MASTER AGREEMENT FOR OUTSOURCED SERVICES between VOYA SERVICES COMPANY and COGNIZANT WORLDWIDE LIMITED
Confidential Treatment Requested by Voya Financial, Inc.
Exhibit 10.2
MASTER AGREEMENT FOR OUTSOURCED SERVICES
between
VOYA SERVICES COMPANY
and
COGNIZANT WORLDWIDE LIMITED
Confidential Portions of this Exhibit marked as *** have been omitted pursuant to a request for confidential treatment and have been filed separately with the Securities and Exchange Commission.
– Voya Confidential –
Confidential Treatment Requested by Voya Financial, Inc.
TABLE OF CONTENTS
ARTICLE 1Definitions and Interpretation. 1
Section 1.01Definitions. 1
Section 1.02References. 11
Section 1.03Headings. 11
Section 1.04Precedence. 11
Section 1.05Agreement Framework and Guarantee. 11
ARTICLE 2Services. 12
Section 2.01Services Generally. 12
Section 2.02Labor and Materials. 12
Section 2.03Policies. 12
Section 2.04Reports and Data Feeds. 12
Section 2.05Relief Event. 12
Section 2.06New Services. 13
Section 2.07Quality Assurance and Continuous Improvement. 13
Section 2.08Policies and Procedures Manual. 13
Section 2.09Divestitures and Acquisitions. 14
Section 2.10Transition and Transformation. 14
ARTICLE 3Service Delivery Organization. 14
Section 3.01Service Delivery Organization Members. 14
Section 3.02Key Personnel and Minimum Retention Roles. 16
Section 3.03Replacements and Turnover. 17
Section 3.04Subcontracting. 18
Section 3.05Transfer of Voya Personnel. 19
ARTICLE 4Service Locations. 19
Section 4.01Place of Performance. 19
Section 4.02Voya Service Locations. 19
Section 4.03Relocations and New Service Locations. 20
ARTICLE 5Cooperation with Other Suppliers. 21
Section 5.01Cooperation with Other Suppliers. 21
Section 5.02Cooperation on Failures. 21
ARTICLE 6Licenses and Proprietary Rights. 22
Section 6.01Voya IP. 22
Section 6.02Supplier IP. 22
Section 6.03Residual Information. 22
Section 6.04Deliverables. 23
Section 6.05Consents, Approvals and Requests 24
Section 6.06Restrictions. 24
ARTICLE 7Data. 24
– Voya Confidential – i
Confidential Treatment Requested by Voya Financial, Inc.
Section 7.01Ownership of Data. 24
Section 7.02Correction of Errors. 24
Section 7.03Data Security. 25
Section 7.04Privacy and PII. 31
Section 7.05Regulatory Information. 32
Section 7.06HIPAA Compliance. 32
Section 7.07Information Security Audit. 32
ARTICLE 8ACCEPTANCE PROCEDURES. 32
Section 8.01Acceptance Criteria. 32
Section 8.02Review and Acceptance of Milestones and Deliverables. 33
Section 8.03Project Phases and Milestones. 34
Section 8.04Acceptance Testing. 35
Section 8.05Additional Terms on Acceptance and Rejection. 36
ARTICLE 9FEES AND INVOICING. 37
Section 9.01Fees. 37
Section 9.02Expenses. 38
Section 9.03Currency. 38
Section 9.04Invoices. 38
Section 9.05Credits. 38
Section 9.06e-Procurement System. 39
ARTICLE 10TAXES. 39
Section 10.01In General. 39
Section 10.02Income Taxes. 39
Section 10.03Tax on Inputs. 39
Section 10.04Invoicing. 39
Section 10.05Withholding Tax. 40
Section 10.06Filings and Registrations. 40
Section 10.07Cooperation. 40
ARTICLE 11Governance and Change Control. 40
Section 11.01Governance. 40
Section 11.02Change Procedures. 40
Section 11.03Dispute Resolution. 41
Section 11.04The following are the Dispute Resolution Procedures: 41
ARTICLE 12Audits. 41
Section 12.01Service Audits. 41
Section 12.02Financial Audits. 42
Section 12.03SOC Audits. 42
Section 12.04Audit Limitations. 43
Section 12.05Compliance Gift and Entertainment Audit. 43
ARTICLE 13Confidential Information. 44
– Voya Confidential – ii
Confidential Treatment Requested by Voya Financial, Inc.
Section 13.01Generally. 44
Section 13.02Permitted Disclosure. 44
Section 13.03Exclusions. 44
Section 13.04Return of Materials. 45
Section 13.05Unauthorized Use, Access or Disclosure. 45
Section 13.06Record Maintenance and Retention. 45
ARTICLE 14Compliance with Laws. 46
Section 14.01Compliance Obligations. 46
Section 14.02Changes to Laws. 46
Section 14.03Cooperation with Regulators. 47
ARTICLE 15Representations, Warranties and Covenants. 47
Section 15.01Voya. 47
Section 15.02Supplier. 48
Section 15.03Obligation to Replace. 50
Section 15.04Disclaimer. 50
ARTICLE 16Indemnification. 50
Section 16.01Voya. 50
Section 16.02Supplier. 51
Section 16.03Indemnification Procedures. 52
Section 16.04Contribution. 52
ARTICLE 17Limitation of Liability. 53
Section 17.01Direct Damages. 53
Section 17.02Consequential Damages. 54
Section 17.03Exclusions. 54
Section 17.04Injunctive Relief. 55
ARTICLE 18Insurance. 55
Section 18.01Coverage. 55
Section 18.02Terms of Coverage. 56
Section 18.03Cost of Insurance Coverage. 56
Section 18.04Evidence of Insurance Coverage. 56
Section 18.05Status and Rating of Insurance Company. 56
ARTICLE 19Term and Termination. 56
Section 19.01General. 56
Section 19.02Termination for Cause. 57
Section 19.03Termination for Convenience. 57
Section 19.04Termination for Change in Control. 58
Section 19.05Termination for Deterioration of Financial Condition. 58
Section 19.06Termination for Change in Law. 58
Section 19.07Termination for Failure to Refresh Damages Cap. 58
Section 19.08Termination for Force Majeure. 58
– Voya Confidential – iii
Confidential Treatment Requested by Voya Financial, Inc.
Section 19.09Other Terminations. 58
Section 19.10Termination Fees. 58
Section 19.11Continuing Obligations. 59
Section 19.12Effect of Termination. 59
Section 19.13Termination Assistance and Bid Assistance. 59
ARTICLE 20Force Majeure, Business Continuity and Disaster Recovery. 61
Section 20.01Force Majeure. 61
Section 20.02Alternate Source. 62
Section 20.03No Payment for Unperformed Services. 62
Section 20.04Allocation of Resources. 62
ARTICLE 21Action Plans and Step In Rights. 62
Section 21.01Triggers for an Action Plan. 62
Section 21.02Action Plan Contents. 62
Section 21.03Voya Group’s Response to Draft Action Plan. 62
Section 21.04Implementation of Action Plan. 63
Section 21.05Exercise of Step In Rights. 63
ARTICLE 22Miscellaneous. 64
Section 22.01Amendment. 64
Section 22.02Assignment. 64
Section 22.03Consents, Approvals and Requests. 64
Section 22.04Counterparts. 64
Section 22.05Entire Agreement. 64
Section 22.06Export. 64
Section 22.07Good Faith and Fair Dealing. 65
Section 22.08Governing Law, Jurisdiction and Venue. 65
Section 22.09Continued Performance. 65
Section 22.10Independent Contractor. 65
Section 22.11Non-Solicitation. 66
Section 22.12Notices. 66
Section 22.13Publicity. 66
Section 22.14Remedies Cumulative. 67
Section 22.15Severability. 67
Section 22.16Survival. 67
Section 22.17Third Party Beneficiaries. 67
Section 22.18Waiver. 67
Section 22.19Non-Discrimination. 67
– Voya Confidential – iv
Confidential Treatment Requested by Voya Financial, Inc.
TABLE OF SCHEDULES
Schedule A Service Level Methodology
Schedule B Reporting
Schedule C Change Control
Schedule D Charges Methodology
Schedule E Root Cause Analyses
Schedule F Governance
Schedule G Transition and Transformation
Schedule H Form of Individual Non-Disclosure and Assignment Agreement
Schedule I Security
Schedule J Form of Business Associate Agreement
Schedule K Benchmarking
Schedule L Termination Assistance
Schedule M Business Continuity and Disaster Recovery
Schedule N Supplier Service Location Requirements
Schedule O Parent Guarantee
– Voya Confidential – v
Confidential Treatment Requested by Voya Financial, Inc.
MASTER AGREEMENT FOR OUTSOURCED SERVICES
This Master Agreement for Outsourced Services (including the following MSA Terms, together with all Schedules, Statements of Work and attachments, this “Agreement”) is made and entered into as of July 31, 2017 (the “Effective Date”) by and between Voya Services Company, a corporation formed under the laws of the State of Delaware (“Voya”) and Cognizant Worldwide Limited, a United Kingdom limited liability company (“Supplier”). In addition, Cognizant Technology Solutions U.S. Corporation (“CTS US”) shall execute this Agreement solely for the purpose of enabling and authorizing CTS US to enter into Statements of Work together with Supplier, whereby CTS US shall provide the applicable local Services and Deliverables within the United States of America to Voya for Supplier under such Statements of Work as provided in Section 2.01.
WHEREAS, the Parties have engaged in extensive negotiations and discussions that have culminated in the formation of the relationship set forth in this Agreement;
WHEREAS, Supplier desires to provide to Voya and certain of its Affiliates and designees, and Voya desires to obtain from Supplier, the services set forth in this Agreement on the terms and conditions set forth in this Agreement; and
NOW, THEREFORE, for and in consideration of the agreements set forth below, the Parties agree as follows:
– Voya Confidential – 1
Confidential Treatment Requested by Voya Financial, Inc.
ARTICLE 1DEFINITIONS AND INTERPRETATION.
Section 1.01 Definitions. The following terms have the following meanings:
(1) | “Abandonment” means Supplier's intentional termination of its provision of any Service during the Term or Supplier's intentional failure to provide any Termination Assistance Service. For clarity, the term “Abandonment” shall not include a termination in accordance with Section 19.02(6), a cessation of Supplier’s provision of Termination Assistance Services in accordance with Section 19.13(1) or any other cessation of the Services agreed by the Parties. |
(2) | “Acceptance” means Voya’s acceptance, in its reasonable discretion, that an Acceptance Element has been successfully completed by Supplier such that the Acceptance Criteria for such Acceptance Element have been satisfied. The terms “Accept” and “Accepted” shall be construed accordingly. |
(3) | “Acceptance Criteria” means for each Acceptance Element, the criteria to be satisfied for the successful completion of such Acceptance Element, which may include applicable requirements, specifications, testing or other criteria documented in the applicable Statement of Work or Project Plan, or otherwise as agreed by the Parties. |
(4) | “Acceptance Element” means the Milestones, Deliverables and other Service elements that are subject to Acceptance by Voya pursuant to this Agreement. |
(5) | “Acceptance Procedures” means the procedures for reviewing and accepting an Acceptance Element, as set forth in ARTICLE 8. |
(6) | “Acceptance Testing” means the testing to be performed on the applicable Acceptance Element in accordance with ARTICLE 8. |
(7) | “Action Plan” has the meaning set forth in Section 21.01. |
(8) | “Affected Party” means the Party affected by a Force Majeure Event. |
(9) | “Affiliate” means, as to any entity, any other entity that, directly or indirectly, Controls, is Controlled by, or is under common Control with, such entity. |
(10) | “Agreement” has the meaning set forth in the preamble. |
(11) | “Allowable Removals” has the meaning set forth in Section 3.02(3). |
(12) | “BAA” has the meaning set forth in Section 7.06. |
(13) | “Business Continuity Event” means any event that is not a Force Majeure Event, but which nevertheless may prevent, hinder or delay the performance of the Services by Supplier. |
(14) | “Business Continuity Plan” means the business continuity plan applicable to the Services, as further described in this Agreement, including in Schedule M and the applicable Statement of Work. |
– Voya Confidential – 2
Confidential Treatment Requested by Voya Financial, Inc.
(15) | “Business Day” or “business day” means any day other than a Saturday, Sunday or U.S. federal holiday. |
(16) | “Change” means any change to (a) the Services, (b) processes or Systems that would alter the functionality, performance standards or technical environment of the Systems, (c) the manner in which the Services are provided or (d) the manner in which the Services are used. |
(17) | “Change in Control” means the (a) consolidation, merger, share exchange or other business combination involving an entity (other than an initial public offering of securities of such entity), in which immediately following such transaction either (i) less than fifty percent (50%) of the directors of the surviving parent entity immediately following the closing of the transaction were directors of such entity immediately prior to the closing of the transaction or (ii) less than fifty percent (50%) of the voting power of the surviving parent entity immediately following the closing of the transaction is held by persons who were shareholders of such entity immediately prior to the closing of the transaction, (b) sale, transfer or other disposition of all or substantially all of the assets of an entity or (c) acquisition by any entity, or group of entities acting in concert, of beneficial ownership of thirty percent (30%) or more of the outstanding voting securities or other ownership interests of an entity. |
(18) | “Change Procedures” means the procedures applicable to a Change as set forth in Schedule C. |
(19) | “CISO” has the meaning set forth in Section 7.03(5). |
(20) | “Claim” means any assertion, actual or threatened claim, action, suit or proceeding (whether civil, criminal, administrative, arbitral, investigative or otherwise). |
(21) | “Completion Date” means the relevant date by which Supplier is to complete and deliver or make available to Voya Group the applicable Acceptance Element. |
(22) | “Confidential Information” means all non-public information, documentation and IP of a Party, Affiliates of a Party or their clients, employees, distribution partners, agents, customers, suppliers, contractors and other third parties doing business with such Party or Affiliates of a Party, whether disclosed to, accessed by or otherwise learned by the other Party, including: (a) with respect to Voya Group, all Voya IP, Voya Data, PII and information concerning Voya Group's customers (including their beneficiaries), third party administrators and recipients of Voya Group's services, either directly or indirectly, such as employees of Voya Group customers, plan participants, members, dependents, beneficiaries and similarly situated persons; sourcing-related documents (including RFPs, responses, etc.) and information pertaining to them, including Voya Group’s requirements; any information to which Supplier has access in Voya Service Locations or Voya Group Systems; the Policies and Procedures Manual; and all reports provided by Supplier under this Agreement; (b) with respect to Supplier, all Supplier proprietary information included in its solution designs; (c) with respect to each Party, this Agreement; (d) all other information marked as confidential (or with words of similar meaning) or that a reasonable person would understand to be confidential based on the nature of the information and its disclosure; (e) anything developed by reference to the information described in this definition; and (f) ”inside information”, including any material, non-public, price-sensitive corporate or market information relating to such Party, Affiliates of a Party or their clients, employees, |
– Voya Confidential – 3
Confidential Treatment Requested by Voya Financial, Inc.
distribution partners, agents, customers (including their beneficiaries), suppliers, contractors and other third parties doing business with such Party or Affiliates of a Party, that is acquired in connection with this Agreement.
(23) | “Continued Services” has the meaning in Section 19.13(1). |
(24) | “Control” means, with respect to any entity, the possession, directly or indirectly, of the power to direct or cause the direction of the management or policies of such entity, whether through the ownership of voting securities (or other ownership interest), by contract or otherwise. |
(25) | “Critical Function” has the meaning in the applicable Statement of Work. |
(26) | “Damages Cap” has the meaning set forth in Section 17.01(1). |
(27) | “Data Security Breach” means any unlawful or unauthorized acquisition, access, loss, theft, use or disclosure of PII, any breach or attempted breach of the security of PII or any other circumstances or event that compromises the privacy or security of PII. |
(28) | “Data Subject” means any natural person or trust about whom data may be stored, used, transferred or processed by Supplier in connection with the Services. |
(29) | “Deliverable Credit” means a monetary credit that Supplier shall pay to Voya Group in the event that Supplier fails to obtain Voya’s Acceptance of a Deliverable by the applicable Deliverable Completion Date. The Deliverable Credit associated with a given Deliverable shall be set forth in the applicable Statement of Work or Project Plan. |
(30) | “Deliverable Completion Date”, for any particular Deliverable, shall mean the date that such Deliverable is due to be completed (including the scheduled completion of Voya Group’s Acceptance process). If there is a delay in the completion of a Deliverable, and Supplier is excused from such delay pursuant to the terms of this Agreement, then there shall be a day-for-day extension of the Deliverable Completion Date (i.e., for each day of excused delay, the completion date will be extended by a day). |
(31) | “Deliverables” means those items or materials developed or created for Voya Group and provided by Supplier to Voya Group pursuant to this Agreement (including a Statement of Work). |
(32) | “Designated Services” means: |
(a) | the services, functions and responsibilities of Supplier described in this Agreement, |
(b) | any services, functions or responsibilities not specifically described in this Agreement, but which are inherently required or necessary for the proper performance and delivery of the services described in clause (a), and |
(c) | any services, functions or responsibilities that are not described in this Agreement but are reasonably related to the services, functions and responsibilities of Supplier performed pursuant to clause (a) and (b) which were performed in the twelve (12) month period prior to the Effective Date by (i) employees of Voya Group, or Voya |
– Voya Confidential – 4
Confidential Treatment Requested by Voya Financial, Inc.
Agents, who are displaced, or whose functions or activities are displaced, as a result of this Agreement; or (ii) non-personnel resources transferred to Supplier or displaced, or the functions or activities of which are displaced, as a result of this Agreement; provided that, with respect to this clause (c), a service, function or responsibility must be disclosed to Supplier in writing before it will become a Designated Service (for clarity, such disclosure may be made after the Effective Date).
(33) | “Disabling Code” means any device, “lockout”, self-help code or other software code or routine (e.g., back door, time bomb or worm) that is able to: (a) disable, restrict use of, lock or erase Software, hardware or data; or (b) permit unauthorized monitoring of user behavior (e.g., spyware). |
(34) | “Disaster Recovery Plan” means any disaster recovery plan applicable to the Services, as further described in this Agreement, including in Schedule M and the applicable Statement of Work. |
(35) | “Dispute Resolution Procedures” means the procedures set forth in Section 11.03. |
(36) | “Effective Date” has the meaning set forth in the preamble. |
(37) | “Excluded Taxes” means, in the case of either of the Parties, (a) Income Taxes, franchise taxes or similar taxes as are imposed on or measured by such Party's net income by the jurisdiction (or any political subdivision thereof) under the laws of which such Party is organized or any other jurisdiction in which such Party maintains an office; (b) any branch profits taxes imposed by the U.S. or any similar taxes imposed by any other jurisdiction in which a Party is located; and (d) any tax required to be withheld as a result of the failure of a Party to satisfy the requirements of the foreign account tax compliance provisions of the Hiring Incentives to Restore Employment Act of 2010, P.L. 111-147, 124 Stat. 71. |
(38) | “Exit Plan” means the detailed exit plan for the transfer of each of the Services from Supplier to Voya Group or a supplier designated by Voya Group. |
(39) | “Export Controls” means all export and national security Laws of the U.S. and all other applicable Governmental Authorities. |
(40) | “Fees” has the meaning set forth in Section 9.01. |
(41) | “Files and Work Papers” has the meaning set forth in Section 13.06(1). |
(42) | “Force Majeure Event” means a fire, flood, earthquake, other elements of nature or acts of God, acts of war, terrorism, riots, rebellions, revolutions or civil disorders, or other similar business continuity event beyond the reasonable control of the Party whose performance is prevented, hindered or delayed. |
(43) | “Go Live Date” means the date by which Supplier is to have completed the Go Live Milestone as set forth in the applicable Statement of Work or Project Plan. |
(44) | “Go Live Milestone” means the final Milestone that Supplier is required to complete, as specified in the applicable Statement of Work or Project Plan. |
– Voya Confidential – 5
Confidential Treatment Requested by Voya Financial, Inc.
(45) | “Governmental Authority” means any U.S. or non-U.S. federal, state, provincial, municipal, local, territorial or other governmental department, regulatory authority, self-regulatory organization (e.g., FINRA, MSRB and stock exchanges) or legislative, judicial or administrative body. |
(46) | “HIPAA” means (a) the Health Insurance Portability and Accountability Act of 1996, Public Law No. 104-191, and applicable regulations promulgated thereunder by the U.S. Department of Health and Human Services and (b) Subtitle D of the Health Information Technology for Economic and Clinical Health Act, also known as Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009, Public Law No. 111-005. |
(47) | “Income Tax” means any tax on or measured by the net income of a corporation, partnership, joint venture, trust, limited liability company, limited liability partnership, association or other organization or entity (including taxes on capital or net worth that are imposed as an alternative to a tax based on net or gross income), or taxes which are of the nature of excess profits tax, gross receipts tax, minimum tax on tax preferences, alternative minimum tax, accumulated earnings tax, personal holding company tax, capital gains tax or franchise tax for the privilege of doing business. |
(48) | “Indemnified Party” means Voya Indemnified Party or Supplier Indemnified Party, as applicable. |
(49) | “Indemnifying Party” means Voya under Section 16.01 and Supplier under Section 16.02. |
(50) | “IP” means any (a) inventions, processes, methodologies, procedures and trade secrets, (b) Software and tools, (c) literary works or other works of authorship, including documentation, reports, drawings, charts, graphics and other written documentation, (d) trademarks, service marks, logos or domain names and (e) any other intellectual property. |
(51) | “Key Personnel” means the roles or individuals identified as being “key personnel” in the applicable Statement of Work. |
(52) | “Laws” means all U.S. and non-US. laws, ordinances, rules, regulations, declarations, decrees, directives, legislative enactments and Governmental Authority orders and subpoenas. |
(53) | “Loss” means any loss, damage, payment, liability (including settlements, judgments, fines and penalties) or cost and expense (including reasonable attorneys' fees, court costs and other litigation expenses). |
(54) | “Mandatory Change” has the meaning set forth in Schedule C. |
(55) | “Maximum Recovery Time” has the meaning set forth in Schedule M or the applicable Statement of Work. |
(56) | “Milestone” means an event identified as a Milestone in a Statement of Work or Project Plan, specifying a date on or by which specified tasks are to be completed and Services and Deliverables are to be provided. |
– Voya Confidential – 6
Confidential Treatment Requested by Voya Financial, Inc.
(57) | “Milestone Credit” means a monetary credit that Supplier shall pay to Voya Group in the event that Supplier fails to obtain Voya’s Acceptance of a Milestone by the applicable Milestone Completion Date. The Milestone Credit associated with a given Milestone shall be set forth in the applicable Statement of Work or Project Plan. |
(58) | “Milestone Completion Date”, for any particular Milestone, shall mean the date that such Milestone is due to be achieved (including the scheduled completion of Voya Group’s Acceptance process). If there is a delay in the completion of a Milestone, and Supplier is excused from such delay pursuant to the terms of this Agreement, then there shall be a day-for-day extension of the Milestone Completion Date (i.e., for each day of excused delay, the completion date will be extended by a day). |
(59) | “Minimum Retention Roles” means the roles identified as such in the applicable Statement of Work. |
(60) | “MSA Terms” means the provisions of ARTICLE 1 through ARTICLE 22, including all subsections. |
(61) | “New Services” has the meaning set forth in Section 2.06. |
(62) | “Normal Change” has the meaning set forth in Schedule C. |
(63) | “Other Supplier” means any third party providing services to Voya or its Affiliates. |
(64) | “Parties” means Voya Group and Supplier. |
(65) | “Party” means either Voya Group or Supplier. |
(66) | “PHI” means “protected health information” as defined in 45 C.F.R. § 160.103. |
(67) | “PII” means information or data that (a) identifies an individual, including by name, signature, address, telephone number or other unique identifier, (b) that can be used to identify or authenticate an individual, including passwords, PINs, biometric data, unique identification numbers (e.g., social security numbers), answers to security questions or other personal identifiers or (c) is PHI. |
(68) | “Policies” means policies, standards and procedures of Voya Group that are (a) attached to this Agreement, (b) attached to (and thereby made applicable to) a particular SOW, or (c) otherwise provided or made available to Supplier in accordance with Section 2.03. |
(69) | “Policies and Procedures Manual” has the meaning set forth in Section 2.08. |
(70) | “Project” means an implementation project or any other project, typically pursuant to a Statement of Work or Project Plan. |
(71) | “Project Phase” has the meaning set forth in Section 8.03(1). |
(72) | “Project Plan” means, with respect to a Project, the plan or plans mutually agreed by the Parties for the successful completion of such Project. |
– Voya Confidential – 7
Confidential Treatment Requested by Voya Financial, Inc.
