ossa No. 1068, Piso 10
|
Telephone
No.:
|
00 0
000 0000
|
Fax No.: |
56
2
|
Email: | xxxxxxx@xxxxxxxxxxxxxxxxx.xx |
Page 19
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
3.
|
Any
change to the foregoing addresses must be reported in advance to the other
party in order to take effect.
|
|
TWENTY-THIRD: Applicable
Law and Jurisdiction
|
1.
|
This
Contract shall be construed and respected in its own terms and, for any
matters not specified in the contract, Chilean law shall
apply. This Contract is comprised of this document and all
current and future Appendices hereto. The latter shall be
integral and inseparable components
hereof.
|
2.
|
Any
disagreement arising from this Contract or related hereto shall be
definitively resolved in accordance with the Arbitration Regulation of the
International Chamber of Commerce by one or more arbitrators appointed
pursuant to that Regulation
|
In witness
whereof, the parties have set their hands hereto, in two original counterparts,
one of which was delivered to each party and for a single purpose, in the
location and on the date indicated above.
/s/ Francisco del Xxxxx
Xxxxxxx
|
/s/ Xxxx Xxxxxxxxx Xxxxxxxxx
|
|||
Produban,
Servicios Informáticos Generales, S.L.
|
Banco
Santander – Chile
|
|||
By
power of attorney
|
By
power of attorney
|
|||
Francisco
del Xxxxx Xxxxxxx
|
Xxxx Xxxxxxxxx Xxxxxxxxx | |||
|
|
/s/ Xxxxx
Xxxxxxx Xxxxxxx
|
|||
|
Banco
Santander – Chile
|
|||
|
By
power of attorney
|
|||
Xxxxx
Xxxxxxx Xxxxxxx
|
Page 20
of 20
Banco
Santander Chile – Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Appendix
I
RELATIONSHIP
MODEL
for
the Outsourcing of Computer Services
“BSS
Data Processing Service”
by
and between
PRODUBAN,
Servicios Informáticos Generales, S.L.
and
BANCO
SANTANDER CHILE
Xxxxxxxx
de Chile and Madrid, December 3, 2007
Ref.:
BSS_SPDV00_MRGR03_20070604
[Ink stamp
appears on bottom of all pages: “Produban Servicios Informáticos Generales
S.L.]
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 1 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Santiago — xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
TABLE OF
CONTENTS
1.
|
INTRODUCTION
|
3
|
|
2.
|
BASIC
TABLE OF RESPONSIBILITIES
|
3
|
|
2.1
|
Audits
|
4
|
|
3.
|
LEVELS
OF RELATIONSHIP
|
4
|
|
3.1
|
Management
level
|
4
|
|
3.2
|
Tactical
level
|
5
|
|
3.3
|
Operational
level
|
5
|
|
4.
|
RELATIONSHIP
ASPECTS FOR ALL LEVELS
|
6
|
|
4.1
|
Safety
aspect
|
6
|
|
4.2
|
Quality
aspect
|
6
|
|
4.2.1
|
Quality
Management
|
6
|
|
4.2.2
|
Service
Level Management
|
7
|
|
5.
|
ROLES
OF PARTICIPANTS AT EACH RELATIONSHIP LEVEL
|
7
|
|
5.1
|
Vendor
|
7
|
|
5.1.1
|
Account
Manager
|
7
|
|
5.1.2
|
Service
Manager
|
7
|
|
5.1.3
|
Technical
Area Supervisors
|
8
|
|
5.2
|
Customer
|
8
|
|
5.2.1
|
Contract
Manager
|
8
|
|
5.2.2
|
Service
Manager
|
8
|
|
5.3
|
Identification
of Roles and Contacts
|
9
|
|
6.
|
FORMALIZATION
OF LINES OF COMMUNICATION
|
10
|
|
6.1
|
Vendor’s
Reporting Obligation
|
10
|
|
6.2
|
Management
Xxxxx
|
00
|
|
6.3
|
Tactical
Level. Planning and Follow-up
|
11
|
|
6.4
|
Operational
Level. Service Audit
|
11
|
|
6.5
|
Operational
Level. Management of Incidents and Changes
|
11
|
|
6.5.1
|
Definition
of Types of Incidents
|
12
|
|
6.5.2
|
Reporting
of Incidents to External Vendors
|
13
|
|
6.5.3
|
Responsibility
for Following up on Incidents
|
13
|
|
6.5.4
|
Responsibility
for Acceptance / Implementation of Changes
|
13
|
|
7.
|
APPLICATION
SOFTWARE MAINTENANCE AGREEMENTS
|
13
|
|
8.
|
ACCEPTANCE
OF VENDOR PROCEDURES AND PROCESSES
|
13
|
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 2 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Santiago — xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
1.
Introduction
This
Relationship Model establishes, in general terms, the description of the
participants, responsibilities and paths of communication and information
necessary for the best and most effective provision of the Services covered by
the Computer Services Outsourcing Contract of which this document is an
inseparable Appendix.
2.
Basic Table of Responsibilities
Framed
within the Computer Services Outsourcing Contract between Banco Santander Chile
(hereinafter the customer) and PRODUBAN S.L. (hereinafter the Vendor) the
responsibilities that shall correspond to each of the parties in regards to the
provision of services that are the subject of the collaboration between the
parties, shall be as follows:
On
the part of the Customer:
•
|
The
relationship with the users that receive the service for the purpose of
collecting the information necessary regarding requests, requirements and
policies, as well as the correct transmission of the same to the
Vendor.
|
•
|
Preparation
of the annual budgets and the scheduling of the provision of all
services.
|
•
|
Approval
of the investments and expenditures necessary for the correct provision of
the services.
|
•
|
The
management of functional changes necessary for the correct operation of
the services, as well as the final acceptance of the changes that will be
made.
|
•
|
Supervision
of the services, so that they may be carried out in a manner that is
satisfactory for the users.
|
•
|
Approval
of any technical changes that may be necessary for the correct provision
of the services.
|
On
the part of the Vendor:
•
|
The
correct performance of the procedures and processes necessary for the
provision of the services covered by the
contract.
|
•
|
Installation
and maintenance of all computer and electronic equipment involved in the
provision of the services.
|
•
|
Management
of any technical changes that may be necessary for the correct performance
of the services, as well as the performance of the same services and the
final acceptance of those that are
performed.
|
•
|
Carrying
out functional changes in order to comply with the instructions given by
the Customer.
|
•
|
Relations
with external vendors in all matters related to technical assistance and
the resolution of incidents.
|
•
|
The
establishment of a methodology and quality standards that will ensure the
minimum guaranteed levels of availability and performance, as specified in
the Contract.
|
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 3 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Santiago — xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
•
|
Creating
and maintaining an updated, complete inventory of all the hardware and
software installed that is involved in the provision of the
services.
|
•
|
At
all times respect and act in accordance with the Safety Standards and
Policies approved by the Customer and consider any future guidelines that
the Customer may issue in regards to
safety.
|
2.1
|
Audits
|
“Audits”
shall be understood in accordance with the provisions of the THIRTEENTH CLAUSE
of the Computer Services Outsourcing Contract executed by PRODUBAN and the
Bank.
Any Audit
visits to the Bank and in which PRODUBAN must participate will be formally
notified with advance notice greater than 3 weeks, by means of a document which
will indicate the dates requested for the audit visits and the term for
delivery.
PRODUBAN
shall provide all the information required that it has available to the Bank
official designated as the coordinator of the same, and shall carry out all
technical actions necessary to comply with the requirements of the cited
audit.
3.
General Levels of Relationship
Within the
relationships necessary for the successful completion of the Outsourcing
Contract, the Customer and the Vendor shall frame their relationship with three
hierarchical levels: A management level, a tactical level and an
operational level, and the corresponding tasks to be assumed are detailed
below.
3.1 Management Level
In
general, any actions at this level shall be intended to determine the Strategic
Plan and the Customers needs as well as the commercial effects of the
same.
The
primary tasks entrusted to this level shall be to carry out the development,
preparation and monitoring of:
|
•
|
an
Annual Technology Plan that ensures the alignment of the service provided
by the Vendor with the Customer’s technology
strategy;
|
|
•
|
an
Annual Projects Plan by identifying the future needs of the Customer’s
users, by anticipating long-term system
requirements;
|
|
•
|
a
Budget that includes the cost of the service provided by the Vendor,
anticipating to the extent possible any deviations due to changes in the
same.
|
This level
of management shall be responsible for resolving all disagreements between the
parties that cannot be resolved at lower levels.
This level
shall convey in a clear manner to the lower levels all the needs of the
Customer’s clients specified in the Annual Technology Plan and the Annual
Projects Plan, as well as the priorities of the same.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 4 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Xxxxxxxx — xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
3.2
|
Tactical
Level
|
In
general, actions at this level shall be intended to regulate the detailed
monitoring and control of the Plans and the Budget specified by the management
level. The primary tasks entrusted to this level shall
be:
•
|
Performing
follow-up on the progress of the Scheduling of Projects and activities by
control of the specific projects defined for the progress of the
service;
|
•
|
Performing
adequate management and follow-up on deviations from the schedule and the
levels of service agreed upon in the Service Level Agreements, and
approving corrective actions regarding any deviations from the
same.
|
•
|
Performing
budget follow-up on the investments and expenses necessary to carry out
the projects, as well as the financial impact of day-to-day activities
intended to provide the services in an efficient
manner.
|
This
tactical level shall be responsible for resolving any disagreements between the
parties that may arise from the day-to-day activities, that cannot be resolved
at the operational level, and all disagreements that cannot be resolved shall be
escalated to the management level.
The
tactical level shall be required to clearly convey to the operational level all
instructions received from the management level, as well as any instructions
issued as a part of its own activity, for the correct performance of the
services.
This level
shall also be required to convey to the management level any new information
that arises from the day-to-day provision of the services that affect or may
affect the service provided to the customers, as well as any significant
deviations from the budgets that are detected during the course of the
activity.
3.3 Operational
Level
In
general, the work of the operational level shall entail the performance of the
processes and procedures defined in the Vendor’s technical documentation related
to the performance of the service covered by the computer services outsourcing
contract, in accordance with the levels of service agreed upon by the
parties.
These
processes and procedures include the availability of the services for a
percentage of time equal to or greater than that agreed upon in the Service
Level Agreement, with a response time less than or equal to that specified in
the same Contracts. It shall also include the management of incidents
that occur and any problems detected during the time periods specified in the
Service Level Agreement.
The
operational level of the Vendor shall also carry out complete monitoring of the
progress of all hardware and software components that are involved in the
provision of the service, its capacity, performance and the requirements for
updating said components.
Any
changes necessary in order to carry out these duties as well as procurement
needs shall be conveyed to the Customer for approval. A schedule for
making said changes shall be prepared, which shall then be approved by both
parties.
Any
disagreements between the Vendor and the Customer that cannot be settled at this
operational level shall be brought up to the tactical level for
resolution.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 5 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Xxxxxxxx — xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Participants
at this level will be required to report to the tactical level any incidents,
changes or new information detected in their day-to-day work that may affect the
service provided to the customers or that entails a deviation from the budget
approved for the provision of the same service.
4.
Relationship Aspects for All Levels
The levels
of relationship defined in Section 3 of this document must always work
under the premise of two fundamental aspects for the correct performance of the
agreement between the Vendor and the Customer: Safety and
Quality.
The
characteristics that define these aspects are detailed below:
4.1 Safety
Aspect
The
primary premise that defines the safety aspect shall be that the services
provided to the Customer by the Vendor under the Computer Services Outsourcing
Contract cannot present any consequence or risk to the physical and logical
safety of each and every one of the components involved in the provision of the
same services, guaranteeing compliance with the safety criteria set forth by
specific outside entities.
The Vendor
shall propose specific procedures to the Customer for the receipt of Customer
Safety Audits, shall determine the Safety requirements of Customer applications,
shall authorize actions that are requested under special circumstances outside
of the specified policies or standards, shall monitor the progress of
indicators, trends and Control Tables, including the request for Audits made to
the Safety service provider, and shall manage responses to Official Entities and
Entities representing the Customer.
These
actions shall be carried out jointly by the Customer and the
Vendor.
This
Safety aspect shall also include Operational Risk Management that must establish
policies and criteria intended to ensure the continuity of the service, include
Risk Management in the provision of services and evaluate and propose actions
based on their regulatory impact.
Said
Safety shall be provided to the Customer by the Vendor by means of Computer
Safety Cross Support designed by the Vendor for all the services.
4.2 Quality
Aspect
The two
fundamental premises that define the quality aspect shall be the provision of
all services with quality indicator values greater than or equal to those
specified in the Service Level Agreement and the definition of actions intended
to gradually improve the values of said indicators.
Both
aspects of this area that will be managed in order to achieve said premises
shall be quality management and service level management, as detailed in
Sections 4.2.1 and 4.2.2 of this document:
4.2.1 Quality
Management
Quality
management shall include the preparation of the Vendor’s Quality Plan and the
performance of all tasks necessary to ensure compliance with the
same,
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 6 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Xxxxxxxx — xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
defining
quality goals and indicators that allow compliance with the same to be measured,
by establishing quality standards for the processes performed in relation to the
service and by performing on-going monitoring of the Quality Plan.
4.2.2 Service
Level Management
Management
of the Level of Service offered to the Customer shall include confirmation that
the levels agreed upon in the service Level Agreement are achieved, by
describing and stating the scope of the service provided in the Catalog corresponding to the
service, determining the Volume, Availability and response time expected in the
Service Level
Agreement.
The
actions to be taken in the event of non-compliance shall be defined through the
preparation and implementation of Plans of Action to improve the service and
resolve incidents and problems.
5.
Roles of Participants at Each Level
In order
to correctly perform the tasks assigned to the levels specified in Section 3 of
this document, roles are defined for both parties in Sections 5.1.1 and 5.1.2
below.
Roles that
relate to the tactical level shall be represented by the persons indicated in
Section 5.2 – Identification of Roles and Contact Persons,
below. Roles that relate to the operational level shall be assigned
in the section for identifying roles and contact persons in the Relationship
Model document that is specific to each service.
Roles that
relate to the management levels are the Customer’s supervisors of Technology and
Production, as well as the Vendor’s supervisor. The definition of the
corresponding functions is beyond the scope of this document. Persons
who fulfill these duties shall also be identified in Section 5.2 of this
document.
5.1 Vendor
5.1.1 Account
Manager
The Vendor’s Supervisor to the
Customer shall ensure that the service covered by the Outsourcing
Contract and that the Vendor provides to the Customer is provided in
accordance with the Annual Technology Plan, the Annual Projects Plan and the
Budget that is established on an annual basis.
In
general, the primary functions that fall within the scope of this role shall be
to maintain on-going communication with the Customer’s Contract Manager,
informing him of any facts relevant to the collaboration of the Vendor and the
Customer; holding an annual meeting with the Customer’s Technology and
Production Supervisors in order to establish the Annual Budget and the Projects
Plan, and to be responsible for the legal and financial aspects of the
Contract: Billing and Modifications.
5.1.2 Service
Manager
This shall
be the Vendor’s
Representative to the Customer and the person responsible for said
service having the elements and scope defined in the Catalog and ensuring that
it is rendered in accordance with the provisions of the Service Level
Agreement.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 7 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Xxxxxxxx — xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
In
general, the primary functions that fall within the scope of this role shall be
to hold monthly meetings with the Customer’s Contract Manager, carrying out
tactical scheduling and monitoring of projects, verifying that the service being
provided complies with the established objectives, proposing improvements and
actions to raise Levels of Service; proposing modifications to the Service Level
Agreement; advising the Management in matters related to Information Systems
strategy; collaborating with the Contract Manager to establish priorities for
Service Requirements, and planning changes to the service that are approved by
the Management.
This
person shall be responsible for the correct drafting of the Service Catalog, the
Service Level Agreement and the Financial Viability Model for said
Service.
5.1.3 Technical
Area Supervisors
These are
the representatives of each of the areas necessary to operate, maintain and
support the infrastructure used to provide each of the services specified in the
Vendor’s organization
and they shall be responsible for all the processes, procedures and tasks
specified for the correct operation of the services performed, in accordance
with the standards established for this purpose, and the quality indicators
defined in the Service Level Agreements.
In
general, the primary functions assigned within the context of this role shall be
to hold monthly meetings with the Customer's Contract Manager and with the
Vendor's Service Manager, performing tactical scheduling and follow-up on
projects; proposing improvements and technical actions to increase Levels of
Service; providing points of view as a technical expert in said aspects of the
service and collaborating to plan changes to the service as approved by the
Management.
5.2
Customer
5.2.1 Contract
Manager
This
person shall be the Customer’s
representative responsible for controlling the levels of service provided
by the Vendor.
In
general, the primary functions assigned within the context of this role shall be
to meet monthly with the Vendor’s Account Manager and the Service Manager to
monitor the Scheduling and Projects; to audit the overall status of the service;
manage the development and approval of the Service Level Agreement, and to
propose any changes considered relevant; monitor the continuity of services and
compliance with the levels agreed upon; proposing and implementing new
technologies, together with the Service Manager, in function of the company’s
objectives and strategy; auditing service quality through reports that will be
provided by the Vendor and being responsible for assigning priorities to service
activities, in particular for the management of Changes and
Problems.
5.2.2 Service
Manager
This shall
be the Customer
representative responsible for the day-to-day management of the service provided by the
Vendor.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 8 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Xxxxxxxx —
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
In
general, the primary functions assigned in the context of this role shall be to
review and monitor the service in the short term; meeting periodically with the
Vendor’s Service Manager and with the supervisors of the Vendor’s various
technical areas (Operation, Communications, Safety, etc.) in order to monitor
the Service Level Agreement and the review of incidents that occur as well as
the planning of the schedule of changes proposed by the Service Manager for the
next period and to inform the Contract Manager of any relevant matter related to
the service.
