Contract
Exhibit 4.a
Restated and Amended Master Services and Software License Agreement
AT&T Agreement No. 53258.A.005
CERTAIN IDENTIFIED INFORMATION HAS BEEN EXCLUDED FROM THE EXHIBIT BECAUSE IT IS BOTH (I) NOT MATERIAL AND (II) IS THE TYPE THAT THE REGISTRANT TREATS AS PRIVATE OR CONFIDENTIAL
Restated and Amended Master Services And
Software License Agreement
No. 53258.C
Between
Amdocs Development Limited
And
AT&T Services, Inc.
Proprietary and Confidential
This Agreement and information contained therein is not for use or disclosure outside of AT&T, its Affiliates, and third party representatives, and Supplier except under written agreement by the contracting parties.
1
AT&T Agreement No. 53258.A.005
Table of Contents
1.0 |
PREAMBLE | 6 | ||||
2.0 |
DEFINITIONS | 6 | ||||
2.1 |
Accept or Acceptance | 6 | ||||
2.2 |
Acceptance Date | 6 | ||||
2.3 |
Acceptance Letter | 7 | ||||
2.4 |
Acceptance Test Period or Trial Period | 7 | ||||
2.5 |
Acceptance Tests | 7 | ||||
2.6 |
Affiliate | 7 | ||||
2.7 |
Agreement | 7 | ||||
2.8 |
AT&T Data | 7 | ||||
2.9 |
AT&T Derived Data or AT&T Derived Information | 8 | ||||
2.10 |
Call Center Work | 8 | ||||
2.11 |
Computer Program | 8 | ||||
2.12 |
Concurrent Users | 8 | ||||
2.13 |
Critical Performance Milestone | 8 | ||||
2.14 |
Custom Software | 9 | ||||
2.15 |
Customer Information | 9 | ||||
2.16 |
Delivery | 9 | ||||
2.17 |
Delivery Date | 9 | ||||
2.18 |
Design Materials | 9 | ||||
2.19 |
Designated Site | 9 | ||||
2.20 |
Designated System | 10 | ||||
2.21 |
Documentation or Program Material | 10 | ||||
2.22 |
Enhancement | 10 | ||||
2.23 |
Enterprise License | 10 | ||||
2.24 |
Equipment | 10 | ||||
2.25 |
Error or Defect | 10 | ||||
2.26 |
Functionality | 10 | ||||
2.27 |
Harmful Code | 10 | ||||
2.28 |
Incident | 11 | ||||
2.29 |
Information | 11 | ||||
2.30 |
Intellectual Property Rights | 12 | ||||
2.31 |
Laws | 12 | ||||
2.32 |
License Order | 12 | ||||
2.33 |
Maintenance | 12 | ||||
2.34 |
Maintenance Fee | 12 | ||||
2.35 |
Maintenance Order | 12 | ||||
2.36 |
Major Release | 12 | ||||
2.37 |
Material | 12 | ||||
2.38 |
Minor Release | 13 | ||||
2.39 |
Modification and Modify | 13 | ||||
2.40 |
Named Users | 13 | ||||
2.41 |
New Release | 13 | ||||
2.42 |
OnGoing Support | 13 |
Page 2 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
2.43 |
Order | 13 | ||||
2.44 |
Permitted Third Parties | 13 | ||||
2.45 |
Production Support | 13 | ||||
2.46 |
Project | 14 | ||||
2.47 |
Project Manager | 14 | ||||
2.48 |
Published Specifications | 14 | ||||
2.49 |
Resolution | 14 | ||||
2.50 |
Restoral | 14 | ||||
2.51 |
Revision | 14 | ||||
2.52 |
Services | 14 | ||||
2.53 |
Services Order | 14 | ||||
2.54 |
Severity Xxxxx | 00 | ||||
2.55 |
Software | 15 | ||||
2.56 |
Specifications | 15 | ||||
2.57 |
Standard Software | 15 | ||||
2.58 |
Subcontractor | 15 | ||||
2.59 |
System | 15 | ||||
2.60 |
Third-Party Software | 15 | ||||
2.61 |
Update | 15 | ||||
2.62 |
Users | 16 | ||||
2.63 |
Vulnerability | 16 | ||||
2.64 |
Warranty Period | 16 | ||||
2.65 |
Work | 16 | ||||
3.0 |
GENERAL TERMS | 16 | ||||
3.1 |
AT&T Affiliate | 16 | ||||
3.2 |
Amendments and Waivers | 17 | ||||
3.3 |
Anticorruption Laws | 17 | ||||
3.4 |
Assignment and Delegation | 18 | ||||
3.5 |
Compliance with Laws | 18 | ||||
3.6 |
Construction and Interpretation | 20 | ||||
3.7 |
Cumulative Remedies | 21 | ||||
3.8 |
Special Software Terms | 21 | ||||
3.9 |
Acceptance or Rejection | 23 | ||||
3.10 |
Technology Standards | 24 | ||||
3.11 |
Entire Agreement | 26 | ||||
3.12 |
Force Majeure | 26 | ||||
3.13 |
Governing Law | 27 | ||||
3.14 |
Government Contract Provisions | 27 | ||||
3.15 |
Indemnity | 29 | ||||
3.16 |
Information | 32 | ||||
3.18 |
Insurance | 38 | ||||
3.19 |
Invoicing and Payment | 41 | ||||
3.20 |
Labor Disputes | 42 | ||||
3.21 |
Limitation of Damages | 42 | ||||
3.22 |
Non-Exclusive Market | 44 | ||||
3.23 |
Notices | 44 |
Page 3 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3.24 |
Offshore Work Permitted Under Specific Conditions | 45 | ||||
3.25 |
Order of Precedence | 46 | ||||
3.26 |
Orders | 46 | ||||
3.27 |
Ownership of Paid-For Development, Use and Reservation of Rights | 47 | ||||
3.28 |
Prices | 50 | ||||
3.29 |
Publicity | 50 | ||||
3.30 |
Quality Assurance | 50 | ||||
3.31 |
Records and Audits | 51 | ||||
3.32 |
Severability | 54 | ||||
3.33 |
Supplier Citizenship and Sustainability | 54 | ||||
3.34 |
Survival of Obligations | 55 | ||||
3.35 |
Taxes | 55 | ||||
3.36 |
Termination | 57 | ||||
3.37 |
Third Party Administrative Services | 62 | ||||
3.38 |
Ownership of AT&T Data and AT&T Derived Data | 62 | ||||
3.39 |
Third Party Beneficiaries | 63 | ||||
3.40 |
Risk of Loss | 64 | ||||
3.41 |
Transaction Costs | 64 | ||||
3.42 |
Utilization of Minority, Women, and Disabled Veteran Owned Business Enterprises | 64 | ||||
3.43 |
Warranty | 66 | ||||
3.44 |
Work Done By Others | 70 | ||||
3.45 |
Supplier’s Compliance with Industry Standards | 71 | ||||
4.0 |
SPECIAL TERMS | 71 | ||||
4.1 |
Access to AT&T Premises and Non-Public Information Systems | 71 | ||||
4.2 |
Background Checks/Drug Screening | 72 | ||||
4.3 |
Change Control | 73 | ||||
4.4 |
Customer Information | 73 | ||||
4.5 |
Dispute Resolution | 74 | ||||
4.6 |
Electronic Data Interchange (EDI) | 76 | ||||
4.7 |
Entry on AT&T Property | 78 | ||||
4.8 |
Error Severity Level Description And Resolution Plan | 80 | ||||
4.9 |
Liquidated Damages for Delay in Delivery | 82 | ||||
4.10 |
Independent Contractor | 83 | ||||
4.11 |
Payment Card Industry Data Security Standards (PCI-DSS) | 84 | ||||
4.12 |
Previous Services for AT&T | 84 | ||||
4.13 |
Affordable Care Act | 84 | ||||
4.14 |
Supplier’s Audited Financial Statements | 84 | ||||
5.0 |
SPECIAL SOFTWARE TERMS | 85 | ||||
5.1 |
Modifications | 85 | ||||
5.2 |
Program Material | 85 | ||||
6.0 |
MISCELLANEOUS PROVISIONS | 85 | ||||
6.1 |
Allowable Expenses | 85 | ||||
6.2 |
Reporting | 85 | ||||
6.3 |
Disaster Recovery and Business Continuity Plan: | 86 | ||||
6.4 |
Clauses Applicable to Call Center Work | 86 | ||||
7.0 |
RELATIONSHIP MANAGEMENT | 89 |
Page 4 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
7.1 |
Relationship Management | 89 | ||||
7.2 |
Proposed Projects | 90 | ||||
7.3 |
Project Management | 91 | ||||
7.4 |
Hardware and Third Party Software Considerations | 92 | ||||
8.0 |
Standard Software License | 93 | ||||
8.1 |
License Grant | 93 | ||||
8.2 |
License Fee | 93 | ||||
8.3 |
Limitations on Use | 94 | ||||
8.4 |
Modification | 95 | ||||
8.5 |
Source Code Availability | 96 | ||||
8.6 |
Title | 96 | ||||
9.0 |
Execution of Agreement | 97 | ||||
9.1 |
Transmission of Original Signatures and Executing Multiple Counterparts | 97 |
APPENDICES |
98 | |||
Appendix A – Supplier’s Price(s) |
00 | |||
Xxxxxxxx X – Forms of Order |
102 | |||
Appendix B, Exhibit 1 – For Orders Requiring Signature |
103 | |||
Appendix B, Exhibit 2 – For Use When Issuing A Purchase Order |
111 | |||
Appendix B, Exhibit 3 – For License Orders for Standard Software |
000 | |||
Xxxxxxxx X – Offshore Locations |
120 | |||
Appendix D – Security and Offshore Requirements |
000 | |||
Xxxxxxxx X – Prime Supplier MBE/WBE/DVBE Participation Plan and Results |
154 | |||
Appendix E, Exhibit 1 – Prime Supplier MBE/WBE/DVBE Participation Plan |
155 | |||
Appendix E, Exhibit 2 – MBE/WBE/DVBE Results Report |
157 | |||
Appendix F – Acceptance Letter |
000 | |||
Xxxxxxxx X – Agreement Regarding Non-Employment Status with AT&T |
159 | |||