(73) | “Recovery Time Objective” means the time period within which Supplier is required to restore a Service in the event of a Business Continuity Event or Force Majeure Event, as such time is set forth in Schedule M or the applicable Statement of Work. |
(74) | “Related Documentation” means, with respect to Software, all materials, documentation (including control documentation utilized in connection with an audit), specifications, technical manuals, user manuals, flow diagrams, file descriptions and other written information that describes the function and use of such Software, but excluding any source code. |
(75) | “Relief Event” has the meaning set forth in Section 2.05. |
(76) | “Residual Information” has the meaning set forth in Section 6.03. |
(77) | “Review Period” means the period of time within which Voya will have to Accept or reject each Milestone and Deliverable. |
(78) | “Service Delivery Organization” means the personnel of Supplier (including, for clarity, Supplier Agents) who provide the Services. |
(79) | “Service Level Credits” has the meaning set forth in Schedule A. |
(80) | “Service Level Default” has the meaning set forth in Schedule A. |
(81) | “Service Level Termination Event” has the meaning set forth in Schedule A. |
(82) | “Service Levels” means the service levels and standards for the performance of the Services as set forth in the applicable Statement of Work. |
(83) | “Service Locations” means the Voya Service Locations and Supplier Service Locations. |
(84) | “Service Readiness Tests” means the tests to be performed to assess whether Supplier is ready to provide the applicable Services in a live production environment. |
(85) | “Service Recipient” means Voya Group and Voya Agents. |
(86) | “Service Taxes” means all sales, use, lease, service, value-added, excise, consumption, stamp duty and other similar taxes and duties that are assessed against a party to this Agreement by a Tax Authority on the provision of the Services as a whole or on any particular Service received by any Service Recipient from Supplier, other than any Excluded Taxes. |
(87) | “Services” means the Designated Services, Termination Assistance Services and any other services, functions and responsibilities the Parties agree shall be provided under this Agreement. |
(88) | “Software” means the object code and source code versions of any applications, programs, operating system software, computer software languages, utilities, tools, machine readable texts and files and other computer programs, in whatever form or media (including the tangible media upon which such are recorded or printed), including all corrections, improvements, updates and releases thereof. |
– Voya Confidential – 8
Confidential Treatment Requested by Voya Financial, Inc.
(89) | “Statement of Work” or “SOW” means a mutually agreed statement of work for the provision of Services under this Agreement. Statements of Work are expected to be ordered sequentially (e.g., SOW #1, SOW #2). |
(90) | “Step In” has the meaning set forth in Section 21.05(1). |
(91) | “Step In Costs” has the meaning set forth in Error! Reference source not found.. |
(92) | “Supplemental Cap Transactions” has the meaning set forth in Section 17.03(4). |
(93) | “Supplier” has the meaning set forth in the preamble. |
(94) | “Supplier Agent” means an agent, contractor, subcontractor or other representative of Supplier performing any of Supplier's obligations under this Agreement. |
(95) | “Supplier Compliance Manager” has the meaning set forth in Statement of Work #1 (Managed Services). |
(96) | “Supplier Consents” means all licenses, consents, permits, approvals and authorizations that are necessary to allow, in connection with the Services, (a) Supplier and Supplier Agents to use (i) the Supplier IP and Supplier hardware, (ii) any assets owned or leased by Supplier or Supplier Agents and (iii) any third party services retained by Supplier, (b) Service Recipients and Voya Agents to use the Supplier IP and Supplier hardware as set forth in the Agreement or in the applicable Statement of Work and (c) Supplier and Supplier Agents to assign the Deliverables and Voya Data to Voya Group as set forth in the Agreement or in the applicable Statement of Work. |
(97) | “Supplier Senior Executive” has the meaning set forth in Statement of Work #1 (Managed Services). |
(98) | “Supplier Financial Manager” has the meaning set forth in Statement of Work #1 (Managed Services). |
(99) | “Supplier Indemnified Parties” means Supplier, its Affiliates and the officers, directors, employees, successors and permitted assigns of Supplier and its Affiliates. |
(100) | “Supplier IP” means IP that is licensed or owned by Supplier (or, for clarity, by a Supplier Agent), that is used in connection with the Services, including the Software set forth in the applicable Statement of Work and indicated as “Supplier” Software. |
(101) | “Supplier IT Executive” has the meaning set forth in Statement of Work #1 (Managed Services). |
(102) | “Supplier Personnel” means members of the Service Delivery Organization. |
(103) | “Supplier Resources” means the Supplier IP, Deliverables, Services or any other resource or item provided to Service Recipients by Supplier (or, for clarity, a Supplier Agent). |
(104) | “Supplier Service Delivery Executive” has the meaning set forth in Statement of Work #1 (Managed Services). |
– Voya Confidential – 9
Confidential Treatment Requested by Voya Financial, Inc.
(105) | “Supplier Service Location” means any premises owned, leased or used by Supplier set forth in the applicable Statement of Work, from which Supplier shall provide the Services described in such Statement of Work (including any business continuity or disaster recovery services with respect to such Services). Certain requirements related to the Supplier Service Locations are provided in Schedule N. |
(106) | “System” means the Software, hardware and infrastructure used to provide the Services. |
(107) | “Tax Authority” means any Governmental Authority or other fiscal, revenue, customs or excise authority, body or official competent to impose, collect or assess tax. |
(108) | “Taxes” means any and all present or future taxes, levies, imposts, deductions, charges or withholdings, and all liabilities with respect thereto, other than any Excluded Taxes. |
(109) | “Term” means the term that this Agreement remains in effect, including any Termination Assistance Periods. |
(110) | “Termination Assistance Period”, for any Services, means a period of time designated by Voya, commencing on the date a determination is made that there shall be an expiration or termination of this Agreement (in whole or in part) or such Services and continuing for up to twenty-four (24) months after the effective date of such expiration or termination. |
(111) | “Termination Assistance” or “Termination Assistance Services” has the meaning set forth in Section 19.13. |
(112) | “Third Party Materials” are materials, including Software and documentation, owned or provided by a third party. |
(113) | “Transition Milestone” has the meaning set forth in Schedule G. |
(114) | “Valid Penetration Test” has the meaning set forth in Section 7.03(12). |
(115) | “Virus” means any malicious code, defect, component, programs or other internal components (e.g., computer “virus”, computer “worm”, computer time bomb, “Trojan horse”, “back door” or similar component). |
(116) | “Voya” has the meaning set forth in the preamble. |
(117) | “Voya Agent” means an agent, contractor, subcontractor or other representative of Voya Group, other than Supplier, exercising any of Voya Group's rights or performing any of Voya Group's obligations under this Agreement. |
(118) | “Voya Auditors” means Voya Group, including its audit and compliance personnel, and any of its regulators, accountants, auditors or third party consultants. |
(119) | “Voya Consents” means all licenses, consents, permits, approvals and authorizations that are necessary to allow Supplier to use (a) the Voya IP and Voya hardware, (b) any assets owned or leased by Voya Group and (c) the services provided for the benefit of the Service Recipients under Voya Group's third party services contracts, in each case, as necessary to provide the Services. |
– Voya Confidential – 10
Confidential Treatment Requested by Voya Financial, Inc.
(120) | “Voya Data” means all data or information regarding Voya Group, the businesses of Voya Group, or Voya Group clients, employees, former employees, distribution partners, agents, customers (including their beneficiaries), suppliers, contractors, other third parties doing business with Voya Group, third party administrators and recipients of Voya Group's services, either directly or indirectly, such as employees of Voya Group customers, plan participants, members, dependents, beneficiaries and similarly situated persons (a) submitted to Supplier by Voya Group or the Service Recipients, (b) obtained, developed, processed or produced by Supplier (other than data internal to Supplier, such as individual performance data for the members of the Service Delivery Organization and security logs retained by Supplier) or (c) accessed by Supplier in connection with the Services. |
(121) | “Voya Data Safeguards” means the Policies applicable to data security. |
(122) | “Voya Group” means Voya and any Affiliates of Voya that receive the Services, either individually or collectively, as the context demands. |
(123) | “Voya Indemnified Parties” means Voya, its Affiliates and the officers, directors, employees, successors and permitted assigns of Voya and its Affiliates. |
(124) | “Voya IP” means IP that is licensed or owned by Voya Group or an Voya Agent (other than the Supplier IP) that is used by Supplier in connection with the Services, including the Software set forth in the applicable Statement of Work as being “Voya Software”. |
(125) | “Voya IT Executive” has the meaning set forth in Statement of Work #1 (Managed Services). |
(126) | “Voya Senior Executive” has the meaning set forth in Statement of Work #1 (Managed Services). |
(127) | “Voya Service Delivery Executive” has the meaning set forth in Statement of Work #1 (Managed Services). |
(128) | “Voya Service Location” means any premises owned, leased or used by Voya Group and identified in the applicable Statement of Work, at which Voya Group may (to the extent set forth in such Statement of Work) provide space for Service Delivery Organization members to provide Services. |
(129) | “VRA Process” has the meaning set forth in Section 7.03(11). |
Section 1.02 References.
(1) | References to this Agreement include the Schedules, Statements of Work and all other attachments hereto; references to the Schedules or Statements of Work include any attachments thereto. |
(2) | Except where otherwise indicated, references in these MSA Terms to Articles, Sections or attachments are to Articles or Sections of, or attachments to, these MSA Terms (i.e., exclusive of the Schedules and Statements of Work). |
(3) | References in this Agreement to any Law means such Law as changed, supplemented, amended or replaced. |
– Voya Confidential – 11
Confidential Treatment Requested by Voya Financial, Inc.
(4) | References in this Agreement to, and mentions of, the word “include”, “including” or the phrases “e.g.” or “such as” means “including, without limitation”. |
(5) | References in this Agreement to “day”, “week”, “quarter” or “year” refer to a calendar day, week, quarter or year respectively, unless otherwise indicated. |
(6) | $ or “dollars” refers to United States dollars. |
Section 1.03 Headings. The Article and Section headings, Table of Contents and Table of Schedules are for reference and convenience only and shall not be considered in the interpretation of this Agreement.
Section 1.04 Precedence. In the event of a conflict between these MSA Terms, the terms and conditions of any Schedules, or a Statement of Work, the order of precedence shall be as follows: first, these MSA Terms; second, the Schedules; third, any Statements of Work. In the event of a conflict between a Schedule and its attachments or between a Statement of Work and its attachments, the Schedule and Statement of Work (as applicable) shall prevail.
Section 1.05 Agreement Framework and Guarantee.
(1) | These MSA Terms establish the general terms and conditions applicable to Supplier's provision, and Voya Group's receipt of, Services. |
(2) | Cognizant Technology Solutions Corporation shall enter into a performance and financial guarantee on behalf of Supplier and CTS US in the form provided at Schedule N, and shall execute and deliver such guarantee contemporaneously with the execution and delivery of this Agreement. |
ARTICLE 2 SERVICES.
Section 2.01 Services Generally. Supplier shall provide the Services to the Service Recipients in accordance with this Agreement. For Statements of Work executed in connection with work to be performed for Voya in the United States of America, and solely to the extent that CTS US employees are required for the provision of Services or Deliverables by Supplier in connection with such Statement of Work, CTS US will also execute such Statement of Work solely for the purpose of providing Services and Deliverables to Voya for Supplier. Subject to ARTICLE 9 of this Agreement, Supplier will remain fully responsible and liable for Services and Deliverables provided under this Agreement by its Affiliates and subcontractors. Any Affiliate of Voya may enter into Statements of Work with Supplier and, only for the purposes of any such Statements of Work, shall be considered “Voya” as that term is used in this Agreement. Supplier shall cause the Services to be performed (1) with adequate numbers of qualified personnel (as to training, skill and experience) operating from the geographies and locations that may be required by any particular Statement of Work, (2) in a good, professional and workmanlike manner, (3) consistent with industry standards and generally accepted practices and (4) with the experience and expertise necessary to provide the Services in accordance with this Agreement. Cognizant will follow industry leading practices in the provision of Services, which may include technological advancements and other improvements. Services will be performed in accordance with the Service Levels, as further described in Schedule A and the applicable Statement of Work.
– Voya Confidential – 12
Confidential Treatment Requested by Voya Financial, Inc.
Section 2.02 Labor and Materials. Supplier shall perform all work necessary to provide the Services in accordance with this Agreement. Except as explicitly provided otherwise, Supplier shall furnish and pay for all labor, materials, services, facilities, equipment, software and resources (including the Supplier IP and Supplier Resources) necessary to provide the Services and meet its obligations under this Agreement, excluding the Voya Software to be furnished by Voya Group.
Section 2.03 Policies. In connection with its provision of the Services, Supplier shall comply with the Policies. Policies may be maintained on an internal website or database designated by Voya Group and made accessible to Supplier. On the first Business Day of each month, Supplier shall review whether any of such Policies have been updated by checking the first page of each Policy. If a Policy has been updated and compliance with such update is required before the first Business Day of the following month, Voya Group shall notify Supplier directly of such update.
Section 2.04 Reports and Data Feeds. Supplier shall provide the reports specified in this Agreement, including in Schedule B and the applicable Statement of Work. To the extent Supplier holds electronically any Voya Data used to provide the Services, Supplier shall at all times provide Voya Group with real time access to such Voya Data, except to the extent such access is unavailable during periods of scheduled and emergency maintenance.
Section 2.05 Relief Event. Supplier shall be excused for its non-performance of an obligation under this Agreement for as long as, and to the extent, Supplier's performance of such obligation is directly prevented by (1) the failure of Voya Group or an Voya Agent to perform any of its obligations under this Agreement (including, subject to a root cause analysis, a failure of a system provided by Voya Group or an Voya Agent to perform in accordance with the requirements explicitly set forth in this Agreement, provided such failure is not due to an act or omission of Supplier or its Affiliates); (2) a written or electronic agreement between the applicable Supplier Service Delivery Executive and Voya Senior Executive to re-direct resources or priorities other than in the ordinary course of the Services (provided, however, that the applicable Supplier Service Delivery Executive notifies the Voya Senior Executive prior to such agreement that such re-direction or re-prioritization shall cause such non-performance); or (3) incorrect or incomplete information provided by a Voya Agent that could not have been identified as incorrect or incomplete in connection with Supplier's performance of the Services or the exercise of reasonable judgment (collectively, “Relief Events”); provided, however, that Supplier (a) demonstrates the basis for the Relief Event was the primary cause of such non-performance, (b) uses commercially reasonable efforts to mitigate the impact of such Relief Event, (c) continues to use commercially reasonable efforts (including emergency fixes and workarounds) to perform such obligation and (d) provides Voya Group notice of such non-performance describing in reasonable detail the nature of such non-performance as soon as possible after Supplier (i) knows of such non-performance, but in no event later than one (1) Business Day after Supplier has such knowledge or (ii) should have known of such non-performance in which case Supplier shall not be excused until after it provides notice of the non-performance.
Section 2.06 New Services. “New Services” means functions that Voya Group requests Supplier to perform under this Agreement: (1) that are in addition to, and materially different from, the Services; and (2) for which there is no existing charging mechanism in this Agreement. Voya Group may from time to time request that Supplier perform New Services. Within a reasonable period of time after the receipt of such request, Supplier shall prepare and submit to Voya Group at no charge a proposal for the performance of the New Services (such proposal shall include necessary and reasonable scoping and analysis of the New Services in order to be able to specify the applicable personnel, hardware and Software resources and the applicable Fees), consistent with the procedures
– Voya Confidential – 13
Confidential Treatment Requested by Voya Financial, Inc.
set forth in Schedule C. Voya Group shall not be required to accept any such proposal. Voya Group shall not be obligated to obtain any New Services from Supplier, nor shall Voya Group be prevented from requesting or obtaining such services from a third party. If the Parties are in dispute as to whether the proposed service is a New Service or an in-scope Service, Supplier shall begin performing the services upon Voya Group’s written instruction to begin work. If the Parties later agree that the work is a New Service and separately billable, but the Fees have not been agreed upon, then Voya Group shall pay the applicable rates set forth in Schedule D or the applicable Statement of Work while the dispute regarding the Fees is being resolved. If the resource is not covered by Schedule D or the applicable Statement of Work, Supplier's commercially reasonable rates consistent with the discounts and rates otherwise provided to Voya Group shall apply, until the Fees have been resolved. In no event will Voya Group be obligated to pay for any services other than the then-existing Services without the written agreement of the Parties. New Services may be performed under an existing Statement of Work or pursuant to a new Statement of Work.
Section 2.07 Quality Assurance and Continuous Improvement. In performing the Services, Supplier will, in accordance with leading industry practices, undertake quality assurance procedures designed to ensure that the Services are performed with professional quality and reliability. Such procedures shall include checkpoint reviews, testing, Acceptance, and other procedures for Voya Group to confirm the quality of Supplier’s performance. Supplier, as part of its total quality management process, will provide continuous quality assurance and quality improvement through: (1) the identification and application of proven techniques and tools from other of its client engagements and internal processes; and (2) the implementation of concrete programs, practices and measures designed to improve performance (including the Service Levels). Supplier will utilize project management tools, including productivity aids and project management systems, as appropriate in performing the Services. Supplier will perform root cause analyses pursuant to and in accordance with the requirements of Schedule E.
Section 2.08 Policies and Procedures Manual. As further described in Schedule F, Supplier shall (1) develop a management and operations procedures manual detailing processes required to manage the performance of the Services in accordance with this Agreement, and (2) deliver a draft to Voya for its review and approval. A version approved by Voya of such manual must be completed by Supplier within the time specified in Schedule F or the applicable Statement of Work (such approved draft shall be the “Policies and Procedures Manual”). Until such time that the Policies and Procedures Manual is finalized, Supplier shall follow and comply with Voya Group’s policies and procedures in place prior to the Effective Date that are made known to Supplier in advance and in writing. Supplier shall be responsible for maintaining and keeping the Policies and Procedures Manual current during the Term, with all changes being subject to Voya’s review and approval, in accordance with the requirements of Schedule F.
Section 2.09 Divestitures and Acquisitions. In the event that Voya Group divests an entity, business unit or set of assets otherwise comprising a business, Voya Group may elect either (a) for Supplier to continue to provide any Services to such divested entity or business as a Service Recipient under this Agreement, provided that if changes are required to Supplier’s operations or costs of providing Services in order to continue providing Services to a divested entity or business (e.g., create a separate environment), the Parties shall address any incremental costs required to implement such changes through the Change Procedures; or (b) to remove such divested entity or business from the receipt of the Services, in which case there will be a corresponding reduction in volumes and Fees, notwithstanding any limitations to the contrary in a Statement of Work. To the extent Voya Group elects to continue the provision of Services, Voya Group shall continue to be responsible for
– Voya Confidential – 14
Confidential Treatment Requested by Voya Financial, Inc.
the corresponding Fees and such entity’s or business’ compliance with the relevant terms of this Agreement. Any divested entity or business receiving Services in accordance with the foregoing shall have all rights afforded to Service Recipients under this Agreement. In the event that Voya Group acquires an entity or business (as a new Affiliate or otherwise), Voya Group may elect to have Service Provider provide some or all of the Services to such acquired entity or business in accordance with this Agreement, including to account for any corresponding increase in volumes and Fees. To the extent such acquired entity is already receiving services from Supplier that are similar to and could be replaced by the Services, Voya Group and the acquired entity may elect to terminate the acquired entity’s agreement (or relevant portions thereof) at no charge, notwithstanding anything to the contrary in such agreement, and instead incorporate such services under this Agreement, subject to an equitable adjustment in the calculation of termination fees under the applicable Statement of Work as may be necessary to enable Supplier to recover any costs that Supplier otherwise would have been entitled to recover through the termination fees of the acquired entity’s agreement in the event of its early termination.
Section 2.10 Transition and Transformation. Supplier will perform its responsibilities for Transition and Transformation in accordance with the requirements of Schedule G and the applicable Statement of Work or Project Plan. Particular provisions related to Voya Group rights with respect to Transition and Transformation, and remedies for Supplier’s delays and failures, are set forth therein.
ARTICLE 3 SERVICE DELIVERY ORGANIZATION.
Section 3.01 Service Delivery Organization Members.
(1) | For purposes of this Agreement, Supplier will be responsible for the acts and omissions of all members of the Service Delivery Organization, and all other Supplier employees, contractors and agents, to the same extent as if performed by Supplier. |
(2) | All Service Delivery Organization members shall possess the training, skills and qualifications agreed upon by the Parties and otherwise necessary to properly perform the Services. |
(3) | Before assigning any individual to the Service Delivery Organization, Supplier shall conduct background checks at the local, state and federal/country level. Such background check shall include, to the extent permitted by law, (a) education verification, including verification of diploma; (b) prior employment verification for all members of the Service Delivery Organization above entry level (going back no less than five (5) years); (c) social security or other similar verification, as applicable; (d) felony and misdemeanor criminal checks, including no less than seven (7) years of criminal history in the jurisdictions where such individual has lived and/or worked (including, in the United States, a federal check), and if required by Law, facilitating the fingerprinting of such individual; (e) confirmation that the applicable persons have necessary security clearances, visas and work permits; and (f) credit check for members of the Service Delivery Organization who handle, are responsible for or have access to any financial transaction data. In addition, just prior to assigning any individual to the Service Delivery Organization, Supplier will have any such Service Delivery Organization member performing Services in Voya Service Locations in the U.S. submit to drug testing, using a five panel test that will include testing for Amphetamines, Cocaine Metabolites, Marijuana Metabolites (50) /Cannabinoids, Phencyclidines, Opiates |
– Voya Confidential – 15
Confidential Treatment Requested by Voya Financial, Inc.
(2000) /Morphines. For clarity, Supplier will pay for all costs associated with conducting the background checks and drug testing required by this Section. Supplier shall not assign any individual to the Service Delivery Organization (i) whose background check is not consistent with the information provided by such individual or such individual's previous employer, (ii) who has been convicted of, pled guilty or nolo contendere to a crime involving breach of trust, dishonesty, injury or attempted injury to any property or person or (iii) who refuses to provide consent with respect to Supplier's performance of the background checks described in this Section. Supplier shall (A) maintain a copy of such background checks during the Term, (B) certify Supplier's compliance with this Section 3.01(3) to Voya Group upon Voya Group's written request and (C) if required by Law or upon a Governmental Authority request, shall provide Voya Group with such copy for its review. Supplier will have the ongoing duty to inform Voya Group promptly upon learning that any member of the Service Delivery Organization has been convicted of a felony or failed a drug test. Should Supplier learn, after assigning an individual to be part of the Service Delivery Organization, that the individual has been convicted of a felony or failed a drug test, Supplier will promptly advise Voya Group of such fact and remove the individual from performing Services.
(4) | Supplier shall validate each person upon assignment to the Service Delivery Organization as not having been on any of the following lists published and maintained by the government of the United States of persons or entities with whom any U.S. person or entity is prohibited from conducting business: the Denied Persons List, the Unverified List, the Entity List, the Specially Designated Nationals List, the Debarred List, and the Nonproliferation Sanctions Lists, all of which can be accessed from the following website: xxxx://xxx.xxx.xxx.xxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxx.xxx. Supplier shall also conduct, at Voya’s request but no more frequently than quarterly, a review of the lists mentioned above, and shall provide to Voya certification of the completion of such reviews upon request. Supplier shall report to Voya promptly if it becomes aware that a member of the Service Delivery Organization is placed on any of the foregoing lists published by the government of the United States of persons or entities with whom any U.S. person or entity is prohibited from conducting business (or any successor list published by the U.S. Government) and shall promptly, at Supplier’s sole expense and without excusing any of its performance obligations hereunder, remove any such person or entity from performing any Services. |
(5) | Supplier shall ensure that all Service Delivery Organization members performing Services in the United States are legally authorized to work in the United States and free from any legal or contractual restraints prohibiting working or the exercise of skills when assigned to Voya, including employment agreements or non-competition agreements with other or former employers. For clarity, in the event any particular Supplier personnel are not authorized to work in the United States or cease to be authorized to work in the United States, or Supplier otherwise has a shortage of such authorized personnel, the lack of authorization will not serve as an excuse for any of Supplier’s staffing obligations under a Statement of Work. |
(6) | As requested, Supplier shall provide certification that any or all foreign nationals assigned to perform Services for Voya Group in the United States meet requirements of immigration Laws, and bear all expenses for obtaining and maintaining compliance with such Laws. In the United States, applicable immigration Laws include, but are not limited to, as amended, the Immigration and Reform Act of 1986, the Immigration and Nationality Act, the L-1 Visa (Intra-company Transferee) Reform Act of 2004 and the H-1B Visa Reform Act of 2004. |
– Voya Confidential – 16
Confidential Treatment Requested by Voya Financial, Inc.