The
following figure shows a graphical approximation of the roles:
Monitoring
|
Service
Audit
|
7
x 24
|
Service
Audit
|
Architecture
|
Development
|
||
Service
Coordinator
|
Service
Manager
|
||||||
SCL
|
Alpha
Operation
|
MAD
|
Service
Manager (Latam 3 D + 1 FTE)
|
Service
Coordinator
|
||||
Operation
25 D
+ 3 FTEs
|
Systems
Technique
11 D
+ 6 FTEs
|
Communications
2 D
|
CSC
1 D
+ 1 FTE
|
|||
Dedicated
(D) = 42
Full-time
Equivalents (FTEs) = 11
|
PRODUBAN
(53
FTEs)
|
Figure 1:
Service Roles and Responsibilities
5.3
Identification of Roles and Contact Persons
The
following persons are designed to perform the roles specified in
Sections 5.1.1 and 5.1.2:
Customer:
Director
of Technology and Systems:
|
Contract
Manager:
|
Service
Manager:
|
Xxxxxxx Xxxxxx |
Vendor:
Vendor’s
Representative:
|
Contract
Manager:
|
Service
Manager:
|
The
Vendor's technical area supervisors shall be appointed by the company management
and their appointment therefore is beyond the scope of
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 9 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Xxxxxxxx —
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
this
contract. For the purpose of the tasks assigned by this document, the
participants shall be those determined by the Vendor.
6.
Formalization of Lines of Communication
The
formalization of Lines of Communication to perform the tasks entrusted to the
various levels shall be carried out by documenting and creating working groups
that will hold periodic meetings where the matters will be dealt with, as
detailed below.
6.1
Vendor’s Reporting Obligation
The Vendor
shall deliver the following documents to each group, at the time intervals
agreed upon:
Budget Review: Will detail the
budget status by entries and will identify any possible deviations from the
budget.
Project Progress: Will detail
the progress, attainment of objectives and budget status of projects in progress
and the overall view of the projects plan agreed upon for the fiscal
year.
Service Level Monitoring:
Containing the percentage of attainment of the service objectives established in
the corresponding Service Level Agreements, the list of incidents from the prior
period, communication of general maintenance actions for the
period.
The
documentation that the Vendor must prepare shall be:
|
•
|
The
Report on the Level of
Service attained, which shall specify the values attained since the
last meeting for the indicators specified in the Service Level
Agreement.
|
|
•
|
The
Calendar of Production
Changes, which shall specify all changes to components that affect
the service that will take place during the period until the next
meeting.
|
|
•
|
The
Incident Management
Report, which will provide information regarding incidents that
have occurred since the last meeting and that affect the service covered
by this document.
|
The
definitive reporting forms shall be obtained after an interim 3-month period
during which they shall be customized to the requirements of the
Service.
6.2
Management Level
In
general, the components of this level shall hold at least one annual meeting to
identify and establish the needs of the Bank for the next year, by preparing an
Annual Plan covering the same needs.
Said
meeting shall also approve the Computer Projects Plan for the year, as well as
the Annual Budget needed to cover that work.
The
participants in said meeting shall be, for the Customer, the Assistant VP of
Technology and Systems, and optionally the Contract Manager, and from the
Vendor, the Service Manager and/or the Account Manager.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 10 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Xxxxxxxx —
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
6.3
Tactical Level, Scheduling and Monitoring
In
general, the components of this level shall hold one meeting per month, which
shall under normal circumstances deal with the monitoring and control of the
budget for projects including the Projects Plan prepared by the Management
Level. This meeting shall also cover, under normal circumstances, all
aspects related to the services: Scheduling and prioritization of actions,
technical monitoring of the service levels established in the Service Level
Agreement, proposed or approved changes to the services or the Service Level
Agreement and the study and approval, as applicable, of requests made by
users.
The
participants at this meeting shall be, from the Customer, the Assistant VP of
Technology and Systems and/or the Contract Manager, and from the Vendor, the
Account Manager and/or the Service Manager.
Every
quarter, this meeting shall also deal with the development of the Annual
Production Projects Plan, in compliance with the Annual Plan, and based on the
Service Level and Capacity criteria and the monitoring of all matters related to
Operational Risk and the requirements of regulatory entities. The
quality of the model shall be reviewed, complying with its methodology,
certification, auditing and quality indicator aspects.
All the
technical documentation required to perform the aforementioned actions shall be
provided by the Vendor.
6.4
Operational Level. Service Audit
The
Certifier and/or Service Supervisor from the Customer and the Service Manager
and supervisors of technical areas of the Vendor shall hold a monthly meeting,
representing their corresponding principals.
During
these meetings, the Service Level document shall be presented. Any
repeated problems with installation shall be reviewed and an Action and
Prevention Plan shall be prepared to correct and avoid said
problems. The Schedule of Production Changes for the period until the
next meeting shall be determined.
The
progress of machinery and the Capacity Plan related to the service shall be
reviewed, as well as the requirements for improvement based on changes to the
volume of service. This meeting shall also be competent to deal with
all matters related to the Operation and Technique of Systems that have occurred
during the period since the last meeting.
6.5
Operational
Level. Management of Incidents and Changes
For all
services agreed upon by the Customer and the Vendor, the Management of Incidents
shall be carried out through Cross Support of the Corporate Support Center, the
process for managing incidents and problems is described in the technical
document titled “Incident Management Guide.” All aspects related to the type of
incidents, the method for managing the same and informing the user shall be
established in the operational document of the Corporate Support Center, and if
necessary they shall be specified in the Specific Relationship Model for the
Service.
Every
month a meeting shall be held by the Customer’s Service Manager and the
Certifier, and the
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 11 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Xxxxxxxx —
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Vendor’s
Service Manager and/or Area Supervisors (Technical Systems, Operation, etc.) for
a technical committee meeting.
The
purpose shall be to review any incidents from the prior period (Resolution and
Prevention Plan), action related to Infrastructure during the following period
and communicating any installations planned during the period. A
schedule of changes shall be established that shall include any tests and
certifications to be carried out by the Customer’s Certifier for said
service.
With the
same frequency, the Customer shall receive the Changes and Incident Management
document prepared by the Vendor.
An
emergency procedure shall be prepared to manage those requests for changes that,
for business reasons cannot follow the normal procedure based on monthly
meetings, requiring in any event the timely approval by both
parties.
Two
operational committees are likewise established:
|
•
|
Daily Incident
Committee: (Conference call or video
conference). A conference call will be held every day to
discuss any incidents that have occurred in the construction of grids, and
incidents corresponding to the previous day, as well as to communicate the
batch run of the previous day, thus covering changes of low- and
medium-impact that were performed on the previous day and those scheduled
for that day.
|
|
•
|
Weekly Change Committee –
Technological Changes Committee: (Conference call or video
conference). Changes having a medium to high impact will be
covered, determining the schedule for changes for the subsequent period,
and communication of the changes carried out during the previous
period.
|
These
operational committees may vary the frequency of their meetings based on the
progress of the service and the corresponding needs, and always by agreement
between the Customer and the Vendor.
6.5.1 Definition
of Types of Incidents
Based on
the types of incidents specified in the Sample Operating Document of the
Corporate Support Center, the following types of incidents are
defined:
|
•
|
VERY
SEVERE or SEVERITY LEVEL 1 incidents: Those that halt the use of any
system application by affecting the Customer's business
processes. Any incident that involves a complete shutdown of
the process chain, affects a Session Change during working hours, or that
directly affects compliance with the delivery of results and/or the
authorization of services.
|
|
•
|
SERIOUS
or SEVERITY LEVEL 2 incidents: Those that halt the use of any portion or
function of a system application, adversely affecting efficiency, but
without impeding the operation of the Customer's business. This
type of incident does not affect the performance of a Session Change, does
not directly affect the authorization of services or the delivery of
priority results, but involves stopping more than one process and affects
the delivery of results.
|
|
•
|
NORMAL
or SEVERITY LEVEL 3 incidents: This type of incident does not affect the
business, involves affecting few users or non-critical
functions. This type of incident occurs during a terminal task,
understanding this to be that which, since it is a final task, its
application does not provide conditions; therefore it does not halt
any
|
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 12 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Xxxxxxxx —
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
|
processes
or files to another task, which generates as a result a report or file,
which does not affect the Line
service.
|
Response
and/or resolution times for each type of incident shall be specified in the
Service Level Agreement corresponding to the service covered by this document,
and in general in the Incident/Problem Management Guide.
6.5.2 Communication
of Incidents to External Vendors
The Vendor
shall be responsible for opening incident reports and communicating the same to
external vendors, and for monitoring the same until they are resolved by the
vendor. The Vendor shall keep the Customer informed of any resulting
actions.
6.5.3 Responsibility
for Following up on Incidents
The Vendor
shall be responsible for following up on incidents and problems until they are
resolved, and for proposing or taking measures for preventive
actions.
6.5.4 Responsibility
for Accepting / Implementing Changes
Responsibility
for ACCEPTING changes shall rest fully with the Customer once said change has
been certified by the Certifier and once the dates have been approved by the end
users or areas requesting the change.
Responsibility
for the timing of the IMPLEMENTATION of changes shall be jointly shared by the
Customer and the Vendor's technical areas, by evaluating the business decision
and the best technical timing for its implementation, respectively.
The Vendor
shall periodically supply the Customer with the volume of changes made and the
percentage assessment of the results.
7.
Application Software Maintenance Agreements
The
Customer agrees to execute a Maintenance Agreement with third parties for all
Software included in the Catalog of any services provided by the Vendor, except
for Operating System software and all software that is included in maintenance
agreements signed by the Vendor and other vendors of the same. The
Maintenance Agreement must include the right of the Vendor to enter into the
outsourcing contracts necessary to resolve any aspect related to the provision
of the services.
8.
Acceptance of Vendor Procedures and Processes
Initially
during the provision of the service by the Vendor, the operating procedures
currently employed by the Customer shall be used. Any subsequent
changes that may be made to said procedures shall be carried out gradually and
by mutual agreement, ensuring the provision of the service during the specified
terms.
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 13 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Xxxxxxxx —
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Furthermore,
the Customer agrees that no service or any update to the same shall be put into
production unless it complies with the standards established for this purpose by
the Vendor and unless the corresponding quality controls have been
performed.
/s/ Francisco del Xxxxx
Xxxxxxx
|
/s/ Xxxx Xxxxxxxxx Xxxxxxxxx
|
|||
Produban,
Servicios Informáticos Generales, S.L.
|
Banco
Santander – Chile
|
|||
By
power of attorney
|
By
power of attorney
|
|||
Francisco
del Xxxxx Xxxxxxx
|
Xxxx Xxxxxxxxx Xxxxxxxxx | |||
|
|
/s/ Xxxxx
Xxxxxxx Xxxxxxx
|
|||
|
Banco
Santander – Chile
|
|||
|
By
power of attorney
|
|||
Xxxxx
Xxxxxxx Xxxxxxx
|
APPENDIX I BSS_SPDV00_MRGR03_20071106(2).DOC
|
March 20,
2007
|
Page 14 of
14
CONFIDENTIAL
Bandera 140 —
Tel.: (00 0) 000 0000 — Xxxxxxxx —
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Appendix
II
CATALOG
for
the Outsourcing of Computer Services
“BSS
Data Processing Service”
by and
between
PRODUBAN,
Servicios Informáticos Generales, S.L.
and
BANCO
SANTANDER CHILE
Xxxxxxxx
de Chile and Madrid, December 3, 2007
Ref.:
BSS_SPDV00_CATR17_20070620
[Ink stamp
appears on bottom of every page:
“Produban
Servicios Informáticos Generales
S.L.]
APPENDIX
II BSS_SPDV00_CATR17_20070620 (2) (2).doc
|
March 20,
2007
|
Page 1 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
TABLE OF
CONTENTS
1.
|
DESCRIPTION
AND SCOPE OF SERVICE
|
3
|
|
1.1
|
Description
of the Service
|
3
|
|
1.2
|
Scope
|
||
2.
|
COMPONENTS
AND GENERAL ACTIVITIES COMPRISING THE SERVICE
|
4
|
|
2.1
|
Components
|
4
|
|
2.1.1
|
Architecture
|
5
|
|
2.1.2
|
Mainframe
|
5
|
|
2.1.3
|
Intermediate
Systems (Unix and Wintel)
|
6
|
|
2.1.4
|
Communications
|
9
|
|
2.2
|
General
Activities Comprising the Service
|
10
|
|
2.2.1
|
Scheduled
Activities
|
11
|
|
2.2.2
|
On-demand
Activities
|
12
|
|
2.2.3
|
Projects
|
12
|
|
3.
|
SPECIFIC
ACTIVITIES BY SERVICE PROVIDED
|
13
|
|
4.
|
REPORTS
OF ACTIVITY AND LEVELS OF SERVICE
|
23
|
|
5.
|
GENERAL
BACKUP POLICY
|
23
|
|
5.1
|
Backups
under Normal Regimen
|
24
|
|
5.2
|
Future
Backups
|
24
|
|
5.3
|
Restoration
Policies and Procedures
|
24
|
|
5.3.1
|
Normal
Recovery
|
24
|
|
5.3.2
|
Special
Recovery
|
24
|
|
6.
|
TECHNOLOGICAL
CONTINGENCY PLAN
|
25
|
|
|
List
of Figures
|
||
Figure
1:
|
Supported
Instances and Environments
|
4
|
Figure
2:
|
Detailed
Overall Diagram
|
5
|
Figure
3:
|
Mainframe
Platform
|
6
|
Figure
4:
|
SUN
Servers
|
7
|
Figure
5:
|
Production
Environment
|
7
|
Figure
6:
|
Development
and Approval Environments
|
8
|
Figure
7:
|
SAN
Intermediate Services Storage
|
8
|
Figure
8:
|
Backup
Intermediate Services
|
9
|
Figure
9:
|
Detail
of WAN Communication
|
00
|
|
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 2 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
1. Description
and Scope of Service
1.1 Description
of the Service
The Data
Processing Service to be provided by PRODUBAN, Servicios Informáticos Generales,
S.L. (hereinafter the Vendor) to Banco Santander Chile (hereinafter the
Customer) within the context of this Agreement consists of providing the
Information Technology and Communications (ITC) infrastructure (Hardware and
Software components) and performing the activities required for the provision of
the functionalities required by the Customer.
This
service covers activities within the aspects of:
|
•
|
Operation
(Production Environments, QA/Approval and
Development)
|
|
Activities
corresponding to the production area that ensure the provision of IT
functions required by the business areas of the Customer (Batch,
transactions, data management, backups, recovery, operation,
etc.);
|
|
•
|
Administration
and Systems Techniques
|
|
Activities
that ensure the provision of the operational IT infrastructure required by
the Customer (installation, maintenance, monitoring, custom development,
etc.);
|
|
•
|
Communications
|
|
Activities
necessary for administration of the portion of the GSNet/LATAM
interconnection network that connects Santiago, Chile with Madrid to
ensure a secure connection between the BSS and the data processing
facilities in Boadilla del Monte. This does not include the
“Organization Network” of the BSS.
|
|
•
|
Security
|
|
Activities
required for the implementation of security policies and procedures marked
from the Customer, that shall comply with the security standards of
Santander Group, in order to ensure the availability of access to data and
systems, the integrity and confidentiality of the same for components and
tasks for which the Vendor is responsible, safeguarding the provisions
that in this regard are issued by the auditing authority in
Chile.
|
1.2 Scope
The
service covered by this agreement shall be provided through the components
specified in this catalog, and in the volumes specified in Appendix III to the
Contract “Level of Service Agreement,” in the section titled “Volume of
Service.”
Any
variation from this scope must be decided in meetings held by the levels
specified in Appendix I – Relationship Model,” and their financial impact must
be approved for inclusion in the Xxxxxxxx Xxxxxx.
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 3 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
2. Components
and General Activities that Comprise the Service
2.1 Components
All those
components of the Vendor’s IT infrastructure that are involved to a greater or
lesser extent in the provision of all, several or any of the functionalities
that the service provides to the Customer and that are under the supervision of
the Vendor shall be considered components of the service.
The
business services are based on the ITC Infrastructure of the Vendor, which shall
include:
• Mainframe
platform and the corresponding storage
• Intermediate
systems platform, with the corresponding storage, which supports the following
services:
° MIS
° Payment Methods Datamart
° Xxxxxx XX
° ITACA
° Control-M Scheduler
• Communications
Infrastructure for connectivity between Customer CPDs and Vendor
CPDs.
The
foregoing infrastructure, located in Spain, supports the Environments and
Instances that are presented below, which are within the context of services of
Produban:
Platform
|
zOS
|
Intermediate
Services
|
||||||
Environment
|
SYSD
|
SYSQ
|
SISP
|
Unix
and Wintel Systems
|
||||
Instance
|
Development
|
Testing
and Integration
|
Approval
|
QA
|
Production
|
Development
|
Approval
|
Production
|
Figure
1: Supported Instances and Environments
The
current and primary components that support the service covered by this contract
are described schematically below.
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 4 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
2.1.1 Architecture
The
following figure shows the architectural view of the components under the direct
administration of the Vendor and those that are in Chile to be directly
administered by Altec Chile or via outsourcing contracts that the Customer may
enter into.
[Key of
items from Figure 2:]
Managed
by Altec
|
Managed
by Produban
|
|
Sucursales
= Branch offices
Atencion
Telefonica = Telephone Service
Banca
por Internet = Online Banking
Banca
Personas = Personal Banking
Banca
Empresas = Business Banking
Banca
Personas / Empresas = Personal / Business Banking
Banca
Automatica = Automatic Teller Banking
Autoservicios
= Self Service
Servimatico
= [unclear – possible ATM]
Redes
medios de pago = Payment Methods Networks
Especificos
= Specific Features
Apllo.