Appendix H – Vendor Expense Policy |
161 | |||
Appendix I – Non-Disclosure Agreements |
167 | |||
Appendix I, Exhibit 1 – Non-Disclosure Agreement between Amdocs and External Auditors, Other Vendors, or Consultants for AT&T |
169 | |||
Appendix I, Exhibit 2 – Non-Disclosure between a Vendor, Consultant, Or Third Party to AT&T and AT&T |
174 | |||
Appendix J – Disaster Recovery Plan (“DRP”) and Business Continuity Plan (“BCP”) |
179 | |||
Appendix K – EU Data Privacy and GDPR Data Processing Obligations |
180 | |||
Appendix L – Standard Contractual Clauses (Processors) |
188 | |||
Appendix M – Escrow Agreement |
198 | |||
Appendix O – California Consumer Privacy Act Requirements |
000 | |||
Xxxxxxxx X – Legacy Software Maintenance |
201 |
Page 5 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
1.0 | PREAMBLE |
1.1 | Preamble |
This Restated and Amended Master Services and Software License Agreement (the “Agreement”) is between Amdocs Development Limited, a Cyprus corporation (hereinafter referred to as “Supplier”), and AT&T Services, Inc., a Delaware corporation (hereinafter referred to as “AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties.”
1.2 | Scope of Agreement: |
Supplier shall provide to AT&T the Material and Services and license to AT&T the Standard Software, subject to the terms and conditions of this Agreement and pursuant to and in conformance with Orders submitted by Supplier or AT&T. Such Orders, once fully executed by the Parties, shall be deemed to incorporate the provisions of this Agreement (including the Appendices and Exhibits attached hereto) as though fully set forth therein. The Parties agree that any [***] except to the extent that the terms and conditions of the existing Maintenance Orders set forth in Appendix N – Legacy Software Maintenance conflict with the terms and conditions of this Agreement, in which case the terms and conditions of the existing Maintenance Orders set forth in Appendix N – Legacy Software Maintenance shall control.
1.3 | Term of Agreement |
After all Parties have signed, this Agreement shall be effective on the last date signed by a Party (“Effective Date”), and shall continue until October 15, 2022 (“Expiration Date”) (the time period between Effective Date through Expiration Date shall be referred to as the “Initial Term”), unless earlier terminated as set forth herein. The Parties may extend the term by executing an amendment to this Agreement (each such extension, a “Renewal Period”). The Initial Term and any Renewal Period(s) shall together be referred to as the “Term of Agreement”.
Any Order in effect on the date when this Agreement expires or is terminated will continue in effect until such Order either (i) expires by its own terms or (ii) is separately terminated, prior to its own scheduled expiration, as provided in this Agreement. The terms and conditions of this Agreement shall continue to apply to such Order as if this Agreement were still in effect.
2.0 | DEFINITIONS |
2.1 | Accept or Acceptance |
“Accept” or “Acceptance” means AT&T’s acceptance of the Material or Services ordered by AT&T and provided by Supplier as specified in the applicable Order. AT&T’s Acceptance shall occur no earlier than as specified in Section 3.9.
2.2 | Acceptance Date |
“Acceptance Date” means the date on which AT&T Accepts Material or Services.
Page 6 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
2.3 | Acceptance Letter |
“Acceptance Letter” means a document signed by AT&T substantially in the form of Appendix F indicating its Acceptance of the Material and/or Services.
2.4 | Acceptance Test Period or Trial Period |
“Acceptance Test Period” or “Trial Period” means the length of time specified in an Order, or, if not so specified, a period of no less than [***] days and no more than [***] working days, during which the Acceptance Tests are performed.
2.5 | Acceptance Tests |
“Acceptance Tests” means the performance and reliability demonstrations and tests that must be successfully completed by the Material and Services during the Trial Period. These tests include: (i) AT&T’s routine business test transactions, (ii) tests, demonstrations, or transactions presented or performed by Supplier, and (iii) any other tests, demonstrations or transactions included or referenced in the applicable Order or Specifications, all to determine whether the Material or Services meet the Specifications.
2.6 | Affiliate |
“Affiliate” means (i) with respect to AT&T, a business association that has legal capacity to contract on its own behalf, to sue in its own name, and to be sued, if and only if either (a) such business association owns, directly or indirectly, a majority interest in AT&T (its “parent company”), (b) a majority interest in such business association is owned, either directly or indirectly, by AT&T or its parent company, or (c) such business association is a certain rural local telephone company that is a party to that certain Joint Operating Agreement dated as of September 28, 2000, pursuant to which AT&T Mobility LLC and such telephone company jointly conduct their respective wireless operations within MTA 006; and (ii) with respect to Supplier, any business association that has legal capacity to contract on its own behalf, to sue in its own name, and to be sued, if and only if that business association controls, is controlled by, or is under common control with Supplier, where “control” means the direct or indirect holding of 50% or more of the equity and/or voting rights.
2.7 | Agreement |
“Agreement” means the written agreement between the Parties as set forth in this document and the attached appendices and shall include the terms of such other documents as are incorporated by express reference in this document and the attached appendices, as well as any Orders that may be issued pursuant to this Agreement.
2.8 | AT&T Data |
“AT&T Data” means any data or information (i) of AT&T or its customers that is disclosed or provided to Supplier by, or otherwise obtained by Supplier from, AT&T or its customers, including Customer Information and customer proprietary network information (as that term is defined in Section 222 of the Communications Act of 1934, as amended, 47 U.S.C. §222), as well as data
Page 7 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
and information with respect to the businesses, customers, operations, networks, systems, facilities, products, rates, regulatory compliance, competitors, consumer markets, assets, expenditures, mergers, acquisitions, divestitures, xxxxxxxx, collections, revenues and finances of AT&T; and (ii) not supplied by AT&T or its customers, but created, generated, collected or harvested by Supplier either (a) in furtherance of this Agreement or an Order hereunder or (b) as a result of Supplier having access to AT&T infrastructure, systems, data, hardware, software or processes (for example, through data processing input and output, service level measurements, or ascertainment of network and system information). Notwithstanding the foregoing, the Parties agree that “AT&T Data” shall not be deemed to include material or software (I) created or owned by Amdocs prior to execution of this Agreement, (II) provided under license from third parties by Amdocs prior to execution of this Agreement, (III) created by Amdocs or third parties after execution of this Agreement for a client other than AT&T or (IV) that Supplier owns in accordance with this Agreement or as agreed by the Parties in an Order.