(7) | Supplier shall ensure that each member of the Service Delivery Organization complies with (a) the confidentiality provisions of this Agreement, both during and after the Term, (b) the provisions of this Article, (c) while such member of the Service Delivery Organization is at any Voya Group facility, the facility's policies, codes of conduct and safety requirements applicable to such Voya Group facility as are made available to such members or Supplier in advance and in writing, and (d) any applicable Policies. Prior to assigning an individual to the Service Delivery Organization, Supplier has caused, or shall cause, such individual to enter into a non-disclosure and assignment of IP and other proprietary rights agreement no less protective than the form set forth in Schedule H. |
Section 3.02 Key Personnel and Minimum Retention Roles.
(1) | The Key Personnel positions (and, in some cases, the names of individuals serving as Key Personnel) are as set forth in the applicable Statement of Work. Subject to the total percentage of Key Personnel not exceeding fifteen percent (15%) of the Service Delivery Organization, Voya Group may, in its sole discretion, change the particular Service Delivery Organization member positions designated as the Key Personnel positions from time to time. Except where a Statement of Work expressly provides otherwise, Supplier will cause each of the Key Personnel to be solely dedicated to the Voya account while providing Services. |
(2) | Before assigning any individual as a Key Personnel, whether as an initial assignment or as a replacement, Supplier shall: (a) notify Voya of the proposed assignment; (b) introduce the individual to appropriate representatives of Voya Group and permit such representatives to interview such individual; (c) provide Voya Group with a resume and any other information available to Supplier regarding the individual that may be requested by Voya Group; and (d) obtain Voya's approval for such assignment. If Voya does not approve such individual, Supplier shall as soon as possible propose a replacement to Voya Group in accordance with this Section. Supplier shall provide Voya Group with an updated list of all individuals serving as Key Personnel upon request by Voya. |
(3) | Each individual assigned to be a Key Personnel shall not be replaced or reassigned for the lesser of: (a) the period for which such individual is required to provide Services in the applicable Statement of Work, or (b) *** months from the date that such individual first began to serve in such role, without first receiving Voya Senior Executive’s prior written consent, which may be withheld in Voya’s sole discretion; provided, however, that Supplier may replace such Key Personnel if such Key Personnel (i) voluntarily resigns from, or is dismissed by, Supplier, (ii) dies, is disabled or is placed on long-term medical leave, (iii) is placed on long-term leave due to family considerations, analogous to those codified in the Family and Medical Leave Act (FMLA, U.S. PL 103-3), or (iv) is prohibited by law from filling such position (such situations being referred to as “Allowable Removals”); and provided further that if the Voya Senior Executive does not consent to a requested reassignment, Supplier may raise its concerns through the governance procedures. |
(4) | Each non-Key Personnel assigned to a Minimum Retention Role on the Voya account pursuant to a Statement of Work may not be replaced or reassigned for *** months from the date that such individual first began to serve in such role; provided, however, that Supplier may replace any such non-Key Personnel owing to an Allowable Removal. |
– Voya Confidential – 17
Confidential Treatment Requested by Voya Financial, Inc.
(5) | Except for an Allowable Removal, and separate from the retention requirements above, Supplier will give Voya at least *** days’ advance notice of a proposed change in any individual serving in a Key Personnel position or Minimum Retention Role, and will discuss with Voya Group any objections Voya Group may have. Prior to such notice, there must be a transition plan that has been approved in writing by Voya with respect to such position. Supplier will arrange, at no charge, for the proposed replacement to work side-by-side with the individual being replaced during the notice period to effectuate a seamless transfer of knowledge prior to the incumbent leaving the Key Personnel position or Minimum Retention Role. Subject to an Allowable Removal, Key Personnel may not be transferred or re-assigned by Supplier until a suitable replacement has been approved by Voya, and no such re-assignment or transfer may occur at a time or in a manner that would have an adverse impact on delivery of the Services or Voya Group’s operations. |
Section 3.03 Replacements and Turnover.
(1) | Upon receipt of a notice from the Voya Senior Executive to remove a member of the Service Delivery Organization and provided Voya Group gives such notice is in good faith, Supplier shall promptly remove any such Service Delivery Organization member; provided, however, that in the event the Voya Senior Executive requests removal of a Service Delivery Organization member because of such individual's tortious conduct, illegal conduct, failure to comply with Policies (including noncompliance with Voya Data Safeguards such as failing phishing tests) or moral turpitude, Supplier shall remove such individual immediately upon receipt of the request from the Voya Senior Executive. Notwithstanding the foregoing, Voya agrees that it will not exercise its discretion to require the removal of any person on the basis of race, color, religion, national origin, sex, age, disability, sexual orientation or other characteristics protected by applicable Law. |
(2) | Supplier shall as soon as reasonably possible replace any Service Delivery Organization member who is terminated, resigns or otherwise ceases to perform the Services with an individual with similar qualifications to perform the Services and shall otherwise maintain backup and replacement procedures for the Service Delivery Organization to maintain continuity of the Services without adversely affecting the performance of the Services or Service Levels. |
(3) | For clarity, removals or replacements of Service Delivery Organization members under this Section 3.03 (or otherwise in accordance with this Agreement, including with respect to Allowable Removals) do not excuse Supplier from its obligations under this Agreement. |
(4) | Voya and Supplier agree that it is in their mutual best interests to keep the attrition rate of the Service Delivery Organization to a reasonably low level. Supplier shall ensure that, for each Statement of Work: (a) separate from and in addition to the *** month requirement specified in Section 3.02(3) for each consecutive *** month period beginning on the second anniversary of the Go Live Date, not more than *** of the Key Personnel will be replaced or reassigned by Supplier or, if Supplier has *** use Commercially Reasonable Efforts to *** voluntary resignations, *** from the performance of the Services to which they are assigned; and (b) for each consecutive *** month period beginning on the first anniversary of the Go Live Date, not more than *** of Supplier non-Key Personnel who serve in Minimum Retention Roles will be replaced or reassigned by Supplier or, if Supplier has *** |
– Voya Confidential – 18
Confidential Treatment Requested by Voya Financial, Inc.
use Commercially Reasonable Efforts to *** voluntary resignations *** from the performance of the Services to which they are assigned.
Section 3.04 Subcontracting.
(1) | Supplier shall not subcontract or delegate performance of the Services or obligations under this Agreement, including to a successor to a Supplier Agent, without the consent of Voya (in its sole discretion); provided, however, that Supplier may subcontract or delegate performance of the Services or obligations under this Agreement without such consent to (a) a wholly-owned Affiliate of Supplier, (b) a non-wholly owned Affiliate of Supplier, if such ownership structure is solely due to a requirement of Law, (c) natural persons who are independent contractors, provided that such independent contractors consist of a de minimus portion of the Service Delivery Organization and (d) vendors providing equipment or software and maintenance services in connection with such equipment or software. |
(2) | No subcontracting or delegation shall release Supplier from its responsibility for its obligations under this Agreement and Supplier shall be responsible for all acts and omissions of the Supplier Agents, including compliance or any non-compliance with the terms of this Agreement. Supplier shall be responsible for all payments to the Supplier Agents. Supplier shall ensure that any entity to which Supplier subcontracts or delegates any performance of the Services or any obligations under this Agreement complies with the terms of this Agreement relevant to the services being provided by such Supplier Agent, and shall have agreements with subcontractors that reflect such obligations (which may include replicating the applicable provisions of this Agreement into the subcontract). Supplier may contract with vendors providing equipment or software and maintenance services around such equipment or software in accordance with such vendor’s standard terms and conditions and is not required to pass through any obligations under this Agreement except to the extent necessary for Supplier to meet its Service Levels (provided that this sentence does not limit Supplier’s obligations to Voya Group hereunder). |
(3) | To the extent any subcontractor or other Supplier Agent is providing the Services, or performing any other obligation of Supplier under this Agreement, use of the term “Supplier” shall include such subcontractor or other Supplier Agent (i.e., acts and omissions of such parties will be deemed to be acts and omissions of Supplier). The inclusion of Supplier Agent within the definition of “Supplier” does not cause any Supplier Agent to be a party to this Agreement (or be part of the term “Party”). For the avoidance of doubt, subject to ARTICLE 17, Supplier shall be fully responsible and liable for the acts and omissions of Supplier Agents to the same extent as if Supplier committed such acts and omissions. |
Section 3.05 Transfer of Voya Personnel. A Statement of Work may set forth certain requirements and other provisions that will govern any transfer of Voya Group employees to Supplier in connection with such Statement of Work.
ARTICLE 4 SERVICE LOCATIONS.
Section 4.01 Place of Performance. Supplier shall provide the Services from the Service Locations as set forth in the applicable Statement of Work. In the event that Supplier provides Services from any Voya Service Locations, Supplier's use of any such Voya Service Location shall be subject to Section 4.02 below.
– Voya Confidential – 19
Confidential Treatment Requested by Voya Financial, Inc.
Section 4.02 Voya Service Locations.
(1) | Supplier shall cause all members of the Service Delivery Organization to: (a) comply with all Voya Service Location rules, regulations, and guidelines of Voya Group communicated in advance and in writing to, or otherwise known by, Supplier; (b) confine themselves to areas designated by Voya Group; and (c) be subject to Voya Group’s badge and pass requirements in effect at the applicable Voya Service Location. |
(2) | All Voya Service Location shall be provided to Supplier on an “as is, where is” basis, without warranty and shall remain the property of Voya Group. Access to the Voya Service Location shall be designated by Voya Group in its sole discretion. |
(3) | Supplier shall only use the Voya Service Location for general office purposes or such other specific purposes agreed to by the Parties. Such use shall only be to perform Supplier’s obligations under this Agreement, shall be in a reasonably efficient manner, and shall be in a manner consistent with current use. Supplier shall keep the Voya Service Locations in good order, shall not commit waste or damage so the Voya Service Location, and shall not use the Voya Service Location for any unlawful purpose or act. Use of the Voya Service Location shall not create a leasehold or other real property interest in favor of Supplier. |
(4) | Supplier shall not take any actions, or omit to take any action, that it knows will cause Voya Group to breach any lease applicable to the Voya Service Location, and Supplier will be deemed to have knowledge of acts and omissions that would cause Voya Group to breach any applicable leases if Voya Group provided Supplier a copy of the applicable lease; provided, however, that Voya: (a) obtains all landlord consents necessary to permit Supplier to use the Voya Service Location; and (b) provides prompt notice of any alleged breach (to the extent Voya Group is provided notice by the landlord) so that Supplier is permitted to cure the breach. |
(5) | If Supplier is using a Voya Service Location in an inefficient manner which is inconsistent with the manner in which it had been historically used by Voya Group, Voya Group will be permitted to pass-through to Supplier any increases in facilities costs and expenses attributable to Supplier’s inefficient use. |
(6) | Supplier shall not assign, sublet, or sublicense the Voya Service Location or make any modifications or alterations so the Voya Service Location without the prior written consent of Voya. |
(7) | Supplier shall (a) only permit the Service Delivery Organization members to have access to, or to use, the Voya Service Location, and (b) permit Voya Group to enter the Voya Service Location at any time as necessary for items such as inspection or maintenance of the Voya Service Location; provided, however, that Voya Group shall not unduly interfere with Supplier’s performance of its obligations. |
(8) | Members of the Service Delivery Organization may be required, at Voya Group's discretion, to carry Voya Group's identification credentials while accessing such space, which shall be surrendered upon demand or completion of such individual's services. The identification credentials shall be used only as directed by Voya Group. Supplier shall be liable for any unauthorized use of the identification credentials by the Service Delivery Organization member. If an individual who has been given Voya Group identification credentials leaves |
– Voya Confidential – 20
Confidential Treatment Requested by Voya Financial, Inc.
Supplier's employment or ceases to perform the Services, Supplier shall promptly identify such individual to Voya Group and return such individual's identification credentials to Voya Group. In the event such identification credentials are not promptly returned, Supplier shall promptly provide a written explanation to Voya Group. If an individual who has been given Voya Group identification credentials loses such credentials, Supplier shall reimburse Voya Group for any charges, fees or expenses related to replacing such credentials to the same extent that Voya Group's own employees must reimburse Voya Group for any charges, fees or expenses related to lost credentials.
(9) | Voya Group shall provide Supplier the facilities services that Voya Group customarily provides to its contractor personnel at such space. |
(10) | Voya Group may suspend a Service Delivery Organization member's use of any such Voya Service Location, upon notice to Supplier, if such member fails to use any such space in accordance with the use terms set forth in this Section 4.02, and Voya Group's suspension of such member's use of such Voya Service Location shall not be deemed a Force Majeure Event. |
(11) | Supplier's right to use such space shall cease at the end of the Term. Voya Group may terminate Supplier's use of any such space upon thirty (30) days' notice to Supplier; provided, however, that Voya Group shall provide comparable alternative space at another Voya Service Location located within a reasonable distance of such terminated space, or the Parties may agree on alternative arrangements, if Supplier does not have alternative space and such termination would adversely affect Supplier's performance of its obligations. |
Section 4.03 Relocations and New Service Locations. Provision of any Services from any new service location, as well as any additional Service to be performed from an approved Service Location, must be approved in advance by Voya (in its sole discretion); provided, however, that such approval shall not be required (but prior notice shall be required) if the other service location is a building within a contiguous corporate campus that contains an existing Supplier Service Location. If Voya rejects any proposed service location, it shall provide the reason for such rejection. If Supplier requests a relocation to, or use of, another services location, any incremental cost and expense reasonably incurred by Voya Group as a result of such relocation or use shall be reimbursed by Supplier to Voya Group. In addition, Supplier's consolidation of any Service Locations or movement of a Service from one location to another, and any other closure of any Service Location by Supplier, must be approved in advance by Voya and any incremental cost and expense reasonably incurred by Voya Group as a result of consolidation, movement or closure of any Service Location shall be reimbursed by Supplier to Voya Group. In the event Voya Group requests that Supplier provide any Services from any other service location, Supplier shall relocate the provision of such Services in accordance with such request, and any incremental cost and expense reasonably incurred by Supplier as a result of relocation to, or use of, another such service location shall be reimbursed by Voya Group to Supplier; provided, however, that any incremental cost and expense reasonably incurred by either Party as a result of a relocation due to a Voya Group request based on the following shall be the financial responsibility of Supplier: (1) work being performed from a location not approved in accordance with this Section, or (2) Supplier's breach of this Agreement that can only be remedied by relocation, or (3) a reasonably prudent supplier would have relocated from the location or geography based on the geopolitical, environmental or other risks of remaining in such area. Supplier shall keep the Voya Service Locations and Voya Group assets free of any liens arising from the acts or omissions of Supplier.
– Voya Confidential – 21
Confidential Treatment Requested by Voya Financial, Inc.
ARTICLE 5 COOPERATION WITH OTHER SUPPLIERS.
Section 5.01 Cooperation with Other Suppliers. Supplier shall cooperate with any Other Supplier, to the extent required for Supplier to provide the Services in accordance with this Agreement or to the extent required for such Other Supplier to provide its services to Voya Group. Such cooperation shall include:
(1) | provision of requested and applicable written information concerning the Services, data and technology used in providing the Services including information regarding the operating environment, system constraints and other operating parameters; |
(2) | reasonable assistance and support to the Other Suppliers; |
(3) | reasonable access to Supplier and Voya Group Systems and architecture configurations associated with the Services, to the extent reasonably requested by Other Suppliers; and |
(4) | access to and use of the Supplier IP and Supplier hardware to the extent reasonably requested by Other Suppliers; |
provided, however, that provision of such information, assistance, support and access shall be subject to such Other Supplier being bound by confidentiality provisions consistent with those in this Agreement and complying with Supplier's security policies or license restrictions, to the same extent such policies are applicable to Voya Group under this Agreement.
Section 5.02 Cooperation on Failures. Supplier shall cooperate with the Other Suppliers and Voya Group to establish the root cause of any failure. To the extent the root cause of such a failure falls within the responsibility of Supplier or any of the Other Suppliers to correct, each shall provide to the others, as requested, reasonable assistance and support regarding the resolution of the failure. Voya Group shall use commercially reasonable efforts to cause Other Suppliers to cooperate with Supplier in a manner consistent with this Article. In no event shall such assistance and support affect the overall allocation of responsibility between Supplier and the Other Suppliers regarding (1) Supplier's performance of its obligations under this Agreement (including Supplier's performing the Services in accordance with the Service Levels) and (2) any Other Supplier's obligations relating to Voya Group. Supplier shall not be responsible for performing the Other Suppliers' obligations to Voya Group.
ARTICLE 6 LICENSES AND PROPRIETARY RIGHTS.
Section 6.01 Voya IP. To the extent Supplier requires use of the Voya IP in connection with providing the Services, Voya grants Supplier a global, royalty-free, non-exclusive, non-transferable license for Supplier and Supplier Agents to access, use and copy the Voya IP (but only to the extent permitted by any applicable third party license agreement). Such license shall be only for the Term and any Termination Assistance Period thereafter, and shall be limited to the extent necessary for Supplier and Supplier Agents to perform their obligations hereunder.
Section 6.02 Supplier IP.
(1) | Except to the extent otherwise expressly provided in an applicable Statement of Work, or in a separate license agreement between the Parties, (a) to the extent Voya Group or any |
– Voya Confidential – 22
Confidential Treatment Requested by Voya Financial, Inc.
other Service Recipients require use of any Supplier IP in connection with the receipt of the Services, Supplier hereby grants Voya Group and such Service Recipients during the Term, solely for Voya Group and Service Recipients to receive the Services, a global, royalty-free, irrevocable, non-exclusive license to use such Supplier IP; and (b) such license shall extend to *** Voya Group or Service Recipients to the extent necessary for such services to be ***; provided, however, that *** confidentiality obligations similar to those of Voya hereunder.
(2) | Except to the extent otherwise expressly provided in an applicable Statement of Work, or in a separate license agreement between the Parties, following the Term (and any Termination Assistance Period thereafter), to the extent Voya Group or any other Service Recipients reasonably require use of any Supplier IP in connection with performance or receipt of services that replace any of the Services, and such Supplier IP is not commercially available to licensees such as Voya Group, then Supplier hereby grants Voya Group and such Service Recipients a *** non-exclusive license to use such Supplier IP. Such license shall extend to *** Voya Group to the extent necessary for such services ***; provided, however, that *** confidentiality obligations similar to those of Voya hereunder. Upon Voya Group’s request, Supplier will support such Supplier IP after such termination or expiration, as follows: (a) if Supplier has a maintenance and support offering for such Supplier IP, then it shall make such offering available to Voya Group on commercially reasonable terms and pricing, and in no event shall such terms and pricing be more restrictive or unfavorable to Voya Group than offered by Supplier to similar entities in similar circumstances; or (b) if Supplier does not have such a maintenance and support offering, then Supplier shall either, at its option, provide such support as part of Termination Assistance, and thereafter at rates consistent with the rates in Schedule D and the applicable Statement of Work subject to appropriate “cost of living” adjustments over time or provide the source code for such Supplier IP. |
Section 6.03 Residual Information. Either Party may, during and after the Term hereof, use in its business any Residual Information. “Residual Information” means the ideas, know-how and techniques that would be retained in the unaided memory of an ordinary person skilled in the art, not intent on appropriating the proprietary information of the disclosing party. For the avoidance of doubt, no intellectual property rights are granted under this Section 6.03, nor does this Section waive or supersede any rights or obligations set forth in ARTICLE 13.
Section 6.04 Deliverables.
(1) | Unless otherwise agreed to by the Parties, Voya shall own and have all right, title and interest in and to the Deliverables, as of the moment of their creation; provided that in no event will Supplier IP or Third Party Materials, or derivatives thereof be deemed to be Deliverables. Supplier hereby irrevocably assigns, transfers and conveys to Voya all of its right, title and interest in and to the Deliverables. Supplier shall execute any documents (or take any other actions) as may be necessary, or as Voya may reasonably request, to perfect the ownership of Voya in the Deliverables or otherwise to establish, preserve and enforce Voya Group’s rights under this Section 6.04. Voya may designate another entity of Voya Group for the ownership in this Section, in which case the references to Voya in this Section shall be to such Voya Group entity. |
(2) | Supplier agrees that all Deliverables are, to the extent possible under law, a “work made for hire” (as defined in the United States Copyright Act of 1976 or other applicable laws). |
– Voya Confidential – 23
Confidential Treatment Requested by Voya Financial, Inc.
Accordingly, Voya Group will be considered the author of such Deliverables for all purposes, and Voya Group will be and remain at all stages of completion, the sole and exclusive owner of Deliverables. To the extent any Deliverable is not deemed to be a work made for hire, Supplier will assign the rights, title and interest in and to such Deliverable to Voya Group. If any of the rights, title and interest in and to a Deliverable cannot be assigned by Supplier to Voya Group, Supplier hereby grants Voya Group an exclusive, perpetual, royalty-free, fully paid up, irrevocable, worldwide license (and to permit its Affiliates and service providers to do the same, and also to sublicense such rights through multiple tiers) to practice such non-assignable rights, title and interest, subject to any limitations set forth in the Agreement or an applicable Statement of Work. Supplier hereby covenants and agrees not to institute or support any action or claim that any such exploitation of a Deliverable by Voya Group infringes any of Supplier’s or its employees’ legal or moral rights, and not to take any other action which will or might interfere with or derogate Voya Group’s rights granted herein. Further, Supplier will not cause or permit any liens or encumbrances to be placed against, or grant any security interest in, a Deliverable (or Voya Group’s Confidential Information). Supplier further agrees that Voya Group will have the sole and exclusive right to register in its own name the copyrights and other intellectual property rights in and to the Deliverables.
(3) | Supplier agrees that, except as may be expressly permitted in a Statement of Work, (a) Supplier will not incorporate any Supplier IP or Third Party Materials in any Deliverables, (b) Deliverables will not be derivative works of Supplier IP or Third Party Materials, (c) Deliverables will not be subject to any open source licenses, and (d) Deliverables will not otherwise be dependent on Supplier IP or Third Party Materials to be used or produce the functionality as intended. |
(4) | To the extent Supplier IP or Third Party Materials are incorporated in any Deliverables, , then Supplier hereby grants to Voya Group a non-exclusive, perpetual, royalty-free, fully paid up, irrevocable, worldwide license to access, use, copy, configure, maintain, modify, enhance, install, perform, display, distribute and (unless the Parties’ agree otherwise in the applicable Statement of Work) create derivative works of any such Supplier IP or Third Party Materials (and to permit Service Recipients to do the same, and also to sublicense such rights through multiple tiers) solely in connection with the operation, use, exploitation and/or full enjoyment of all rights in and to the Deliverables, and in accordance with any further terms set forth in the applicable Statement of Work. The foregoing license does not authorize Voya Group to separate Supplier IP or Third Party Materials from the Deliverables in which they are incorporated for creating a standalone product for marketing to others or use as development tool. For clarity, Voya Group will own all such Deliverables described in this paragraph, subject to Supplier’s or Third Party ownership rights in the Supplier IP and Third Party Materials respectively. Where a Deliverable does not incorporate Supplier IP or Third Party Materials, but is otherwise dependent on Supplier IP or Third Party Materials, then the Parties shall agree in the applicable Statement of Work as to how to handle such dependency (e.g., what rights Voya Group will have in the Supplier IP or Third Party Materials), including following the termination/expiration of the applicable Statement of Work. |
(5) | Supplier shall provide Voya Group with all Related Documentation (and other documentation that is IP) that is customarily provided with the applicable type of Deliverable and such Related Documentation (and other documentation that is IP) shall be accurate, |
– Voya Confidential – 24
Confidential Treatment Requested by Voya Financial, Inc.
current and complete and sufficient to enable an individual reasonably skilled in the applicable subject matter to use and maintain the Related Documentation without reference to any other person or materials.