Departamentales = Dept. Support
|
Sucursales
=
Branch
Offices
Aplicaciones
= Applications
|
Aplicaciones
= Applications
Aplicaciones
no Altair = Non-Altair applications
Datamart
Medios de Pago = Datamart Payment Methods
|
Figure
2: Overall Detailed Diagram
The key
components that support the service for each of the platforms included under
this contract: Mainframe, Intermediate Systems and
Communications.
2.1.2 Mainframe
Figure 3
shows, in schematic fashion, the mainframe platform, which is located in the two
existing CPDs in Boadilla del Monte, also including the infrastructure dedicated
to safety copies.
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 5 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
[Key of
items from Figure 3:]
Acoplamiento
= Connection
Tarjetas
OSA = OSA Cards
Desarrollo
= Development
Director =
Manager
Conectividaad
datos = Data Connectivity
Copia Síncrona =
Synchronous Copy
… Cintas =
… Tapes
Primario =
Primary
Figure
3 – Mainframe Platform
2.1.3
Intermediate Systems (Unix and Wintel)
Solaris systems are installed
on physical partitions (or dominoes) consolidated into 3 Sun E25K
servers:
|
•
|
The
production systems on 2 Sun E25K servers, each installed in a CPD at
Boadilla (CPD East and CPD West). This enables support for a
contingency involving this platform.
|
• |
The
development and approval systems on 1 Sun E25K server at the CPD West at
Boadilla.
|
|
• |
The
SAS servers on two Sun Fire V490 servers each installed at one Boadilla
CPD (CPD East and CPD West).
|
The Wintel systems are installed
on physical servers located at the CPD East in Boadilla. The backup
systems are located at the CPD West in Boadilla.
The
following figures show the location diagrams of the SUN servers and the
distribution by CPDs of the various Production, Development and Approval
environments with the corresponding storage and backup systems.
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 6 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
[Key of
items from Figure 4:]
CPD
Boadilla Oeste = CPD West, Boadilla
CPD
Boadilla Este = CPD East, Boadilla
Desarrollo
= Development
Producción =
Production
Figure
4 – SUN Servers
[Key of
items from Figure 5:]
CPD
Boadilla Oeste = CPD West, Boadilla
CPD
Boadilla Este = CPD East, Boadilla
[Other captions in this diagram are
illegible.]
Figure
5 – Production Environment
APPENDIX
II BSS_SPDV00_CATR17_20070620 (2) (2).doc
|
March 20,
2007
|
Page 7 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
[Key of
items from Figure 6:]
CPD
Boadilla Oeste = CPD West, Boadilla
Desarrollo
= Development
Homologación =
Approval
servicio =
Primary system
almacenamiento
= Storage
[Other captions in this diagram are
illegible.]
Figure
6: Development and Approval Environments
[Key of
items from Figure 7:]
CPD
Boadilla Oeste = CPD West, Boadilla
CPD
Boadilla Este = CPD East, Boadilla
4a copia =
4th
copy
Rojo =
Red
Azul =
Blue
Figure
7: SAN Intermediate Services Storage
APPENDIX
II BSS_SPDV00_CATR17_20070620 (2) (2).doc
|
March 20,
2007
|
Page 8 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
[Key of
items from Figure 8:]
CPD
Boadilla Oeste = CPD West, Boadilla
CPD
Boadilla Este = CPD East, Boadilla
Servidores
Windows = Windows Servers
VLAN Administración
= Administration VLAN
Figure
8 – Intermediate Services Backup
2.1.4
Communications
Communication
between the CPDs in Santiago, Chile and Madrid (Boadilla and Mesena) shall be
accomplished, under normal working conditions, through the Level 1
Interconnection Line (Point to Point) of the GSNet LATAM network.
This
connection is duplicated and is supplied by different operators to ensure the
continuity of communications. There is also an automatic switch to the duplicate
infrastructure in the event that the section in service goes out of
service. Communication over Level 2 interconnection lines (MPLS, 2
nodes) and Level 3 lines (VPN over the Internet) are available and will be used
on a contingency basis.
The
following figure shows a simplified diagram of communication between Chile and
Spain.
APPENDIX
II BSS_SPDV00_CATR17_20070620 (2) (2).doc
|
March 20,
2007
|
Page 9 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
GSNet
LATAM Chile
Level 1 –
Point to Point
Level 2 –
MPLS (2 nodes)
Level 3 –
VPN Internet
Figure
9 - Detail of WAN Communications
2.2
General Activities Comprising the Service
All those
tasks performed by technicians of the Vendor intended to provide functionality
to the service covered by this agreement, to perform maintenance on one, several
or all components of the service, or to provide an improvement of the conditions
under which the same are provided shall be considered activities that comprise
the service.
Based on
the frequency that said activities are carried out, the following types are
distinguished:
•
Scheduled Activities:
Activities that are repeated periodically and on a controlled basis, normally
according to pre-established procedures;
•
On-demand Activities:
Similar to the previous item, but carried out either at the request of the
Customer, or during the resolution of problems, configuration, capacity
management, etc.
•
Projects: Specific
actions that resolve requests for changes to infrastructure or to incorporate
new components, and that have their own scheduling, objectives and
follow-up.
For the
service covered by this contract the activities that generally comprise the
service are listed below, and the detailed activities are described in Section 4
of this document, “Specific Activities by Service Provided.”
APPENDIX
II BSS_SPDV00_CATR17_20070620 (2) (2).doc
|
March 20,
2007
|
Page 10 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
2.2.1
Scheduled Activities
• Basic
Operation
° Server
start-up / shutdown
° Running batch
processes:
|
•
|
Of
the system: Sub-system start-up and shutdown, making safety
copies, log management processes, etc.
|
• |
Related
to applications: Control of batch processes related to the business will
be carried out, and the adjustment and validation of these batch processes
will be the responsibility of the Customer, through
Altec.
|
|
• |
Control
of the running of the Customer’s batch processes, regardless of location,
will be carried out by the Vendor. The Customer, through Altec,
is responsible for the availability of all the interfaces necessary for
this run (at the level of available systems and sub-systems, as well as
for the necessary data or files), systems not located at the Madrid
CPDs. The Customer is, thus, also responsible for the
availability of contact persons associated with said
interfaces.
|
The Vendor
is responsible for the basic operation associated with the start-up / shutdown
of servers and infrastructure components located at the Madrid
CPDs.
|
• Monitoring: The
availability of equipment and services will be audited, as will the use of
the system.
|
|
•
Storage management /
Assignment of space: Control of disk space and its
assignment to various subsystems.
|
|
•
Backup and restoration
management: Control of the systems and data backup
processes, as well as the activity to restore the same as
required.
|
|
•
Management of incidents
and problems: Escalation and monitoring according to agreed upon
technical procedures (See Document “ BSS_Incident Management
Guide”).
|
|
•
Management of changes in
QA / Approval and
Production:
|
|
(Only infrastructure in Madrid)
|
|
°
Scheduling Work according to procedures for
changes
|
|
°
Scheduled production start-up according to the procedure for changes, and
at the Instances of QA / Approval
|
|
°
Start-up of production of emergency or unscheduled work per the procedure
for changes.
|
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 11 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
2.2.2
On-demand Activities
This is
the performance of activities at the request of users, in the event of incidents
or due to unscheduled events.
• Basic
Operation
• Monitoring
• Management of events,
incidents and problems.
2.2.3
Projects
Specific
activities are those related to business processes that comprise activity plans
and projects.
• Adaptation of specific
environment
|
°
Provision of capability for Machine / Analysis of
Impact
|
|
°
Management of Storage / Assignment of disk
space
|
|
°
Creation / Integration into Backup and Recovery
processes
|
|
°
Creation / Adaptation of the Incident and problem management structure,
including any new components.
|
• Integration into the
Production Structure
° Monitoring
° Scheduler
° Creation of the
corresponding documentation (departments, criticality)
• Integration into the
Service Structure:
° Associated Service
Indicators:
• Magnitudes to
control1
• User
requirements
• Application
availability
• Availability of generated
data
• Response
time
• Reports to be
generated
• Criticality of
processes for handling incidents.
3.
Specific Activities by Service Provided
The
specific activities in the context of the Processing Service to be provided by
the Vendor to the Customer are:
|
•
|
Batch Management (business
processes). Carried out by the Scheduling and Batch
Control Center areas. The tasks carried out by scheduling
are:
|
|
°
Receipt of documentation on the work to be scheduled. Altec
will be responsible for providing said documentation (shown in the Change
Management Guide).
|
|
°
Preparation of work (introduction / validation of data required for
performance), whether for automated systems under Control-M or for those
which are not automated by specific
tools.
|
|
°
Organization of the performance of work by the various applications,
determining:
|
|
•
the period for performing the work
|
|
•
the sequence based on criticality (prioritizing
work)
|
|
•
whether the task is dependent on completing other
tasks
|
|
•
verification of results
|
|
•
monitoring work
|
|
•
management of competition and exclusion with other work or processes based
on the competition for resources
|
|
•
recovery operation. Specific procedures will be prepared by
working with the Systems Administration areas (i.e. Databases), and at
times, for the resolution of recovery the Systems Tech and
Altec/Development will have to work together. This will be run
by the Batch Control Center
|
|
•
Re-start operation. The specific procedures will be prepared
with the Systems Administration and
Altec/Development
|
|
•
Management of resources, priorities and
permits.
|
• Transmission of orders to
run work that is not periodical (received per procedure).
• New schedule of work due
to
° Entry of new
applications
° Running special
processes
° Changes to the basic
hardware and software of the environment
° Maintaining system
components.
|
°
Running processes and the corresponding controls, controlling return codes
and validation processes
|
|
°
Running processes or special repeated processes requested by the
Customer.
|
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 13 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Support
for and resolution of incidents involving batch processes are the
responsibility of the Customer (with respect to applications and
interfaces). Specifically by Platform:
|
|||
•
|
Mainframe: Support
and resolution of incidents detected in batch processes of this platform
will be escalated to Altec 7 x 24 which will be responsible for said
incidents
|
||
•
|
Intermediate
Systems: Support and resolution of incidents detected in
batch processes on this platform will be escalated to Altec Production,
which will be responsible for said incidents, for systems residing in
Madrid and for systems located in Chile.
|
||
The
registration, escalation and control of batch process incidents will be
handled according to the Incident and Problem Management procedure defined
in “Support
for the Management of Incidents and Problems (CSC – Customer Support
Center)”.
|
|||
•
|
Transaction Management | ||
°
|
Automatic
start-up to authorize access to transaction
applications.
|
||
°
|
Monitoring
performance of systems housing transaction applications
|
||
°
|
Shutdown
operation to prohibit access to transaction
applications.
|
||
• Data Management: This subject is intended to guarantee the availability of media and procedures to store information that is critical to the Service. | |||
The objective of data management is to guarantee the availability of stored data and its recovery when required. It specifically includes the following basic activities: | |||
°
|
Analyzing
the criticality of existing data in terms of its
activity
|
||
°
|
Implementing
global backup and recovery policies, in function of the importance of the
data. Backup processes run by the applications are the
responsibility of the Customer; the Vendor is responsible for the recovery
of data.
|
||
°
|
Providing
mechanisms to protect against losses and disasters of any
type.
|
||
°
|
Ensure
that the data are store on appropriate media during the terms specified
jointly with the Customer and that its recovery is feasible and
rapid.
|
||
°
|
Facilitate
the availability of data, so that the Customer may carry out the transfer
of data and information with outside entities.
|
||
°
|
Define
and run the procedures that establish policies for maintaining fiscal,
accounting and any other information specified by current
regulations.
|
||
•
|
Printing
and finishing
|
APPENDIX
II BSS_SPDV00_CATR17_20070620 (2) (2).doc
|
March 20,
2007
|
Page 14 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
°
|
The
responsibility of the Vendor is focused on the availability of the data,
since the printing and finishing remains in Chile, and is the
responsibility of the Customer
|
||
•
Optimization
and Control
|
|||
°
|
Systems
|
||
•
Monitoring of transaction performance under the responsibility of the
Vendor
|
|||
•
Monitoring capacity
|
|||
•
Creation and maintenance of auto operator rules
|
|||
•
Authorization for intermediate services
|
|||
•
Running optimization tasks that are derived from the foregoing
points
|
|||
°
|
Batch
|
||
•
Inclusion of JCLs in the daily scheduling of production events, and for
Approval and QA events
|
|||
•
Monitoring of Process Performance
|
|||
•
Performance of tasks that are derived form the aforementioned
monitoring
|
|||
•
Actions to correct work for the optimization of
processes.
|
|||
•
|
Management
of Room Logistics
|
||
°
|
Receipt
of the new hardware
|
||
°
|
Provide
the infrastructure necessary and inclusion in Inventory Management,
Capacity and Availability
|
||
°
|
Base
software: The installation of base software is related to the installation
of the hardware and is carried out by Systems Support
teams
|
||
°
|
Adjust
the contingency plans to the new infrastructure
|
||
°
|
Diagnose
or design impacts of the changes on applications and issue reports in this
regard.
|
||
•
|
Systems
and Subsystems Administration
|
||
° In
general, the following activities are carried out for all
subsystems:
|
|||
•
Use system and subsystem monitors to obtain performance and evaluation
background information
|
|||
•
Control the response time of systems in general, based on the
transactional environments
|
|||
•
Provide technical assistance to the operations area, delivering support
and technical upgrades.
|
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 15 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
•
|
Maintain
and update the system software, product programs and tools (excluding
applications whether for its own development or third
parties).
|
||
•
|
Keep
the system software updated by means of PTFs (Program Temporary Fixes) and
monitor the description of the problem by means of APARs (Authorized
Program Analysis Reports).
|
||
•
|
Maintain
a register of the use of general resources associated with each subsystem
and its associated products.
|
||
°
|
MVS
System Programming:
|
||
•
|
Provide
all the instances of work covering the Service (Development and Integrated
Testing, QA, Approval and Production).
|
||
•
|
Provided
technical support for the software, operating system and products,
delivering support and technical upgrades to the involved
parties.
|
||
•
|
Use
system monitors in order to obtain background on behavior and evaluation,
controlling the consumption and distribution of CPU memory resources and
seeking a high effectiveness of the same.
|
||
•
|
Control
and report on the use and distribution of critical disk space (system and
spool space).
|
||
•
|
Maintain
LPARs and the priorities / configurations of the
system.
|
||
•
|
Install,
maintain and update access control software
|
||
•
|
Implement
the protection requirements for operating system resources via access
control software.
|
||
°
|
CICS/MQ
systems programming:
|
||
•
|
Maintain
and update the system software for the online
environment.
|
||
•
|
Structure
CICS regions to support the requirements of the Customer’s
applications.
|
||
•
|
Prepare
configurations for the system so as to maximize performance and
capacity.
|
||
°
|
Programming
of data base management systems:
|
||
•
|
Maintain
and update the system software for data base
administration
|
||
•
|
Maintenance
of the DBMS (Data Base Management System).
|
||
•
|
Reorganize
the Data Base and image copies
|
||
•
|
Review
and physical support of the Data Base
|
||
•
|
Scheduling
of capacities of the data bases and management of
performance.
|
||
•
|
Monitoring
and handling of system resources (e.g. DASD, CPU) in support of the data
bases and scheduling of capabilities.
|
||
•
|
Recovery
of the Data Base.
|
||
°
|
Data
base support:
|
||
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 16 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
•
|
Develop
the following activities supplemented by the Client’s personnel:
Monitoring of data bases,
this activity is related to verification of status and projection of data
basses in regards to the use of space.
|
|||
°
|
Programming
of VTAM and TCP/IP systems:
|
|||
•
|
Maintain
and update the communications software
|
|||
•
|
Control
and monitor the behavior of system communications resources, including the
associated hardware and software, seeking to maintain their high
availability.
|
|||
°
|
Programming
of intermediate platform Operating Systems:
|
|||
•
|
Provide
all the instances of work covered by the service
|
|||
•
|
Provide
technical support for the software, operating system and products,
providing support and technical upgrades to those
involved.
|
|||
•
|
Use
system monitors to obtain background information on behavior and
evaluation, verifying consumption and distribution behavior of CPU-memory
resources, seeking a high efficacy rate of the same.
|
|||
•
|
Control
and report the use and distribution of the critical disk space resource
(systems space).
|
|||
•
|
Maintain
the partitions and priorities/configurations of
systems.
|
|||
°
|
Support
for Control-M:
|
|||
•
|
Define
the Control-M systems for environments under the responsibility of the
Vendor on the various platforms.
|
|||
•
|
Make
changes to the product that are necessary to customize environments /
platforms.
|
|||
•
|
Apply
maintenance, according to the instructions and materials delivered by the
supplier.
|
|||
•
|
Basic
Software and Hardware Maintenance
|
|||
°
|
Hardware: Does
not involve the specific maintenance of components (these are the
responsibility of the hardware services providers), but rather the
supervision and coordination of the same and their customization, which
affects the configuration and availability.
|
|||
°
|
Software:
Consists of the application of patches, service packs, etc., and/or
version changes. In the case of complex changes, (the Procedure
for the Management of Changes will be followed), areas external to the
Vendor must participate, such as Development or Users.
|
|||
•
|
Data
bases for Approval, QA and Production
|
|||
°
|
Administration
of table spaces, segments and objects
|
|||
°
|
Supervision
and optimization of performance
|
|||
°
|
Maintenance
and application of patches
|
|||
°
|
Control
of availability
|
|||
°
|
Management
of changes and analysis of integrity
|
|||
°
|
Management
of storage and assignment of space.
|
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 17 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
•
|
Operation
|
|||
°
|
Management
of Capacity and Availability
|
|||
°
|
Management
of alarms, consoles of various servers
|
|||
°
|
Operate
disk consoles
|
|||
°
|
Management
of peripherals, and carry out the mounting / unmounting of tapes per
requests by applications or developers
|
|||
°
|
Execute
console commands
|
|||
°
|
Monitor
systems. The fundamental objective is to receive information
regarding the operation of production infrastructures, in terms of trends
as well as specific device actions. In light of the Service Level
Agreement, provide the information necessary for the preparation of
monitoring reports.