2.9 | AT&T Derived Data or AT&T Derived Information |
“AT&T Derived Data” or “AT&T Derived Information” means any data or information that is a result of or modification of, adaption, revision, translation, abridgement, condensation, compilation, evaluation, expansion, or any other recasting or processing of the AT&T Data, for example, as a result of Supplier’s observation, analysis, or visualization of AT&T Data arising out of the performance of Supplier’s obligations. Notwithstanding the foregoing, the Parties agree that “AT&T Derived Data” shall not be deemed to include Supplier’s material or software that does not constitute AT&T Data as set forth in Section 2.8, “AT&T Data,” above, and [***]
2.10 | Call Center Work |
“Call Center Work” means work centralized in a physical place where telephone calls are handled by Supplier, usually with some amount of computer automation, as agreed by the Parties in an Order.
2.11 | Computer Program |
“Computer Program” means a set of instructions or code intended to cause a computer to produce certain results.
2.12 | Concurrent Users |
“Concurrent Users” means different Users who are accessing and using a Computer Program at the same time.
2.13 | Critical Performance Milestone |
“Critical Performance Milestone” means a date certain or the end of a stipulated interval of time for the Delivery of an item of Program Material or Software or the completion of performance of a Service, the timely completion or delivery of which is considered to be critical to the success for the Project and which is expressly referred to in an Order as a “Critical Performance Milestone”.
Page 8 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
2.14 | Custom Software |
“Custom Software” means any and all Software, excluding Standard Software, to the extent it constitutes Paid-For Development.
2.15 | Customer Information |
“Customer Information” includes, but is not limited to, customer name, address, and phone number, any customer or employee personal information, credit card and credit-related information, health or financial information, authentication credentials, information concerning a customer’s calling patterns, unlisted customer numbers, any other information associated with a customer or with persons in the household of a customer, and any information available to AT&T and/or its suppliers by virtue of AT&T’s relationship with its customers as a provider of telecommunications, Internet, information or other services, including the quantity, technical configuration, location, type, destination, and amount of use of telecommunications or other services subscribed to, and information contained on the telephone bills of AT&T’s customers pertaining to telephone exchange service, telephone toll service or other services received by a customer of AT&T.
2.16 | Delivery |
“Deliver” or “Delivery” means Supplier’s obligation to provide Material and/or Services that [***] conform to the Specifications. Delivery occurs: (i) with respect to tangible Material, upon AT&T’s possession of the Material, if Supplier is not required to provide additional Services in connection with the Delivery, such as installation, (ii) with respect to Software upon AT&T’s receipt of electronic transmission or receipt by AT&T of the media upon which the Software resides, or (iii) for Services or Material for which Services are to be provided, upon completing the provision of Services with respect to an applicable Milestone or scope of Delivery.
2.17 | Delivery Date |
“Delivery Date” means the date on which Supplier is scheduled to complete its Delivery as established in an Order.
2.18 | Design Materials |
“Design Materials” includes the source code statements for a Computer Program; all requirements documents, record layouts, outlines, flowcharts, and other materials intended for use in the preparation of the source code statements; and all comments included in the source code statements as a reference to other materials.
2.19 | Designated Site |
“Designated Site” means AT&T’s building or complex of buildings within which AT&T is authorized to use the Standard Software as may be specified in a License Order.
Page 9 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
2.20 | Designated System |
“Designated System” means a particular computer system designated by type, serial number(s) and location that may be set forth in the applicable License Order.
2.21 | Documentation or Program Material |
“Documentation” or “Program Material” includes user instructions and system manuals, training Material in machine readable or printed form, Supplier’s written Specifications, Material associated with Custom Software, flow charts, data file listings, and input and output formats provided by Supplier under the applicable Services Order. If the applicable Order so provides, Program Material will also include the source code for the Standard Software.
2.22 | Enhancement |
“Enhancement” means a Modification made to include additional Functionality in the Standard Software. An Enhancement may otherwise be referred to as an improvement or an upgrade.
2.23 | Enterprise License |
“Enterprise License” means a license to use Standard Software as set forth in Section 8.1, where the limitations in Sections 8.3(b) through 8.3(f) do not apply; for Enterprise Licenses, there shall be no additional charges for non-production copies.
2.24 | Equipment |
“Equipment” means all tangible products and equipment used to operate the Software and/or all tangible products and equipment provided by or on behalf of Supplier.
2.25 | Error or Defect |
“Error” or “Defect” shall mean defects found in Software which causes the Software not to function in compliance with the Specifications.
2.26 | Functionality |
“Functionality” means a particular result or set of results that a Computer Program is intended to cause a computer to produce.
2.27 | Harmful Code |
“Harmful Code” includes any and all instructions designed to prevent a computer from producing intended results or to cause a computer to produce unintended results, including, but not limited to the following: instructions designed to halt or disrupt the operation of a Computer Program at an arbitrary time (“time bombs”) or upon the execution of an arbitrarily designated instruction (“logic bombs”); instructions designed to cause the computer to duplicate these instructions and retransmit those instructions to others, with or without additional disabling effects or instructions designed to cause the computer to maliciously erase its own data files (“viruses/worms”); instructions designed to override security features and facilitate access to the computer by unauthorized users (“back doors,” “trap doors,” and “undocumented passwords”) or to place the operation of the computer under the control of unauthorized remote users (“Trojan horses”). Harmful Code shall not include any key locks or capacity limits on the operation of a Computer Program or Software to the extent licensed by AT&T with those restrictions.
Page 10 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
2.28 | Incident |
“Incident” shall be applicable only to Orders for Call Center Work and means a suspected or actual attack upon, intrusion upon, unauthorized access to, loss of, or other security breach involving Information Resources. In such case Supplier is required to promptly [***] notify AT&T Asset Protection by telephone at 000-000-0000 from within the US and at 0-000-000-0000 from elsewhere whenever there is a suspected or actual attack upon, intrusion upon, unauthorized access to, loss of, or any other breach of In-Scope Information. This notification is in addition to and not in replacement of those notification requirements contained within the AT&T Supplier Information Security Requirements (SISR).
Examples of Incidents to report to AT&T include but are not limited to the following:
• | Suspected improper or fraudulent use of customer or employee information |
• | Theft or loss of sensitive customer or employee information |
• | Accidental or intentional disclosure of sensitive customer information to a third party, such as: |
• | Customer call records, billing information, or other CPNI |
• | Customer financial account, banking or credit information |
• | Customer Social Security Number or date of birth |
• | Accidental or intentional disclosure of sensitive employee information to a third party , such as: |
• | Employee Social Security Number, date of birth, or financial account information, |
• | Employee medical information or health-related records |
• | Employee human resources records |
• | Improper storage, disposal, or retention of confidential AT&T customer or employee files or records |
• | A security breach, as that term is commonly defined |
• | Other customer or employee privacy-related issues or occurrences that may negatively impact employees or customers or result in negative financial and/or reputational consequences to AT&T |
2.29 | Information |
“Information,” with respect to a Party, means all confidential, proprietary or trade secret information, including discoveries, ideas, concepts, know-how, techniques, processes, procedures, designs, specifications, strategic information, proposals, requests for proposals, proposed products, drawings, blueprints, tracings, diagrams, models, samples, flow charts, data, Computer Programs, marketing plans, Customer Information (including Internet activities, history, and/or patterns of use), employee personal information, health or financial information, authentication credentials, and other technical, financial or business information, whether disclosed in writing, orally, or visually, in tangible or intangible form, including in electronic mail or by other electronic communication.
Page 11 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
2.30 | Intellectual Property Rights |
“Intellectual Property Rights” means all patents (including all reissues, divisions, continuations, and extensions thereof) and patent applications, trade names, trademarks, service marks, logos, trade dress, copyrights, trade secrets, mask works, rights in technology, know-how, rights in content (including performance and synchronization rights), or other intellectual property rights that are in each case protected under the Laws of any governmental authority having jurisdiction.
2.31 | Laws |
“Laws” includes all statutes, ordinances, regulations, orders, administrative rules and codes of any jurisdiction applicable to this Agreement.
2.32 | License Order |
“License Order” means such document as the Parties may execute for the purpose of ordering a license to Supplier’s or a Supplier Affiliate’s proprietary Standard Software product, solely in object code form, that does not include any Material or Services which constitute Paid-For Development.