Section 6.05 Consents, Approvals and Requests. Supplier shall, at its cost and expense, obtain, maintain and comply with the Supplier Consents, if any. Voya Group shall comply with the Supplier Consents. In the event Supplier is unable to obtain a Supplier Consent, Supplier shall implement (at its own cost and expense), subject to Voya consent, a work around as necessary to enable Supplier to provide the Services without such consent. Upon Voya's request, Supplier shall provide Voya Group with evidence of any Supplier Consent.
Section 6.06 Restrictions. Neither Party shall decompile, disassemble or reverse engineer any of the IP of the other Party. Each Party grants only the licenses expressly set forth in this ARTICLE 6 and no other licenses are granted.
ARTICLE 7 DATA.
Section 7.01 Ownership of Data. As between the Parties, Voya Data will be and remain the property of Voya Group. Supplier may not use Voya Data for any purpose other than to render the Services. No Voya Data will be sold, assigned, leased or otherwise commercially exploited by or on behalf of Supplier (or any Supplier Agent). Neither Supplier nor any Supplier Agent may possess or assert any lien or other right against or to Voya Data. To the extent Supplier has or acquires any rights in Voya Data, Supplier hereby irrevocably assigns, transfers and conveys to Voya (or the entity of Voya Group designated by Voya) all of its right, title and interest in and to Voya Data. Upon Voya Group's request, Supplier shall execute any documents (or take any other actions) as may be necessary, or as Voya Group may request, to enforce the rights of Voya Group in Voya Data. If such other actions impose a material cost on Supplier, such other actions shall be at Voya Group's cost and expense, unless such other actions are required as a result of a Supplier act or omission, in which case such other actions shall be at Supplier's cost and expense.
Section 7.02 Correction of Errors. Supplier shall promptly (1) notify Voya Group of any errors or inaccuracies in, or loss of, Voya Data if and when Supplier becomes aware of such errors or inaccuracies, (2) correct any such errors, inaccuracies or loss (including, restoring such Voya Data to the last backup, if necessary) at its cost and expense to the extent such errors, inaccuracies or loss are caused by Supplier's act or omission (unless such act or omission was taken at the direction of Voya Group) and (3) correct any such errors, inaccuracies or loss (including, restoring such Voya Data to the last backup, if necessary) upon Voya Group's request and at Voya Group's cost and expense to the extent such errors, inaccuracies or loss are (a) not caused by Supplier's act or omission or (b) caused by Supplier's act or omission taken at the direction of Voya Group. In the event of a dispute as to which Party caused such error, or inaccuracy, Supplier shall promptly correct such error, inaccuracy or loss at its cost and expense as directed by Voya Group pending the resolution of such dispute in accordance with the Dispute Resolution Procedures. If it is determined through the Dispute Resolution Procedures that Supplier did not cause such error, inaccuracy or loss, Voya Group shall compensate Supplier (using the applicable rates set forth in Schedule D) for Supplier's performance of the services necessary to correct such error, inaccuracy or loss.
Section 7.03 Data Security.
(1) | General. Supplier will establish and maintain (i) administrative, technical, and physical safeguards designed to protect against the destruction, loss, or alteration of Confidential |
– Voya Confidential – 25
Confidential Treatment Requested by Voya Financial, Inc.
Information, and (ii) appropriate security measures designed to protect Confidential Information, which measures meet or exceed the requirements of this Agreement and all applicable Laws relating to personal information security in its performance of Services. Supplier also will comply with the requirements of Schedule I. Without limiting the generality of the foregoing, Supplier will implement and maintain the following information security controls:
(a) privileged access rights will be restricted and controlled;
(b) | an inventory of assets relevant to the lifecycle of information will be maintained; |
(c) | network security controls will include, at a minimum, firewall and IDS services; |
(d) | detection, prevention and recovery controls to protect against malware will be implemented; |
(e) | information about technical vulnerabilities of Supplier’s information systems will be obtained by Supplier and evaluated by Supplier in a timely fashion and appropriate measures taken to address the risk; |
(f) | detailed event logs recording user activities, exceptions, faults, access attempts, operating system logs, and information security events will be produced, retained and regularly reviewed by Supplier; |
(g) | development, testing and operational environments will be separated to reduce the risks of unauthorized access or changes to the operational environment; and |
(h) | within a cloud environment, the network will be segregated so that Voya Data is separated from all other data using perimeter security mechanisms such as firewalls. |
(2) | Information Security Policies. Supplier will implement and maintain written policies and procedures that address the following areas: |
(a) | information security; |
(b) | data governance and classification; |
(c) | access controls and identity management; |
(d) | asset management; |
(e) | business continuity and disaster recovery planning and resources; |
(f) | capacity and performance planning; |
(g) | systems operations and availability concerns; |
(h) | systems and network security; |
(i) | systems and application development, quality assurance and change management; |
– Voya Confidential – 26
Confidential Treatment Requested by Voya Financial, Inc.
(j) | physical security and environmental controls; |
(k) | customer data privacy; |
(l) | patch management; |
(m) | maintenance, monitoring and analysis of security audit logs; |
(n) | vendor and third party service provider management; and |
(o) | incident response, including clearly defined roles and decision making authority and a logging and monitoring framework to allow the isolation of an incident. |
Supplier will assign an owner to each policy, who will have responsibility for developing, reviewing and periodically evaluating the policy. The policy review process will include assessing opportunities for improvement and evaluating Supplier’s approach to managing information security in response to changes within the organization or in the legal, technical or business environment. Each policy, including as revised, is subject to Voya’s review and approval with respect to its application to the Services and this Agreement.
(3) | Subcontractors. Supplier will implement and maintain policies and procedures designed to ensure the security of Confidential Information and related systems that are accessible to, or held by, subcontractors. Supplier will not allow any subcontractor or other third parties to access Supplier’s (or any of Voya Group’s) systems or store or process sensitive data, unless such subcontractor or third party have entered into written contracts with Supplier that require, at a minimum, the following: |
(a) | the use of *** authentication to limit access to sensitive data and systems; |
(b) | the use of encryption to protect sensitive data in transit, and the use of encryption or other mitigating controls to protect sensitive data at rest; |
(c) | notice to be provided within *** in the event of a cyber security incident; |
(d) | *** in the event of a cyber security incident that results in loss; |
(e) | the ability of Supplier or Supplier Agents to perform cyber security audits; and |
(f) | representations and warranties concerning information security. |
Supplier will review its subcontractors annually to ensure each subcontractor’s security practices are current, commercially reasonable, and in compliance with the terms of this Agreement. If Supplier determines that any subcontractor fails to meet the requirements set forth herein, Supplier will promptly notify Voya Group and take the necessary steps to remediate such failure. If Supplier is unable to remediate such failure to Voya Group’s reasonable satisfaction, Voya may immediately terminate this Agreement (in whole or in part) for material breach, but subject to the provisions of Section 19.02(1).
(4) | Encryption Standards, Multifactor Authentication and Protection of Confidential Information. |
– Voya Confidential – 27
Confidential Treatment Requested by Voya Financial, Inc.
(a) | Supplier will implement and maintain cryptographic controls for the protection of Confidential Information, including the following: |
(i) | use of encryption to protect Confidential Information, either stored or transmitted, including use of an encryption standard equal to or better than *** (or such higher encryption standard required by applicable law) to encrypt Confidential Information in transit over un-trusted networks; |
(ii) | use of *** to verify the authenticity or integrity of stored or transmitted Confidential Information; |
(iii) | use of *** to provide evidence of the occurrence or nonoccurrence of an event or action; |
(iv) | use of *** to authenticate users and other system entities requesting access to or transacting with system users, entities and resources; and |
(v) | development and implementation of policies on the use, protection and lifetime of cryptographic keys through their entire lifecycle. |
(b) | In addition to the controls described in Section 7.03(4)(a) above, Supplier will (i) implement *** authentication for (A) customer and administrator access to web applications that capture or display Confidential Information, (B) privileged access to database servers that allow access to Confidential Information or administrator consoles used to modify security configurations on the system or network, and (C) all access to internal systems and data from an external network; (ii) ensure that no PII or other Confidential Information is (A) placed on unencrypted mobile media, CDs, DVDs, equipment, or laptops or (B) accessed from or located ***; and (iii) ensure that media containing Confidential Information is protected against unauthorized access, misuse or corruption during transport. |
(5) | Information Security Roles and Responsibilities. Supplier will employ personnel adequate to manage Supplier’s information security risks and perform the core cyber security functions of identify, protect, detect, respond and recover. Supplier will designate a qualified member of the Service Delivery Organization to serve as its Chief Information Security Officer (“CISO”) responsible for overseeing and implementing its information security program and enforcing its information security policies. Supplier will define roles and responsibilities with respect to information security, including by identifying responsibilities for the protection of individual assets, for carrying out specific information security processes, and for information security risk management activities, including acceptance of residual risks. These responsibilities will be supplemented, where appropriate, with more detailed guidance for specific sites and information processing facilities. |
(6) | Segregation of Duties. Supplier shall segregate duties and areas of responsibility in order to reduce opportunities for unauthorized modification or misuse of Supplier’s assets and ensure that no single person can access, modify or use assets without authorization or detection. Supplier shall design the controls to separate the initiation of an event from its authorization. If segregation is not reasonably possible, Supplier shall utilize other controls, such as monitoring of activities, audit trails and management supervision. In addition, |
– Voya Confidential – 28
Confidential Treatment Requested by Voya Financial, Inc.
Supplier shall separate development, testing, and operational environments to reduce the risks of unauthorized access or changes to the operational environment.
(7) | Information Security Awareness, Education and Training. Supplier will provide regular information security education and training to all members of the Service Delivery Organization, as relevant for their job function. In addition, Supplier will provide mandatory training to information security personnel and require key information security personnel to stay abreast of changing cyber security threats and countermeasures. |
(8) | Vulnerability Assessments. Supplier will conduct *** vulnerability assessments that meet the following criteria: (a) all servers and network devices must be scanned at least ***; (b) all findings must be risk rated; (c) all findings must be tracked to closure based on risk; and (d) tools used for scanning must have signatures updated at least monthly with the latest vulnerability. Supplier will implement and maintain a formal process for tracking and resolving issues in a timely fashion. Upon Voya Group’s reasonable request, and subject to any more specific reporting or other obligations in a Statement of Work, Supplier will provide to Voya Group a summary of the findings of Supplier’s most recent vulnerability assessment. ***. |
(9) | Physical and Environmental Security. Supplier will implement measures designed to make all sites physically secure, including: (a) sound perimeters with no gaps where a break-in could easily occur; (b) exterior roof, walls and flooring of sound construction and all external doors suitable protected against unauthorized access with control mechanisms such as locks, bars, alarms, etc.; (c) all doors and windows locked when unattended; (d) equipment protected from power failures and other disruptions caused by failures in supporting utilities; (e) *** and (g) visitor sign-in/ mandatory escort at site. |
(10) | Data Security Breach Notification. |
(a) | If Supplier knows of any circumstance that may constitute or result in a Data Security Breach constituting a meaningful threat to Voya Group’s Data, including any threat or perceived threat that may prevent Supplier from complying with all of Voya Group’s applicable security requirements set forth in this Agreement and the Voya Data Safeguards, Supplier will: (i) immediately (and in any event within *** hours after Supplier, or its Affiliate or subcontractor learns of such Data Security Breach) report such Data Security Breach to Voya by sending an email to XX-XX-XXXXXxxxxxxxx@xxxx.xxx, summarizing in reasonable detail the effect on Voya Group, if known, and designating a single point of contact at Supplier who will be available to Voya Group *** for information and assistance related to the Data Security Breach; (ii) investigate such Data Security Breach, perform a root cause analysis, develop a corrective action plan and take all necessary corrective actions; (iii) mitigate, as expeditiously as possible, any harmful effect of such Data Security Breach and cooperate with Voya Group in any reasonable and lawful efforts to prevent, mitigate, rectify and remediate the effects of the Data Security Breach; (iv) provide a written report to Voya Group containing all information necessary for Voya Group to determine compliance with all applicable Laws, including the extent to which notification to affected persons or to government or regulatory authorities is required; (v) provide Voya Group with *** information; and (vi) cooperate with Voya Group in providing any filings, communications, notices, press releases or |
– Voya Confidential – 29
Confidential Treatment Requested by Voya Financial, Inc.
reports related to such Data Security Breach. The content of any public filings, communications, notices, press releases or reports by Cognizant related to any Data Security Breach must be approved by Voya to the extent they could be used to identify Voya Group, its Service Recipients or any of its customers prior to publication or communication thereof, such approval not to be unreasonably withheld or delayed.
(b) | Without limiting any other rights or remedies that may be available to Voya Group, Supplier shall be responsible for and will be liable to pay or reimburse Voya Group for any reasonable costs, reasonable expenses or damages associated with any Data Security Breaches to the extent *** caused by the failure of Supplier to comply with its obligations under this Agreement ***, including: (i) expenses incurred to provide notice to persons affected by the Data Security Breach and to law-enforcement agencies, regulatory bodies or other third parties as required to comply with Law, ***; (ii) expenses incurred by Voya Group to *** to comply with applicable Laws and/or relevant industry standards; (iii) expenses related to any reasonably anticipated and commercially recognized consumer data breach mitigation efforts, including costs associated with the offering of credit monitoring, identify theft protection or other similar mitigation products for a period of at least *** months or such longer time as is required by applicable Laws or standard practices, or any other similar protective measures designed to mitigate any damages to the affected persons; (iv) expenses incurred to retain a call center or to develop any internal or external communication materials if reasonably necessary in order to respond to inquiries regarding the Data Security Breach for a period of *** or such longer time as is reasonably required by Law ***; and (v) fines, penalties that Voya Group pays to any governmental or regulatory authority under legal or regulatory order as a result of the Data Security Breach; and (vi) reasonable actual expenses incurred ***. |
(11) | Risk Assessment. Upon Voya Group’s request no more than once per year, Supplier will complete Voya Group’s Vendor Risk Assessment process (“VRA Process”), which includes Suppliers obligations under Section 12.03. Supplier’s most recently completed VRA questionnaire is attached as part of Schedule I. Supplier represents and warrants that, as of the Effective Date, the statements in such completed questionnaire are true and correct in all material respects; Supplier will notify Voya Group promptly in writing if any such statement is no longer true and correct in all material respects, which notice will specify in reasonable detail the reason(s) for the same. Supplier will not knowingly provide any false, misleading or incomplete information in connection with the VRA process. With respect to Supplier’s administrative, technical and physical safeguards to protect Confidential Information, Supplier will notify Voya Group prior to making any change that Supplier should reasonably have known could adversely affect the controls or standards of protection previously specified or approved through the VRA process. Supplier’s failure to meet or exceed any of the requirements, standards, or controls set forth in Supplier’s most recently completed VRA questionnaire at any time during the Term will constitute a material breach of this Agreement by Supplier, upon which Voya will have the right to terminate this Agreement (in whole or in part), immediately upon written notice to Supplier, but subject to the provisions of Section 19.02(1). |
– Voya Confidential – 30
Confidential Treatment Requested by Voya Financial, Inc.
(12) | Penetration Testing. If any Services to be provided by Supplier include the hosting or support of (a) one or more externally facing applications that can be used to access systems that store or process Voya Data, or (b) one or more internal applications that store or process data classified by Voya Group as “Confidential” or “Secret”, the terms of this Section 7.03(12) will apply. Every twelve (12) months during the Term and prior to any major changes being moved into production, Supplier will conduct a Valid Penetration Test on each application described in clause (a) or (b) above. As used herein, a “Valid Penetration Test” means a series of tests performed by a third-party certified testing professional or a team of third-party certified professionals, which tests mimic real-world attack scenarios on the information system under test and include the following: (A) information-gathering steps and scanning for vulnerabilities; (B) manual testing of the System for logical flaws, configuration flaws, or programming flaws that impact the System’s ability to ensure the confidentiality, integrity, or availability of Voya Group’s information assets; (C) system-compromise steps; (D) escalation-of-privilege steps; and (E) assignment of a risk rating for each finding based on the level of potential risk exposure to Voya Group’s brand or information assets. Within thirty (30) days after the completion of each Valid Penetration Test, Supplier will review the results of such Valid Penetration Test with Voya Group and provide the following documentation for Voya Group’s review: (i) the penetration test report (which may be redacted to ensure confidentiality of the technical details of the flaws in the system under test) showing the testing methodology used for performing the testing, which report will include information-gathering steps, vulnerability scanning, manual testing, system compromise, and escalation of privilege steps; (ii) a timeline for remediation of any issues identified in the report; and (iii) a timeline for other penetration-testing activity until the next annual review. |
(13) | Cyber Security Response Planning. The Parties will cooperate to ensure a coordinated response to any cyber security incident that impacts Supplier or the Services provided to Voya Group hereunder. Such cooperation will include, without limitation, designating a single point of contact, with a back-up*** and documenting processes and procedures to be followed in the event of a cyber security incident. In addition, upon Voya Group’s request, no more than once per year, Supplier will participate in a cyber security response exercise arranged by Voya Group, which will include making qualified members of the Service Delivery Organization available by teleconference for up to three (3) Business Days (no more than eight (8) hours per day) to simulate a coordinated response to a hypothetical cyber security incident. The framework for such exercise will be based on an industry standard or practice. |
Section 7.04 Privacy and PII. To the extent required in order to comply with applicable Law concerning processing of PII, each Party shall cause its respective Affiliates to execute a data transfer agreement and to make such amendments to such agreement as may be required under applicable Law from time-to-time. With respect to any PII, Supplier shall:
(1) | process all PII accessed, obtained, developed, or processed by Supplier only to perform its obligations under this Agreement and as specifically permitted by this Agreement, and/or as otherwise instructed in writing from time-to-time by Voya Group; |
(2) | not use such PII for any other purpose including for its own commercial benefit; |
(3) | treat all PII as Confidential Information; |
– Voya Confidential – 31
Confidential Treatment Requested by Voya Financial, Inc.
(4) | ensure that all PII accessed, obtained, developed, or processed by Supplier on behalf of Voya Group is not subject to unauthorized alteration or deletion, accidental or unlawful destruction, accidental loss or alteration while such PII is under the control of Supplier; |
(5) | ensure that all appropriate administrative, technical and physical measures are taken to protect PII under the control of Supplier against unauthorized disclosure or access and against all other unlawful forms of processing to meet or exceed the requirements of the Voya Data Safeguards; |
(6) | comply with the provisions of this Agreement and the reasonable instructions of Voya Group to return, store or destroy the PII; |
(7) | comply with all applicable Laws with respect to processing of PII and take any additional steps reasonably requested by Voya Group to comply with any notification or other obligations required under such Laws; |
(8) | limit access to and possession of PII only to those members of the Service Delivery Organization whose responsibilities under this Agreement reasonably require such access or possession; |
(9) | notify Voya Group promptly upon becoming aware of a breach of any of the forgoing clauses in this Section; |
(10) | notify Voya Group prior to making any change with respect to Supplier's administrative, technical and physical measures to protect PII that Supplier should reasonably have known could adversely affect the controls or standards of protection previously specified or approved; |
(11) | notify Voya Group promptly (and in any event no later than *** days after receipt) of any communication received from a Data Subject relating to the security of such Data Subject's PII or rights to access, modify or correct his or her PII that is outside of the usual course of Services, and comply with all reasonable instructions of Voya Group before responding to such communications; |
(12) | permit Voya Group or its designees to inspect a Service Location upon *** prior written notice to ensure Supplier's compliance with Voya Group's “clean desk” policy and other applicable Voya Data Safeguards, subject to the limitations set forth in Section 12.04; and |
(13) | cause the members of the Service Delivery Organization to attend such training as the Voya Group may request from time to time with respect to PII. |
Section 7.05 Regulatory Information. Supplier shall promptly provide to Voya Group any information or records maintained by Supplier in connection with the Services that are requested by any Governmental Authority or otherwise required to answer any inquiries from any Governmental Authority.
Section 7.06 HIPAA Compliance. Supplier shall provide the Services and process all PHI in accordance with HIPAA. All processing of PHI by Supplier shall be in accordance with, and subject to the executed HIPAA Business Associate Agreement in the form set forth in Schedule J (the “BAA”). In the event of a conflict between the terms and conditions of the BAA and the terms and conditions
– Voya Confidential – 32
Confidential Treatment Requested by Voya Financial, Inc.
of this Agreement, the terms and conditions of the BAA shall govern. Supplier shall, with respect to any PHI: (1) comply with the BAA and the provisions set forth in Section 7.03(4); (2) make no attempt to identify PHI that has been partially de-identified; and (3) not contact the individuals to whom the PHI pertains except to the extent it is required to do so under this Agreement.
Section 7.07 Information Security Audit. Notwithstanding the foregoing, Supplier agrees that, subject to the provisions set forth in Section 12.04, a Voya Auditor may from time-to-time conduct on-site inspections to review and assess the adequacy of Supplier's information security measures and Supplier shall, at no additional cost or expense to Voya Group, promptly remedy all deficiencies found as a result of such assessment.
ARTICLE 8 ACCEPTANCE PROCEDURES.
Section 8.01 Acceptance Criteria.
(1) | All Services, Milestones and Deliverables will be subject to review and Acceptance by Voya Group. The Parties shall comply with the Acceptance Procedures set forth in this ARTICLE 8 and/or the applicable Statement of Work or Project Plan. |
(2) | The Acceptance Criteria for each Acceptance Element shall be set forth in the applicable Statement of Work or Project Plan for the Project under which such Acceptance Element is to be completed. |
(3) | The Acceptance Criteria may include the procedures and criteria for testing whether the applicable Acceptance Element meets the relevant requirements, including: |
(a) | measurable and objective details of the criteria to be met and the results which must be produced for the Milestone or Deliverable to meet the Acceptance Criteria; and |
(b) | the Party who shall undertake the Acceptance Testing. |
(4) | For each Acceptance Element, in the absence of any documented Acceptance Criteria mutually agreed by the Parties, the Acceptance Criteria will be as reasonably determined by Voya Group, and based on relevant past practice (if any) with Supplier on Acceptance Criteria as it relates to the particular Acceptance Element. |
(5) | Unless otherwise set forth in the applicable Acceptance Criteria, Statement of Work or Project Plan, Supplier shall provide each written Deliverable to Voya Group in electronic format, on such media or in such manner as Voya Group may reasonably request. |
(6) | Acceptance of a Milestone is predicated on the successful completion of any applicable Deliverables related to such Milestone. |
Section 8.02 Review and Acceptance of Milestones and Deliverables.
(1) | Supplier shall provide Voya Group with reasonable prior notice of when Supplier believes such Milestone will be achieved or when Voya Group will be receiving such Deliverable, for purposes of review and Acceptance. |
– Voya Confidential – 33
Confidential Treatment Requested by Voya Financial, Inc.
(2) | During the Review Period, Voya Group may review such Milestone or Deliverable to ascertain whether it complies with its Acceptance Criteria. |
(3) | Unless otherwise specified in the Acceptance Criteria for such Milestone or Deliverable, the Review Period for a particular Milestone or Deliverable shall be fifteen (15) Business Days from when (a) Supplier notifies Voya Group that Supplier believes the Milestone is ready for Voya Group’s review or (b) the Deliverable is delivered or transmitted to Voya Group; provided, however, that if Voya Group requests an extension in writing prior to the end of such Review Period, then such period shall be extended an additional ten (10) Business Days or such shorter time requested by Voya Group. In the event Voya Group rejects the Milestone or Deliverable for its failure to satisfy the Acceptance Criteria, Voya Group will notify Supplier and provide reasonable details of the failures, errors or non-conformities. |
(4) | If Voya Group does not Accept or reject a Milestone or Deliverable by the end of the Review Period, then: |
(a) | If Voya Group did not extend the initial Review Period in accordance with Section 8.02(3) above, then Supplier shall so inform the Voya Senior Executive in writing, and Voya Group will be given an additional Review Period of five (5) Business Days from receipt, or such other period agreed by the Parties for such Milestone or Deliverable. If Voya Group does not notify Supplier of its Acceptance or rejection of such Milestone or Deliverable prior to the end of the second Review Period, then Voya Group will be deemed to have Accepted such Milestone or Deliverable; or |
(b) | If Voya Group extended the initial Review Period in accordance with Section 8.02(3) above, then there shall be no second Review Period and Voya Group will be deemed to have Accepted such Milestone or Deliverable. |
For clarity, Acceptance will occur only as described above in this Section 8.02, and no Milestone or Deliverable will otherwise be deemed to be Accepted by Voya Group, including based on payment or use of such Milestone or Deliverable.