|
|||
°
|
Perform
the daily processes to refresh environments.
|
|||
°
|
Open
and close applications.
|
|||
•
|
Optimization
and control
|
|||
°
|
Repetitive
structural installations
|
|||
°
|
Action
before incidents
|
|||
°
|
Modification
of Server parameters
|
|||
°
|
Support
for the creation of objects on subsystems
|
|||
•
|
Processing
in the event of a contingency
|
|||
°
|
Recovery
of equipment from the Data Center and/or data network by
failures
|
|||
°
|
Develop
and maintain the disaster recovery plan
|
|||
°
|
Coordinate
disaster recovery tests
|
|||
°
|
Carry
out disaster recovery tests and report the results of the
same
|
|||
°
|
Insure
compliance with regulatory requirements.
|
|||
•
|
Monitoring
and control
|
|||
°
|
Preparation
of service reports (for internal and external use) and delivery of files
to the Customer
|
|||
°
|
Execution
of specific tasks of the system on a scheduled basis or upon request
(according procedures).
|
|||
°
|
Specific
actions regarding tasks being performed (changes in order or in
conditions) in order to better comply with agreed upon
schedules.
|
|||
•
|
Inventory
Management
|
|||
°
|
Carry
out inventory and manage life cycle of installed
machines
|
|||
°
|
Periodically
review the installed equipment and update inventory
|
|||
°
|
Coordinate
and support changes to the IT infrastructure involved in the
service.
|
|||
•
|
Support
for the Management of Incidents and Problems (CSC – Customer Support
Center)
|
APPENDIX
II BSS_SPDV00_CATR17_20070620 (2) (2).doc
|
March 20,
2007
|
Page 18 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
°
|
Management
and escalation of second-level incidents, and to the 7x24 group and Altec
Production in Chile (according to the Incident Management
Procedure).
|
|||
°
|
Management
of Problems in the corresponding area (according to
procedures).
|
|||
•
|
Management
of Changes
|
|||
°
|
Coordination
of the Vendor’s Changes Committee with the Customer
|
|||
°
|
Preparation
of software for its installation in approval, QA and
production
|
|||
°
|
Installation
of the software on all platforms for which the Vendor is
responsible
|
|||
°
|
Coordination
of changes to approval, QA and production for platforms for which the
Vendor is responsible.
|
|||
The
Vendor shall have the authority to approve changes in production, subject
to the escalation procedures defined in the Change Management
process.
|
||||
•
|
Management
of stress and volume tests
|
|||
°
|
Produban
Changes Management shall be responsible for the Stress and Volume Tests,
which are carried out on the platforms managed by
Produban
|
|||
°
|
The
QA departments of Altec and Produban will work together on the stress and
volume tests that impact the infrastructures of Altec and
Produban.
|
|||
°
|
Scheduling
and execution of the stress and volume tests of the software that is to be
placed into production in order to guarantee the stability of the
system.
|
|||
Any
change to Production must go through the previous environments without
exception, which does not mean that everything is tested in
QA. In order to require this test, the change has to either be
new software, or represent a significant percentage (+50%) within the
Application, or affect several applications or substantially change
conditions (relationships, functionalities). Simple promotions
or those with simple changes are not tested. Those changes for
which in their prior research it is believed that testing is not necessary
are also not tested.
|
||||
°
|
For
tests that are carried out online (stress), a difference will be made
between the Financial Terminal and Middleware Components (OBUS
Format). Transactions are carried out by MQ injectors in the QA
environment.
|
|||
It
is the responsibility of the Customer to deliver the OBUS and TF formats
to the Vendor for the performance of the tests, and to report the details
of the transaction and the estimated data (peaks) that are expected to be
obtained from the tests: transactions per second, average
response time and critical schedule.
|
||||
°
|
Volume
(batch) tests are based on the performance of grids in the QA
environment.
|
|||
The
Customer must provide information relative to: estimated run time, start
time, conditions, frequency, relationship of jobs and programs and an
overall flow chart of the grid. Likewise,
the
|
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 19 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Customer
must provide all the files and interfaces necessary in order to carry out
said test.
|
||||
°
|
It
is the responsibility of the Customer to provide all the information
necessary to carry out said tests, at the level of defining the
environment (data, application software, files, etc.) as well as
documentation.
|
|||
•
|
Management
of Technological Changes
|
|||
°
|
Coordination
with the Customer Changes Committee
|
|||
°
|
Coordination
of the installation of hardware and software for systems and
communications
|
|||
•
|
Management
of Communications
|
|||
In
order to attain the overall objective to provide communications service
between Chile and the Vendor, the following activities shall be carried
out, limited to said environment:
|
||||
°
|
Control
of Vendors of subcontracted communications services within the GSNet
context:
|
|||
•
|
Management
of various contracts and agreements that the Customer has with integrators
and operators related to Communications services.
|
|||
•
|
Management
of the service provided by integrators and operators, controlling the
levels of service agreed upon with the same.
|
|||
°
|
Installation
|
|||
•
|
Installation
of the Server cabling infrastructure in the rooms in
Madrid
|
|||
•
|
Installation
of the communications infrastructure (data)
|
|||
•
|
Configuration
of equipment: Routers, Switches, hubs and channel
extenders
|
|||
•
|
Adjustment
of the Technology Contingency Plan to the new infrastructure (in the CPDs
in Madrid).
|
|||
°
|
Operation
|
|||
•
|
Management
of Configuration, Capacity and Availability
|
|||
•
|
Management
of communications alerts
|
|||
•
|
Monitoring
of communications systems (data). The fundamental objective is
to receive information regarding the operation of production
infrastructures, in terms of tends as well as specific
deviations. In light of the Service Level Agreement, provide
the information necessary to prepare the follow-up
reports
|
|||
•
|
Actions
for change or improvement
|
|||
•
|
Hardware
maintenance
|
|||
°
|
Customization
|
|||
The
customization of the communications technology infrastructure shall be
determined by the guidelines for technological updating adopted at the
corporate level, required by the Customer or recommended by the
Vendor. The information generated by Monitoring shall be used
to:
|
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 20 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
•
|
Define
projects to upgrade infrastructure
|
|||
•
|
Analyze
new products
|
|||
•
|
Define
the criteria to prioritize package traffic on the MPLS
network
|
|||
•
|
Communications
research
|
|||
This
group of activities includes:
|
||||
°
|
The
design of communications solutions. In order to design
solutions, a cost study shall also be carried out, so that, in the event
that it is necessary, additional budget entries may be approved by the
Customer, to allow them to be carried out
|
|||
This
refers to data solutions in the following environments:
|
||||
•
|
WAN
networks:
|
|||
•
|
Connection
between the CPDs in Chile and the CPDs in Spain
|
|||
•
|
LAN
networks:
|
|||
•
|
Server
networks in the CPD in Spain
|
|||
°
|
Customization
to comply with the IP addressing plan of the group
|
|||
°
|
Communications
management tools
|
|||
•
|
Monitoring
systems
|
|||
•
|
Control
of versions and configurations of network electronics
|
|||
•
|
Design
of network maps and alerts
|
|||
°
|
Analysis,
design, evaluation and scheduling of projects corresponding
to:
|
|||
•
|
The
study and implementation of new technologies that offer better
technologies or financial improvements that offer a decrease in the cost
of communications.
|
|||
•
|
Security
|
|||
The
activities that the
Vendor shall carry out in this context for the provision of
services to the Customer covered by this agreement are listed
below:
|
||||
°
|
Security
of information and integrity of data
|
|||
•
|
Centralization,
service, resolution and/or escalation of incidents or security
requests. Requests by users and access to resources and
applications that are the responsibility of the Customer are
excluded.
|
|||
•
|
Emergency
access control in order to resolve incidents.
|
|||
•
|
Implementation
of antivirus systems in Windows environments that are at the Madrid CPDs
and under the responsibility of the Vendor
|
|||
•
|
Application
of the security patches and configuration improvements based on the best
practices and non-compliance with the guidelines defined by Corporate
Security and the Customer
|
|||
°
|
Security
of logical access
|
|||
The
security policies that provide configuration of logical access will be
framed by the Customer, and shall comply on a general level with the
Corporate Security Policy of the Santander Group, and including
Customer-specific aspects. The installation and configuration
activities related to the application of said
policies
|
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 21 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
in
IT components and systems within the context of this agreement shall be
the responsibility of the Vendor.
|
||||
•
|
Installation
and configuration of a firewall and any other necessary
tools
|
|||
•
|
Configuration
of router and switching components in order to restrict access at the
level of network interfaces
|
|||
•
|
Registration
and periodic monitoring of access to base platforms in order to ensure and
encourage the correct use of facilities
|
|||
•
|
Communication
to the Customer of the polices for access control and restriction for
access keys to the various systems of the facility (mainframe and
intermediate systems), in order to align the Customer with the general
policies of the group
|
|||
•
|
Support
and recommendations for the configuration of navigation options within the
various systems/applications, based on the permits granted to the user
and/or group of users. The responsibility for said
configuration of systems/applications corresponds to the
Customer.
|
|||
°
|
Administration
of Intermediate Systems at the Operating System (“Root”)
level.
|
|||
Any
installation and security administration involving the following shall be
the responsibility of the
|
||||
Customer: | ||||
°
|
Mainframe:
|
|||
•
|
At
the system level (RACF), communications (communications on the Mainframe
platform), CICS and Data Bases (DB2).
|
|||
•
|
Development
of the processes and procedures to ensure the integrity of data (at the
data base level)
|
|||
•
|
At
the applications level
|
|||
°
|
Distributed
systems:
|
|||
•
|
At
the applications level
|
|||
°
|
Management
of users and working groups.
|
|||
•
|
Identify
and implement the protection requirements for application
resources
|
|||
•
|
Implement
data protection requirements using access control software that allows
management of usage rights for employees of the Customer as well as the
Vendor:
|
|||
•
|
Identification
and authentication of users
|
|||
•
|
Assignment
of profiles and access permits
|
|||
•
|
Elimination
/ debugging of users
|
|||
•
|
Passwords
(assignment, resetting, cancellation, etc.).
|
|||
•
|
Implementing
and maintaining security controls that allow the tasks of the previous
item to be carried out on those subsystems and applications that do not
use access control software for security.
|
|||
°
|
Support
for conducting security audits
|
APPENDIX
II BSS_SPDV00_CATR17_20070620 (2) (2).doc
|
March 20,
2007
|
Page 22 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
At
security audits responsibility falls on the Customer, and the Vendor shall
provide the necessary support:
|
||||
•
|
Documentary
support for requests for access logs, processes and any other type that is
logged in the systems to be audited
|
|||
•
|
Provide
lists of users by service, profiles, privileges, permissions, etc. related
to the users authorized on the Customer systems, for those systems for
which the Vendor is responsible.
|
|||
•
|
Provide
contracts with other entities that support the performance of the
activities included in the service covered by this
contract.
|
|||
•
|
Provide
manuals, configuration diagrams, communication diagrams and any other
documentation that describes the provision of the service covered by this
contract.
|
|||
•
|
Technical
assistance for revisions of the security mechanisms and processes analyzed
during the security audit, excluding those carried out within
applications.
|
|||
•
|
Document
the activity logs required by the Customer in the regular performance of
the activities corresponding to the service covered by this contract
(excluding any activity log created by applications, and only for
components for
which the Vendor is
responsible).
|
4.
Activity Reports and Levels of Service
The Vendor
shall inform the Customer of the activity and level of service achieved based on
the frequency and content of the reports specified in the Service Level
Agreement document.
In the
face of specific events or situations that require special monitoring and
follow-up, the Customer may request greater detail for the information provided
by request to the Service Manager.
5.
General Backup Policy
Within the general strategy of the Vendor in order to guarantee the continuity of the Customer’s service, all applications, associated data and basic software for the technology platforms that support the services to be provided to the customer are backed up according to the following general plan:
|
•
Disk housings, for the mainframe platform and intermediate systems, are
replicated at the two CPDs;
|
|
•
The backups for both platforms are carried out at the opposite CPD of the
one that houses the server. One CPD houses the server and the
other contains the backup
cartridges.
|
The backup
and recovery of files is applied to all technology platforms located in
Madrid.
XXXXXXXX
XX XXX_XXXX00_XXXX00_00000000 (2) (2).doc
|
March 20,
2007
|
Page 23 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
The
generation of backup copies may be carried out in two ways:
• Normal
regimen
• Event-based
backups
Which are
described below.
5.1
Normal Regimen Backups
The
Customer shall be responsible for providing the Vendor with the specifications
necessary related to business or legal requirements to carry out data
backups.
The Vendor
must provide the licenses and install backup agents. In this manner
the Vendor implements and incorporates said backup into the normal Production
regimen. This service shall be required of the Vendor every time that
the following events occur:
|
1.
Change in utility and/or procedure
|
|
2.
Each time that a new machine is incorporated into the Data
Center
|
|
3.
Changes to applications and new
applications.
|
5.2
Event-based Backups
The Altec
Media Administration Supervisor will send the request to the Vendor’s Supervisor
using the Event-based Backup Form. This service will be required in
relation to the following events:
|
1.
Cloning a server
|
|
2.
Special processes
|
|
3.
Technical tests and projects
|
5.3
Restoration Policies and Procedures
The
commitment times for restoration of the various systems and the hold time for
data will be determined with the Customer during the transition
period. All of this is in function of the type of application and the
organizational or legal requirements that the Customer must
fulfill. The Customer must communicate these conditions to the Vendor
so that it may adjust its actions based on the needs specified by the
Customer.
Recovery
may be considered regular or special. The conditions that are
generally applied to each type are described below:
5.3.1
Normal Recovery
Recovery
from the Development and Approval environment are declared to be normal, i.e.
these requests will be received only on business days, Monday through Friday
during service hours. If the request arrives outside of these times,
it will be left for the next day. The response time for this type of
request shall be 24 hours.
5.3.2
Special Recovery
Recovery
of Production, Data security and Auditing are declared to be special, i.e. these
requests will be immediately attended to by the Altec Media Administration and
Vendor Operations units, once
APPENDIX
II BSS_SPDV00_CATR17_20070620 (2) (2).doc
|
March 20,
2007
|
Page 24 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
the
recovery form arrives. The response time will depend on the
information to be recovered and the availability of the equipment.
For mass
project file recovery, the Customer’s Supervisor shall coordinate the
scheduling, performance and commitments in a timely manner with the Vendor’s
Service Manager.
6.
Technology Contingency Plan
There is a
Technology Contingency Plan prepared by the Vendor that contains the procedures
for mitigation, actions before, during and after a contingency and the
strategies for recovering computing and telecommunications
services.
The Vendor
agrees to keep the Plan up to date at all times and aligned with the
requirements that the Customer may have with respect to its own Business
Continuity Plan. Furthermore, the Vendor may amend the content
subject to notification of and agreement with the Customer.
The Vendor
shall coordinate and control actions to mitigate risks, contingencies and for
recovery contained in the Plan, without that presupposing, under any
circumstances, the delegation of any responsibilities that may correspond to the
Customer.
The
Customer agrees to provide the Vendor with the information necessary in order to
maintain the Plan and to follow the applicable procedures.
In order
to verify the updating and effectiveness of the Plan, the same shall be tested
annually. The parties shall determine the scope of the same, and
preferably must include verification of the procedures that have been changed or
modified since the last test.
APPENDIX
II BSS_SPDV00_CATR17_20070620 (2) (2).doc
|
March 20,
2007
|
Page 25 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
The
procedures for mitigation, contingencies and recovery of other systems of the
Vendor, as well as all those of the Customer, are explicitly beyond the scope of
the Plan.
/s/ Francisco del Xxxxx
Xxxxxxx
|
/s/ Xxxx Xxxxxxxxx Xxxxxxxxx
|
|||
Produban,
Servicios Informáticos Generales, S.L.
|
Banco
Santander – Chile
|
|||
By
power of attorney
|
By
power of attorney
|
|||
Francisco
del Xxxxx Xxxxxxx
|
Xxxx Xxxxxxxxx Xxxxxxxxx | |||
|
|
/s/ Xxxxx
Xxxxxxx Xxxxxxx
|
|||
|
Banco
Santander – Chile
|
|||
|
By
power of attorney
|
|||
Xxxxx
Xxxxxxx Xxxxxxx
|
APPENDIX
II BSS_SPDV00_CATR17_20070620 (2) (2).doc
|
March 20,
2007
|
Page 26 of
26
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Appendix
III
SERVICE
LEVEL AGREEMENT
for
the Outsourcing of the
“BSS
Data Processing Service”
by and
between
PRODUBAN,
Servicios Informáticos Generales, S.L.
and
BANCO
SANTANDER CHILE
Xxxxxxxx
de Chile and Madrid, December 3, 2007
Ref.:
BSS_SPDV00_SLAR26_20070620
[Ink
stamp appears on bottom of every page:
“Produban
Servicios Informáticos Generales S.L.]