2.33 | Maintenance |
“Maintenance” means the Services provided by Supplier under for Standard Software as described in a Maintenance Order.
2.34 | Maintenance Fee |
“Maintenance Fee” means the fee AT&T pays to Supplier for the Maintenance provided by Supplier as specified in an applicable Maintenance Order. Maintenance will commence on the date specified in the applicable Maintenance Order.
2.35 | Maintenance Order |
“Maintenance Order” means such document as the Parties may execute for the purpose of ordering Maintenance to Supplier’s Standard Software product.
2.36 | Major Release |
“Major Release” means a new base version of Standard Software that Supplier may provide under this Agreement. A Major Release is generally identified by the first number that appears to the left of the first decimal point in a version number, unless otherwise specified in an Appendix.
2.37 | Material |
“Material” means a unit of Equipment, apparatus, components, tools, supplies, material, Documentation, Hardware, or firmware thereto, or Software purchased or licensed hereunder by AT&T from Supplier or otherwise provided by or on behalf of Supplier, including third party Material provided or furnished by Supplier. “Material” shall be deemed to include any replacement parts.
Page 12 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
2.38 | Minor Release |
“Minor Release” means a Modification made by Supplier to add Enhancements, Resolutions, Updates, or any combination thereof, to a Major Release. A Minor Release is generally identified by one or more numbers preceding or following one or more decimal points to the right of the first decimal point in a version number, unless otherwise specified in an Appendix.
2.39 | Modification and Modify |
“Modification” and “Modify” mean the addition, deletion, correction, and alteration of code in the Standard Software.
2.40 | Named Users |
“Named Users” means Users identified by a proper name, a unique numerical identifier or another unique symbol, and a password.
2.41 | New Release |
“New Release” means any change in Functionality to an existing Standard Software program or new Functionality added to an existing Standard Software program which Supplier offers to AT&T and other customers.
2.42 | OnGoing Support |
“OnGoing Support” or “OnGoing Support Services” (OGS) mean the Services as described herein and in an applicable Services Order.
2.43 | Order |
“Order” means a License Order, a Services Order, and/or a Maintenance Order, unless the context indicates that it applies only to a License Order, a Services Order, or a Maintenance Order.
2.44 | Permitted Third Parties |
“Permitted Third Parties” are business associations and persons, other than AT&T, AT&T Affiliates, and Users, whom AT&T or an AT&T Affiliate may permit to access its systems for the purpose of furnishing or receiving services, completing transactions, performing obligations, receiving performance of obligations, or satisfying conditions to obligations between them, whether arising under contract, law, or regulation. Without limiting the generality of the foregoing, “Permitted Third Parties” may include customers, suppliers, interconnecting carriers offering complementary or competing services, and resellers of services of AT&T and AT&T Affiliates, excluding Amdocs’ competitors; “Permitted Third Parties” may also include participants and beneficiaries of employee benefit plans established or maintained by AT&T and AT&T Affiliates and the fiduciaries, record keepers, and administrators of such plans.
2.45 | Production Support |
“Production Support” means support services for Custom Software and Systems in production which are not covered under an Amdocs warranty in a Services Order. For avoidance of doubt, Work performed by Amdocs in Production Support is itself subject to the OnGoing Support Services warranty provisions herein.
Page 13 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
2.46 | Project |
“Project” means the development of Custom Software and/or providing Services to AT&T.
2.47 | Project Manager |
“Project Manager” means each Party’s manager responsible for a Project and identified on the applicable Services Order.
2.48 | Published Specifications |
“Published Specifications” means those descriptions of the Standard Software Functionality including, without limitation, user manuals, whether summarized or set forth in complete detail, that Supplier normally provides with the Standard Software, and any other Supplier publication specified in a License Order.
2.49 | Resolution |
“Resolution” means a Modification that provides a permanent correction of an Error. A Resolution may also be referred to as a bug fix, correction, fix, permanent fix, or solution.
2.50 | Restoral |
“Restoral” means a Modification made as a temporary measure to compensate for an Error until a Resolution can be provided. A Restoral may also be referred to as a bypass, patch, temporary fix, or workaround.
2.51 | Revision |
“Revision” means an update to the Documentation to reflect the addition, deletion or correction of the previous version of the Documentation. A Revision may also be referred to as a documentation update.
2.52 | Services |
“Services” means any labor or service provided in connection with this Agreement or any Services Order, including any Documentation or material provided in connection with the Services that is not otherwise Material as defined herein.
2.53 | Services Order |
“Services Order” means such paper or electronic records (a) as AT&T may send to Supplier for the purpose of ordering Material and Services hereunder, or (b) as the Parties may execute for the purpose of ordering Material and Services hereunder.
Page 14 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
2.54 | Severity Level |
“Severity Level” means the classification assigned by AT&T to an Error.
2.55 | Software |
“Software” means any and all software (including Custom Software, Standard Software and firmware) in any form (including, for Custom Software, source code as applicable and object code), as well as any Documentation, licensed or otherwise provided by or on behalf of Supplier, excluding any Third Party Software.
2.56 | Specifications |
“Specifications” means any requirements, specifications, and descriptions agreed by the Parties and specified in, or attached to, an applicable Services Order.
2.57 | Standard Software |
“Standard Software” means Supplier’s or a Supplier Affiliate’s proprietary generic software product, solely in object code form, that is licensed to AT&T in accordance with this Agreement or an applicable License Order.
2.58 | Subcontractor |
“Subcontractor” means any person or entity (including an agent) supplying labor or materials to perform any or all of Supplier’s obligations under this Agreement, including any person or entity at any tier of subcontractors, and shall not be limited to those persons or entities with a direct relationship with Supplier.
2.59 | System |
“System” means the operating environment for Software and includes the Hardware on which the Software resides and the operating Software, application Software, databases which interact with such Software, and the Software and Hardware interfaces among such Hardware and Software.
2.60 | Third-Party Software |
“Third-Party Software” means any Software not owned by Supplier or AT&T or their Affiliates.
2.61 | Update |
“Update” means generally-released Modifications made by Supplier for the purpose of maintaining the Standard Software’s compatibility/interoperability with other technologies with which the Standard Software is intended to inter-operate.
Page 15 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
2.62 | Users |
“Users” means any AT&T employees, agents, temporary workers, and contractors permitted to access and operate the Standard Software, excluding Amdocs competitors unless Amdocs has agreed in writing to allow such Amdocs competitor to be a User.
2.63 | Vulnerability |
“Vulnerability” means a condition in the instructions of the Software, whether consistent with its Specifications or not, that renders the computer on which the Software is operating susceptible to unauthorized access and use.
2.64 | Warranty Period |
“Warranty Period” means a term, as set forth in a License Order for Standard Software and a term of [***] days commencing upon delivery into Acceptance Test for Custom Software.
2.65 | Work |
“Work” means all or any portion, as the case may be, of the Material and Services that Supplier is supplying pursuant to Orders placed under this Agreement.