(5) | If Voya Group rejects any Milestone or Deliverable for failure to meet the Acceptance Criteria, Supplier shall, subject to Section 8.05 below, promptly (and in any event within five (5) Business Days, unless the Parties mutually agree otherwise) correct and remedy any failures, errors or non-conformities reported by Voya Group, at no additional cost to Voya Group. After such Milestone or Deliverable has been corrected as described above, Supplier shall provide the revised Milestone or Deliverable to Voya Group, whereupon the procedures set out in this Section 8.02 will be repeated, in each case subject to Section 8.05 below, until Acceptance is achieved. |
Section 8.03 Project Phases and Milestones.
(1) | Project Plan. Each Project Plan shall specify the phases of the applicable Project (each, a “Project Phase”) and the Acceptance Elements applicable to the Project and each Project Phase, including: |
(a) | the Completion Date for each Acceptance Element; |
(b) | the time period during which Acceptance Testing is to be performed; |
– Voya Confidential – 34
Confidential Treatment Requested by Voya Financial, Inc.
(c) | the dates by when Acceptance Testing is scheduled to commence and be completed (and may also include dates by which Supplier must complete any remediation that may be necessary to address and resolve nonconformities); and |
(d) | any applicable Milestone Credits for failure to achieve Acceptance for a Milestone by its Completion Date. |
(2) | Project Phase Review Meetings. At the end of each of Project Phase, the Parties shall hold a review meeting to assess the status of completion and the quality of Supplier’s activities relevant to the completion of such Project Phase, together with an assessment as to whether the associated Acceptance Elements have been achieved. |
(3) | Project Delays and Milestone Credits. |
(a) | If Supplier becomes aware of any circumstances that may reasonably be expected to jeopardize the timely and successful completion (or delivery) of any Acceptance Element by its Completion Date, Supplier shall promptly notify Voya Group of such possibility and use commercially reasonable efforts to avoid or minimize any delays in performance; provided, however, that Supplier shall remain responsible for the original Completion Date for such Acceptance Element except as otherwise provided under Section 2.05. |
(b) | In any such case, Supplier shall allocate additional resources to the Project (except to the extent none are reasonably available) to attempt to meet the Completion Date for such Acceptance Element. Such additional resources will be provided without any additional fees to Voya Group; provided, however, to the extent the triggering circumstance was due to Voya Group’s failure, then any such additional resources would be subject to the Change Procedures. |
(c) | [Reserved] |
(d) | In addition, Supplier shall offset any accrued undisputed Milestone Credits against the next invoice issued to Voya Group. |
(e) | Milestone Credits shall not be construed as a penalty or as liquidated damages for any failure to achieve Acceptance of a Milestone prior to its Completion Date, nor shall Milestone Credits be deemed to constitute Voya Group’s sole remedy, exclusive or otherwise, for any damages caused by such a failure. Milestone Credits shall be in addition to any other monetary and non-monetary remedies available to Voya Group under this Agreement, at law, or in equity, provided, however, the amount of any damages payable to Voya Group in connection with the applicable Milestone failure will be reduced by the amount of any Milestone Credit paid to Voya. Supplier hereby irrevocably waives any claim or defense that Milestone Credits are not enforceable or that they constitute a sole and exclusive remedy of Voya Group with respect to any such failure. |
Section 8.04 Acceptance Testing.
(1) | General. |
– Voya Confidential – 35
Confidential Treatment Requested by Voya Financial, Inc.
(a) | In accordance with the responsibilities allocated to each Party in the applicable Statement of Work and Project Plan or as otherwise determined by Voya Group, Supplier shall either conduct Acceptance Testing of each Acceptance Element or provide Voya Group with the cooperation and assistance required or requested by Voya Group in connection with Voya Group’s Acceptance Testing, including any necessary technical support, assistance and advice to resolve any open questions or issues during Acceptance Testing. |
(b) | In all instances, Supplier shall perform such tests as it reasonably determines are necessary to satisfy itself that Voya Group (or Supplier, as applicable) should commence the performance of Acceptance Testing in accordance with the applicable Statement of Work and Project Plan. |
(2) | Go Live Milestones – Service Readiness Tests. |
(a) | For each Project or portion of a Project that includes a Go Live Milestone, the provisions of this Section 8.04(2) shall apply with respect to such Go Live Milestone. |
(b) | Supplier shall provide Voya Group reasonable notice of the dates and times at which Supplier will perform the Service Readiness Tests (as described below) for the Go Live Milestone. Supplier shall permit Voya Group and any third party appointed by Voya Group to attend the performance of such tests. |
(c) | Each Go Live Milestone shall only be achieved when Supplier has successfully completed the Service Readiness Tests and the results (including Deliverables) are shared with and Accepted by Voya Group. |
(d) | The applicable Statement of Work or Project Plan may set forth the Service Readiness Tests and the associated Acceptance Criteria for each Go Live Milestone, so as to assess whether Supplier is ready to start performing the applicable Services in a live production environment and in place of Voya Group and/or any outgoing service provider (including, where relevant, an assessment of the performance, functionality, scalability and integration of the system and its constituent parts); provided, however, in the absence of any documented Acceptance Criteria in the Statement of Work or Project Plan, the Acceptance Criteria instead shall be reasonably determined by Voya Group and based on relevant past practice (if any) with Supplier. |
(e) | Notwithstanding that Voya Group may have Accepted certain related Acceptance Elements prior to the performance of the Service Readiness Tests for a Go Live Milestone, Voya Group may, as part of the testing of the Go Live Milestone, re-perform Acceptance Testing against the original Acceptance Criteria with respect to such Acceptance Elements as Voya Group considers reasonably appropriate. If any such re-tested Acceptance Element is rejected by Voya Group based on a failure to meet the original Acceptance Criteria that could not reasonably have been ascertained during the Review Period for the Acceptance Element, Supplier shall promptly remedy such non-conformities identified by Voya Group and resubmit such Acceptance Element for testing and Acceptance. |
– Voya Confidential – 36
Confidential Treatment Requested by Voya Financial, Inc.
(f) | The Service Readiness Tests, at a minimum and in the absence of any agreement between the Parties to the contrary, shall include: |
(i) | technology readiness testing; |
(ii) | security testing; |
(iii) | business continuity/failover testing; |
(iv) | main process scenario testing; |
(v) | end-user testing; |
(vi) | hand-off testing; and |
(vii) | quality of transaction testing. |
Section 8.05 Additional Terms on Acceptance and Rejection.
(1) | When Voya Group has confirmed that Supplier has satisfied the relevant Acceptance Criteria with respect to an Acceptance Element, Voya Group shall issue its Acceptance of such Acceptance Element, and where applicable, such Project Phase. |
(2) | If Supplier fails to deliver any Acceptance Element by its required delivery date, or if any Acceptance Element is not corrected after Supplier has had one opportunity following Voya Group’s rejection, then in either case Voya Group may do one or more of the following without prejudice to any other rights and remedies available to Voya Group in this Agreement, at law or in equity: |
(a) | engage a third party to remedy the defects, errors or failures preventing the Acceptance Criteria from being met, and recover the reasonable additional costs in doing so from Supplier, such recovery to be capped at an amount equal to an equitable percentage of the Fees for the Acceptance Element (based on the relative size, *** of the component of the Acceptance Element that is subject to the defect/error/failure); in which case Supplier shall provide all assistance reasonably required by Voya; |
(b) | require Supplier to continue working to correct the applicable non-conformity in accordance with Section 8.05(3), at no additional cost; |
(c) | refuse the Acceptance Element (in each case in whole or in part in Voya Group's sole discretion), in which case Voya Group shall return the Acceptance Element and Supplier shall promptly credit to Voya Group the amounts paid in respect of such Acceptance Element or a portion thereof; and |
(d) | where the failure of the Acceptance Element to achieve Acceptance materially impacts the benefit that Voya Group can derive from other Acceptance Elements, reject the Acceptance Element and all such other materially impacted Acceptance Elements, and return all rejected Acceptance Elements to Supplier, in which case |
– Voya Confidential – 37
Confidential Treatment Requested by Voya Financial, Inc.
Supplier shall promptly credit to Voya Group the amounts paid in respect of the rejected items..
(3) | If Voya Group requires Supplier to correct the non-conformity, Supplier shall promptly, at Supplier’s sole cost and expense, correct the non-conforming Acceptance Element so that it conforms with the Acceptance Criteria in accordance with the time lines set forth in the Project Plan or applicable Statement of Work, or if no applicable dates are set forth, within five (5) Business Days or such other period of time mutually agreed by Voya Group and Supplier, and complete and resubmit such Acceptance Element to Voya Group for further review. |
(4) | Upon any resubmission pursuant to Section 8.05(3), the applicable Party shall conduct Acceptance Testing for such Acceptance Element and Voya Group shall have the rights set forth above. |
(5) | Notwithstanding a failure to achieve Acceptance of an Acceptance Element or Go Live Milestone, Voya Group shall have the right to require Supplier to proceed with the provision of Services, including in respect of further Deliverables, Milestones or phases following the relevant Go Live Milestone, provided that if Supplier does so: |
(a) | Supplier shall promptly provide such unapproved or non-Accepted Acceptance Elements to Voya Group, for Voya Group to review pursuant to the procedures above, provided that such review period will be limited to five (5) Business Days (unless mutually agreed otherwise); |
(b) | any rework performed by Supplier as a result of failing to have the Acceptance Element approved when required, shall not be chargeable to Voya Group and shall be performed at Supplier's cost; and |
(c) | where Supplier does continue to perform the Services in the situations described in this Section 8.05(5), Supplier shall not be entitled to claim relief in relation to any failure or delay in the performance of the Services to the extent related to a failure in having the Acceptance Element approved. |
ARTICLE 9 FEES AND INVOICING.
Section 9.01 Fees. Voya Group shall pay to Supplier the fees, not otherwise disputed in good faith, as set forth in Schedule D and the applicable Statement of Work for the performance of the Services described in such Statement of Work (the “Fees”) within *** days after receipt of a correct and complete invoice from Supplier in accordance with this ARTICLE 9. Voya Group shall be under no obligation to pay any Fees for Services not provided by Supplier or for the re-performance of Services that had not been performed in accordance with the terms of this Agreement. Voya Group shall not be required to pay any invoice delivered more than *** days after the end of the month for which such invoice applies. Any obligation by Voya Group or any Service Recipient to pay any amounts pursuant to this Agreement shall be subject to the terms and conditions set forth in Schedule D or in the applicable Statement of Work.
Section 9.02 Expenses.
– Voya Confidential – 38
Confidential Treatment Requested by Voya Financial, Inc.
(1) | Except as expressly set forth in this Agreement or a Statement of Work, (a) the Fees are intended to compensate Supplier for its costs and expenses in providing the Services, including for assets and resources used to support the Services as well as travel-related expenses; and (b) Voya Group shall have no obligation to pay to (or reimburse to) Supplier or any other party any amounts in addition to the Fees. |
(2) | If any expenses are to be reimbursed by Voya pursuant to the express terms of this Agreement or a Statement of Work, such expenses shall be reimbursed only if they are: (a) reasonable and customary; (b) approved by Voya in accordance with the Voya Group guidelines provided to Supplier in advance and in writing; and (c) itemized on the month's invoice following the month in which the expenses incurred (with Supplier providing Voya with receipts supporting each individual expense over $25, to the extent requested by Voya). |
(3) | To the extent any travel expenses are reimbursable pursuant to this Agreement, Supplier shall cause the Service Delivery Organization members to comply with Voya Group's travel expense guidelines, as provided to Supplier in advance and in writing. |
Section 9.03 Currency. Unless otherwise set forth in the applicable Statement of Work, each invoice submitted to Voya Group shall be denominated and paid in U.S. dollars.
Section 9.04 Invoices.
(1) | Supplier shall invoice Voya Group for the Fees on a monthly basis in accordance with the procedure set forth in the applicable Statement of Work. Supplier shall provide with each invoice such reasonable documentation supporting the charges as Voya Group may reasonably request. |
(2) | Supplier shall maintain, in secure locations (to prevent destruction and unauthorized access) and in accordance with Generally Accepted Accounting Principles and Practices, records sufficient to substantiate the Fees including such records required to be kept by Governmental Authorities. Supplier shall retain such records for the longest of (a) the period required by Law, (b) the Policy of Voya Group with respect to records retention, including as it relates to legal holds, and (c) seven (7) years after the creation of such records which shall survive expiration or termination of this Agreement. Such records shall be accessible pursuant to ARTICLE 12. |
Section 9.05 Credits. Any undisputed credit or reimbursement due to Voya Group by Supplier under this Agreement may be applied against any invoice payable by one or more members of the Voya Group, as designated by Voya. If Supplier owes Voya Group a credit or other amount under the Agreement, Supplier will issue Voya a credit invoice in the amount owed which contains or is supported by information identifying the source and reason for the payment or credit in sufficient detail to allow Voya to properly allocate and account for it. Supplier shall issue such credit invoices in the month following the month in which the credit accrued (or, for a Service Level Credit, the month following the month in which the Service Level Default giving rise to the Service Level Credit occurred). If no payable invoices remain, then Supplier shall pay the credit to Voya (or a member of Voya Group as designated by Voya) within *** days of it becoming due.
Section 9.06 e-Procurement System. Supplier acknowledges that Voya Group has deployed an electronic system for ordering goods and services from its suppliers (such system, including any replacements thereof deployed by Voya Group, being the “e-procurement system”). In order to
– Voya Confidential – 39
Confidential Treatment Requested by Voya Financial, Inc.
provide Services to Voya Group, Supplier must (1) register on the e-procurement system, (2) work with Voya Group, as appropriate, to develop and implement a catalog (custom or punch out) defining the Services that may be purchased, and (3) work with Voya Group as appropriate to utilize the e-procurement system to invoice Voya Group electronically. Each Party is responsible for its own costs associated with meeting the above requirements. To the extent the e-procurement system charges any fees to Supplier for its use under this Agreement, the Parties shall discuss the applicability of such charges in the next meeting of the Supplier Senior Executive and Voya Senior Executive. Supplier acknowledges that failure to comply with this Section may result in payment delays by Voya Group. Notwithstanding any implication to the contrary contained in this Agreement, any delay in payment by Voya Group that results from a failure of Supplier to comply with this Section shall not constitute a “late” payment or otherwise be considered a breach by Voya Group of its obligations under this Agreement.
ARTICLE 10 TAXES.
Section 10.01 In General.
(1) | Subject to the other provisions of this Article, (a) the Fees paid to Supplier are exclusive of any applicable Service Taxes, and (b) Voya shall be financially responsible for Service Taxes which are required to be remitted by Supplier, but only to the extent Supplier issues a legally valid invoice with the detail required by Section 10.04. ***. |
(2) | Supplier shall collect and remit any Service Taxes in all applicable jurisdictions in which Supplier is required to collect the Service Taxes as required by Law except where Voya timely provides Supplier a legally valid exemption certificate. |
(3) | To the extent practicable, Supplier shall provide all goods and Services under this Agreement in non-tangible form, with no exchange of tangible personal property. |
Section 10.02 Income Taxes. Each Party shall be responsible for its own Income Taxes and any taxes on its personal property.
Section 10.03 Tax on Inputs.
(1) | Each Party shall be responsible for any Service Taxes payable on hardware, Software or property such Party owns or leases from a third party, or for which such Party is financially responsible under this Agreement. |
(2) | Supplier shall be responsible for all Service Taxes on any goods or services used or consumed by Supplier in providing the Services (including services obtained from subcontractors) where such Taxes are imposed on Supplier's acquisition or use of such goods or services. |
Section 10.04 Invoicing. To the extent that any Service Tax is to be paid by Voya, Supplier shall separately identify such Service Tax or provide a legally valid invoice. The Parties shall reasonably cooperate to segregate the Fees into the following separate payment streams: (1) those for taxable goods or Services, separately identifying each good and Service with the appropriate tax applied and the location to which the taxable good or Service is provided; (2) those for nontaxable goods or Services; (3) those for which Service Tax has already been paid; and (4) those for which Supplier functions merely as a paying agent for Voya in receiving goods, supplies or services (including
– Voya Confidential – 40
Confidential Treatment Requested by Voya Financial, Inc.
leasing and licensing arrangements) that otherwise are nontaxable or have been previously subject to Service Tax.
Section 10.05 Withholding Tax. Any withholding tax or other tax of any kind that Voya is required to withhold and pay on behalf of Supplier with respect to amounts payable to Supplier under this Agreement shall be deducted from such payable amount prior to remittance to Supplier.
Section 10.06 Filings and Registrations. Each Party represents, warrants and covenants that it shall file appropriate Tax returns, and pay applicable Taxes owed arising from or related to the provision of the Services in applicable jurisdictions.
Section 10.07 Cooperation. Voya and Supplier shall promptly notify each other and coordinate with each other in the response to and settlement of any claims for Service Taxes asserted by applicable Tax Authorities that Voya or Supplier is responsible for under this Agreement. In addition, Voya and Supplier shall reasonably cooperate with the other to more accurately determine each Party's Tax liability and (without incurring additional aggregate costs) to minimize the other Party's Tax liability, to the extent legally permissible. Voya Group and Supplier shall timely provide and make available to the other any required exemption certificates, resale certificates, information regarding out-of-state sales or use of equipment, materials or services, and any other information requested or required to be provided to each Party. Voya and Supplier each shall be entitled to any Tax refunds, credits or rebates obtained with respect to the taxes for which such Party is financially responsible under this Agreement.
ARTICLE 11 GOVERNANCE AND CHANGE CONTROL.
Section 11.01 Governance. The Parties shall comply with the governance procedures set forth in Schedule F.
Section 11.02 | Change Procedures. |
(1) | Supplier shall perform all Changes in accordance with this Section 11.02 and the provisions of Schedule C. In no event will Supplier make a Change except through documented, previously agreed processes or upon prior written approval of Voya, except in the case of an emergency, as further described in Schedule C. Schedule C describes the process for both Normal Changes and Mandatory Changes. |
(2) | A Change will result in an increase to the Fees only as expressly described in this Agreement, the applicable Statement of Work and Schedule C. Notwithstanding the foregoing, a Change will be provided at no additional cost to Voya Group so long as such Change can be made and provided without adversely impacting the ordinary course of Supplier’s provision of the Services, using then-existing resources used to perform the Services during their normal working hours, without adversely affecting Service Levels (if applicable) and without incurring additional third party expenses. Further, any Changes to Voya Group processes and procedures that are consistent with generally accepted industry standards shall be made by Supplier at no additional cost to Voya Group. All costs that are the responsibility of Voya Group must be approved by Voya in advance. |
(3) | If Voya requests the removal of a Service, and the charging mechanisms under this Agreement do not provide for a reduction in the Fees, then there shall be an equitable reduction in the Fees to account for such removal. |
– Voya Confidential – 41
Confidential Treatment Requested by Voya Financial, Inc.
Section 11.03 Dispute Resolution. The following are the Dispute Resolution Procedures:
(1) | Any dispute arising under this Agreement that is not resolved in the ordinary course of business shall be discussed in person or by telephone by the Supplier IT Executive and the Voya IT Executive within five (5) Business Days after receipt of a notice from either Party specifying the nature of the dispute. If the Supplier IT Executive and the Voya IT Executive are unable to resolve the dispute within such five (5) Business Day period (or do not meet within such period), the dispute shall be escalated to the Supplier Senior Executive and the Voya Senior Executive for resolution, upon the request of either Party. At Voya Group's option, such escalation meetings shall take place at a Voya Group office designated by Voya Group. Notwithstanding the foregoing, if either Party deems a dispute to require “emergency” resolution, such Party may escalate the dispute upon written notice directly to the Supplier Senior Executive and Voya Senior Executive. |
(2) | If the Supplier Senior Executive and the Voya Senior Executive are unable to resolve the dispute within ten (10) Business Days after escalation (or are unable to meet within such period), then either Party may pursue its rights and remedies under this Agreement, including initiating judicial proceedings. |
(3) | The foregoing shall not prevent or delay either Party from seeking equitable remedies available under Law at any time. |
ARTICLE 12 AUDITS.
Section 12.01 Service Audits. Upon reasonable prior notice to the Supplier Service Delivery Executive, Voya Auditors may audit systems, facilities, processes, records, subcontractors of Supplier, including for purposes of: (1) verifying the integrity of Voya Data, (2) examining the systems that process, store, support and transmit Voya Data (including system capacity, performance and utilization), (3) examining internal controls (e.g., financial controls, compliance controls (to include gift, entertainment and charitable contributions reporting related to Voya Group personnel), human resources controls, organizational controls, input/output controls, system modification controls, processing controls, system design controls and access controls), pertaining to the Services including those controls required by this Agreement or the Policies and Procedures Manual, (4) examining Supplier’s performance of the Services, (5) examining Supplier’s measurement, monitoring and management tools, (6) examining incidents or issues with the Services, (7) enabling Voya Group to meet applicable legal, regulatory and contractual requirements, and (8) otherwise verifying compliance with Supplier’s obligations under this Agreement or applicable Law relating to the provision of Services. Supplier shall provide Voya Auditors with (a) any assistance and information that they may reasonably require in conducting any such audit, including installing and operating audit software subject to restrictions or procedures reasonably required by Supplier, (b) make requested members of the Service Delivery Organization, records and information available to Voya Auditors, and (c) in all cases, provide such assistance, personnel, records and information in a prompt manner to facilitate the timely completion of any such audit. Upon notification that an audit identifies that: (i) Supplier is not in compliance with this Agreement; or (ii) Voya Group is not in compliance with applicable Laws due to Supplier's non-compliance with this Agreement, then in each case, Supplier shall promptly correct such non-compliance and, if such correction takes more than 72 hours to complete, Supplier shall provide Voya a plan for correcting such non-compliance no later than 24 hours after such 72 hour period, for Voya's review and approval.
– Voya Confidential – 42
Confidential Treatment Requested by Voya Financial, Inc.
Section 12.02 Financial Audits. Upon reasonable prior notice to the Supplier Service Delivery Executive (but in any event no more than twice per year, unless an inaccuracy is discovered, in which case another audit during such year is permitted), Supplier shall provide Voya Auditors with reasonable access to the applicable portions of the records and supporting documentation as may be requested by Voya Auditors to audit and determine if the Fees are accurate and in accordance with this Agreement as well as compliance with financial terms and conditions of this Agreement. If such audit reveals that Supplier has overcharged Voya Group, upon notice of the amount of such overcharge: (1) Supplier shall promptly provide a credit note to Voya Group for the amount of the overcharge; and (2) if the amount of the overcharge is greater than ten percent (10%) of the amount of total Fees that were subject to the audit, Supplier shall promptly reimburse Voya Group for the reasonable cost and expense of such audit, up to an amount equal to the amount of the overcharge.
Section 12.03 SOC Audits.
(1) | Each year, at *** cost and expense, Supplier shall engage a third party internationally recognized auditor to conduct an annual Services-specific SOC 1 Type II audit in accordance with SSAE 18 standards and an annual Services-specific SOC 2 Type II audit (addressing at a minimum the principles of security and availability), and provide to Voya Group copies of the corresponding SOC 1 report and SOC 2 report. Supplier shall cooperate with Voya Group to determine the scope and control objective requirements for the SSAE 18 SOC 1 and SOC 2 audits and reports, which shall generally cover all of the Services being provided under this Agreement. More specifically: |
(a) | With respect to the SOC 1 Type II audits: The first such audit will cover the period beginning on the Go Live Date through September 30th, 2018; provided, however, that if such period is not at least six (6) months, then such audit instead shall cover the six (6) month period beginning on the Go Live Date. Thereafter, audits will cover the twelve (12) month periods ending September 30th of each year. Supplier shall provide Voya Group with a copy of the SOC 1 report for each such audit no later than *** days after the end of the covered audit period. |
(b) | With respect to the SOC 2 Type II audits: The first such audit will cover the period beginning on the Go Live Date through March 31st, 2018; provided, however, that if such period is not at least six (6) months, then such audit instead shall cover the six (6) month period beginning on the Go Live Date. Thereafter, audits will cover the twelve (12) month periods ending March 31st of each year; provided that Voya Group may upon ninety (90) days’ prior written notice adjust such date and the corresponding covered period. Supplier shall provide Voya Group with a copy of the SOC 2 report for each such audit no later than *** days after the end of the covered audit period. |
Voya Group may share a copy of each SOC 1 and SOC 2 report *** to the extent Voya Group has a legal *** obligation *** with Voya Auditors. Supplier shall notify Voya as soon as possible after any weakness or deficiency is identified in connection with an audit conducted pursuant to this Section 12.03(1).