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 1 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
TABLE
OF CONTENTS
|
|||
1.
|
INTRODUCTION
|
4
|
|
2.
|
DESCRIPTION
AND SCOPE OF SERVICE
|
4
|
|
2.1
|
Scope
|
4
|
|
2.2
|
Volume
of Service
|
5
|
|
2.2.1
|
Infrastructure
of Relevant Systems
|
5
|
|
2.2.2
|
Communications
|
6
|
|
3.
|
COMMITMENTS
OF THE PARTIES
|
6
|
|
4.
|
MEASUREMENT
AND MONITORING INDICATORS AND TOOLS
|
7
|
|
4.1
|
Indicators
|
7
|
|
4.2
|
Tools
|
7
|
|
5.
|
SERVICE
SCHEDULE
|
7
|
|
6.
|
AVAILABILITY
OF DATA SERVICES
|
8
|
|
7.
|
BATCH
JOBS
|
8
|
|
7.1
|
Periodic
batch jobs
|
9
|
|
7.2
|
Random
batch jobs
|
9
|
|
8.
|
ONLINE
AVAILABILITY
|
10
|
|
9.
|
ONLINE
RESPONSE TIME
|
11
|
|
10.
|
DATA
COMMUNICATION BETWEEN THE CPDS IN CHILE AND SPAIN
|
12
|
|
11.
|
WAIVER
OF LIABILITY
|
12
|
|
12.
|
INCIDENT
MANAGEMENT
|
13
|
|
12.1
|
Level
of Severity of Incidents
|
13
|
|
12.1.1
|
Very
Serious Incidents: Severity 1
|
13
|
|
12.1.2
|
Serious
Incidents: Severity 2
|
13
|
|
12.1.3
|
Normal
Incidents: Severity 3
|
14
|
|
12.2
|
Reaction
and Resolution or Escalation Times
|
14
|
|
12.3
|
Escalation
Procedure
|
15
|
|
12.3.1
|
Severity
1 Incidents
|
15
|
|
12.3.2
|
Xxxxxxxx
Xxxxx 0 and 3 Incidents
|
15
|
|
12.3.3
|
Incidents
related to batches
|
16
|
|
13.
|
CONTINGENCY
PLAN
|
17
|
|
14.
|
SERVICE
VERIFICATION AND ADJUSTMENT PERIOD
|
17
|
|
15.
|
ACTIONS
IN THE EVENT OF NON-COMPLIANCE WITH THE SERVICE LEVEL
AGREEMENT
|
17
|
|
16.
|
SERVICE
LEVEL REPORTS
|
18
|
|
16.1
|
Monthly
Frequency
|
18
|
|
16.2
|
Weekly
Frequency
|
19
|
|
16.3
|
Daily
Frequency
|
19
|
|
16.4
|
Other
Reports
|
19
|
|
17.
|
PROCEDURE
FOR REVIEW AND CHANGES TO THE SERVICE LEVEL AGREEMENT
|
00
|
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 2 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
LIST
OF TABLES
|
||
Table
1:
|
Volumes
of Systems Involved
|
6
|
Table
2:
|
Volumes
Associated with Communications
|
6
|
Table
3:
|
Online
Availability Indicators
|
11
|
Table
4:
|
Service
Level Indicators for Data Communication
|
12
|
Table
5:
|
Service
Level Objectives for Incident Management
|
14
|
Table
6:
|
Escalation
of Severity Level 1 Incidents
|
15
|
Table
7:
|
Summary
of Hierarchical Escalation Times
|
16
|
LIST
OF FIGURES
|
||
Figure
1:
|
Components
within the Scope of Service
|
5
|
Figure
2:
|
Supported
Instances and Environments
|
10
|
Figure
3:
|
Escalation
of Batch Incidents
|
16
|
Figure
4:
|
Service
Level Indicators
|
00
|
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 3 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
1. Introduction
This
document is an appendix to the Computer Services Outsourcing Contract for the
“BSS Data Processing Service” between Banco Santander Chile (hereinafter the
Customer) and PRODUBAN, Servicios Informáticos Generales, S.L.
(hereinafter the Vendor).
This
document defines the objectives to be attained in the provision of the Data
Processing Service provided by the Vendor to the Customer, within the scope
described in Appendix II to the Contract, “Catalog of Services.”
The
service level objectives established in this document use as a reference the
values that the Customer currently has and measures, in the end complying with
the end of the transition period, which will last for 6
months. During the transition period, the actual service levels
achieved will be monitored and the levels that will be established as service
level objectives to be provided by the Vendor shall be agreed upon.
The
signatures at the end of this document indicate that the Customer and the Vendor
are in agreement as to its content, and that the objectives are attainable,
forming the requirements for the service provided to the Customer by the
Vendor.
2. Scope and Volume of
Service
2.1
Scope
The
service that the Vendor shall provide to the Customer breaks down into a series
of Elements and Activities, as defined in Item 1 of Appendix II to the Contract,
titled “Service Catalog.”
The
Components are comprised of the technology infrastructure operated directly by
Produban. Certain subsystems located in Chile are serviced by
personnel from Altec Chile or may be the subject of local outsourcing, and are
beyond the scope of the service provided by Produban.
A
schematic representation of the components serviced by Produban and those that
are not, and which therefore are beyond the scope of this service level
agreement, is presented in Figure 1 – “Architecture of Banco Santander
Santiago.”
Said
diagram shows to the left of the vertical line “service
boundary,” within the shaded zone, the subsystems that may be
serviced by Altec, or which may be outsourced, and those systems to the right of
the line are serviced by Produban, and are the subject of this Services Level
Agreement (SLA).
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 4 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
[Key of
items from Figure 1:]
Managed
by Altec
|
Managed
by Produban
|
|
Sucursales
= Branch offices
Atencion
Telefonica = Telephone Service
Banca
por Internet = Online Banking
Banca
Personas = Personal Banking
Banca
Empresas = Business Banking
Banca
Personas / Empresas = Personal / Business Banking
Banca
Automatica = Automatic Teller Banking
Autoservicios
= Self Service
Servimatico
= [unclear – possible ATM]
Redes
medios de pago = Payment Methods Networks
Especificos
= Specific Features
Apllo.
Departamentales = Dept. Support
|
Sucursales
= Branch Offices
Aplicaciones
= Applications
|
Aplicaciones
= Applications
Aplicaciones
no Altair = Non-Altair applications
Datamart
Medios de Pago = Datamart Payment Methods
|
Figure
1: Components falling within the Scope of Service
2.2 Volume
of Service
The
Customer and the Vendor agree to a maximum volume of service that will be
considered to have been exceeded when one or several of the circumstances
described in the following paragraphs occur.
2.2.1 Infrastructure
of Relevant Systems
Parameter
|
Definition
|
Limit
Value
|
Total
number of MIPS contracted per partition (base line)
|
Production
partition
|
2,506
MIPs and 25 GB of memory
|
QA /
Approval Partition
|
100
MIPS and 8 GB of memory
|
|
Development
|
500
MIPs and 8 GB of memory
|
|
Volume
of mainframe disks
|
Disk
space for data
|
23.5
TB of data with another 23.5 TB for backup
|
No.
of CPUs of SUN intermediate systems
|
Production,
for application servers as well as database servers
|
20
CPUs, UltraSaprc IV+ 1,500 MHz and 144 GB RAM
|
Development
|
4
CPUs, UltraSaprc IV+
1,500
MHz and 32 GB RAM
|
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 5 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Parameter
|
Definition
|
Limit
Value
|
Approval
|
8 CPUs,
UltraSaprc IV+
1,500
MHz and 64 GB RAM
|
|
No.
of CPUs of Wintel intermediate systems
|
Production
|
8
CPUs, Xeon 3.6 GHz, 32 GB RAM
|
Development
|
3
CPUs, Xeon 3.6 GHz, 16 GB RAM
|
|
Terminal
Server
|
2
CPUs, Xeon 3.6 GHz, 8 GB RAM
|
|
Disk
space on intermediate systems
|
Disk
space for data
|
13.5 TB
net (18.6 gross) SAN, with another 13.5 TB net (18.6 gross)
backup SAN
|
Table
1: System Volumes
The 3,106
MIPs shown in the above table are the base line (contracted capacity) for the
Customer. The total installed capacity is 3,516
MIPs.
2.2.2
Communications
Parameter
|
Definition
|
Limit
Value
|
Volume
of CPD lines
|
Average
usage volume of primary CPD access lines
|
Exceeds
70% for 80% of the service time (10:00 a.m. to 11:00 p.m. Monday to
Sunday)
|
|
Table
2: Volumes Associated with
Communications
|
3. Commitments of the
Parties
The Vendor
agrees to maintain the Service Level indicators at values equal to or better
than those specified in this Service Level Agreement, provided that the service
volume is not greater than the parameters set forth in this
section. If these maximum volumes are exceeded, the Vendor agrees to
continue providing the service to the Customer, under the best possible
conditions, with the limitation of available capacity.
When the
indicators associated with these components indicate continued use approaching
90%, in particular the volume of MIPS consumed, the Vendor shall initiate a
change request process to research a possible expansion, provided that the
continued use of the components under conditions approaching the availability
limits could cause a decline in operation as specified in this SLA.
Furthermore,
if the limits set above are exceeded during the effective term of the
Outsourcing Contract, the Customer and the Vendor agree either to approve
changes to the values of indicators of this Service Level Agreement, or to
approve and carry out changes to the systems that are timely for the
reestablishment of the same. Furthermore, if applicable, the budget
items necessary to carry out said changes shall be approved.
These
decisions shall be made at the meetings held by the parties per the provisions
of the Relationship Model.
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 6 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
4.
Measurement and
Monitoring Indicators and Tools
4.1
Indicators
Service
Level indicators are those measurements, which when taken objectively, serve
both parties in determining whether the agreed upon service level is being
provided in an effective manner, from the perspective of the components of the
service as well as the various specific activities based on the Service provided
(Paragraph 1.3 of Appendix II to the Contract, “ Service Catalog”).
The
indicators used to measure the service level of each activity are defined for
each of them, expressing the compliance values.
4.2
Tools
The Vendor
shall provide the tools and implements necessary to carry out the management and
control of the elements included in the SLA. Said tools will
be:
System and networks management and
monitoring tools. All those systems installed in the service
infrastructure that allow determination of dedicated resources, as well as any
sessions or transactions performed in the applications that comprise the
referenced service, and the use of resources (communications as well as
systems).
Application of Incident
Management. The Application of Incident Management is the tool
used by the Customer Support Center of the Vendor to manage
incidents. All incidents reported to the Customer Support Center
shall be entered in the data base of this application, which will provide
information regarding the number, status and resolution time of
incidents. In the event that this application changes, the use of the
new one will be provided to the Customer.
Probes. Probes are
computer systems that automatically and periodically carry out a simulation,
configured as desired in advance, of actions representing the functionality of
an application or service which is accessed from any of the browsers available
on the market. The results of said browsing are stored and processed
in a data base, for subsequent study. The Probes provide data
regarding Availability, Response Time and Performance. The Probes may
be used to carry out a simulation prior to stress tests or changes to the
capacity of the service components.
5. Service
Schedule
The
Customer Support Center (CSC) provides services 24 x 7, and is the point of
entry for all requests and incidents related to the
service. Operating services are also provided 24 x 7.
The
remaining components of the processing service are provided:
• |
|
Monday
through Friday, during work hours of the service (8:00 a.m. to
8:00 p.m. local Chilean time).
|
• |
|
Outside
of the scheduled hours for conducting tasks that must be carried out
without affecting Customers or
users.
|
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 7 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
During the
rest of the schedule, technicians will be available on-call and their actions
will be delimited by the escalation procedure described below in this
document.
6. Availability of
Batch Services
Availability of data services
is understood to be the opportunity for the correct delivery of data,
using as an indicator the time when the Customer should have data associated
with the services covered by this SLA available, obtained as a result of the
daily chain processes, free of errors and ready for subsequent
processing.
The
indicators associated with availability are defined in function of data
type. Monitoring of compliance with these service levels is collected
in the corresponding control table that is generated daily. Its
contents are attached as to this document as Appendix A – “Control
Table.”
7. Batch
Jobs
Batch jobs
will be subject to a correct completion commitment, i.e. work completed without
errors due to the platform, operation or scheduling, within the specified terms.
There are two categories of batch jobs:
•
|
|
Periodic
batch jobs
|
•
|
|
Random
batch jobs.
|
7.1
Periodic Batch
Jobs
• These measure
the Vendor’s compliance with respect to its obligations to deliver data and
information corresponding to process schedules, free of errors associated with
the services covered by this contract, from data obtained from chain
processes. An error is understood to be a result that is different
from the control established for this application by the
Customer. Examples of process schedules:
° |
|
Daily
|
° |
|
Monthly
processes (includes obligations of the Customer to External
Institutions)
|
° |
|
Monthly
forecasts
|
° |
|
Monthly
profitability
|
° |
|
Monthly
Management Audit
|
° |
|
Others
that the Customer may decide to include in the future as the result of new
applications in Production.
|
• |
|
The
Customer shall deliver the schedules for scheduled processes in November
of each year for the following year, based on the established change
management process. This document shall constitute the Annual
Schedule.
|
• |
|
The
Customer shall deliver to the Vendor, no later than the 15th
day of each month of the next following business day, the schedules for
preliminary monthly processes
|
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 8 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
|
duly
dated for processing in the subsequent month. As of the date on
which the preliminary calendars of monthly processes are available, the
Vendor shall participate, under the direction of the Customer, in
coordination activities that are carried out in order to prepare the final
calendar.
|
• |
|
The
Vendor must, five business days after receipt, confirm the feasibility for
performing [the actions] during the schedules specified in the same, in
accordance with the Standards of
Service.
|
• |
|
In
the event that the Vendor cannot comply with one or more of the processes
indicated in said calendars, it must demonstrate its inability to do so
and propose an alternative that is demonstrated to be
valid. Based on the foregoing, the parties may agree to the
corresponding modification.
|
• |
|
For
new applications, the standard shall be established after confirming its
anticipated behavior during the QA period and at least once during
production. For applications that enter production under
special circumstances without QA, the behavior will be confirmed after at
least three production runs.
|
7.2
Random Batch
Jobs
a) |
|
Random
Processes included in the documentation of
applications:
|
•
|
These
processes may only be requested Area Managers of the Customer’s Technology
Division (including in the Control
Group.
|
•
|
They
shall be performed in the Production Grid for the day on which the process
is requested, if it is requested no later than 2:00 p.m. on the
corresponding day.
|
•
|
They
shall be performed in the Production Grid of the day following the date of
the request if the request arrived after
2:00 p.m.
|
•
|
Any
exceptions to the foregoing, regarding the opportunity to run the jobs,
must have the approval of at least the Customer Service Supervisor, the
person serving in his place or the person to whom he delegates this
authority in writing.
|
•
|
It
is established that the results of these processes must be free of errors
associated with the services covered by this contract, from the data
obtained as a result of the batch processes of the chains. An
error is understood to be a result that is different from the control
established for this application by the
Customer.
|
•
|
These
requests must be made through the Change Control tool available for this
purpose.
|
b) |
|
Random
Processes NOT included in the application
documentation.
|
|
These
processes may only be requested, at a minimum, by the Customer Service
Supervisor, the person serving in his place or the person to whom he
delegates this authority in writing, and they may
be:
|
•
|
At the request of the
Customer: These are processes carried out to meet random
needs and they do not necessarily form part of the respective application.
|
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 9 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
•
|
Random Processes dependent on a
Special Environment (for example, processes that require restoring
data bases from previous periods): The run is started within 2
hours following the time when the special environment becomes
available.
|
•
|
These
requests must be made through the Change Control tool available for this
purpose.
|
8.
Online
Availability
Online availability shall be
understood to be the period of time within the period of measurement during
which the system or systems controlled with all the corresponding subsystems and
components are operating error-free and fully performing the corresponding
functions for the end users. This measurement shall be carried out on
a weekly basis [and] it shall be applied to two situations:
•
|
Total
loss of service
|
|
•
|
Partial
loss of service or degradation of response times for some of the
transactions that are most representative of the
applications.
|
The
objective for availability shall be calculated using the following
formula:
(TT – TND) / TT) *
100
where:
|
TT =Total
operating time expected of the service or Service
Window
|
|
TND
=Corresponding down time.
|
The
following table presents the Customer Environments and Instances that are
supported by the Vendor.
Platform
|
zOS
|
Intermediate
Services
|
||||||
Environment
|
SYSD
|
SYSQ
|
SISP
|
Unix
and Wintel Systems
|
||||
Instance
|
Development
|
Testing
and Integration
|
Approval
|
QA
|
Production
|
Development
|
Approval
|
Production
|
Figure
2: Supported Instances and Environments
The
following table shows the daily availability objective for each
Instance. The time values are considered to be expressed in
minutes:
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 10 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Indicator
|
Service
Window
|
Daily
Availability Objective
|
Production
Instances for both Environments
|
00:00
– 24:00
TT =
7 days x 24 hours x 60 min.
|
Objective:
99.8%
|
Production
Instances for both Environments(1)
|
07:30
– 16:30
TT =
5 days x 24 hours x 60 min.
|
Objective:
99.8%
|
Other
Instances for both Environments
|
08:00
– 20:00, Monday – Friday
TT =
5 days x 12 hours x 60 min.
|
Objective:
98%
|
Other
Instances for both Environments
|
20:00
– 8:00 Monday – Friday or non-business days
TT =
5 days x 12 hours x 60 min.
|
Table
3: Online Availability Indicators
(1) NOTE: For
Production environments two measurements will be taken, one covering the total
24-hour range and another that is specific to the prime time usage
periods.
Scheduled
maintenance shutdowns shall be carried out on Sundays or non-working holidays,
as agreed upon with the Customer, and therefore they shall not affect
availability.
Any other
type of service shutdown must be agreed upon and scheduled jointly by the Vendor
and Customer in order to assess and minimize any possible impact on the
service.
In any
event, all scheduled shutdowns must be communicated to the Customer 15 days in
advance and whenever possible redundant installed capacities shall be used in
order to minimize any impact on the Service.