3.0 | GENERAL TERMS |
3.1 | AT&T Affiliate |
a. | An AT&T Affiliate may transact business under this Agreement and place Orders with Supplier that incorporate the terms and conditions of this Agreement. References to “AT&T” herein are deemed to refer to an AT&T Affiliate when an AT&T Affiliate places an Order with Supplier under this Agreement, or when AT&T places an Order on behalf of an AT&T Affiliate, or when an AT&T Affiliate otherwise transacts business with Supplier under this Agreement. Unless agreed differently under an Order and to the extent that the pricing under such Order provides for discounts of any sort based on volume of purchases by AT&T (including percentage discounts and tier-based pricing) or requires a certain volume of purchases by AT&T, [***]. An AT&T Affiliate is solely responsible for its own obligations, including all charges incurred in connection with such an Order or transaction. Nothing in this Agreement is to [***], nor is anything in this Agreement to be construed to require any AT&T Affiliate to indemnify Supplier, or to otherwise assume any responsibility, for the acts or omissions of AT&T or any other AT&T Affiliate. To the extent that the Affiliate is not based in the United States or is purchasing Services to be provided outside the United States and a Party reasonably believes that additional or different terms should be applied in the Order, the Parties shall negotiate in good faith on the additional or different terms to be included in the Order or a Supplement to this Agreement. |
Page 16 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
b. | Notwithstanding the foregoing, the Parties agree as follows: |
i. | If a then-current AT&T Affiliate desires to place Orders with Supplier for licenses, Material or Services, and such AT&T Affiliate has an existing agreement with Supplier, AT&T shall determine under which agreement the Order will be placed; and |
ii. | To the extent AT&T acquires an entity or business with a pre-existing contractual relationship with Supplier, then AT&T shall determine whether the acquired entity or business will process any new Orders under this Agreement or under the pre-existing contractual relationship. |
3.2 | Amendments and Waivers |
a. | The Parties may not amend this Agreement or an Order except by a written agreement of the Parties that identifies itself as an amendment to this Agreement or such Order and is signed by both Parties, or as otherwise expressly provided below in this Section. No waiver of any right or condition is effective unless given in writing and signed by the Party waiving such right or condition. No delay or omission by either Party to exercise any right or power it has under this Agreement shall impair or be construed as a waiver of such right or power. A waiver by any Party of any breach, condition or covenant shall not be construed to be a waiver of any succeeding breach or condition or of any other covenant. All waivers must be in writing and signed by the Party waiving its rights. |
b. | AT&T’s Project Manager may, at any time, make changes to the scope of Work, which shall be confirmed in writing, and Supplier shall not unreasonably withhold or condition its consent. An equitable adjustment shall be made to the charges if such change to the scope affects the time of performance or the cost of the Work, including expenses, to be performed under this Agreement. Such cost adjustment shall be made on the basis of the fees specified in the Services or Maintenance Order for the Work, unless otherwise agreed in writing. |
3.3 | Anticorruption Laws |
Supplier and its employees, temporary workers, agents, consultants, partners, officers, directors, members or representatives of Supplier and its Subcontractors, if any, performing Services or other activities under this Agreement (each and any of the foregoing individuals, for the purpose of this Section, a “Supplier Representative”) shall comply with the US Foreign Corrupt Practices Act and all applicable anticorruption laws (including commercial bribery laws). Supplier Representatives shall not directly or indirectly pay, offer, give, promise to pay or authorize the payment of any portion of the compensation received in connection with this Agreement or any other monies or other things of value in connection with its performance to a Government Official, as such term is defined below, to obtain or retain business or secure any improper advantage nor shall it permit such actions by a third party in connection with this Agreement. For purposes of this Section, “Government Official” means: (i) an officer or employee of any government or any department, agency, or instrumentality thereof, including government-owned or government-controlled commercial entities; (ii) an officer or employee of a public international organization; (iii) any person acting in an official capacity for or on behalf of any government or department, agency, or instrumentality or public international organization; (iv) any political party or official thereof; (v) any candidate for political office; or (vi) any other person, individual or entity at the suggestion, request or direction or for the benefit of any of the above-described persons or entities.
Page 17 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3.4 | Assignment and Delegation |
a. | Neither Party may, nor will it have the power to, assign, delegate, or otherwise transfer its rights or obligations under this Agreement, without the prior written consent of the other Party, except in the following circumstances: |
AT&T may assign its rights and obligations under this Agreement, without the approval of Supplier, to an AT&T Affiliate and Supplier may assign its rights and obligations under this Agreement, without the approval of AT&T, to a Supplier Affiliate, which in either case has the necessary capability, standing, resources and solvency as reasonably determined by the non-assigning Party to perform the Agreement and which expressly assumes such assigning Party’s obligations and responsibilities hereunder, and which is not a direct competitor of the other Party; provided, however, that the assigning Party shall remain fully liable for and shall not be relieved from the full performance of all obligations under this Agreement without the consent of the other Party. A Party assigning its rights or obligations in accordance with this Section shall, within [***] after such assignment, provide notice thereof to the other Party together with a copy of any relevant provisions of the assignment document.
b. | Each Party may assign its right to receive money due hereunder, but any assignment of money will be void to the extent (i) the assignor fails to give the non-assigning Party at least thirty (30) days prior written notice, or (ii) the assignment purports to impose upon the non-assigning Party additional costs or obligations in addition to the payment of such money, or (iii) the assignment purports to preclude AT&T from dealing solely and directly with Supplier in all matters pertaining to this Agreement. Any assignment, delegation or transfer for which consent is required hereby and which is made without such consent given in writing will be void. |
c. | Supplier may subcontract its performance subject to the Section herein entitled “Work Done by Others”. |
3.5 | Compliance with Laws |
a. | Supplier shall comply with all Laws applicable to Supplier attendant upon Supplier’s performance under this Agreement. AT&T shall comply with all Laws applicable to AT&T attendant upon AT&T’s performance of its obligations under this Agreement and AT&T’s or its customers’ utilization of the Material and/or Services. |
b. | Supplier shall procure all approvals, bonds, certificates, insurance, inspections, licenses, and permits that such Laws require with respect to Supplier’s performance of this Agreement. Supplier shall create and maintain any necessary records and provide any certificate, affidavit or other information or documentation requested or as otherwise required by AT&T: (a) to show compliance by Supplier and its Subcontractors with Laws; (b) necessary for AT&T to comply or otherwise establish AT&T’s compliance with Laws; or (c) to allow AT&T to timely respond to any complaints, filings, or other proceedings. |
Page 18 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
c. | To the extent any modifications to Custom Software, Standard Software, or Services to be delivered to AT&T are required for the purposes of complying with Laws relating to AT&T’s business, Supplier will assist AT&T to comply with such Laws as specified by AT&T by complying with the Specifications in the applicable Services or License Order. Upon request by AT&T, Supplier shall make available to AT&T appropriate product and subject matter experts as may reasonably be required in assisting AT&T in defining the business requirements and functionality required for AT&T to comply with any and all Laws, all to the extent expressly agreed to in the Specifications in the applicable Services or License Order, provided, however, that in so assisting AT&T, Supplier shall not be required to provide, and Supplier shall not be deemed to have provided, any legal services, advice or counsel to AT&T. All changes and/or modifications to be made to the Custom Software, Standard Software, or Services as requested by AT&T due to changes in Laws as identified by AT&T will be handled in accordance with the change management procedures of this Agreement. Such modifications may be made through Paid-For Development, Supplier’s roadmap for the Standard Software, or otherwise as applicable. |
d. | Export/Import Law and Foreign Trade Controls |
i. | Each Party shall comply with all applicable export control, import and foreign trade sanctions Laws in its performance of this Agreement. Without prejudice to the generality of the foregoing, each Party understands and acknowledges that certain AT&T and Supplier applications and Material and Services (including technical assistance and technical data) to be provided hereunder may be subject to export controls under the laws and regulations of the United States, the European Union and other foreign trade control laws, rules and regulations restricting their transfer to certain countries and parties including but not limited to the US Export Administration Regulations and trade sanctions programs administered by the US Department of the Treasury. Each Party shall comply with all applicable export control and other foreign trade Laws in performance of its obligations hereunder, and shall not use, resell, export, transfer, distribute, dispose or otherwise deal with the AT&T and Supplier applications or any technical data related thereto, directly or indirectly, except in full compliance with such Laws. |
ii. | Neither Party shall use, sell, export, re-export, distribute, transfer, dispose of, or otherwise deal with any such Material or any direct product thereof or undertake any transaction or Service without first obtaining all necessary written consents, permits and authorizations and completing such formalities as may be required by any such Laws. |
iii. | Supplier shall be solely responsible for arranging export clearance, including applying for and obtaining any permits, licenses or other authorizations and complying with export clearance formalities, for all exports of Material and Services made by Supplier hereunder, including but not limited to exports by Supplier to its Affiliates or Subcontractors and exports from such Affiliates or Subcontractors to Supplier or to AT&T in the United States. AT&T agrees to use reasonable efforts to obtain and provide to Supplier in a timely manner any end-user, end-use and other documentation and certifications as may reasonably be requested by Supplier in support of any applications made to relevant government authorities in connection with such exports. |
Page 19 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
iv. | Each Party specifically represents and warrants that it shall not export/re-export or otherwise transfer the AT&T and Supplier applications, Material or Services to any country that is subject to US trade sanctions imposed from time to time (currently, Cuba, Iran, North Korea, Sudan and Syria), to any persons or entities located in or organized under the laws of such country, or who are owned or controlled by or acting on behalf of the governments of such countries, as well as to citizens of such countries, or to persons identified from time to time on applicable US government restricted party lists (the US Department of Commerce’s Denied Party List, Entity List, Unverified List; the US Department of the Treasury’s List of Specially Designated Nationals and Other Blocked Persons; the US Department of State’s various non-proliferation lists). |