(2) | With respect to any audit reports issued under this Section, Supplier shall promptly remediate any weakness or deficiency identified in such reports or that could reasonably be expected |
– Voya Confidential – 43
Confidential Treatment Requested by Voya Financial, Inc.
to result in a qualified report. Such remediation shall be provided at Supplier's cost and expense.
(3) | If Supplier’s external auditor issues a qualified audit report provided pursuant to Section 12.03(1), Supplier shall provide Voya Group an unqualified audit report as soon as is feasible and with such timing discussed and agreed with the Voya Senior Executive, but in no event later than ninety (90) days after delivery of the qualified report. Supplier’s failure to provide such unqualified opinion within the required time period will constitute a material breach of this Agreement, for which Voya may terminate this Agreement in whole or relevant part for cause. |
(4) | If Voya Group determines that a form of independently audited quality certification or standard that replaces, or is an alternative to the audit reports set forth in this Section, is sufficient to satisfy Voya Group's audit and reporting requirements, then Supplier shall, at Voya Group's request, perform its obligations relating to the issuance of such new quality certification or standard and any associated remediation work arising therefrom. Supplier shall *** new quality certification and any associated remediation work. Voya Group may share any reports and certifications that result from the foregoing with *** to the extent Voya has a legal *** obligation or *** and Voya Auditors.. |
Section 12.04 Audit Limitations. Any audit performed under this Article shall be subject to the provisions set forth in this Section 12.04.
(1) | Any Voya Auditor that is a competitor of Supplier in relation to the Services or services similar to the Services shall be subject to Supplier's prior approval (provided, however, that an auditing group of Deloitte Touche Tohmatsu Limited, Ernst & Young, KPMG and PricewaterhouseCoopers, and any successors-in-interest, shall be deemed to not be competitors of Supplier for the purposes of this Agreement). |
(2) | All Voya Auditors shall comply with Supplier's reasonable security policies while present at a Supplier facility. |
(3) | No audit shall be performed at a Service Location during a local holiday applicable to such Service Location. |
(4) | The Voya Auditors shall not materially interfere with the Service Delivery Organization's performance of the Services and audits shall be performed during local business hours, except as otherwise agreed. |
(5) | Voya Group's cost and expense of Voya Group or Voya Auditors performing any audit functions shall be borne by Voya Group unless otherwise set forth in this Agreement. |
Section 12.05 Compliance Gift and Entertainment Audit. Supplier shall make commercially reasonable efforts to obtain and maintain current, accurate documentation of the date, nature and amount/value of any gifts, entertainment, events and charitable contributions provided to or made on behalf of any Voya Group employee. Upon reasonable prior written request by Voya Group to the Supplier Service Delivery Executive or Supplier Compliance Manager (such requests to be made no more frequently than twice per calendar year unless Voya Group has a particular good faith concern that it seeks to address), Supplier shall provide Voya Auditors with a summary, itemized spreadsheet showing any such gifts, entertainment, events, and charitable contributions during the
– Voya Confidential – 44
Confidential Treatment Requested by Voya Financial, Inc.
preceding calendar and through the current calendar year as calculated from the date of the audit request. The summary spreadsheet shall contain the following required information: the date of the gift, entertainment, event and/or charitable contribution provided; the name(s) of the Voya Group recipient(s); a description of the gift, entertainment, event and/or charitable contribution provided; and the actual expense or estimated fair market value of the gift, entertainment, event and/or charitable contribution provided as reported by Supplier employee(s). Supplier shall provide reasonable access to any supporting documentation in Supplier’s possession as requested by Voya Auditors in order to determine the accuracy of any particular item within the summary, itemized spreadsheet.
ARTICLE 13 CONFIDENTIAL INFORMATION.
Section 13.01 Generally. Each Party agrees that: (1) it shall keep and maintain all Confidential Information of the other Party in strict confidence, and (without limiting any more particular obligations under this Agreement) using such degree of care as it uses to avoid unauthorized use or disclosure of its own Confidential Information of a similar nature, but in no event less than a commercially reasonable degree of care; (2) it shall use and disclose Confidential Information solely for the purposes for which such information, or access to it, is provided pursuant to the terms of this Agreement and shall not otherwise use or disclose Confidential Information for such Party's own purposes or for the benefit of anyone other than the other Party; and (3) it shall not, directly or indirectly, disclose Confidential Information to anyone outside of the other Party, except with the other Party's consent or as expressly permitted herein.
Section 13.02 Permitted Disclosure. Subject to Section 13.01 above, either Party may disclose relevant aspects of the other's Confidential Information to the general and limited partners, officers, directors, professional advisors (including accountants and insurers), clients, employees, Affiliates, distribution partners, agents, customers (including their beneficiaries), suppliers, contractors, other third parties doing business with such Party, third party administrators and, in the case of Voya Group, recipients of Voya Group's services, either directly or indirectly, such as employees of Voya Group customers, plan participants, members, dependents, beneficiaries and similarly situated persons to the extent such disclosure is necessary for the current or future performance of Voya Group’s obligations to such party; provided, however, that the recipient is subject to confidentiality obligations at least as stringent as required under this Agreement and provided, further, that Voya Group shall not disclose to a Supplier competitor information pertaining to Supplier’s pricing, these MSA Terms, or Supplier’s IP except in accordance with this Agreement (e.g., ARTICLE 6). In addition, (1) either Party may disclose Confidential Information of the other Party to the extent required to comply with any Law (provided, however, that to the extent permissible by Law, such Party provides the other Party with prior notice of any such disclosure and works with the other Party to resist or limit the scope of such disclosure and further provided that the disclosing Party limit any such disclosure to the information or records required to satisfy the request or inquiry and to the entity (or entities) to whom such disclosure is required to be made), (2) Voya Group may disclose Confidential Information of Supplier to Governmental Authorities having jurisdiction over Voya Group, upon such request by the Government Authorities, subject to the conditions set forth in Section 13.02(1) above, and (3) Voya Group may disclose Confidential Information relating to the Services in connection with (a) a response by Voya Group to requests for information, proposal or due diligence in connection with an acquisition, divestiture or other similar corporate transaction or (b) a request for information or proposal for services to replace the Services; provided, however, that in no event may Voya Group disclose these MSA Terms, Supplier IP, Supplier's internal cost information, or Supplier rate cards in connection with such request or proposal.
– Voya Confidential – 45
Confidential Treatment Requested by Voya Financial, Inc.
Section 13.03 Exclusions. The restrictions on use and disclosure in this Article shall not apply to: (1) Confidential Information already known to a Party on a non-confidential basis, as demonstrated by prior existing records, when it was disclosed by the other Party; (2) Confidential Information that is or becomes known to the public through no breach of any obligation of confidence or other wrongful act by a Party or its employees, agents or contractors (except for PII); (3) Confidential Information that is received by a Party from a third party where such Party is unaware, after reasonable inquiry, that such Confidential Information is subject to a confidentiality or other non-disclosure agreement; and (4) Confidential Information developed by a Party independently of disclosure by or receipt from the other Party.
Section 13.04 Return of Materials. Upon a Party's request and as directed by such Party, the other Party shall promptly return or securely erase, wipe clean and destroy, at the requesting Party's direction, any or all Confidential Information and all written materials that contain, summarize or describe any Confidential Information in its possession, except to the extent the Party in possession of such Confidential Information (1) has a license to such materials under this Agreement or (2) is required to retain particular Confidential Information in order to comply with Law or such Party's internal record retention requirements.
Section 13.05 Unauthorized Use, Access or Disclosure. Each Party shall promptly notify the other upon learning of any unlawful or unauthorized access, use or disclosure of the Confidential Information of the other Party; provided, however, if such Party is Supplier, such notice shall be within 24 hours of any Key Personnel having knowledge of such unauthorized access, use or disclosure. If a Party is responsible for such access, use or disclosure, such Party shall cure such access, use or disclosure promptly (but in no event later than 24 hours after learning of such access, use or disclosure, if such access, use or disclosure is capable of being cured within such 24 hour period) and provide satisfactory assurance to the other Party that such access, use or disclosure shall not recur.
Section 13.06 Record Maintenance and Retention.
(1) | During the Term, Supplier shall maintain and manage all paper or electronic records, files, documents, work papers, receipts and other information in any form provided by Voya Group or Voya Agents or generated in connection with the performance of Services pursuant to this Agreement (the “Files and Work Papers”), in accordance with the following: |
(a) | all Files and Work Papers shall be maintained and managed (i) separately from files generated, managed or maintained by Supplier under agreements with other companies, (ii) in a manner so they can be quickly and accurately produced when required by Voya Group and (iii) as required Law; |
(b) | all Files and Work Papers that are created or modified by Supplier in electronic format must be submitted to Voya Group in electronic format or as otherwise reasonably directed by Voya Group; |
(c) | all Files and Work Papers shall be properly destroyed in accordance with this Agreement and Voya Group's destruction schedule as provided to Supplier herewith and as may be modified by Voya Group from time to time, as such is made known to Supplier in advance and in writing; and |
– Voya Confidential – 46
Confidential Treatment Requested by Voya Financial, Inc.
(d) | prior to the destruction of any Files and Work Papers, Supplier shall notify Voya Group so that Voya Group can verify whether such Files and Work Papers should be destroyed and are not pertinent to any litigation or government inquiry or are otherwise required to be maintained before their destruction. |
(2) | Notwithstanding the foregoing, upon termination of any Service, Supplier shall retain all Files and Work Papers related to such Service for a minimum of six years. Thereafter, Voya Group shall accept the return, or permit the destruction of, such Files and Work Papers, at Voya Group's discretion. |
ARTICLE 14 COMPLIANCE WITH LAWS.
Section 14.01 Compliance Obligations.
(1) | Voya Group shall comply with all Laws that are applicable to Voya Group. |
(2) | Supplier shall comply with all Laws that are applicable to Supplier, including laws applicable to Supplier in its performance of the Services. |
(3) | Supplier shall perform the Services in compliance with Voya Policies intended to keep Voya Group in compliance with Laws related to the Services. |
(4) | In addition, Voya Group may direct Supplier on the method of Supplier’s performance with respect to keeping Voya Group in compliance with any Laws described in Section 14.01(2) that are applicable to Supplier’s performance of the Services. Supplier shall comply with all such direction, provided that in the event Supplier believes such direction would create a Supplier violation of Law, the Parties shall address such issue through the dispute resolution procedures described in Section 11.03. |
(5) | If Supplier reasonably determines that performance of the Services requires an interpretation of any Law, Supplier shall present to Voya Group the issue for interpretation and Voya Group may provide such interpretation to Supplier by notice signed by the applicable Voya Senior Executive (or his or her designee) with respect to such issue. Supplier shall be authorized to act and rely on, and shall promptly implement such Voya Group interpretation in the performance and delivery of the Services. The Parties shall resolve questions of interpretation and shall implement the resulting Voya Group interpretation on an expedited basis. |
(6) | Supplier shall not be responsible for a failure to comply with a Law to the extent that Supplier relies on, and complies with, Voya Group's direction pursuant to Section 14.01(4) in respect of such Law or Voya Group's interpretation of such Law pursuant to Section 14.01(5). |
(7) | Supplier shall provide Voya Group (and Voya Agents, Voya Auditors, subject to Section 12.04, and any Governmental Authority, in each case, designated by the Voya) access to any applicable information, Service *** as *** is reasonably necessary to confirm that Supplier is in compliance with any Law applicable to Voya Group and that are related to the Services. |
(8) | If Supplier is not in compliance with Section 14.01(2) with respect to Laws that are applicable to Supplier’s performance of the Services or Section 14.01(4), then: (a) Supplier shall promptly undertake such measures as Voya Group shall require and which are necessary to |
– Voya Confidential – 47
Confidential Treatment Requested by Voya Financial, Inc.
establish compliance with the Law; or (b) Voya Group (or its designee) may, at Supplier's cost, undertake such measures as Voya Group shall require and which are necessary to establish compliance with the Law. Further, if Supplier’s non-compliance with any of its obligations under Section 14.01 creates serious reputational or regulatory risk for Voya Group such that Voya Group *** continued receipt of the Services could reasonably be expected to have a material adverse effect on its reputation, Voya may terminate this *** in a termination notice to Supplier.
Section 14.02 Changes to Laws.
(1) | Supplier shall promptly notify Voya of any changes in Law to which it becomes aware that may relate to the Service Recipient's use of the Services or Supplier's delivery of the Services. The Parties shall work together to identify the impact of such changes on Voya Group's use and Supplier's delivery of the Services. |
(2) | Unless a change in Law causes the delivery of any part of the Services to become impossible, Supplier shall perform such Services regardless of changes in Law. |
(3) | Each Party shall bear the cost to comply with any changes in Laws (not related to the Services) applicable to such Party (e.g., Laws relating to the employment of its employees, immigration, employee tax withholding applicable to its employees and environmental and health and safety Laws relating to its employees or facilities). In this regard, Supplier shall bear the costs to comply with any change in Law under Section 14.01(2), including changes that are applicable to the performance of the Services, subject to the following sentence. Through the Change Procedures, Voya Group shall bear any increased costs with respect to changes in the provision of the Services under Section 14.01(3) or due to Voya direction as described in Section 14.01(4); provided, to the extent the cost of implementation can be allocated across customers, Voya Group’s responsibility for such costs shall be determined on a proportional basis. |
Section 14.03 Cooperation with Regulators. As reasonably directed by Voya Group, Supplier shall work with those Governmental Authorities that regulate Voya Group in an open and co-operative way, including: (1) meeting with such Governmental Authorities; (2) coordinating with Voya Group to provide to representatives or appointees of such Governmental Authorities any applicable materials, records and information relating to the Services or allowing any such representatives or appointees access to such materials, records and information relating to the Services and providing such facilities as such representatives or appointees may reasonably require; and (3) permitting representatives or appointees of such Governmental Authorities to have access on demand to any of its premises to the extent relating to the Services.
ARTICLE 15 REPRESENTATIONS, WARRANTIES AND COVENANTS.
Section 15.01 Voya. Voya represents, warrants and covenants that:
(1) | it is a corporation duly organized, validly existing and in good standing under the Laws of Delaware; |
(2) | it has all requisite power and authority to execute, deliver and perform its obligations under this Agreement; |
– Voya Confidential – 48
Confidential Treatment Requested by Voya Financial, Inc.
(3) | the execution, delivery and performance of this Agreement has been duly authorized by Voya and shall not conflict with, result in a breach of or constitute a default under any other agreement to which Voya is a party or by which Voya is bound; |
(4) | it is duly licensed, authorized or qualified to do business and is in good standing in every jurisdiction in which a license, authorization or qualification is required for the ownership or leasing of its assets or the transaction of business of the character transacted by it, except where the failure to be so licensed, authorized or qualified would not have a material adverse effect on Voya's ability to fulfill its obligations under this Agreement; |
(5) | it is in compliance with all Laws applicable to Voya and has obtained all applicable governmental permits and licenses required of Voya in connection with its obligations under this Agreement; and |
(6) | there is no outstanding litigation, arbitrated matter or other dispute as of the date of execution of this Agreement to which Voya is a party which, if decided unfavorably to Voya, would reasonably be expected to have a material adverse effect on Supplier's or Voya Group's ability to fulfill their respective obligations under this Agreement. |
Section 15.02 Supplier. Supplier represents, warrants and covenants that:
(1) | it is a corporation duly organized, validly existing and in good standing under the Laws of United Kingdom; |
(2) | it has all requisite corporate power and authority to execute, deliver and perform its obligations under this Agreement; |
(3) | the execution, delivery and performance of this Agreement by Supplier has been duly authorized by Supplier and shall not conflict with, result in a breach of or constitute a default under any other agreement to which Supplier is a party or by which Supplier is bound; |
(4) | it is duly licensed, authorized or qualified to do business and is in good standing in every jurisdiction in which a license, authorization or qualification is required for the ownership or leasing of its assets or the transaction of business of the character transacted by it, except where the failure to be so licensed, authorized or qualified would not have a material adverse effect on Supplier's ability to fulfill its obligations under this Agreement; |
(5) | Supplier is in compliance with all Laws applicable to Supplier and has obtained all applicable governmental permits and licenses required of Supplier in connection with its obligations under this Agreement; |
(6) | there is no outstanding litigation, arbitrated matter or other dispute as of the date of execution of this Agreement to which Supplier is a party which, if decided unfavorably to Supplier, would reasonably be expected to have a material adverse effect on Voya Group's or Supplier's ability to fulfill their respective obligations under this Agreement; |
(7) | the *** (and use thereof) do not infringe, and shall not infringe or cause the infringement of, the proprietary rights of a third party, except to extent such infringement is a result of: (a) use of the *** by Voya Group in contravention of the Related Documentation or license granted to Voya Group under ARTICLE 6 or an applicable Statement of Work; (b) failure |
– Voya Confidential – 49
Confidential Treatment Requested by Voya Financial, Inc.
by Voya Group to use new or corrected versions of such *** provided by Supplier to Voya Group with no additional charge (provided, however, that Voya Group is notified that use of such new or corrected version is necessary to avoid infringement); (c) modifications made by Voya Group or Voya Agents other than at the direction of Supplier; (d) Supplier complying with instructions, specifications or designs required or provided by Voya Group where such compliance necessarily would give rise to such infringement; or (e) combination of the *** by Voya Group or Voya Agents with products or systems other than those provided by, or authorized by, Supplier or otherwise contemplated by this Agreement. Hardware and commercially available stand-alone Third Party Software provided by Supplier, and any other Third Party Materials excluded pursuant to a Statement of Work, are not subject to this Section 15.02(7), provided that Cognizant shall pass along to Voya Group any representations and/or warranties it has received from the providers of such Third Party Materials (which pass-through representations and warranties are expected to be documented by the Parties as part of the exclusion in such Statement of Work);
(8) | in addition to the currency obligations set forth in any applicable Statement of Work, Supplier shall maintain hardware and Software to the extent that Supplier has maintenance responsibility for such assets, including: (a) maintaining hardware in good operating condition, subject to normal wear and tear; (b) undertaking repairs and preventive maintenance on hardware in accordance with the applicable hardware manufacturer's recommendations; and (c) performing Software and hardware maintenance in accordance with the applicable Software or hardware vendor's documentation, recommendations and specifications; |
(9) | there shall be no fraud by Supplier in connection with any obligation of Supplier under this Agreement; |
(10) | in connection with Supplier's provision of the Services, Supplier shall not wrongfully access, and shall not permit unauthorized persons or entities to access, Voya Group's information technology systems or networks and that any authorized access shall be consistent with such authorization and in accordance with the Policies; |
(11) | the Deliverables shall not contain any Disabling Code at the time of delivery and Supplier shall (a) not introduce any Disabling Code into the Voya Group computer systems and (b) use commercially reasonable efforts (including at a minimum use of then-current industry standard security and anti-virus tools) to prevent (i) the introduction of Viruses into the Voya Group computer systems and (ii) Deliverables from containing any Viruses at the time of delivery; |
(12) | Supplier shall ensure it has a valid work authorization with respect to each member of the Service Delivery Organization for each applicable jurisdiction; and |
(13) | Each Deliverable will (a) be free from errors, defects and non-conformities in materials, design, workmanship, operation and performance, (b) function in accordance with the applicable documentation and (c) conform to its corresponding specifications, for a period of *** days after Acceptance, unless a different warranty period is agreed and set forth in the applicable Statement of Work, and as otherwise set forth herein. For the purposes of clarification, to the extent the Deliverable is tied to materials provided by a third party not under Supplier’s control (e.g., not a subcontractor), Supplier shall have no warranty |
– Voya Confidential – 50
Confidential Treatment Requested by Voya Financial, Inc.
obligations with respect to issues caused by such third party. The warranty period will be extended on a day-for-day basis for any time between (x) Voya Group’s notifying Supplier of a failure and (y) Supplier delivering a fixed Deliverable back to Voya Group (plus a reasonable period of time to re-implement the Deliverable in Voya Group’s environment). If Supplier does not correct a Deliverable within the required time period (or, within a reasonable time period, if there is no such stated or mutually agreed time period, then Voya Group’s remedy will be to, in its sole discretion and without limiting any other rights or remedies that may be available to Voya Group: (i) require Supplier to continue working to correct the Deliverable, at no additional charge, (ii) hire a third party to fix such Deliverable and recover the reasonable additional costs from Supplier, such recovery to be capped at an amount equal to an equitable percentage of the Fees for the Deliverable (based on the relative size, ***, of the component of the Deliverable that is subject to the defect/error/failure), or (iii) require Supplier to provide an equitable credit as a partial refund for such Deliverable.
Section 15.03 Obligation to Replace. In the case of a breach of Section 15.02(7), or a Claim with respect to such Section, Supplier shall use its commercially reasonable efforts to either: (1) procure for Voya Group the right to continue using or receiving the applicable ***; or (2) replace or modify the applicable *** to be non-infringing without degradation or loss of functionality. If neither remedy is possible, Voya Group may receive a refund of Fees on a five (5) year straight line depreciation for such *** to the extent Voya Group returns or certifies destruction of the applicable ***.
Section 15.04 Disclaimer. NEITHER PARTY MAKES ANY REPRESENTATION OR WARRANTY OTHER THAN AS SET FORTH IN THIS ARTICLE. EACH PARTY EXPLICITLY DISCLAIMS ALL OTHER REPRESENTATIONS AND WARRANTIES, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
ARTICLE 16 INDEMNIFICATION.
Section 16.01 Voya. Voya shall defend, indemnify and hold harmless the Supplier Indemnified Parties from and against any Loss relating to a Claim by a third party against the Supplier Indemnified Parties:
(1) | that the Voya IP or use thereof infringes, or causes the infringement of, the proprietary rights of a third party, except to the extent such infringement is a result of: (a) use of the Voya IP by Supplier in contravention of the Related Documentation or license granted to Supplier under ARTICLE 6 or an applicable Statement of Work; (b) failure by Supplier to use new or corrected versions of such Voya IP provided by Voya Group to Supplier with no additional charge (provided, however, that Supplier is notified that use of such new or corrected version is necessary to avoid infringement); (c) modifications made by Supplier or a Supplier Agent other than at the direction of Voya Group; (d) Voya Group complying with instructions, specifications or designs required or provided by Supplier where such compliance necessarily would give rise to such infringement; or (e) combination of the Voya IP by Supplier or a Supplier Agent with products or systems other than those provided by, or authorized by, Voya Group or otherwise contemplated by this Agreement; |
(2) | relating to any taxes, interest, penalties or other amounts assessed against Supplier that are the obligation of Voya Group pursuant to ARTICLE 10; |
– Voya Confidential – 51
Confidential Treatment Requested by Voya Financial, Inc.
(3) | relating to breach of ARTICLE 13, ARTICLE 14 or Section 22.06 by Voya Group, except to the extent such breach is caused by Supplier or a Supplier Agent; |
(4) | relating to the inaccuracy, untruthfulness or breach of any representation or warranty made by Voya in Section 15.01(1), Section 15.01(2), Section 15.01(3) or Section 15.01(4); or |
(5) | relating to (a) physical injury or death of any person (including employees of Supplier or Voya Group) or (b) the loss of or damage to any tangible property (including tangible property of the employees of Supplier or Voya Group), in each case, resulting from the acts or omissions (including breach of contract) of Voya Group. |
Voya shall indemnify Supplier Indemnified Parties from any costs reasonably incurred in connection with enforcing this Section.