9. Online Response
Time
a) The response
time for transactions in the host environments is comprised of the time used by
applications plus the hardware resources available plus the systems software or
the systems software environment.
b) For new
applications or new transactions, the Customer will assign them an expected
response time, resulting from QA volume and stress tests, measured based on
transactions that are most representative of the system.
c) New
transactions or those that the Customer wishes to optimize or that have exceeded
the expected response times, shall be subject to investigation by the
development and architecture teams, and by the Vendor.
d) The Customer is
responsible for the optimization of applications and for incorporating or not
incorporating additional hardware resources to optimize the transaction response
time:
i) |
|
The
Vendor shall demonstrate to the Customer, via monthly performance and
usage reports, the need to add additional resources to the
platform. The resource unit to be considered shall be CPU usage
in MIPS for mainframe systems, CPU usage percentage of 80% for UNIX
systems and 50% for WINTEL systems, which shall include all architecture
components (Example: Channels, memory, CPU, communications, etc.)
necessary to guarantee the committed levels of
services.
|
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 11 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
e) The Vendor shall be
responsible for the efficiency of the systems software environment.
f) In the event
that a lack of efficiency is due to the systems software environment, the Vendor
shall be responsible for taking action to correct this situation.
g) The time table for
service and resolution of problems from the section titled “Incident Management”
shall be applicable.
10.
Data Communication
between the CPDs in Chile and Spain
Data
communication between the CPDs in Chile and Spain will be carried out in general
over Level 1 lines (point to point).
Xxxxx 0
xxxxx (XXXX) xxx Xxxxx 0 xxxxx (XXX) are available, but they will only be used
when necessary.
The
service level indicators for the various lines are shown in the following table,
indicating the availability and the equivalent in minutes the service is not
available.
These
values do not include possible shutdowns for technical maintenance performed by
the operator.
Line
|
Percentage
Availability
|
Non-availability
in minutes
per
month
|
LEVEL
1 (point to point)
|
99.96%
|
17,302
|
LEVEL
2 (MPLS, 2 nodes)
|
99.46%
|
233,280
|
LEVEL
3 (VPN Internet)
|
98.96%
|
449,280
|
Table
4: Service Level Indicators for Data Communication
11.
Waiver of
Liability
The Vendor
shall be relieved of liability for attainment of the standards of service when
its failure to comply is due to:
• |
|
Interruptions
requested by the Customer. These requests shall be made using the existing
tool (as of execution of this contract,
TSD).
|
• |
|
The
failure of the Customer or its other Vendors to correct any errors /
problems that are its responsibility and that have been properly, formally
and in a timely manner reported to the Customer by the
Vendor.
|
• |
|
Problems
caused by the action or inaction by the personnel of the Customer or its
other Vendors.
|
• |
|
Scheduled
interruptions that are duly reported to the Customer and
approved.
|
• |
|
Work
performed by personnel from the Customer assigned to the Vendor for the
purposes of this service, that do not comply with a procedure or
instruction of the Vendor, provided that the non-performance was reported
in writing by the Vendor to the Customer. For this purpose, the
Customer will formally communicate to the personnel managed by the Vendor
their obligation to comply with the Vendor’s instructions and
procedures.
|
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 12 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
• |
|
Problems
rooted in the Hardware and/or Software of systems supplied by the
Customer, provided that the Vendor has formally informed the Customer in a
timely manner.
|
• |
|
Problems
rooted in infrastructure not managed by Produban (controlled by Altec or
IBM), and that may affect the normal provision of the contracted
services.
|
• |
|
Lack
of capacity of the same hardware and/or software to withstand the work
load that is required and that has been reported in a timely manner to the
Customer.
|
• |
|
Any
delay in the delivery of data provided to the Vendor by the Customer, by
third parties for which the Customer is responsible or by applications not
operated by the service provided by the Vendor, which are necessary for
running processes and as of the time when they have been duly reported to
the Customer based on the Problem Administration
Procedure.
|
• |
|
Cancellation
of applications or systems due to inconsistencies in information stored in
the logical data base or due to code errors in programs that are the
responsibility of the Bank.
|
12.
Incident
Management
The total
life time of an incident is the time that passes from its entry into the
Incident Management Application until it is fully resolved and
closed.
It shall
be determined by three time values:
• |
|
The
reaction time by resolution teams
|
• |
|
The time invested in the
resolution or escalation of the
same
|
• |
|
The time required to
correct the incident by the user.
|
These
three time values will be measured separately. The first two are
attributable to the Vendor, provided that said Incidents are the responsibility
of the Vendor, and the third value is attributable to the Customer.
12.1
Incident Severity
Level
The
general objectives for reaction and resolution times are established in function
of the incident severity level. The defined levels of severity
are:
12.1.1
Very Serious
Incident: Severity Level 1
Very Serious
Incident. Affects the operation of the business; the user cannot work
with business functions.
This
incident involves a total shutdown of the process chain, affects the schedule
for performing Session Changes, or directly affects compliance with the delivery
of results and/or the authorization of services.
12.1.2
Serious Incident: Severity Level 2
Serious
Incident. Impact on service, making operation by the user difficult but
not preventing business operations.
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 13 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
This is an
incident that does not affect the performance of Session Changes, that does not
directly affect the authorization of services or the delivery of priority
results but that implies the stoppage of more than one process and that impacts
the delivery of results.
12.1.3
Normal Incident: Severity Level 3
Normal
Incident. This incident does not affect the business, few users or
non-critical functions are affected.
This is an
incident that occurs on a terminal task, understanding this to mean that since
it is a final task the application does not deliver conditions, therefore it
does not cause processes to halt, or files to another task [sic], which
generates as a result a report or file and the latter does not affect service of
the line.
12.2 Reaction and
Resolution or Escalation Times
The
response or reaction time is the time that passes from when the incident is
communicated to the Customer Support Center until it sends it to the
corresponding resolution team.
Estimated
reaction and resolution or escalation times in general are presented in the
following table.
Severity
|
Reaction
Time
|
Resolution
or Escalation Time
|
1
|
15
minutes
|
4
hours
|
2
|
30
minutes
|
1
day
|
3
|
1
hour
|
7
days
|
Table
5: Incident Management Service Level Objectives
The
severity of the incident is defined when the incident report is
created. The severity must be validated by the Vendor, while the
latter will be used as reference for applying the time values shown in the
preceding table.
Any batch
incidents that are sent 7 x 24 will be treated as Severity Xxxxx 0, and their
reaction time will be 15 minutes.
The
resolution or escalation time has been approximated in the event that a third
party is not involved in its resolution.
In the
specific case of communication-related incidents, subject to a maintenance
agreement with a third party, no different reaction times and resolution times
shall be included, in general the following times shall be
applicable:
•
|
|
Reaction
time: 30 minutes
|
•
|
|
Resolution
or escalation time: 4 hours
|
The
description of the incidents, definition of the concepts of reaction time and
resolution,and the detailed process for managing the same shall be found in the
document “Incident Management Guide.”
When an
incident cannot be resolved by the current response level, it shall be escalated
to the next resolution level based on the provisions of the following
item.
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 14 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
12.3Escalation
Procedure
The
Customer Support Center provides service 24 x 7 therefore it must be the area
that forwards all incidents detected by users and shall act as the first
resolution level. Nevertheless, those incidents that are detected by
the technical area teams involved in the service may be attended by them as the
first resolution level.
When it is
necessary to escalate incidents to higher levels, it shall be done through
functional means () such as the hierarchy (support supervisor to the next level
support supervisor).
•
|
|
Functional
route: From resolution component to next level resolution
component.
|
•
|
|
Hierarchical
route: Support supervisor to next level support supervisor, with the time
necessary to allow him/her to organize timely decision
making.
|
The
description of the types of escalation is described in the technical document
titled “Incident Management Guide.”
12.3.1
Severity Level 1
Incidents
All
Severity Level 1 incidents follow the escalation sequence described in the
following table:
Severity
Level
|
First
Resolution Level
(15
min)
|
Escalated
to Second Resolution Level (30 min.)
|
Escalated
to Third Resolution Level
|
Escalated
to Fourth Resolution Xxxxx
|
0
|
Xxxxxxxx
Xxxxxxx Xxxxxx
Xxxxxxxxx
Xxxx involved
|
Support
supervisor, second level
|
Table
6: Escalation of Severity Level 1 Incidents
When
escalating an incident to the next resolution level (at 15 minutes), all the
incidents will be reported to:
•
|
|
Management
of the Vendor
|
•
|
|
Supervisor
of the Customer Support Center
|
•
|
|
Service
Manager
|
•
|
|
Account
Manager.
|
12.3.2
Severity Levels 2 and 3 Incidents
Incidents
of severity levels 2 and 3 will be escalated to the supervisor of the second
support level and to the supervisor of the Customer Support Center (CSC) when
50% of the time specified by the Service Level Agreement for its resolution has
passed.
Incidents
of Severity Xxxxx 0 xxx 0 xxxxx xx escalated to the Service Manager and to
supervisors of the technical areas when the time specified by the Service Level
Agreement for its resolution has passed.
The
functional escalation shall be carried out based on the times specified in Table
6.
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 15 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
In order
to escalate an incident to the hierarchical level, the following levels are
considered:
•
|
|
Level
1: CSC and Technical Area involved
|
•
|
|
Level
2: Technical Area Supervisor (2nd
support level)
|
• | Level 3: CSC Supervisor and Service Manager |
•
|
|
Level
4: Account Manager and Vendor’s
Management.
|
The
following table shows a summary of the escalation diagram:
Escalation
|
Severity
Xxxxx 0
|
Xxxxxxxx
Xxxxx 0
|
Xxxxx
0 to 2
|
30
min.
|
1
hr.
|
Level
2 to 3
|
2
hr.
|
6
hr.
|
Level
3 to 4
|
4
hr.
|
12
hr.
|
Table
7: Summary of hierarchical escalation times
Note: Times
are counted from detection of the incident. They are not
cumulative.
12.3.3 Incidents
related to the Batch
Any
incidents related to the batch shall be distinguished based on the location of
the infrastructure where it is run.
12.3.3.1
Batch Incidents involving the Infrastructure located in Spain
For the
infrastructure located in Spain, the sequence of escalation shall comply with
the following figure:
[Key to
figure:]
Responsible
del Acuerdo BSS Produban = BSS Produban Contract Manager
Dirección
Explotación = Operations Department
Superado
SLA = Exceeded Service Level Agreement
Responsible
7 x 24 = 7 x 24 Supervisor
Responsible
Altec Producción = Altec Production Supervisor
Responsible
CGR/Comunicaciones = CGR / Communications Supervisor
Responsible
TS pertinente = Corresponding TS Supervisor
Después de
30 minutos = After 30 minutes
Desarrollo
Altec = Altec Development
Figure
3: Escalation of Batch Incidents
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 16 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
12.3.3.2
Batch Incidents in the Infrastructure Outside of Spain
For batch
processes that are run on machines that are outside of the transfer and that are
not attended 24 x 7, the following procedure shall be followed:
For
storage problems
•
|
|
Alpha
platforms:
|
Based on the procedure defined by the
Services Vendor selected to support this platform.
•
|
|
Non-alpha
platforms (Intermediate Servers):
|
Same procedure as for batch
incidents
For
problems with Oracle
Follow the same process as for space
problems; inform monitoring in Chile, which is responsible for contacting the
party to resolve this incident.
13.
Contingency
Plan
The Vendor
shall have a contingency plan that ensures the provision of services in the
event of a disaster. In order to ensure the effectiveness of said
Plan, at least once a year a simulated Emergency shall be run. Said
simulation may be specific to the service covered by this Contract, or it may be
common to several services.
While the
circumstances that caused the emergency are still in force or the elements
included in the provision of the service are present, it shall be considered
that the service is being provided in “contingency mode,” and the indicators
defined in the foregoing sections relative to availability, response time and/or
the resolution of incidents shall not be applicable.
When the
circumstances that caused the emergency have abated and the items included in
the provision of the service have been fully recovered, the Vendor shall restore
the service in “normal mode” as soon as possible.
14.
Service
Verification and Adjustment Period
There
shall be a transition period of 6 months following the
signature of the Service Level Agreement, during which time the operation of the
service covered by the contract shall be adjusted and it will be verified that
the times provided by the Customer or obtained from the initial measurement
comply with reality. During this period, the availability and
response time need not comply with the indicators.
15.
Actions in
the event of Non-compliance with the Service Level Agreement
The Vendor
agrees to provide the specified service to the Customer so that it may carry out
its work effectively.
The
service level shall be considered satisfactory provided that the Measurements of Indicators are greater than or equal to the
framed Objective.
If the
measured levels of the indicators are below the values specified in the
objectives, the actions necessary to attempt to reestablish the values
at
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 17 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
the levels
established in this Agreement shall be agreed upon in the meetings specified in
the Relationship Models specific to this service.
16.
Service Level
Reports
In order
for the Customer to have a control mechanism that will allow it to compare the
service provided by Produban on a continuous and on-going manner, reports shall
be prepared relative to the service level provided with various content and
frequencies. Specifically, various reports shall be issued monthly,
weekly and daily.
In
addition, the Customer as well as the Vendor shall maintain the same monitoring
for a minimum period of 6 months. Upon completion of the same, the
Parties shall agree if necessary to continue with said degree of monitoring at
the Customer’s facilities.
16.1 Monthly
Frequency
A report
of the “Service
Level” shall
be prepared monthly and distributed to the Service Supervisor, to the Service
Level Agreement supervisor and the Customer’s and Vendor’s
Management.
The
content of said report shall be defined and adjusted by the parties during the
transition period.
Service
Level Indicators
|
[Illegible]
|
For
Services
|
Comments
Log
|
Monthly
progress of primary services
|
Communications
– Telecommunications Availability
|
[Illegible]
|
Progress
of Incidents
|
Operation
– Runs and error rates
|
Operation
– Runs and error rates (batch)
|
Operation
– Runs and error rates (Intermediate Services) SUN9 and
SUN15
|
Operation
– HOST Indicators – Percentage of compliance
|
Operation
– Indicators, Intermediate Services (SUN9 and SUN15) – Percentage of
compliance
|
CCB
– Processes (Operation) – Consumption of machine by the
Batch
|
Operation
–Number of runs and Online error indices
|
Scheduling
– Manual interventions
|
HOST
Storage Management (Operation) – Robotic Activity (number of
tapes)
|
HOST
Storage Management – HSM Activity (number of
operations)
|
HOST
Storage Management – Number of files
|
[Illegible]
|
Operation
– CICS transaction response time
|
Operation
– Online Efficiency – Total transactions and MIPS
consumed
|
Figure
4: Service Level Indicators
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 18 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
16.2 Weekly
Frequency
A report
of “Production
Indicators” shall be prepared weekly and distributed to the Customer’s
Service Manager.
The
contents of said report shall be defined and adjusted by the parties throughout
the transition period.
16.3 Daily
Frequency
Several
activity reports shall be generated daily and distributed to the Customer’s
Service Manager.
The
reports will relate to:
•
|
|
Incidents
(remedy, indicated by type and
application)
|
•
|
|
Control
table
|
The
content of the reports shall be specified and adjusted by the parties throughout
the transition period.
16.4 Other
Reports
In
addition, and only in the event of non-compliance with service levels, an
exception report shall be prepared, containing the following
information:
•
|
|
List
of incidents that caused degradation of the
service
|
•
|
|
Root
causes of said incidents and proposed
actions
|
•
|
|
Conclusions
and recommendations
|
In the
face of certain events or situations that require special monitoring and
follow-up, the Customer may request more detailed information by submitting a
request to the Service Manager.
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 19 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
17.
Procedure for
Reviewing and Changing the Service Level Agreement
Either of
the parties may request a review of this document for the following
reasons:
•
|
|
Changes
to the business environment in which each party
works
|
•
|
|
Changes
to the infrastructure that supports the
service
|
•
|
|
At
the request of any of the
signatories.
|
Furthermore,
annual reviews of the Service Level Agreement shall be prepared on the
anniversary of its effective date.
/s/ Francisco del Xxxxx
Xxxxxxx
|
/s/ Xxxx Xxxxxxxxx Xxxxxxxxx
|
|||
Produban,
Servicios Informáticos Generales, S.L.
|
Banco
Santander – Chile
|
|||
By
power of attorney
|
By
power of attorney
|
|||
Francisco
del Xxxxx Xxxxxxx
|
Xxxx Xxxxxxxxx Xxxxxxxxx | |||
|
|
/s/ Xxxxx
Xxxxxxx Xxxxxxx
|
|||
|
Banco
Santander – Chile
|
|||
|
By
power of attorney
|
|||
Xxxxx
Xxxxxxx Xxxxxxx
|
XXXXXXXX XXX XXX_XXXX00_XXXX00_00000000 (2) .doc | March 20, 2007 |
Page 20 of
20
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Appendix
IV
SECURITY
for
the Outsourcing of the
“BSS
Data Processing Service”
by and
between
PRODUBAN,
Servicios Informáticos Generales, S.L.
and
BANCO
SANTANDER CHILE
Xxxxxxxx
de Chile and Madrid, December 3, 2007
Ref.:
BSS_SPDV00_SEGR06_20070420
[Ink stamp
appears on every page:
“Produban
Servicios Informáticos Generales S.L.]
APPENDIX
IV BSS_SPDV00_SEGRO6_20070420 (2) doc
|
March 20,
2007
|
Page 1 of
9
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
TABLE OF
CONTENTS
TABLE OF
CONTENTS
1.
|
INTRODUCTION
|
3
|
|
2.
|
GENERAL
CONSIDERATIONS
|
3
|
|
3.
|
APPLICABLE
CONTEXT
|
3
|
|
3.1
|
Persons
|
3
|
|
3.2
|
Resources
|
4
|
|
3.3
|
Locations
|
4
|
|
4.
|
OBLIGATIONS
OF PERSONNEL
|
4
|
|
5.
|
LOGICAL
SECURITY
|
5
|
|
5.1
|
Identification
and Authentication
|
5
|
|
5.2
|
Management
of Profiles
|
5
|
|
5.3
|
Management
of Users
|
5
|
|
5.4
|
Data
Integrity
|
6
|
|
5.5
|
Encryption
|
6
|
|
6.
|
BACKUP
COPIES AND RECOVERY
|
6
|
|
6.1
|
Backup
Copies
|
6
|
|
6.2
|
Recovery
of Data
|
7
|
|
7.
|
MANAGEMENT
OF MEDIA
|
7
|
|
7.1
|
Media
Storage
|
7
|
|
7.2
|
Removal
and Entry of Computer Media
|
7
|
|
7.3
|
Re-use
and destruction of media
|
7
|
|
7.3.1
|
Re-use
|
7
|
|
7.3.2
|
Destruction
|
8
|
|
8.
|
TESTS
USING ACTUAL DATA
|
0
|
XXXXXXXX
XX XXX_XXXX00_XXXXX0_00000000 (2) doc
|
March 20,
2007
|
Page 2 of
9
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Xxxxxxxx –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
1. Introduction
This
document is an appendix to the Computer Services Outsourcing Contract for the
“BSS Data Processing Service” between Banco Santander Chile (hereinafter the
Customer) and PRODUBAN, Servicios Informáticos Generales, S.L.