v. | Each Party represents and warrants that it has in place compliance mechanisms sufficient to ensure compliance with applicable export control and foreign trade control Laws. Neither Party shall do anything which would cause the other Party to be in breach of applicable export control or foreign trade control Laws, and shall protect, indemnify and hold harmless the other Party from any claim, damages, liability costs, fees and expenses incurred by as a result of the failure of omission of Supplier to comply with such Laws. |
vi. | Failure by either Party to comply with applicable export control and foreign trade control Laws shall constitute a material breach of this Agreement. |
e. | General Data Protection Regulation (GDPR) |
i. | Supplier shall comply with the requirements set forth in Appendix K – EU Data Privacy and GDPR Data Processing Obligations attached hereto. |
f. | The provisions of this Section, “Compliance with Laws”, will survive the expiration or termination of this Agreement for any reason. |
g. | Supplier shall comply with the provisions set forth in Appendix O -California Consumer Privacy Act Requirements. |
3.6 | Construction and Interpretation |
a. | This Agreement has been prepared jointly and has been the subject of arm’s length and careful negotiation. Each Party has been given the opportunity to independently review this Agreement with legal counsel and other consultants, and each Party has the requisite experience and sophistication to understand, interpret and agree to the particular language of its provisions. Accordingly, the drafting of this Agreement is not to be attributed to either Party. |
b. | Article, Section and paragraph headings contained in this Agreement are for reference purposes only and are not to affect the meaning or interpretation of this Agreement. The word “include” in every form means to include without limitation by virtue of enumeration and a derivative of a defined term shall have the meaning appropriate to the context of its use. Whenever this Agreement refers to a consent or approval to be given by either Party, such consent or approval is effective only if given in writing and signed by the Party giving approval or consent. The use of singular words includes the plural and vice versa. |
Page 20 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3.7 | Cumulative Remedies |
Except as specifically identified as a Party’s sole remedy, including without limitation as set forth in the Section titled “Warranty”, any rights of termination, liquidated damages, or other remedies prescribed in this Agreement, the rights and remedies of the Parties set forth in this Agreement are not exclusive of, but are cumulative to, any other rights or remedies set forth in the Agreement or the applicable Order, at law, or in equity. Neither Party may retain the benefit of inconsistent remedies. No single or partial exercise of any right or remedy with respect to one breach of this Agreement or any Order precludes the simultaneous or subsequent exercise of any other right or remedy with respect to a different breach.
3.8 | Special Software Terms |
a. | Standard Software License and License Fees |
i. | Any Standard Software previously licensed to AT&T, prior to the effective date of the Restatement and Amendment of this Agreement, will continue to be licensed in accordance with the terms of the applicable agreement under which it was originally licensed, except as otherwise agreed by the Parties and specified in a License Order. Any additional or different Standard Software not previously licensed by Supplier shall be subject to the terms and conditions of this Agreement and as specified in a License Order and/or Maintenance Order. |
b. | Custom Software Development |
i. | Supplier shall develop the Custom Software in compliance with the applicable Services Order. During the development process, AT&T shall assist Supplier and cooperate with Supplier by making employees available to Supplier for consultation and providing information, facilities, equipment, and data required for the performance of the Services. The Parties shall mutually develop a Project plan utilizing Project management methodologies agreed to by the Parties, and predicated upon the Project’s requirements. The Project plan shall include deliverables, milestones, and reviews. |
ii. | In accordance with the Project plan and applicable Specifications, Supplier shall develop, complete, and deliver to AT&T all programming to be included in the Custom Software. All Custom Software developed by Supplier shall be documented concurrently with its programming. In accordance with the Project plan, AT&T shall provide to Supplier the relevant test and interface data and test scripts. All Custom Software provided to AT&T hereunder shall be tested (including unit subsystem and system testing) and debugged by Supplier, unless otherwise specified in the Services Order. |
iii. | After the completion of such testing and debugging, Supplier shall Deliver (and install, if applicable) such Custom Software to AT&T on or before the scheduled Delivery Date set forth in the applicable Services Order. Delivery shall be in accordance with Subsection c, “Delivery of Custom Software or Standard Software,” of Section 3.10 “Technology Standards” below. The protocol for Acceptance Tests after Delivery is described below in Section 3.9 “Acceptance or Rejection.” |
Page 21 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
iv. | Each Services Order will be subject to the governance procedures applicable to such Services Order. The respective Project Managers shall review each Party’s progress in meeting its objectives under the Project plan. Upon the request of AT&T’s Project Manager or on Supplier’s initiative, Supplier’s Project Manager will provide a written progress report identifying any circumstance (including but not limited to any discovery of ambiguity in any previously approved Specifications) coming to light since the previous such meeting which is likely to result in (i) a delay in Supplier’s ability to meet its due dates, or (ii) a proposed adjustment in projected amounts likely to be billed to AT&T for time and charges, or (iii) both such a proposed adjustment and such a delay. The report will provide Supplier’s best estimate of the length of such projected delay and the amount of such proposed adjustment to time and charges. To the extent that any such circumstance is shown to have resulted from a failure of AT&T (including any contractor or subcontractor of AT&T) to meet its obligations with respect to the Project, Supplier shall be granted an equitable extension of time and an equitable adjustment of the fixed or estimated fee to the extent necessary to remedy AT&T’s failure to meet its obligations. Supplier waives any and all claims for any such equitable extension or adjustment to the extent that it is based on any such circumstance in which Supplier failed to notify AT&T within one month (or as otherwise specified in the Services Order) of Supplier’s recognition of the problem. |
v. | Each equitable extension of time and each equitable adjustment of any fixed or estimated fee shall be recorded in an amendment to the Services Order, which shall be prepared by the respective Project Managers of each Party. In addition, if AT&T desires to make a change in any previously approved Specifications, then AT&T shall deliver a change request to Supplier, and Supplier shall respond by providing a written change quote specifying any proposed adjustment to time and charges that Supplier believes necessary to effectuate the change. If AT&T accepts the proposed change, the Parties shall amend the applicable Services Order. For clarity, each such change shall become an amendment to the applicable Services Order when signed by the appropriate representative of each Party. If Program Material or Custom Software is not Delivered to AT&T (and installed, if applicable) as a result of factors under Supplier’s responsibility and control which includes Supplier’s Subcontractors and agents on or before the scheduled Critical Performance Milestone Date or Delivery Date therefore (as extended by any amendment), AT&T may, at its option, and subject to resolution of any related dispute in accordance with this Agreement’s dispute resolution process: |
1. | [***] scheduled Critical Performance Milestone Date or Delivery [***]; or |
2. | [***] Services Order covering such Custom Software [***] Software, [***]; or |
3. | [***] Services Order covering such Custom [***] under the Services Order [***]; provided, however, that [***]; or |
4. | [***] as set forth in the applicable Services Order. |
[***] | pursuant to this Section, each Party shall [***]. |
Page 22 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
vi. | From time to time AT&T may authorize Supplier to use computer systems that are physically located on AT&T’s premises. Such authorization shall be limited to Projects specified in writing by AT&T. |
vii. | Supplier shall notify AT&T as soon as reasonably possible of any Custom Software issues and risks that are identified by Supplier staff that may materially impact the Project and provide Custom Software development progress reports as reasonably requested by AT&T. |
3.9 | Acceptance or Rejection |
a. | After the Delivery of the Custom Software or Standard Software, AT&T will start the Acceptance Test Period, if applicable. |
b. | During the Acceptance Test Period, AT&T will notify Supplier promptly in writing of any Errors found by AT&T, and Supplier will promptly correct such Errors and deliver to AT&T the resulting corrections. AT&T shall have the right to test the Custom Software or Standard Software after such corrected and/or completed Custom Software or Standard Software is redelivered to AT&T, and such corrected and/or completed Custom Software or Standard Software shall thereafter be subject to AT&T’s acceptance or rejection under this Section. The Acceptance Test Period shall be extended by the greater of either (i) [***] during which [***] Custom Software or Standard Software, or (ii) when applicable, [***]. Any Errors in the Custom Software or Standard Software that [***] with the Specifications shall be addressed in accordance with the appropriate resolution plan as set forth in Section 3.10.e., “Error Severity Level, Resolution Plan, and Liquidated Damages”. Detailed acceptance testing plans, procedures, and criteria will be specified in the applicable Services Orders. |
c. | If the Custom Software or Standard Software conforms with the terms of the applicable Services Order during the Acceptance Test Period, AT&T shall sign and deliver a copy of an Acceptance Letter substantially in the form of Appendix F, “Acceptance Letter”, to Supplier after the completion of the Acceptance Test Period. If AT&T fails to send an Acceptance Letter, or to inform Supplier of the rejection of the Custom Software or Standard Software, within [***] business days after the conclusion of the Acceptance Test Period, then Supplier shall promptly notify AT&T’s IT leadership of such failure via e-mail or other writing, with a copy to AT&T’s Project Manager. If neither AT&T’s IT leadership nor AT&T’s Project Manager responds via e-mail or other writing [***] business days after such notice has been duly given, the Custom Software or Standard Software shall be deemed to be Accepted as of the end of such Acceptance Test Period. |
d. | [***] Custom Software or Standard Software [***] during the Acceptance Test Period [***] prior to the date [***]. However, [***] the Acceptance Test Period shall [***]. |
e. | Any Program Material other than Custom Software shall be deemed accepted upon delivery, subject to Supplier’s responsibility to correct Errors in such Program Material. |
Page 23 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3.10 | Technology Standards |
a. | Supplier will utilize AT&T’s approved Project Management methodologies, tools, and practices. Additional Amdocs procedures must be in compliance with AT&T’s current methodologies, tools, and practices for testing defect tracking systems and quality initiative approaches, and in compliance with or have an approved exception to the Technology, Strategies, and Standards (TSS) and such other processes as AT&T may implement in the future or as AT&T may require outside of the Technology Development organization; in each case to the extent the same have been communicated to Supplier by AT&T in writing. If AT&T implements new processes or changes in existing processes that result in a significant increase in the cost to Supplier of providing the Services, the Parties shall evaluate such changes and the associated cost using the then-applicable Change Management Process. Supplier will utilize AT&T processes for required deliverables to AT&T, but may follow Supplier methodology and best practices for internal testing activities. |
b. | Source Code Availability |
Supplier shall [***] the Custom Software, [***]. Supplier shall provide, [***], during the term of this Agreement [***], Supplier shall [***].