Section 16.02 Supplier. Supplier shall defend, indemnify and hold harmless the Voya Indemnified Parties from and against any Loss relating to a Claim by a third party against the Voya Indemnified Parties:
(1) | that the *** or use thereof infringes, or causes the infringement of, the proprietary rights of a third party, except to the extent such infringement is a result of: (a) use of the *** by Voya Group in contravention of the Related Documentation or license granted to Voya Group under ARTICLE 6 or an applicable Statement of Work; (b) failure by Voya Group to use new or corrected versions of such *** provided by Supplier to Voya Group with no additional charge (provided, however, that Voya Group is notified that use of such new or corrected version is necessary to avoid infringement); (c) modifications made by Voya Group or a Voya Agent other than at the direction of Supplier; (d) Supplier complying with instructions, specifications or designs required or provided by Voya Group where such compliance necessarily would give rise to such infringement; or (e) combination of the *** by Voya Group or a Voya Agent with products or systems other than those provided by, or authorized by, Supplier or otherwise as contemplated by this Agreement; |
(2) | relating to any taxes, interest, penalties or other amounts assessed against Voya Group that are the obligation of Supplier pursuant to ARTICLE 10; |
(3) | relating to a breach of *** by Supplier; |
(4) | relating to the inaccuracy, untruthfulness or breach of any representation or warranty made by Supplier in Section 15.02(1), Section 15.02(2), Section 15.02(3), or Section 15.01(4); |
(5) | relating to (a) physical injury or death of any person (including employees of Supplier or Voya Group, or customers of Voya Group) or (b) the loss of or damage to any tangible property (including tangible property of the employees of Supplier or Voya Group, or customers of Voya Group), in each case, resulting from *** (including breach of contract) of Supplier; |
(6) | by any member of the Service Delivery Organization based on any aspect of his or her engagement or employment by Supplier or subcontractors, or the termination of such employment or engagement (including claims related to non-payment of wages, discrimination/harassment, unemployment or workers compensation benefits, employee benefits, and any other claims concerning the terms and conditions of employment under |
– Voya Confidential – 52
Confidential Treatment Requested by Voya Financial, Inc.
any federal, state or local Law governing employment) regardless of whether the claimant claims or is deemed by a court to be an employee or joint employee of Voya Group (it being expressly agreed between Supplier and Voya Group that such individuals are not intended to be employees of Voya Group);
(7) | by a Supplier Agent or a member of the Service Delivery Organization (which Claim is not otherwise addressed by Section 16.02(6)), except to the extent such Claim is directly due to an act or omission of Voya Group; or |
(8) | relating to the gross negligence or willful misconduct of Supplier. |
Supplier shall indemnify Voya Indemnified Parties from any costs reasonably incurred in connection with enforcing this Section.
Section 16.03 Indemnification Procedures. If any Claim is commenced against an Indemnified Party, prompt notice thereof shall be given by the Indemnified Party to the Indemnifying Party.
(1) | At the Indemnifying Party's cost and expense: (a) the Indemnifying Party shall immediately take control of the defense of such Claim and shall engage attorneys acceptable to the Indemnified Party to defend such Claim; and (b) the Indemnified Party shall cooperate with the Indemnifying Party (and its attorneys) in the defense of such Claim. The Indemnified Party may, at its own cost and expense, participate on a non-controlling basis (through its attorneys or otherwise) in such defense. The Indemnifying Party shall not enter into any settlement of such Claim that does not include a full release of the Indemnified Party or involves a remedy other than the payment of money, without the Indemnified Party's consent. If the Indemnifying Party does not assume control over the defense of a Claim as provided in this Section, the Indemnified Party may defend the Claim in such manner as it may deem appropriate, at the reasonable cost and expense of the Indemnifying Party. |
(2) | Notwithstanding the foregoing, if the Claim is an action, proceeding, inquiry, or investigation commenced by a governmental authority against Voya Group, then Voya Group may elect to control the defense of such Claim, at the cost and expense of Supplier, including payment of any settlement, judgment or award and the costs of defending or settling the Claim in accordance with the following terms: |
(a) | Supplier shall not be obligated to reimburse Voya Group for settlement amounts paid or payable by Voya Group or expenses incurred in the defense of such Claim to the extent such amounts or expenses are not reasonable and Supplier has not otherwise agreed to such amounts (the reasonableness of such amounts determined by taking into consideration all of the facts and circumstances relating to such Claim, including reputational risks to Voya Group, the potential for the Claim to cause adverse impacts to Voya Group’s business or operations, and cost incurred by Voya Group as result of or in connection with such Claim); and |
(b) | Voya Group will, to the extent permitted: (w) keep Supplier reasonably informed about the status of the proceedings (including providing copies of documents received by and provided by Voya Group in defending the Claim), (x) invite and allow Supplier to be present at relevant discussions, negotiations and proceedings, (y) reasonably consult with Supplier and its counsel regarding the Claim on a regular basis, and (z) in advance of settling any claims, meet and confer with Supplier |
– Voya Confidential – 53
Confidential Treatment Requested by Voya Financial, Inc.
regarding the terms and conditions of such settlement and consider any input that Supplier may wish to offer regarding the defense or settlement of the Claim.
Section 16.04 Contribution. If any Claim entitles a Party to indemnification from the other under Section 16.01 or Section 16.02, then the Parties shall allocate between themselves any loss, liability or costs arising out of or relating to such Claim according to each Party's relative share of liability, if any.
ARTICLE 17 LIMITATION OF LIABILITY.
Section 17.01 Direct Damages.
(1) | Damages Cap. Each of the Parties shall be liable to the other for any damages arising out of or relating to its performance or failure to perform its obligations under this Agreement; provided, however, that the liability of a Party to the other, whether based on an action or claim in contract, equity, negligence, tort or otherwise, for any event, act or omission occurring during the Term in connection with this Agreement shall not exceed, in the aggregate, an amount equal to the greater of (x) *** or (y) the Fees paid or payable by Voya Group for the *** consecutive month portion of the Term preceding the date of the occurrence of the applicable event, act or omission giving rise to such damages (the “Damages Cap”). Service Level Credits, Deliverable Credits or Milestone Credits will not limit or otherwise reduce (a) the foregoing Damages Cap or (b) any other rights or remedies that Voya Group may have available to it under this Agreement, including termination rights and rights to recover damages; provided, however, the amount of any damages payable to Voya Group in connection with the applicable Service Level, Deliverable, or Milestone failure will be reduced by the amount of any credits paid to Voya for the same. |
(2) | Stipulations as to Recoverable Damages. For purposes of clarity, and without limiting either Party’s liability to the other for recoverable damages under this Agreement, each of the Parties hereby agree and stipulate that, notwithstanding anything in this Agreement or applicable legal precedent to the contrary, the types of costs and expenses listed below in this Section 17.01(2) will be deemed to be direct damages, to the extent incurred by one Party as a result of the failure of the other Party (or entities or persons for whom such other Party, as applicable, is responsible) to fulfill its obligations under and in accordance with this Agreement. The recovery of these damages will be subject to the limitations in Section 17.01(1) unless otherwise exempted from such limitations under Section 17.03. |
(a) | Step In Costs; |
(b) | Reasonable costs and expenses incurred by Voya Group (including documented internal costs as well as amounts paid to third parties) to correct errors or deficiencies in the Services or Deliverables, provide a workaround for the Services or Deliverables, and/or acquire substitute services conforming to this Agreement as a result of any failure of Supplier to provide the Services or Deliverables as required by this Agreement; |
(c) | Reasonable costs and expenses incurred by Voya Group (including documented internal costs as well as amounts paid to third parties) to correct, recreate, and/or reload Voya Data lost or damaged as a result of Supplier’s breach of this Agreement; and |
– Voya Confidential – 54
Confidential Treatment Requested by Voya Financial, Inc.
(d) | Fines, regulatory assessments, penalties, interest, and similar amounts that Voya Group incurs or owes any governmental authority, or any losses of reimbursements to Voya Group from any governmental authority that may occur, in each case to the extent in connection with Supplier’s failure to perform or comply in accordance with this Agreement. |
Section 17.02 Consequential Damages. Neither Party shall be liable for, nor shall the measure of damages include, any indirect, consequential, special, exemplary or punitive damages, including any loss of business or loss of profits arising out of or relating to its performance or failure to perform under this Agreement, regardless of the form of action or theory of recovery and even if such Party has been advised of the possibility of such damages or such damages could have been reasonably foreseen by such Party.
Section 17.03 Exclusions.
(1) | General. The limitations and exculpations of liability set forth in Section 17.01 and Section 17.02 shall not apply in the case of: |
(a) | any Losses resulting from ***; |
(b) | any Losses resulting from the gross negligence or willful misconduct of a Party; |
(c) | any Losses resulting from the infringement of a Party's IP by the other Party under this Agreement; |
(d) | any Losses resulting from a breach of ARTICLE 13 by a Party (except as otherwise addressed in Section 17.03(3) below); |
(e) | any Losses resulting from a breach of Section 14.01(1) by Voya Group or Section 15.01(1), Section 15.01(2), Section 15.01(3), Section 15.01(4) by Voya; |
(f) | any Losses resulting from a breach of ***; Section 14.01(2), Section 15.02(1), Section 15.02(2), Section 15.02(3), Section 15.02(4), *** by Supplier; or |
(g) | the indemnification obligations of either Party under this Agreement (except as otherwise addressed in Section 17.03(3) below). |
(2) | The limitations of liability set forth in Section 17.01 shall not apply in the case of (a) the failure of Voya Group to pay any Fees, due and payable to Supplier in accordance with this Agreement or (b) the failure of Supplier to issue any credits or other amounts, due and payable to Voya Group in accordance with this Agreement. |
(3) | Subject to the terms of this Section 17.03(3), the limitations and exculpations of liability set forth in Section 17.01 and Section 17.02 shall not apply in the case of Supplier’s liability for any Losses resulting from (i) a breach of Supplier’s obligations under Section 7.03, Section 7.04 or Section 7.06 (including a breach of Supplier’s obligations in the Schedule I or the BAA), (ii) a breach of Supplier’s obligations under Section 13.01(1) with respect to PII, or (iii) the indemnification obligations in this Agreement to the extent the underlying Claim, Losses and/or damages relate to or arise from any obligations described in (i) or (ii) above; provided, however, Supplier’s liability for any and all such Losses in the aggregate |
– Voya Confidential – 55
Confidential Treatment Requested by Voya Financial, Inc.
shall be limited to the greater of (x) *** or (y) the Fees paid or payable by Voya Group for the *** consecutive month portion of the Term preceding the date of the occurrence of the applicable event, act or omission giving rise to such damages.
(4) | The limitations and exculpations of liability set forth in Section 17.01 and Section 17.02 shall not apply to, and Supplier shall reimburse and be liable to Voya Group for, any and all *** to the extent due to a breach of this Agreement by Supplier; provided, however, that (a) any such amounts shall be offset by ***, and (b) Supplier’s liability for any and all such amounts that would not otherwise be recoverable by Voya Group under this Agreement but for this Section 17.03(4), shall in the aggregate be limited to ***. |
Section 17.04 Injunctive Relief. Without limiting any rights of Voya Group or Supplier to obtain equitable relief under Law, Voya Group and Supplier acknowledge and agree that (1) any breach (or threatened breach) of Section 3.01, ARTICLE 6, Section 7.01, Section 7.05, ARTICLE 13, or Section 22.13 by Supplier shall be deemed to cause immediate and irreparable injury to Voya Group, and in the event of such breach (or threatened breach), Voya Group shall be entitled to seek injunctive relief, without bond or other security; and (2) any breach (or threatened breach) of ARTICLE 6, Section 12.04, or ARTICLE 13 by Voya Group shall be deemed to cause immediate and irreparable injury to Supplier, and in the event of such breach (or threatened breach), Supplier shall be entitled to seek injunctive relief, without bond or other security. The provisions of Section 11.03 shall not apply with respect to any request for such injunctive relief.
ARTICLE 18 INSURANCE.
Section 18.01 Coverage. Supplier shall carry and maintain in force, with reputable insurance companies authorized to do business in the jurisdictions where the Services are performed, insurance of the types and in the amounts of the minimum coverage, including:
(1) | Workers Compensation in the statutory required limits in accordance with the applicable federal, state, municipal, local, territorial or other statutory requirements. |
(2) | Employer's Liability insurance with limits not less than $1,000,000 per accident covering all employees engaged in the work. A Waiver of Subrogation shall be provided in favor of Voya Group. |
(3) | Commercial General Liability insurance (including bodily injury, death and property damage) in an amount of not less than $1,000,000 (combined single limit on each occurrence and $2,000,000 in the aggregate). Such coverage shall include blanket contractual liability (including liability assumed under this Agreement), broad form property damage liability (including coverage for Extra Expense and lost profits), products and completed operations liability, personal injury liability (including invasion of privacy, libel or slander). Voya Group shall be named as an Additional Insured to the Commercial General Liability policy for liabilities assumed under this Agreement. A Waiver of Subrogation shall be provided in favor of Voya Group. |
(4) | Automobile Liability insurance for owned, non-owned, leased, hired, operated and/or licensed automobiles, trucks, tractors, all-terrain vehicles with limits of not less than $1,000,000 per accident for accidental injury to one or more persons or damage to or destruction of property as a result of one accident or occurrence. Voya Group shall be named |
– Voya Confidential – 56
Confidential Treatment Requested by Voya Financial, Inc.
as an Additional Insured on the Automobile Liability policy for liabilities assumed in this Agreement.
(5) | Fidelity/Crime insurance to include the following coverages: employee theft, forgery or alteration, and computer fraud and funds transfer fraud. Coverage shall extend to the funds, assets and records in the care, custody and control of Voya Group, the loss of which, or forgery, alteration or damage to, results from theft or fraud by a Supplier employee acting alone or in collusion with a third party. Coverage limits shall not be less than $*** per claim and in the aggregate. The policy shall include Voya Group as a Loss Payee. |
(6) | Professional Liability insurance in a limit not less than $*** per claim and in the aggregate for liability arising out of any wrongful or negligent act, error, mistake or omission of Supplier. The coverage must respond to all claims reported within three (3) years following the period for which coverage is required. |
(7) | Network Security and Privacy Liability in a limit of not less than $*** per claim and in the policy aggregate. Coverage will include, but not be limited to, cyber/IT liability, breach notification, investigative, forensic and legal defense costs. |
(8) | Excess or umbrella liability insurance on a follow-form basis, with limits not less than $*** per occurrence and $*** as in the aggregate, in excess of the following insurance coverages: employer’s liability insurance described above in Section 18.01(2); the commercial general liability insurance coverage described above in Section 18.01(3); and automobile liability insurance coverage described above in Section 18.01(4). |
Section 18.02 Terms of Coverage. All insurance coverage required herein will provide primary coverage, without contribution from any or all other insurance of Voya Group, for all losses and damages caused by the perils or causes of loss covered thereby. Supplier agrees to have included in each of the insurance policies required herein a waiver of the insurer’s rights of subrogation against Voya Group, any other Indemnified Parties under this Agreement, and their respective insurers.
Section 18.03 Cost of Insurance Coverage. All insurance coverage shall be provided at Supplier's sole cost and expense. The deductible amounts for each of the policies in Section 18.01 shall be borne by Supplier.
Section 18.04 Evidence of Insurance Coverage. Within ten (10) days after the Effective Date and otherwise upon Voya Group's request, Supplier shall furnish to Voya Group Certificates of Insurance (including evidence of renewal of insurance) evidencing all coverage referenced in Section 18.01 including, as applicable, evidence that Voya Group shall be named as Additional Insureds for liabilities assumed in this Agreement to each applicable liability policy by means of the Certificates of Insurance. Supplier shall provide Voya Group thirty (30) days’ prior notice of any planned cancellation of the coverage by the applicable insurer. Cancellation or material alteration shall not relieve Supplier of its continuing obligation to maintain insurance coverage in accordance with this Article.
Section 18.05 Status and Rating of Insurance Company. All insurance coverage shall be written through insurance companies authorized to do business in the state in which the work is to be performed and rated no less than A- VII in the most current edition of A.M. Best's Key Rating Guide.
ARTICLE 19 TERM AND TERMINATION.
– Voya Confidential – 57
Confidential Treatment Requested by Voya Financial, Inc.
Section 19.01 General. This Agreement shall commence on the Effective Date and continue throughout the Term until terminated by either Party in accordance with the terms herein, including the remainder of this ARTICLE 19. The term of each Statement of Work, including Voya Group’s rights to any renewals and extensions of such term, shall be as specified in such Statement of Work. The termination of any one Statement of Work (in whole or in part) will not impact other Statements of Work or the Agreement as a whole. If all Statements of Work have terminated or expired, such that none are then in effect, then Voya Group may terminate this Agreement upon written notice to Supplier. Termination of this Agreement “in part” may include at Voya Group’s option termination of one or more Statements of Work, or portions thereof.
Section 19.02 Termination for Cause.
(1) | Voya may terminate this Agreement (in whole or in part) for cause upon notice to Supplier if Supplier has materially breached an obligation pursuant to this Agreement and fails to cure such breach within *** days after receipt of notice thereof, if such breach is susceptible to cure. If such breach is not susceptible to cure, Voya may terminate this Agreement (in whole or in part) upon notice to Supplier. The cure period in this Section 19.02(1) shall not apply to, and shall not prejudice, any specific termination right in any other Section of this Agreement. |
(2) | Voya may terminate this Agreement (in whole or in part) for cause upon notice to Supplier if Supplier has committed multiple breaches of this Agreement, whether material or non-material, that collectively constitute a material breach, and either: (a) Supplier does not cure all of such breaches within *** days after receiving notice of such material breach, or (b) Supplier does cure all of such breaches within *** day period, but during the first twelve (12) months after such *** day period, Supplier again commits multiple non-material breaches of this Agreement that collectively constitute a material breach (i.e., with respect to this second set of non-material breaches, there are no requirements for a cure period to trigger this termination right). The cure period in this Section 19.02(2) shall not apply to, and shall not prejudice, any specific termination right in any other Section of this Agreement. |
(3) | Voya may terminate this Agreement (in whole or in part, including a particular Service) for cause upon notice to Supplier if a Critical Function is not restored within its Maximum Recovery Time, as set forth in the applicable Statement of Work. |
(4) | Voya may terminate this Agreement (in whole or in part) for cause as set forth in Schedule G or the applicable Statement of Work with respect to failures to comply with Transition Milestones. |
(5) | Voya may terminate this Agreement for cause (in whole or in part) upon *** notice to Supplier if there is a Service Level Termination Event; provided that this right to terminate will not be construed as precluding Voya from claiming that some other combination of failures to meet Service Levels is a material breach and to exercise any available remedies in connection with such material breach, including those set forth in this Section 19.02. |
(6) | If Voya Group fails to pay when due Fees totaling at least *** worth of charges under this Agreement that are not otherwise disputed in good faith and fails to cure such breach within *** days after receipt by Voya of notice thereof from Supplier referencing this Section 19.02(6) then, after such *** day period, Supplier shall provide Voya a second notice of such breach referencing this Section 19.02(6). If Voya fails to cure such breach within *** |
– Voya Confidential – 58
Confidential Treatment Requested by Voya Financial, Inc.
days after its receipt of such second notice, then Supplier may terminate the applicable Service upon notice to Voya.
Section 19.03 Termination for Convenience. Voya may terminate this Agreement (in whole or in part) upon *** days' notice to Supplier at any time without cause.
Section 19.04 Termination for Change in Control. Upon *** days' notice to Supplier, Voya may terminate: (1) this Agreement in the event of a Change in Control of (a) Supplier (or the disposition of the business performing the Services) or (b) Voya; or (2) a Service in the event of a Change in Control of the Supplier entity that is responsible for providing such Service or the disposition of the business performing such Services.
Section 19.05 Termination for Deterioration of Financial Condition. Voya may terminate this Agreement in the event that: (1) Supplier files a voluntary petition in bankruptcy or an involuntary petition is filed against it; (2) Supplier is adjudged bankrupt; (3) a court assumes jurisdiction of the assets of Supplier under a federal reorganization act, or other statute; (4) a trustee or receiver is appointed by a court for all or a substantial portion of the assets of Supplier; (5) Supplier becomes insolvent, suspends business or ceases to conduct its business in the ordinary course; (6) Supplier makes an assignment of its assets for the benefit of its creditors; (7) the occurrence of a material adverse change in Supplier's business, properties, financial condition or operations adversely affecting the provision of Services; (8) Supplier's external auditor gives Supplier a “going concern” explanation or qualification; or (9) Xxxxx'x, Standard & Poor's or Fitch, or other equivalent rating agency, lowers Supplier's credit rating below “investment grade” (e.g., in the case of Xxxxx'x, a rating lower than Baa3; in the case of Standard & Poor's, a rating lower than BBB-; in the case of Fitch, a rating lower than BBB-; or, if the defined ratings shall have been revised by Xxxxx'x, Standard & Poor's or Fitch, an equivalent rating). Supplier shall give Voya prompt notice of any such event.
Section 19.06 Termination for Change in Law. Voya may terminate this Agreement or a Service upon *** days' notice (or such earlier period of time as required by a Governmental Authority) to Supplier if any change in Law (including applicable tax rates), or an applicable Governmental Authority imposes a binding restriction or requirement that makes, or shall make, it impossible for Voya Group to continue to receive the Services or that has or is expected to have the effect of materially increasing the cost of Services to Voya Group; provided, however, that the Parties shall negotiate in good faith a work around with respect to such change in Law or binding restriction or requirement during such *** day period. In the event that such change in Law or issuance of guidance is due primarily to the actions of Supplier, its Affiliates or agents (whether or not related to the Services), then such termination shall be treated as if it were a termination for cause.
Section 19.07 Termination for Failure to Refresh Damages Cap. Voya may terminate this Agreement upon notice to Supplier if the aggregate liability for claims asserted by Voya under this Agreement exceeds *** percent (***%) of the Damages Cap and Supplier does not agree to restore the Damages Cap to the amounts set forth in Section 17.01 within *** days after receipt of notice thereof by Voya.
Section 19.08 Termination for Force Majeure. Voya may terminate this Agreement or Service upon notice to Supplier if a Force Majeure Event prevents, hinders or delays performance of a Critical Function for more than *** days after the date of such event.
– Voya Confidential – 59
Confidential Treatment Requested by Voya Financial, Inc.
Section 19.09 Other Terminations. In addition to the provisions of this Article, this Agreement or a Service may be terminated as expressly provided elsewhere in this Agreement, including in Section 7.03(3), Section 7.03(11), Section 12.03(3), and Section 14.01(8).
Section 19.10 Termination Fees. Except as expressly set forth otherwise in the applicable Statement of Work, there shall be no termination fees in connection with a termination under this Agreement.
Section 19.11 Continuing Obligations. Any termination or expiration of this Agreement or Service shall not relieve or release either Party from any rights, liabilities or obligations that may have accrued under the Law or this Agreement.
Section 19.12 Effect of Termination. In the event of a termination or expiration of this Agreement (in whole or in part) or a particular Service:
(1) | Supplier shall implement the Exit Plan in respect of the expired or terminated Services, upon Voya's request. |
(2) | Unless required in connection with Voya Group's receipt of any other Services, the rights granted to Supplier in Section 6.01 shall terminate at Voya's direction and Supplier shall (a) deliver to Voya Group, at no cost or expense to Voya Group, a current copy of the Voya IP and (b) destroy or erase all other copies of the Voya IP in Supplier's possession. Supplier shall, upon Voya's request, certify in writing to Voya, in a form reasonably acceptable to Voya and executed by an authorized officer of Supplier, that all such copies have been destroyed or erased. |
(3) | When the applicable rights granted to Voya Group in this Agreement expire, Voya Group shall, upon Supplier’s written request, destroy or erase all copies of the Supplier IP in Voya Group’s possession (subject to Voya Group’s then-standard archiving and destruction policies and procedures). An authorized officer of Voya shall certify in writing to Supplier that all such copies have been destroyed or erased in accordance with this paragraph. |
(4) | Supplier shall be entitled to payment for the expired or terminated Services performed through the effective date of termination (including works in progress). Such payment shall be apportioned according to any Deliverable payment Milestones or fixed price arrangements if payment is other than on a time and materials basis. |
(5) | Supplier shall (a) deliver to Voya a copy of all Deliverables used in connection with the expired or terminated Services, in the form in use as of the date of termination or expiration, and (b) unless required in connection with Voya Group's receipt of any other Services, destroy or erase all other copies of Deliverables in Supplier's possession. Supplier shall, upon Voya's request, certify in writing to Voya, in a form reasonably acceptable to Voya and executed by an authorized officer of Supplier, that all such copies have been destroyed or erased. |
Section 19.13 Termination Assistance and Bid Assistance.