(hereinafter the Vendor).
This
Appendix describes the security measures that the Vendor shall adopt for the
provision of the services described in Appendix II – “Catalog,” to the Computer
Services Outsourcing Contract.
The
security measures include those of a technical and organizational nature and
procedures to be adopted y the Vendor in relation to the personal data that the
Vendor shall process for the account of the Customer pursuant to this
Appendix.
2.
General Considerations
The Vendor
may amend the security procedures and measures set forth in this Appendix,
subject to notification to and agreement with the Customer. These
changes must not decrease the degree of security that the Vendor must guarantee
for the processing of data according to the applicable legislation on its
effective date.
This
Appendix must be kept up-to-date and shall be the subject of a review whenever
relevant changes are made to the security measures adopted by the
Vendor.
The Vendor
shall coordinate and control the security measures presented in this Appendix,
without such action presupposing, under any circumstances, the delegation of the
responsibilities that may be incumbent upon the Customer.
3.
Context of Application
The
security measures set forth in this Appendix shall be applicable to persons
belonging to the Vendor that provide services to the Customer under this
Appendix.
Any
persons belonging to companies other than the Vendor that participate in the
provision of said services must also comply with the security measures to which
they may be subject.
APPENDIX
IV BSS_SPDV00_SEGRO6_20070420 (2) doc
|
March 20,
2007
|
Page 3 of
9
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
3.2
Resources
The
security measures set forth in this Appendix shall be applicable to the computer
programs and files of the Platform as well as to the Technology
Infrastructure.
Any
security measures of other systems of the vendor that do not provide services
within the context of this contract, all systems at the facilities of the
Customer, the Customer’s users, as well as members of the Vendor’s work group
charged with providing the Platform Development and Maintenance services are
beyond the scope of this Appendix. The adoption of these measures
shall be the responsibility of the Customer.
3.3
Locations
The
security measures set forth in this document shall be applicable to facilities
where the infrastructure is located. Upon the entry into force of the
contract corresponding to this Appendix, said facilities are located within the
Grupo Santander Complex, in Boadilla del Monte (Madrid, Spain).
All of the
foregoing shall not prejudice the use by the Vendor of other facilities to store
backup copies, where the securities measures necessary to protect the data will
be in effect.
Data
processing outside of the locations referenced above must be expressly
authorized by the Customer.
4.
Obligations of Personnel
All the
employees of the Vendor that provide the services affected by this Appendix
shall be required to comply with the measures set forth in this document and
subject to the consequences that may derive from the failure to comply with the
same.
Said
personnel shall be required to:
1.
|
Access
only those data and resources that are required to perform their duties,
provided that they are authorized to access the same. The user
profile assigned to each person shall define the duties that that person
may carry out in relation to the resources which he may
access.
|
|
2.
|
Not
disclose in any manner data that is considered to be
confidential. The personnel may only disclose such information
when expressly authorized to do so by the Customer, when complying with a
court order or order of a competent government authority, or based on
requirements provided by law.
|
|
3.
|
Inform
the Security Supervisor of the Vendor when any incident occurs that may
affect the security of the Platform resources.
|
|
4.
|
Request
express authorization from the Customer to access the Customer’s
information.
|
APPENDIX
IV BSS_SPDV00_SEGRO6_20070420 (2) doc
|
March 20,
2007
|
Page 4 of
9
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
5. Data
Security
5.1
Identification and Authentication
Users,
from the Customer and the Vendor, shall following the following process for
identification and authentication in order to access the resources of the
Platform and of the Technology Infrastructure:
1.
|
Files
shall be accessed via applications or tools that allow the identification
and authentication of the user or the process that requires its
use. Users shall be identified in the system by presentation of
an identification key that generally is entered on the keyboard from one’s
work station, and that will be required before accessing the
systems.
|
|
2.
|
The
identification key will have a specific access profile associated with it.
Each profile shall have certain access and operation privileges associated
with it, depending on the functions to be performed.
|
|
3.
|
The
system will keep a reliable record of users’ identity by receiving a valid
password associated with the user’s identification key. Said
password will be kept confidential by the user. All users must
have a password.
|
|
4.
|
The
access control security measures shall comply with the provisions of the
Vendor’s Security Standards, in particular Chapter 3, relative to Access
Control, and in total agreement with the
Customer.
|
Identification
and authentication, together with the utilities belonging to the Platform and
the Technology Infrastructure will allow sufficient tracks to be created to
facilitate subsequent reviews of access by users.
Furthermore,
there will be a system for detecting and monitoring unauthorized access to the
system via the Technology Infrastructure’s logs.
5.2
Management of Profiles
The access
profiles will define access privileges and functions of the various types of
users for resources of the Platform and the Technology
Infrastructure.
The Vendor
shall define the access profiles that are necessary for the provision of the
services covered by this Appendix. For its part, the Customer shall
request assignment of the access profiles of its users based on the
aforementioned access policies.
The Vendor
agrees to provide an updated list of profiles at the request of the
Customer
5.3
Management of Users
The Vendor
has authorization to add / modify / delete users that are necessary for the
provision of the services covered by this document, based on the procedure
summarized below:
APPENDIX
IV BSS_SPDV00_SEGRO6_20070420 (2) doc
|
March 20,
2007
|
Page 5 of
9
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
1.
|
The
supervisor of each of the areas involved in providing the services will
request authorization from the Vendor’s Security Supervisor to add /
modify / delete a user, providing the access profile for said user and the
justification for the request.
|
2.
|
The
Security Supervisor of the Vendor will authorize the request if it deems
the reasons provided to be
justified.
|
3.
|
The
Vendor’s authorized Security Administration personnel shall make the
request to add / modify / delete the
user.
|
The
management of the Customer’s users shall be the responsibility of the
Customer.
The Vendor
agrees to provide the Customer with an updated list of users with access to the
applications every month.
5.4
Data Integrity
In order
to ensure the integrity of the Customer’s data, the Vendor shall maintain
logical separation between those data and any other data corresponding to third
party customers to whom services are being provided.
5.5
Encryption
Access to
application data via the backup mechanisms shall be carried out securely, using
the current system or any other valid technology or method that the Parties
agree to use.
Sensitive
and personal data regarding third party customers in the application data bases
shall have the level of encryption required by regulations for use based on the
type of data in question.
6.
Backup Copies and Recovery
6.1
Backup Copies
There are
procedures for backup copies of data files, programs, source and object codes,
as well as the operating systems and other base software for the various
environments (production, preproduction and development). These
procedures will be periodically reviewed in order to ensure that they are
correct, that they operate correctly, and in this manner, to verify the
integrity of the backed up data.
Backup
copies shall be made in accordance with the needs of the service, being duly
documented and available to the Customer when necessary, and it shall be
adjusted when applicable, in order to comply with the actual service needs and
the Customer’s or Vendor’s standards in force in regards to the availability of
information.
Backup
copies shall be made in order to permit the continuation of the Customer’s
business in the event of a disaster and not in order to carry out inquiries as
to the status of the information in the past, for which purpose the historical
logs of the Platform shall be used.
The data
shall be stored for the time period required by current
legislation.
The Vendor
agrees to maintain the same level of encryption for the backups as for the data
bases that the Customer has at the primary site in order to protect the
confidentiality of third party customer data.
APPENDIX
IV BSS_SPDV00_SEGRO6_20070420 (2) doc
|
March 20,
2007
|
Page 6 of
9
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
6.2
Data Recovery
There is a
series of situations that require the recovery of data from previously made
backup copies. Recovery in production environments, except in the case of
scheduled tests or a disaster, shall require the explicit, written authorization
of the Customer.
Recovery
tests shall be carried out periodically on the pre-production environment in
order to verify that the backup copies have been correctly made.
7.
Management of Media
7.1
Media Storage
The media
containing the backup copies are stored in locations which persons without
proper authorization to use the same cannot access, and which have environmental
protection measures required by the manufacturers of said media.
The media
of the backup copies shall be inventoried and allow the type of information they
contain and the date on which they were made to be identified.
7.2
Removal and Entry of Electronic Media
There is
an established system for recording the entry and removal of computer media that
either directly or indirectly shows the following:
• Type of media
• Date and time
• Issuing party / receiving
party
• Number of media
• Type of information the media
contain
• Form of delivery
• Duly authorized person
responsible for receipt or delivery.
7.3
Re-use and Destruction of Media
When media
will be destroyed or re-used, depending on the type, by the Storage Area
(belonging to the Operations Department of the Vendor), the following practices
will be used:
7.3.1
Re-use
•
|
Disks: The
data is initialized at the software level, and then the manufacturers of
the disks perform a low-level hardware initialization that guarantees that
no data can be read and it is impossible to recover the existing data on
the disk using normal operating
procedures.
|
•
|
Tapes: Tapes
are virtual, they remain in the robot and their re-use, once they are
overwritten with more recent information, makes it impossible to recover
the previous data using normal operating
procedures.
|
APPENDIX
IV BSS_SPDV00_SEGRO6_20070420 (2) doc
|
March 20,
2007
|
Page 7 of
9
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
7.3.2
Destruction
•
|
Disks: Disks
are physically destroyed, including cutting into sections, so that the
recovery of stored information cannot be accomplished with conventional
procedures.
|
•
|
Tapes: Destruction
procedures are not applicable in the case of the Customer, since all the
tapes are virtual and will remain in the
robot.
|
8.
Tests using Actual Data
As a
general standard, tests prior to the installation or modification of the
Platform using files with personal data of third party customers are not carried
out using real data, unless they are deconstructed.
Under
special circumstances, and with sufficient justification, the use of real data
in non-production environments will be permitted, with prior authorization from
the Vendor’s Security Manager and written notification to the
Customer. In any event, it shall be ensured that the files are
handled in accordance with the security measures described in this
document.
9.
Incidents
Any
Computer Security incident shall be recorded using the tool designed for this
purpose supplied by the Vendor. In any event, the following
information shall be recorded:
a)
|
Type of incident |
b)
|
Time when it occurred |
c)
|
Person that reported the incident |
d)
|
Person to whom the incident was reported |
e)
|
Effects of the incident |
f)
|
If
necessary, procedures carried out for data recovery, indicating the person
that executed the process, the restored data and, as applicable, which
data had to be manually recorded during the recovery
process.
|
00.Xxxxxxxxxx
Contingency Plan
There is a
Technology Contingency Plan prepared by the Vendor that contains the procedures
for mitigation, actions before, during and after an emergency, and the
strategies for restoring computing and telecommunications services.
The Vendor
agrees to keep the Plan up to date at all times and aligned with the
requirements that the Customer may have with respect to its own Business
Continuity Plan. Furthermore, the Vendor may amend the content
subject to notification to and approval of the Customer.
The Vendor
shall coordinate and control the actions to mitigate risks, contingency and
recovery actions presented in the Plan, without this presupposing, in any
circumstances, the delegation of any responsibilities that may correspond to the
Customer.
APPENDIX
IV BSS_SPDV00_SEGRO6_20070420 (2) doc
|
March 20,
2007
|
Page 8 of
9
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
The
Customer agrees to provide the Vendor with the information necessary to maintain
the Plan and to follow the applicable procedures.
In order
to verify the updating and effectiveness of the Plan, it shall be tested
annually. The Parties shall establish the scope of the same, and it
must preferably include verification of the procedures that have been changed or
modified since the last test.
Any
procedures for mitigation, contingency and recovery of other systems of the
Vendor, as well as all systems of the Customer, are explicitly beyond the scope
of the Plan.
/s/ Francisco del Xxxxx
Xxxxxxx
|
/s/ Xxxx Xxxxxxxxx Xxxxxxxxx
|
|||
Produban,
Servicios Informáticos Generales, S.L.
|
Banco
Santander – Chile
|
|||
By
power of attorney
|
By
power of attorney
|
|||
Francisco
del Xxxxx Xxxxxxx
|
Xxxx Xxxxxxxxx Xxxxxxxxx | |||
|
|
/s/ Xxxxx
Xxxxxxx Xxxxxxx
|
|||
|
Banco
Santander – Chile
|
|||
|
By
power of attorney
|
|||
Xxxxx
Xxxxxxx Xxxxxxx
|
APPENDIX
IV BSS_SPDV00_SEGRO6_20070420 (2) doc
|
March 20,
2007
|
Page 9 of
9
CONFIDENTIAL
Bandera
140 – Tel.: (00 0) 000 0000 – Santiago – xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
Appendix
V
FINANCIAL
TERMS
for
the provision of BSS Processing Service
By
and between
PRODUBAN,
Servicios Informáticos Generales S.L.
and
BANCO
SANTANDER CHILE
Madrid,
December 3, 2007
Ref:
BSS_SPDV00_ECOR00_20070322
[Ink stamp
appears on bottom of all pages:
“Produban,
Servicios Informáticos Generales, S.L.”]
APPENDIX
V_26_12_07
|
March 20,
2007
|
Page 1 of
3
CONFIDENTIAL
Banco
Santander – Chile Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
1.
Introduction
These
Financial Terms provide the specifications of the provisions of the Sixth Clause
of the Contract for Computer Services between the Bank and Produban (the
contract), of which this document is an inseparable Appendix.
2.
Price of Services
The
estimated price of the service for the period of January 1 through December 31,
2008 shall be as follows:
Data
Processing Service: USD 11,900,000 (eleven million nine hundred thousand United
States Dollars).
3.
Down payment for Services
For the
purposes of ensuring the provision of the service during the term specified in
the fourteenth clause of the contract and any subsequent renewals thereof, the
Bank shall pay to Produban for the specified services, corresponding to the
initial investments, development, connectivity and testing, among other items,
an amount equivalent to 10.506.907 € (ten million five hundred six thousand nine
hundred seven Euros). This payment shall supplement the remuneration for
recurring services that Produban shall provide during the specified
period.
The
parties acknowledge that the Bank shall continue to contract a contingency
service with IBM Chile, for the term deemed relevant in accordance with the
guidelines of the Executive Management of the Bank and in compliance with the
requirements established by the Authority in Chile.
In the
event that, for reasons attributable to Produban, which must be agreed upon by
the parties, the Bank decides not to take or use the contracted service, this
contract shall be rendered null and void. In such an event, Produban
must return the down payment to the Bank.
4.
Billing and Payment Terms and Method
4.1
Terms
PRODUBAN
shall invoice the Bank in accordance with the provisions of this
Appendix. The Bank and PRODUBAN shall review the Contract for
Services and the amount of the same when any of the following cases
arises:
|
•
|
The
use or scope of the service is not within the initial framework described
in the contact or it exceeds the initial budget by
20%.
|
APPENDIX
V_26_12_07
|
March 20,
2007
|
Page 2 of
3
CONFIDENTIAL
Banco
Santander – Chile Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander Santiago
|
[Logo]
Produban
|
|
•
|
The
cost for the use of the service in one of the monthly installments
invoiced to the Bank by PRODUBAN exceeds the total amount of the contract
divided by the total number of months of the same by
20%.
|
•
|
At least once per year if the foregoing cases have not occurred. |
4.2
Method for Billing and Payment
The method
of payment shall be by transfer to Produban’s CCC account 0049 – 5033 – 52-2416022797 in
Spain,
4.3
Applicable Foreign Currency and Exchange Rate
Billing
for the services covered by this contract shall be in United States dollars, and
the down payment specified in Item 3 of this Contract shall be in
Euros.
In witness
whereof, the parties have set their hands hereto in duplicate, with one original
being delivered to each party, for a single effect, in the place and on the date
indicated.
/s/ Francisco del Xxxxx
Xxxxxxx
|
/s/ Xxxx Xxxxxxxxx Xxxxxxxxx
|
|||
Produban,
Servicios Informáticos Generales, S.L.
|
Banco
Santander – Chile
|
|||
By
power of attorney
|
By
power of attorney
|
|||
Francisco
del Xxxxx Xxxxxxx
|
Xxxx Xxxxxxxxx Xxxxxxxxx | |||
|
|
/s/ Xxxxx
Xxxxxxx Xxxxxxx
|
|||
|
Banco
Santander – Chile
|
|||
|
By
power of attorney
|
|||
Xxxxx
Xxxxxxx Xxxxxxx
|
||||
Madrid, December 3,
0000
|
XXXXXXXX
V_26_12_07
|
March 20,
2007
|
Page 3 of
3
CONFIDENTIAL
Banco
Santander – Chile Bandera 140 – Tel.: (00 0) 000 0000 – Santiago –
xxx.xxxxxxxxxxxxxxxxx.xx
[FIPO
translation from Spanish original]
[Logo]
Santander
|
Renewal
Appendix
XX
Xxxxxxxx – Produban
200701469
VI
|
Appendix
VI
MODIFYING
THE TERMS OF THE CONTRACT TO OUTSOURCE COMPUTER SERVICES “BSS DATA PROCESSING
SERVICE” EXECUTED BY PRODUBAN SERVICIOS INFORMÁTICOS GENERALES, S.L. AND BANCO
SANTANDER CHILE,
on
December 3, 2007
Madrid,
April 11, 2008
[Ink stamp
appears on bottom of all pages:
“Produban,
Servicios Informáticos Generales, S.L.”]