c. | Delivery of Custom Software or Standard Software |
Custom Software or Standard Software Deliveries shall be in the form selected by AT&T, including, but not limited to, electronic data exchange, U.S. Mail, or a private carrier, as agreed by the Parties and/or specified in the applicable Services Order or License Order. Except as otherwise agreed by the Parties and/or specified in the applicable Services Order or License Order, Supplier shall deliver the Custom Software or Standard Software (and any subsequent releases or upgrades of the Standard Software purchased by AT&T) electronically, either through transfer by means of telecommunications or by copying the Custom Software or Standard Software directly onto AT&T’s computer, disk, tape, or other storage medium selected by AT&T. Unless and until directed in writing by AT&T to do so, Supplier will not transfer any disks, tapes, or other tangible property containing the Custom Software or Standard Software (or any subsequent releases or upgrades of the Standard Software) to AT&T.
d. | Third Party Software |
With and prior to execution of each Services Order, Supplier shall provide a written list of all Third-Party Software that is part of the Custom Software ordered by AT&T or provided by Supplier.
e. | Error Severity Level, Resolution Plan, and Liquidated Damages |
i. | Supplier and AT&T shall negotiate in good faith in the applicable Services Orders under this Agreement to include, as part of OnGoing Support Services, a Service Level Agreement and Liquidated Damages for failure to meet the Service Level Agreement which collectively may govern certain aspects of performance of the Custom Software under the Services Order following Acceptance thereof. |
Page 24 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
ii. | In the case of Service Level Agreement commitments defined in a Services Order for which Supplier is solely responsible, Supplier shall use its best efforts to acknowledge or otherwise satisfy the commitments in the Service Level Agreement within the performance timeframes indicated in the Services Order. |
iii. | Supplier shall use its best efforts to correct any and all Errors in the Custom Software in accordance with the Error Severity Levels specified in a Services Order, and respond according to the escalation process, or processes, as agreed by the Parties and specified in the Services Order. |
iv. | If Supplier fails to correct Errors in the Custom Software in accordance with the Error Severity Levels specified in a Services Order, then in accordance with the Service Level Agreement AT&T may convene a meeting of the Parties’ respective Project Managers to address the situation. Barring resolution of the matter by the Parties’ Project Managers, AT&T may escalate the matter per the Dispute Resolution provisions in this Agreement. Following such escalation, [***] in the Service Level Agreement [***]. No payments, progress or otherwise, made by AT&T to Supplier after any scheduled Delivery Date shall constitute a waiver of the right to receive Liquidated Damages. If AT&T elects to exercise its right to recover Liquidated Damages specified hereunder, Supplier shall provide a credit as shown in the column titled “Liquidated Damages” in the Service Level Agreement, and such credit(s) shall be assessed on a per Error basis up to the aggregate cap described in the applicable Services Order. Such Liquidated Damages shall be provided [***] of the Service Level Agreement [***]. |
f. | Documentation Updates |
i. | As part of the OnGoing Support Services provided under a Services Order, and upon AT&T’s request, Supplier agrees to provide updates to Documentation furnished to AT&T hereunder which is related to the use and support of the Standard Software or Custom Software. Documentation shall be maintained and revised as part of such Services to reflect enhancements and corrections to the Standard Software or Custom Software resulting from the issuance of a new release, including the incorporation of new or revised operating procedures resulting from corrections to and revisions of the Standard Software or Custom Software, including APIs. |
ii. | As part of its Custom Software development Services under a Services Order, Supplier shall coordinate with AT&T in the manner and to the extent stated in the applicable Services Order to provide Documentation updates on all systems issues, open and closed, associated with Custom Software developed for AT&T. This includes, but is not limited to, issues logs, test results, jeopardy documents, and temporary code work-arounds. |
Page 25 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
x. | XXXX Terms |
i. | For purposes of this Section, “XXXX” means any and all freeware, Open Source Software, or shareware used or included in, or combined by or on behalf of Supplier with, the deliverables or otherwise provided by or on behalf of Supplier under this Agreement; and a “XXXX Disclosure” means a complete, current, and accurate listing of all XXXX, which identifies for each XXXX component: (i) the component name; (ii) its version or release number; (iii) its web site URL of origin; and (iv) the applicable software license and its version number. A XXXX Disclosure may be provided in the form of a web site made accessible to AT&T where Supplier posts the foregoing information. |
ii. | Upon AT&T’s request, but not more than once a year, Supplier shall promptly, but in any event within [***] days of such request, furnish to AT&T a XXXX Disclosure that is complete, current and accurate when furnished. [***]. Neither response nor non-response by AT&T concerning the receipt or non-receipt of any XXXX Disclosure or any reference to XXXX in the Agreement shall be deemed as acceptance, approval or acquiescence by AT&T that Supplier’s use of the XXXX complies with the legal requirements of applicable XXXX license(s), or is suitable for the intent and purposes furnished hereunder. After receiving any XXXX Disclosure, AT&T may, upon written notice to Supplier, ask Supplier to use alternate XXXX (or other alternate software), if reasonably warranted to avert a risk that the rights of AT&T or its third-party suppliers in any proprietary software may be compromised. [***] |
3.11 | Entire Agreement |
This Agreement constitutes the final, complete, and exclusive expression of the Parties’ agreement on the matters contained in this Agreement. All prior written and oral negotiations and agreements, and all contemporaneous oral negotiations and agreements, between the Parties on the matters contained in this Agreement are expressly merged into and superseded by this Agreement. The Parties do not intend that the provisions of this Agreement be explained, supplemented, or qualified through evidence of trade usage or any prior course of dealings or any course of performance under any prior agreement. In entering into this Agreement, neither Party has relied upon any statement, estimate, forecast, projection, representation, warranty, action, or agreement of the other Party except for those expressly contained in this Agreement. There are no conditions precedent to the effectiveness of this Agreement other than any expressly stated in this Agreement.