(1) | Generally. If this Agreement or a Service terminates or expires, in whole or in part, for any reason (including termination by Supplier pursuant to Section 19.02(6)), Voya Group may require Supplier, for any amount of time in Voya Group’s discretion during the Termination |
– Voya Confidential – 60
Confidential Treatment Requested by Voya Financial, Inc.
Assistance Period, to: (a) continue to perform the terminated or expired Services (or portions thereof) under this Agreement (“Continued Services”); (b) reasonably cooperate with Voya Group or another supplier designated by Voya Group in the transfer of the Services to Voya Group or such other supplier in order to facilitate the transfer of the Services to Voya Group or such other supplier; and (c) perform any other services requested by Voya Group in connection with the transfer of the provision of the terminated or expired Services to Voya Group or another supplier (or the wind down of such Services), including any services set forth in the Exit Plan, Schedule L or the applicable Statement of Work (the services in clauses (a) through (c), the “Termination Assistance” or “Termination Assistance Services”). The Termination Assistance Services shall be considered “Services” and shall be performed in accordance with this Agreement. During any Termination Assistance Period, the Services described in clause (a) above shall be of the same quality and level of performance as provided prior to termination, but not less than as required under this Agreement.
(2) | Charges for Termination Assistance. |
(a) | Subject to the remainder of this paragraph, Termination Assistance Services will be chargeable at the applicable rates set forth in Schedule D or the applicable Statement of Work. If there are no established rates for any such Termination Assistance Services, the Parties shall negotiate rates for such services consistent with the Fees (e.g., comparable rates then-being paid by Voya Group, and, where applicable, comparable discounts then-being offered to Voya Group). With respect to Continued Services, to the extent Voya Group requests the continuation of a portion of the Services for which there is no discrete charge (i.e., such portion is subsumed within a broader Service), then the Fees shall be equitably adjusted to account for the removed Services while retaining such portion. Excluding the Continued Services, there shall be no additional Fees for providing Termination Assistance unless it requires Supplier to use additional resources over and above those used to provide the Continued Services without causing disruption in the Continued Services (and if additional resources are required, then upon Voya’s request, Supplier will work in good faith with Voya Group to reduce or eliminate such additional resources through reprioritization of work, excused performance and other methods). If Supplier believes that any work effort requested by Voya Group qualifies as chargeable Termination Assistance, then Supplier will inform Voya Group in advance of the performance of work effort. If the Parties are in dispute as to whether the work effort is chargeable, Supplier shall begin performing the work effort upon Voya Group’s written instruction to begin work. If the Parties later agree that the work effort is chargeable and separately billable, but the Fees have not been agreed upon, then Voya Group shall pay the applicable rates set forth in Schedule D while the dispute regarding the Fees is being resolved. Except for Continued Services, there will be no Fees for Termination Assistance in connection with Voya’s termination for cause pursuant to the terms of this Agreement. |
(b) | If this Agreement is terminated by Supplier in accordance with Section 19.02(6), then Supplier may invoice Voya up to fifteen (15) Business Days prior to the beginning of the each month for anticipated Fees for Termination Assistance for such month. In the immediately following month, Supplier shall true-up the Fees for the preceding month based on the amount of Termination Assistance Services actually consumed by Voya Group. Supplier shall charge or credit, as applicable, |
– Voya Confidential – 61
Confidential Treatment Requested by Voya Financial, Inc.
the amount of such true-up Fees on its next invoice to Voya. If such credit is greater than the remaining payments for such Service then Voya shall receive a refund in an amount equal to such credit from Supplier no later than *** days after the applicable month.
(3) | Bid Assistance. |
(a) | In the process of deciding whether to undertake or allow any cessation of Services, or any termination, expiration or renewal of this Agreement, in whole or in part, Voya Group may consider or seek offers for performance of services similar to the Services. As and when reasonably requested by Voya Group for use in any such process, Supplier will provide to Voya Group such information and other cooperation regarding performance of the Services as would be reasonably necessary to enable Voya Group to prepare a request for proposal relating to some or all of such services, and for a third party to conduct due diligence and prepare an informed, non-qualified offer for such services. |
(b) | Without limiting the generality of Section 19.12(5)(a), the types of information and level of cooperation to be provided by Supplier will be no less than those initially provided by Voya Group to Supplier prior to the Effective Date, and will include information which Voya Group may distribute to third party bidders in a request for proposal(s), request for information, specification, or any other solicitation relating to the Services and as necessary to support any related due diligence activities. |
ARTICLE 20 FORCE MAJEURE, BUSINESS CONTINUITY AND DISASTER RECOVERY.
Section 20.01 Force Majeure.
(1) | To the extent performance by an Affected Party of any of its obligations under this Agreement is prevented, hindered or delayed by a Force Majeure Event, the Affected Party shall be excused for such non-performance, hindrance or delay for as long as such Force Majeure Event continues; provided, however, that: (a) such Force Majeure Event is beyond the control of the Affected Party and could not be prevented by appropriate precautions; (b) the Affected Party is diligently attempting to recommence performance (including through alternate means); and (c) Supplier, if it is the Affected Party, is implementing the Business Continuity Plan and Disaster Recovery Plan, as applicable. |
(2) | Notwithstanding Section 20.01(1), the occurrence of a Force Majeure Event does not excuse, limit or otherwise affect Supplier's obligations to implement the Business Continuity Plan or Disaster Recovery Plan, restore the Services in accordance with the Recovery Time Objectives, and otherwise comply with Supplier’s obligations in Schedule M and the applicable Statement of Work, except to the extent that implementation of such Business Continuity Plan or Disaster Recovery Plan is directly prevented or delayed by a Force Majeure Event (and such Force Majeure Event was not contemplated by such Business Continuity Plan or Disaster Recovery Plan), in which case implementation of the Business Continuity Plan or Disaster Recovery Plan shall be excused pursuant to Section 20.01(1). |
For example, if a tornado at a primary Service Location (Site A) prevents Service delivery from such Service Location and a flood prevents Service delivery from Site A's disaster recovery site (Site B), subject to the following sentence, Supplier shall be excused from
– Voya Confidential – 62
Confidential Treatment Requested by Voya Financial, Inc.
non-performance of the Service from such Service Locations due to a Force Majeure Event under Section 20.01(1), assuming Supplier continues to satisfy its obligations in Section 20.02. If, however, the Business Continuity Plan and Disaster Recovery Plan contemplated a category tornado at Site A and flood at Site B (i.e., the plans were designed to provide for recovery in spite of a tornado and flood impacting during the same period), then failure to implement the Business Continuity Plan and Disaster Recovery Plan or to recover the Service in accordance with the Recovery Time Objectives shall not be excused by the Force Majeure Event under Section 20.02.
Section 20.02 Alternate Source. If any Force Majeure Event or Business Continuity Event prevents, hinders or delays performance of a Service for more than the applicable Recovery Time Objective set forth in the Business Continuity Plan or Disaster Recovery Plan (or, if no time frame is specified, more than *** days after the date of such event), Voya may authorize Voya Group to procure such Services from an alternate source, or perform such Services for itself, and Supplier shall ***, including *** Services that are commercially reasonable *** of the then-current Fees for such Services to the extent *** itself, in each case, for ***; provided, however, that if Voya provides notice of termination with respect to such Services, Supplier's obligation *** under this Section shall cease as of the date of such notice.
Section 20.03 No Payment for Unperformed Services. If Supplier fails to provide the Services in accordance with this Agreement due to the occurrence of a Force Majeure Event or Business Continuity Event, the Fees shall be adjusted in a manner such that Voya is not responsible for the payment of any Fees for Services that Supplier (or an alternate source obtained by Supplier) fails to provide.
Section 20.04 Allocation of Resources. Whenever a Force Majeure Event or Business Continuity Event or other business continuity event causes Supplier to allocate limited resources between or among Supplier's customers, Supplier shall not provide to any of its *** customers *** Service Recipients, except to the extent required by applicable Law.
ARTICLE 21 ACTION PLANS AND STEP IN RIGHTS.
Section 21.01 Triggers for an Action Plan. If Supplier fails to perform any Critical Function or there otherwise is a Step In Event (each as defined in Schedule M or the applicable Statement of Work), including due to or arising out of a Force Majeure Event, Voya may request a draft of an action plan from Supplier, in which event Supplier will prepare and deliver within two (2) Business Days after receiving such request (or such other time period as to which Voya and Supplier may agree) such a plan (“Action Plan”) for Voya’s review and approval.
Section 21.02 Action Plan Contents. An Action Plan must specify in detail reasonably satisfactory to Voya:
(1) | the process for identifying the cause of the failure or incident the Action Plan is intended to remedy or prevent; |
(2) | where remedy of the failure or incident is possible, the actions that will be taken by Supplier to effect that remedy; |
(3) | the actions that will be taken by Supplier to prevent the same or a substantially similar failure or incident from occurring in the future; |
– Voya Confidential – 63
Confidential Treatment Requested by Voya Financial, Inc.
(4) | the timeline for implementing the Action Plan; and |
(5) | any other content Voya Group may reasonably request. |
Section 21.03 Voya Group’s Response to Draft Action Plan.
(1) | After receiving the draft Action Plan, Voya may inform Supplier that it approves the draft Action Plan or comment on the draft Action Plan, in which case Supplier will (a) at the reasonable request of Voya, meet to discuss Voya’s comments; and (b) within two (2) Business Days after the meeting, or receipt of Voya’s comments where no meeting is required by Voya, prepare a revised Action Plan addressing Voya’s comments and submit it for Voya’s approval. |
(2) | This Section 21.03 will apply iteratively to any proposed Action Plan until it has been approved by Voya. |
Section 21.04 Implementation of Action Plan. Supplier will only implement an Action Plan if Voya has approved it and then in the form approved by Voya.
Section 21.05 Exercise of Step In Rights.
(1) | If Supplier fails to comply in a timely manner with its obligations regarding the creation or implementation of an Action Plan (including the provision of the applicable Services once implemented), or if Supplier does not produce an Action Plan reasonably acceptable to Voya (after having had one chance to revise it pursuant to Section 21.03(1)), Voya may, by giving written notice to Supplier, in addition to its other remedies at law and in equity, take over the creation and/or implementation of the Action Plan, the rectification of the failure or incident, and/or the provision of the applicable Services, or otherwise authorize its designee to do the same (each a “Step In”), which, at Voya’s sole discretion, may or may not include Supplier’s involvement. |
(2) | If Voya Group or its designee Steps In, Supplier must cooperate with Voya Group and its personnel and provide, at no additional charge to Voya Group, all assistance reasonably required by Voya Group, including: |
(a) | providing access to all relevant equipment, premises and Software under Supplier’s (or a subcontractor’s) control as required by Voya Group (or its designee) in connection with the Step In; and |
(b) | ensuring that Service Delivery Organization members normally engaged in the provision of the Services are available to Voya Group (or its designee) to provide any assistance Voya Group may reasonably request. |
(3) | Voya Group’s right to Step In will end, and Voya Group must hand back the responsibility to Supplier, when Supplier can demonstrate that Supplier is capable of resuming provision of the affected Service(s) in accordance with the requirements of this Agreement and that the occurrence giving rise to the Step In will not recur to the extent the cessation of Services was under Supplier’s control. |
– Voya Confidential – 64
Confidential Treatment Requested by Voya Financial, Inc.
(4) | Voya shall *** the Step In Costs *** for the following costs incurred by Voya Group in exercising its Step In rights (“Step In Costs”) *** what would have been Supplier’s Fees for the Services replaced by the Step In, and Voya Group will not be responsible to pay Supplier’s Fees for the Services that were replaced by the Step In: |
(a) | any reasonable payments Voya Group makes to a third party in connection with the provision of services related to the Step In; and |
(b) | the reasonable and proven additional internal costs and expenses incurred by Voya Group in connection with Voya Group’s provision of services related to the Step In. |
ARTICLE 22 MISCELLANEOUS.
Section 22.01 Amendment. No amendment of this Agreement shall be valid unless in writing and signed by an authorized representative of the Parties (as designated by each entity from time-to-time).
Section 22.02 Assignment. Neither Party shall assign this Agreement, or any amounts payable pursuant to this Agreement, without the consent of the other; provided, however, that Voya may assign this Agreement to: (1) an entity acquiring all or substantially all of the assets of Voya; (2) the successor in any merger involving Voya; or (3) an Affiliate of Voya; provided, however, that, in each case, such entity agrees in writing to assume and be bound by all obligations of Voya under this Agreement. This Agreement shall be binding upon the successors and permitted assigns of the Parties. Any assignment in violation of this Section shall be null and void ab initio.
Section 22.03 Consents, Approvals and Requests. Except as specifically set forth in this Agreement, all consents, acceptances and approvals to be given by either Party under this Agreement shall be in writing and shall not be unreasonably withheld or delayed and each Party shall make only reasonable requests under this Agreement.
Section 22.04 Counterparts. This Agreement may be executed in any number of counterparts, each of which shall be deemed an original, but all of which taken together shall constitute one single agreement between the Parties.
Section 22.05 Entire Agreement. This Agreement supersedes all prior discussions and agreements between the Parties with respect to the subject matter hereof and represents the entire agreement between the Parties with respect to that subject matter.
Section 22.06 Export. Each Party shall comply with all Export Controls. Prior to providing Supplier with access to any technology or material (including data) in connection with the Services, Voya Group shall promptly notify Supplier of any technology or material that is subject to any classification other than EAR99 (or its non-U.S. equivalent) and, in such event, will (with cooperation and assistance from Supplier): (1) identify the Export Controls (e.g., EAR or ITAR) and classifications (e.g., ECCN) applicable to such technology and materials, including any required third party licenses, consents or authorizations; (2) notify Supplier of such Export Controls; and (3) obtain any such required third party licenses, consents or authorizations or, if and as requested by Supplier, cooperate with and assist Supplier in obtaining such third party licenses, consents or authorizations. Subject to the foregoing, Supplier agrees to notify Voya Group of any technology, technical data or information that it will provide to Voya Group pursuant to this Agreement that is subject to control under applicable export regulations under any classification other than EAR99 (or its non-U.S. equivalent) and, in such event, will: (a) identify the Export Controls (e.g., EAR or ITAR) and classifications (e.g., ECCN) applicable to such technology and materials, including any required third party licenses, consents or authorizations; (b) notify Voya of such Export Controls; (c) obtain any such required third party licenses, consents or authorizations or, if and as requested by Voya Group, cooperate with and assist Voya Group in obtaining such third party licenses, consents or authorizations; and (d) upon Voya’s advance written request, provide any copies of such licenses, consents or authorizations requested by Voya Group to demonstrate compliance with the Export Controls. In addition, Supplier shall not access any Voya Data from a country embargoed by the U.S.
Section 22.07 Good Faith and Fair Dealing. Except where explicitly stated otherwise (e.g., use of “sole discretion”), the performance of all obligations and exercise of all rights by each Party shall be governed by the principle of good faith and fair dealing and by a commercially reasonable standard.
Section 22.08 Governing Law, Jurisdiction and Venue. This Agreement, including its formation, performance, enforcement and termination, and all aspects of the Parties’ relationship hereunder, shall be governed by and construed in accordance with the internal laws of the State of New York applicable to agreements made and to be performed entirely within such State, without regard to the conflicts of law principles of such State. Each Party hereby irrevocably and unconditionally submits to the jurisdiction of (1) the United States District Court for the Southern District of New York and (2) the Supreme Court of the State of New York, New York County, for the purposes of any suit, action or other proceeding arising out of this Agreement. Each Party hereby agrees to commence any such action, suit or proceeding in the United States District Court for the Southern District of New York or, if such suit, action or other proceeding cannot be brought in such court for jurisdictional reasons, to commence such suit, action or other proceeding in the Supreme Court of the State of New York, New York County. Service of any process, summons, notice or document by U.S. registered mail to such Party's respective address set forth in Section 22.12 shall be effective service of process for any action, suit or proceeding in New York with respect to any matters to which it has submitted to jurisdiction in this Agreement. Each Party irrevocably and unconditionally waives any
– Voya Confidential – 65
Confidential Treatment Requested by Voya Financial, Inc.
objection to the laying of venue of any action, suit or proceeding arising out of this Agreement in (a) the United States District Court for the Southern District of New York or (b) the Supreme Court of the State of New York, New York County, and hereby and thereby further irrevocably and unconditionally waives and agrees not to plead or claim in any such court that any such action, suit or proceeding brought in any such court has been brought in an inconvenient forum. Each Party hereby waives to the fullest extent permitted by applicable Law, any right it may have to a trial by jury in respect to any litigation directly or indirectly arising out of, under or in connection with this Agreement.
Section 22.09 Continued Performance. Each Party agrees to continue performing its obligations under this Agreement while a dispute is being resolved except to the extent the issue in dispute precludes performance (dispute over payment shall not be deemed to preclude performance) and without limiting either Party's termination rights provided in ARTICLE 19.
Section 22.10 Independent Contractor.
(1) | In performing under this Agreement, Supplier will be deemed to be acting as an independent contractor of Voya Group and will not be deemed an agent, legal representative, joint venturer or partner of Voya Group. Neither Party is authorized to bind the other Party to any obligation, affirmation or commitment with respect to any other person or entity. |
(2) | The Service Delivery Organization shall at all times be under Supplier's exclusive direction and control and its members shall in no way be deemed to be an employee, agent or contractor of Voya Group for any purpose, including wages, benefits, employment-related (including healthcare) taxes, rights and privileges afforded to employees under any Laws. Accordingly, Supplier will be solely responsible for providing and/or ensuring appropriate compensation and benefits for such individuals in accordance with all applicable Laws; and payment of all employment-related taxes. In addition, Supplier expressly acknowledges and agrees that the Services rendered pursuant to this Agreement will not form the basis for any rights of eligibility, vesting or participation in any fringe benefits afforded to any employees of Voya Group, including vacation and holiday pay, leaves of absence, health and welfare benefits, including coverage for medical, dental, vision, accidental death and disability, long-term disability, life insurance, severance benefits, retirement benefits, including pension or thrift plan contributions, and/or any other benefits of any kind or nature provided by Voya Group to its employees, whether or not maintained under a qualified ERISA plan, even if a person’s period of performance hereunder is subsequently reclassified by a third party as a period of employment with Voya Group for any other purpose. |
Section 22.11 Non-Solicitation. Except as otherwise set forth in a Statement of Work with respect to Voya Group’s right to hire, during the term of a Statement of Work and for a period of twelve (12) months following the termination or expiration of such Statement of Work, each Party agrees not to, without the consent of the other Party, directly or indirectly, solicit for employment, hire or establish any consultancy or other working engagement with any employee of the other Party or its Affiliates that receive or provide the Services under such Statement of Work; provided, however, that nothing herein shall prevent either Party from (1) engaging in or using general solicitations to the public, general advertising, placement firm searches or similar means not directed or targeted at employees of the other Party and their Affiliates or (2) hiring any employee of the other Party (a) whose employment with such other Party has been terminated for at least *** days prior to such hire or (b) who initiates contact with a Party in response to indirect means such as general solicitations
– Voya Confidential – 66
Confidential Treatment Requested by Voya Financial, Inc.
to the public, general advertisement, placement firm searches or similar means not directed or targeted at such employee.
Section 22.12 Notices. All notices, requests, consents, approvals, agreements, authorizations, acceptances, rejections and waivers under this Agreement shall be in writing and shall be deemed given when: (1) delivered by hand or private, prepaid courier service to the person specified for the receiving Party at the address specified; or (2) mailed to that addressee at that address by a nationally recognized express mail carrier with package tracking capability or certified mail, return receipt requested, with postage fully prepaid. The Parties may change the address or person for notification upon ten (10) days' notice to the other. The initial notification information is:
For Voya Group: | For Supplier: |
Voya Services Company Xxx Xxxxxx Xxx Xxxxxxx, XX 00000 Attention: Chief Information Officer | Cognizant Worldwide Limited 1 Kingdom Street, Paddington Central, Xxxxxx Xxxxxx Xxxxxxx X0 0XX Attention: General Counsel |
With a copy to: | With a copy to: |
Voya Services Company 0000 Xxxxxx Xxxxx Xxxx, XX Xxxxxxx, XX 00000 Attention: Chief Counsel, IT | Cognizant Technology Solutions U.S. Corporation 000 Xxxxxxx Xxxxxx Xxxxxxx Xxxxxxx XX 00000 Attention: General Counsel |
Except as expressly permitted in this Agreement, an electronic mail message does not satisfy any requirement in this Agreement that a notice, consent, approval, agreement, authorization, acceptance, rejection or waiver must be in writing or signed by any person or Party, or any similar requirement.
Section 22.13 Publicity. Neither Party shall (1) use the name, trade name, trademarks, service marks or logos of the other Party in any publicity releases, news releases, annual reports, marketing materials, product packaging, signage, stationary, print literature, advertising or websites, (2) represent (directly or indirectly) that any product or service offered by the Party has been used, approved or endorsed by the other Party or (3) make any sort of public communication regarding the other Party, this Agreement, without the consent of the other Party, in each instance, which the other Party may withhold in its sole discretion.
Section 22.14 Remedies Cumulative. No specific remedy under this Agreement shall limit a Party's right to exercise all other remedies available to such Party under Law, in equity or under this Agreement, and all such remedies shall be cumulative.
Section 22.15 Severability. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, then the remaining provisions of this Agreement shall remain in full force and effect, except to the extent such remaining provisions are not capable of substantial performance as a result of such holding.
Section 22.16 Survival. ARTICLE 5, ARTICLE 6, ARTICLE 8, ARTICLE 9, ARTICLE 10, ARTICLE 12, ARTICLE 13, ARTICLE 15 (to the extent relating to a breach occurring during the Term), ARTICLE 16, ARTICLE 17, Section 2.05, Section 7.01, Section 11.03, Section 12.02 (for
– Voya Confidential – 67
Confidential Treatment Requested by Voya Financial, Inc.
so long as any records are required to be retained pursuant to this Agreement), Section 19.09, Section 19.11, Section 19.12, Section 22.08, Section 22.11, Section 22.12, Section 22.13, this Section, Section 22.17 and any other provisions, Sections or Articles that by their nature are necessary to survive the expiration or termination of this Agreement or Service for any reason shall survive the expiration or termination of this Agreement or Service.
Section 22.17 Third Party Beneficiaries. This Agreement is for the sole benefit of the Parties and their permitted assigns and each such Party intends that this Agreement shall not benefit, or create any right or cause of action in or on behalf of, any person or entity other than the Parties, their permitted assigns, and with respect to ARTICLE 16, the Voya Indemnified Parties and Supplier Indemnified Parties.
Section 22.18 Waiver. No delay or omission by any Party to exercise any right or power it has under this Agreement shall impair or be construed as a waiver of such right or power. A waiver by any Party of any breach or obligation shall not be construed to be a waiver of any succeeding breach or any other obligation.
Section 22.19 Non-Discrimination. To the extent applicable to the Services under this Agreement, Supplier shall abide by the requirements of 41 C.F.R. §§ 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity or national origin. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, national origin, protected veteran status or disability.
Remainder of page intentionally left blank; signature page follows.
IN WITNESS WHEREOF, the authorized representatives of the Parties have executed this Agreement as of the Effective Date.
VOYA SERVICES COMPANY | COGNIZANT WORLDWIDE LIMITED |
by: /s/ Xxxxxx Parent name: Xxxxxx Parent title: Executive Vice President | by: /s/ Xxxxx Xxxxx name: Xxxxx Xxxxx title: General Counsel UK, MEA |
Solely for the purpose of acknowledging that CTS US may perform local services in the United States of America in accordance with Section 2.01:
– Voya Confidential – 68
Confidential Treatment Requested by Voya Financial, Inc.
COGNIZANT TECHNOLOGY SOLUTIONS U.S. CORPORATION |
by: /s/ Xxxxxx Xxxxxxx name: Xxxxxx Xxxxxxx title: Corporate Counsel |
– Voya Confidential – 69