Bandera 140 –
Tel.: (000) 000-0000 – Santiago – xxx.xxxxxxxxx.xx
|
1/8
|
[FIPO
translation from Spanish original]
[Logo]
Santander
|
Renewal
Appendix
XX
Xxxxxxxx – Produban
200701469
VI
|
In Madrid,
on April eleventh, two thousand eight,
THERE
APPEARED
PRODUBAN SERVICIOS INFORMÁTICOS
GENERALES, S.L. (hereinafter PRODUBAN, the Vendor or the Lessee), Tax
I.D. No. B-82077751 and with corporate domicile in Madrid, at Boadilla del
Mnte, Avda. de Cantabria, s/n, represented in these proceedings by Francisco
Xxxxxx del Xxxxx Xxxxxxx, holder of I.D. No. 694509R, in his capacity as
Sole Administrator and in exercise of the authority granted by the power of
attorney issued to him on April 8, 2005, before Madrid Civil Law Notary
Xxxxxxx Xxxxxxxxx-Xxxxxx, with notary circle number 917, for the party of the
first part;
and
BANCO SANTANDER- CHILE, a
sociedad anónima bancaria
[Chilean banking corporation], Taxpayer I.D. No. 97,036,000-K,
hereinafter the Bank or the Customer, with corporate domicile at Calle Bandera
No. 140, municipality and city of Santiago, represented in these
proceedings by its Manager of Operations and Administration, Xxxx Xxxxxxxxx
Xxxxxxxxx, National I.D. document No. 5,473,633-9, and by its Manager of
Administration Xxxxx Xxxxxxx Xxxxxxx, National I.D. document
No. 9,830,559-9, in their capacity as attorneys-in-fact and in exercise of
the authority granted to them by the power of attorney issued to them, by means
of public instrument index number 5648-2005, dated June 14, 2005, issued in the
city of Xxxxxxxx, Chile, before Civil Law Notary Public Xxxxx de la Fuente
Xxxxxxxxx, for the party of the second part.
Both
parties, in their respective capacities, mutually acknowledge the legal standing
necessary to enter into this APPENDIX, for which
purpose,
THEY HAVE
REPRESENTED
I.
|
That
on December 3, 2007, the parties executed a Contract for Computer Services
(Outsourcing) (hereinafter “the
contract”).
|
II.
|
That
since substantial changes have occurred in the Terms and Conditions of the
referenced contract, both parties have an interest in amending them, in
the manner described below.
|
III.
|
That
the parties wish to approve the entire content of the referenced contract
and additional appendices, in all aspects not amended in this
Appendix.
|
IV.
|
That
based on the foregoing and for this purpose the parties have entered into
this document as Appendix VI to the Contract for Computer Services
specified in Item I above, and as an integral and inseparable part of the
same, based on the following
|
Bandera 140 –
Tel.: (000) 000-0000 – Santiago – xxx.xxxxxxxxx.xx
|
2/8
|
[FIPO
translation from Spanish original]
[Logo]
Santander
|
Renewal
Appendix
XX
Xxxxxxxx – Produban
200701469
VI
|
CLAUSES
FIRST – AMENDMENT OF THE SIXTH
CLAUSE
The
parties hereby agree to amend the contents of the Sixth clause of the contract
referenced in Representation I above, which shall henceforth read as
follows:
|
(…)
|
|
SIXTH –
Remuneration, payment method, consequences of
non-payment. Other expenses.
|
In
consideration of the Services that are the subject of the Contract, the Customer
shall pay to the Vendor the amount in Euros (EUR) that the Vendor and the
Customer agree upon in the Fourth Clause of Appendix VI of this
Contract. The method and terms for payment of this amount shall also
be specified in the aforementioned clause. The Vendor may annually
inform the Customer, at least thirty (30) (consecutive) calendar days in advance
of the starting date of the new annual period, of the amount to be billed, for
which purpose the Vendor shall deliver to the Customer the justification for the
change in the contract amount. In such a case, the Customer shall
have a term of thirty (30) calendar days to inform the Vendor whether it agrees
with said amount, during which period the Vendor and the Customer have to reach
an agreement regarding the contract amount. The failure to provide notification
during the specified term shall be considered acceptance of the
same. If the Customer does not accept the new amount communicated by
the Vendor, it may terminate the Contract, indemnifying the Vendor for all the
investments made through the date of the rescission, and specified in Clause
FOUR of Appendix VI of this contract, subject to notification to the Vendor
provided with at least six (6) calendar months in advance of the date on which
it wishes to terminate the contract. During said six-month period the
Customer shall pay the monthly amount or the prorated amount for the six-month
period that was paid during the immediately prior payment
period. Until the parties have agreed on a new remuneration amount,
the remuneration amount corresponding to the previous period shall be in
force.
|
The
referenced payments shall be made by the Customer to the Vendor monthly
and in arrears. For the payment of invoices, the Vendor shall
submit the corresponding invoice to the Customer, within the first ten
(10) calendar days of the month following the end of the period, which
invoice must comply with all the requirements of law, and in particular
those related to fiscal matters.
|
|
(…)
|
Bandera 140 –
Tel.: (000) 000-0000 – Santiago – xxx.xxxxxxxxx.xx
|
3/8
|
[FIPO
translation from Spanish original]
[Logo]
Santander
|
Renewal
Appendix
XX
Xxxxxxxx – Produban
200701469
VI
|
SECOND
– AMENDMENT AND EXPANSION OF THE FOURTEENTH CLAUSE
The
Parties agree to amend and expand the contents of the Fourteenth Clause of the
contract referenced in Clause 1 above, which shall henceforth read as
follows:
|
(…)
|
|
FOURTEENTH. –
Term and Grounds for Rescission of the
Contract
|
|
Commitments
in the event of termination of the
contract.
|
|
This
contract shall have a term of 10 years as of January 1,
2008. After said term has passed, the contract shall be renewed
tacitly, automatically and subsequently for equal one-year periods, unless
either of the parties informs the other of its desire to terminate the
contract by communication by means of registered letter, sent to the
domicile of its counterpart indicated in this contract, at least 180
calendar days in advance of the termination of the period in question.
Without
prejudice to the foregoing, the Customer shall have the authority to
immediately and automatically terminate the Contract or any of its
Appendices, without need of judicial, arbitration or any other type of
ruling, in the following cases, without said list being
exhaustive:
|
|
a) Non-compliance
by the Vendor, in whole or in part, or inability or negligence in the
performance of the obligations agreed upon in this contract or any of its
appendices.
|
|
b)
Failure to deliver or failure to deliver in a timely manner the bonds or
other guarantees required by this
Contract.
|
|
c) A
delay of more than thirty (30) days in the delivery term for contracted
Services or projects, without prejudice to the Customer’s right to collect
the late fines that are specified in this
instrument.
|
|
d) Dissolution
or termination of the Vendor
company.
|
|
e) Declaration
of creditors’ bankruptcy or insolvency of the Vendor, or if the Vendor
enters into judicial or extrajudicial agreements with its
creditors.
|
|
f)
Lack of technical suitability of the Vendor, qualified by the
Customer.
|
|
g)
If the Vendor or any of its subcontractors ceases paying its workers their
wages, remuneration or fees, or ceases payment of any other labor, social
security or tax contribution for them, which it is legally or
contractually required to pay.
|
|
h)
If the Customer is acquired, merges, is absorbed by a third party, is
transformed, divided or sells all or part of its
assets.
|
|
i) If
the Vendor or any of its contractors fails to comply with one or more of
its obligations regarding confidentiality, as described in Clause
Sixteen.
|
|
j)
If the Vendor ceases belonging to the Santander
Group.
|
Bandera 140 –
Tel.: (000) 000-0000 – Santiago – xxx.xxxxxxxxx.xx
|
4/8
|
[FIPO
translation from Spanish original]
[Logo]
Santander
|
Renewal
Appendix
XX
Xxxxxxxx – Produban
200701469
VI
|
|
In
order to terminate the Contact or one or more of its Appendices for any of
the aforementioned reasons, the Customer shall only be required to submit
a certified letter to the Vendor, at its domicile indicated in this
instrument, at least 180 days in advance of the date set for termination,
and to respect the commitments set forth
below.
|
|
Notwithstanding
all the foregoing provisions, with respect to the term of the contract,
either of the parties shall be authorized to terminate this contract in
advance and unilaterally, at any time during its term, by providing notice
by registered letter to the domicile of the other party, indicated in this
contract, at least one hundred eighty consecutive days in advance of the
date set for the termination, and by respecting the commitments set forth
below.
|
|
Commitments in the
event of termination of the contract or its Appendices for any
reason:
|
|
The
Vendor agrees to provide all the facilities necessary to ensure the
continuation of the service or the project, the handling of all
information, and to ensure the transfer of the service or the project to a
third party.
|
|
In
addition, the Vendor shall continue providing services to the customer for
at least 180 days following the date of delivery of the registered letter
by means of which the Customer communicates its intention to terminate the
contract for the reasons indicated above. This term may be less if the
Customer so orders. During this time period, the contract rates
shall remain in effect for the services that are rendered to the
Vendor.
|
|
If
any incident of Act of God or force majeure occurs and makes it impossible
to continue the services agreed upon or committed to in the Contract or
its Appendices, once they have been started, the Customer agrees to pay
the Vendor for the work performed, only until the time that such an
incident occurs, as well as the portion corresponding to any investments
made by the vendor through that date, and that are detailed in Clause FOUR
of Appendix VI of this contract.
|
|
Furthermore,
if the customer decides to terminate the contract unilaterally, it shall
be required to financially compensate the Vendor for all investments made
through that date, per the table indicated in Clause FOUR of Appendix VI
to this Contract.
|
|
(…)
|
THIRD – TERMINATION OF
APPENDIX V – FINANCIAL TERMS
The
parties agree to void Appendix V – Financial Terms for the provision of BSS
Processing Service, and to replace it with Clause FOUR of this Appendix
VI.
Bandera 140 –
Tel.: (000) 000-0000 – Santiago – xxx.xxxxxxxxx.xx
|
5/8
|
[FIPO
translation from Spanish original]
[Logo]
Santander
|
Renewal
Appendix
XX
Xxxxxxxx – Produban
200701469
VI
|
FOURTH: SCHEDULE OF PAYMENTS
DURING THE INITIAL TERM AND RESTITUTION TO THE VENDOR IN THE EVENT OF
RESCISSION
In order to comply with the provisions
of Clause Six of the contract referenced in Clause 1, “Remuneration, Payment
Terms, Consequences of Non-payment. Other Expenses,” it is stipulated
that:
Down Payment for Services:
For the
purposes of ensuring the provision of the service during the term specified in
Clause Fourteen of the contract and its subsequent renewals, the Bank shall pay
Produban for the services in advance, corresponding to the initial investments,
development, connectivity and tests, among other items, an amount equivalent to
10,506,907 € (ten million five hundred six thousand nine hundred seven
Euros). This payment shall supplement the remuneration for the
recurring services that Produban will provide in the aforementioned
period.
The
parties acknowledge that the Bank shall maintain a contract for contingency
services with IBM Chile, which shall be administered by Produban in accordance
with the provisions of Appendix A executed by Banco Santander and IBM Chile, for
the term that is deemed relevant in accordance with the guidelines of the
Executive Administration of the Bank and in accordance with the requirements
established by the Authority in Chile.
In the
event that, for reasons attributable to Produban, the Bank decides to take or
not to use the contracted service, this contract shall be rendered null and void
ipso
facto. In such a case, Produban must return to the Bank the
down payment in an amount equivalent to the proportion of the period from
January 1, 2008 and the month in which the contract is terminated, to the
total number of months included in the contract term specified in Clause
Fourteen of this contract. For these purposes the fact that the SBIF
does not authorize the operation or contracting of the services contracted in
this document shall be attributed to Produban.
The down
payment referenced herein shall enter into force as of the date on which the
contracted service is put into production, understanding the placement into
production to be the date on which the daily processing of data is begun to be
provided from the facilities of the Vendor in Spain.
Recurring service payment:
The recurring service that the Customer
contracts in its entry, shall be equivalent to having processing capacity of
6,000 MIPs, 36 TB and a set of machinery that is detailed in the corresponding
inventory, which shall later be an appendix to this contract.
The schedule of payments for the
provision of the “BSS Data Processing Service” during the period between January
1, 2008 and December 31, 2017, shall be as follows:
Payment for recurring service,
2008: 11,375,000 €
Payment for recurring service,
2009: 11,704,875 €
Payment for recurring service,
2010: 12,044,316 €
Payment for recurring service,
2010: 12,393,602 €
Bandera 140 –
Tel.: (000) 000-0000 – Xxxxxxxx – xxx.xxxxxxxxx.xx
|
6/8
|
[FIPO
translation from Spanish original]
[Logo]
Santander
|
Renewal
Appendix
XX
Xxxxxxxx – Produban
200701469
VI
|
Payment for recurring service,
2012: 12,753,016 €
Payment for recurring service,
2013: 13,122,853 €
Payment for recurring service,
2014: 13,503,416 €
Payment for recurring service,
2015: 13,895,015 €
Payment for recurring service,
2016: 14,297,971 €
Payment for recurring service,
2017: 14,712,612 €
Which
amounts include an annual correction of 2.9%.
The amounts indicated above shall be
subject to an annual reduction for disbursements incurred by the Customer
locally, for implementation of the service. The reduction applied by
ear shall be as follows:
Reduction for 2008:
1,050,000 €
Reduction for 2009:
1,050,000 €
Reduction for 2010:
1,050,000 €
Reduction for 2011:
1,050,000 €
Reduction for 2012:
1,050,000 €
Early termination of the
contract
Furthermore, the amounts that the
Customer must pay in the event of rescission of the contract, per the provisions
of the contract referenced in Clause I of this Appendix VI, in Clauses Six and
Fourteen, as amended and expanded by this Appendix, shall be as
follows:
Amount
payable in the event of rescission in 2009: 18,238,000 €
Amount
payable in the event of rescission in 2010: 17,092,000 €
Amount
payable in the event of rescission in 2011: 15,860,000 €
Amount
payable in the event of rescission in 2012: 13,794,000 €
Amount
payable in the event of rescission in 2013: 11,101,000 €
Amount
payable in the event of rescission in 2014: 9,262,000 €
Amount
payable in the event of rescission in 2015: 7,234,000 €
Amount
payable in the event of rescission in 2016: 5,016,000 €
Amount
payable in the event of rescission in 2017: 2,605,000 €
The sole fact of paying the amounts for
Early Termination of the Contract shall entitle the Customer to ownership of the
technological equipment used for the provision of this service as of the date of
the early termination.
Efficiencies of the Contract
Cost
The parties agree that, together with
the annual revision of the contract price specified in Clause Six of the
Contract, which has been updated in this appendix, an annual contract cost
efficiency plan shall be established. The vendor agrees to pass on to
the customer any savings obtained in the production cost. any savings
obtained must offset increases incurred for increasing MIPs, storage capacity
and increased communications costs, with a minimum goal of obtaining a 2.9%
reduction in costs.
Bandera 140 –
Tel.: (000) 000-0000 – Xxxxxxxx – xxx.xxxxxxxxx.xx
|
7/8
|
[FIPO
translation from Spanish original]
[Logo]
Santander
|
Renewal
Appendix
XX
Xxxxxxxx – Produban
200701469
VI
|
Billing
shall be monthly. To this end, the Vendor shall submit the
corresponding invoice within the first five (5) business days of the month in
course, adding the applicable VAT, and the other applicable taxes and other
costs and expenses that may arise from the provision of the service shall be for
its own account. The parties agree that payment shall be made monthly
within the first five (5) business days of each moth as of the date of execution
of the contract, by bank transfer to the current account specified for this
purpose.
Notwithstanding
the foregoing, this new method of payment shall not assume, in any case, the
approval or conformity of the paid invoice, so that in the event that a decrease
in the quality of the services rendered is observed, and if any type of incident
occurs in relation to the submitted invoice, it shall be handled by a Work Group
established for this purpose, which shall be comprised of the following
members:
• Representative
of the Vendor
•
Representative of the Customer
•
Representative of the Comptroller’s Office at Produban
•
Representative of the Comptroller’s Office at Banco Santander
Chile.
This price
shall include the amounts of the various technological services that PRODUBAN
provides to the Customer, agreed upon at the appropriate time by the parties and
that are specified in the appendices “Customized Relationship Model,” Service
Catalog” and “Level of Service Agreement.” These appendices shall
remain in effect, and shall be subject to the modifications agreed upon by the
parties.
This price
SHALL NOT include any amounts receivable by PRODUBAN for projects requested by
the Customer or those that are requested after the execution of this document,
and that will be detailed in Appendices to this Set of Financial Terms, together
with the documentation corresponding to each project.
For all
matters not expressly provided for in this Appendix and that are applicable to
the service rendered, the provisions of the contract specified at the beginning
of this document shall be applicable, of which this document is an integral and
inseparable part. This agreement does not entail any novation of the
primary contract, except in regards to the express amendments contained
herein.
In witness
whereof, the parties have set their hand hereto, in two original counterparts,
at the location and on the date specified above.
/s/ Francisco Xxxxxx del Xxxxx
Xxxxxxx
|
/s/ Xxxx Xxxxxxxxx Xxxxxxxxx
|
|||
Produban,
Servicios Informáticos Generales, S.L.
|
Banco
Santander – Chile
|
|||
Francisco
Xxxxxx del Xxxxx Xxxxxxx
|
Xxxx
Xxxxxxxxx Xxxxxxxxx
|
|||
By
power of attorney
|
By power of attorney |
|
/s/ Xxxxx
Xxxxxxx Xxxxxxx
|
|||
|
Banco
Santander – Chile
|
|||
|
Xxxxx
Xxxxxxx Xxxxxxx
|
|||
|
By power of attorney |
Bandera 140 –
Tel.: (000) 000-0000 – Xxxxxxxx – xxx.xxxxxxxxx.xx
|
8/8
|