3.12 | Force Majeure |
a. | A Party is excused from performing its obligations under this Agreement or any Order if, to the extent that, and for so long as: |
i. | such Party’s performance is prevented or delayed by an act or event (other than economic hardship, changes in market conditions, insufficiency of funds, or unavailability of equipment and supplies) that is beyond its reasonable control and could not have been prevented or avoided by its exercise of due diligence; and |
Page 26 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
ii. | such Party gives written notice to the other Party, as soon as practicable under the circumstances, of the act or event that so prevents such Party from performing its obligations. |
b. | By way of illustration, and not limitation, acts or events that may prevent or delay performance (as contemplated by this Section) include: acts of God or the public enemy, acts of civil or military authority, terrorists acts, embargoes, epidemics, war, riots, insurrections, fires, explosions, earthquakes, floods, and extreme weather events. |
c. | If Supplier is the Party whose performance is prevented or delayed for a period [***], AT&T may elect to: |
i. | terminate the affected Order, without any liability to Supplier, or |
ii. | suspend the affected Order or any part thereof for the duration of the delay; and obtain Work elsewhere and deduct from any commitment under such Order the quantity of the Work obtained elsewhere or for which commitments have been made elsewhere; and resume performance under such Order when Supplier resumes its performance; and extend any affected Delivery Date or performance date up to the length of time Supplier’s performance was delayed or prevented. If AT&T does not give any written notice within [***] days after receiving notice under this Section that Supplier’s performance has been delayed or prevented, this option (ii) will be deemed to have been selected. |
3.13 | Governing Law |
The laws of the State of Texas (excluding any laws that direct the application of another jurisdiction’s law) govern all matters arising out of or relating to this Agreement and all of the transactions it contemplates, including its validity, interpretation, construction, performance, and enforcement.
3.14 | Government Contract Provisions |
a. | If an Order includes a statement that performance is intended for a government contract and to the extent any government contracting provisions are applicable to the Services to be provided by Supplier, such government contracting provisions may include to the extent agreed by Supplier and AT&T: |
i. | certain executive orders (including E.O. 11246 and E.O. 13201) and statutes (including Section 503 of the Rehabilitation Act of 1973, as amended; the Vietnam Era Veteran’s Readjustment Assistance Act of 1974; Section 8116 of the Defense Appropriations Act for Fiscal Year 2010 (Pub. L. 111-118); and the Jobs for Veterans Act) pertaining to government contractors, Supplier shall: |
1. | comply with such executive orders and statutes, and their implementing regulations, as amended from time to time; and |
2. | fulfill the obligations of a contractor under the clauses incorporated by this Section. |
Page 27 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
b. | This Section incorporates the following statutes and rules: |
i. | “Affirmative Action For Workers With Disabilities” (at 48 CFR §52.222-36); |
ii. | “Employment Reports On Special Disabled Veterans, Veterans Of The Vietnam Era, and Other Eligible Veterans” (at 48 CFR §52.222-37); |
iii. | “Equal Employment Opportunity” (at 48 CFR §52.222-26); |
iv. | “Equal Employment Xxxxxxxxxxx Xxxxxx” (xx 00 XXX §00-0.0(x)); |
v. | “Equal Opportunity For Special Disabled Veterans And Veterans of the Vietnam Era” (at 41 CFR §60-250.5); |
vi. | “Equal Opportunity for Disabled Veterans, Recently Separated Veterans, Other Protected Veterans, and Armed Forces Service Medal Veterans” (at 41 CFR §60-300.5); |
vii. | “Equal Opportunity For Workers With Disabilities” (at 41 CFR §60-741.5); |
viii. | “Prohibition of Segregated Facilities” (at 48 CFR §52.222-21); |
ix. | “Small Business Subcontracting Plan” (at 48 CFR §52.219-9); |
x. | “Utilization Of Small Business Concerns” (at 48 CFR §52.219-8); |
xi. | “Whistleblower Protections Under the American Recovery and Reinvestment Act of 2009” (FAR 52.203-15); |
xii. | “American Recovery and Reinvestment Act—Reporting Requirements” (FAR 52.204-11); |
xiii. | “GAO/IG Access” (FAR 52.212-5(d) (Alt. II), FAR 52.214-26(c) (Alt. I), FAR 52.215-2(d) (Alt. I)); |
xiv. | “Xxxxx-Xxxxx Act” (FAR 52.222-6); |
xv. | “Buy American Act” (FAR 52.225-21, FAR 52.225-22, FAR 52.225-23, & FAR 52.225-24); |
xvi. | “Whistleblower Protections” (Pub. L. No. 111-5, Section 1553); |
xvii. | “Award term—Reporting and registration requirements under section 1512 of the Recovery Act” (2 CFR §176.50); |
xviii. | “GAO/IG Access” (Pub. L. No. 111-5, Section 902, 1514 and 1515); |
xix. | “Award term—Wage Rate Requirements under Section 1606 of the Recovery Act” (2 CFR §176.190); and |
xx. | “Buy American Requirements” (2 CFR §176.140, 2 CFR §176.150, 2 CFR §176.160, & 2 CFR §176.170). |
Page 28 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3.15 | Indemnity |
a. | Except as otherwise provided in the Section entitled “Infringement,” a Party, its Affiliates, and their agents and employees (collectively the “Indemnified Party”) shall have the right to request from the other Party or its Affiliates, agents, or employees (collectively the “Indemnifying Party”) defense and indemnification against any third party claims for Loss for the majority of which it believes that the Indemnifying Party is responsible alleging (1) injuries to persons, including death or disease; (2) damages to tangible property, including theft; and (3) failure to comply with Laws. The Indemnified Party shall reimburse the Indemnifying Party for that pro rata portion of any third party claim for Loss (including Litigation Expense) resulting from an Indemnified Party’s fault (“Indemnified Party Fault”) as set forth herein. |
b. | Without limiting the foregoing provisions of this Section, Amdocs (as Indemnifying Party) also agrees to defend, indemnify, hold harmless and defend AT&T (as Indemnified Party) in the event that any federal, state or local governmental agency or any of Amdocs’ current or former applicants, agents, employees or Subcontractors, or agents or employees of Amdocs’ Subcontractors assert claims arising out of the employment relationship with Amdocs, or otherwise with respect to performance under this Agreement, including but not limited to claims, charges and actions arising under Title VII of the Civil Rights Act of 1964, as amended, The Equal Pay Act, the Age Discrimination in Employment Act, as amended, The Rehabilitation Act, the Americans with Disabilities Act, as amended, the Fair Labor Standards Act, the Family and Medical Leave Act, Workers’ Compensation laws, the National Labor Relations Act and any other applicable federal, state or local Laws. Amdocs’ duties to indemnify, hold harmless and defend AT&T under this Section include, but are not limited to, any liability, cause of action, lawsuit, penalty, claim or demand, or administrative proceeding in which AT&T or any other Indemnified Party is named as or alleged to be an “employer” or “joint employer” with Amdocs. The foregoing indemnity obligation shall be in addition to any other indemnity obligations of Amdocs set forth in this Agreement. |
c. | Upon receipt of a request from any Indemnified Party for defense and indemnification under this Section, the Indemnifying Party shall have the right to determine whether, in its reasonable opinion, there is a reasonable likelihood that Indemnified Party Fault contributed to the majority of the Loss; should the Indemnifying Party make such a determination, the Indemnifying Party shall have the right, subject to the Indemnified Party’s rights set forth below, to refuse to defend and indemnify the Indemnified Party. The Indemnifying Party shall make such determination and notify the Indemnified Party if it refuses to defend and indemnify the Indemnified Party within [***] business days after its receipt of the Indemnified Party’s request to the Indemnifying Party for defense and indemnification; otherwise, it shall undertake the defense. Should the Indemnifying Party refuse to defend and indemnify the Indemnified Party, the Indemnified Party shall have the right (i) to take such action as may be necessary to defend the Indemnified Party against the claim, including filing a third party action in that case against the Indemnifying Party for contribution or other legal or equitable rights or in an independent action against the Indemnifying Party seeking a determination that the Indemnifying Party was obligated to defend, indemnify, and hold harmless the Indemnified |
Page 29 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Party with respect to the claim and seeking any and all remedies to which the Indemnified Party might be entitled at law or in equity and, should the court or other tribunal hearing the case under either of those scenarios determine that Indemnified Party Fault did not contribute to a majority of the Loss, the Indemnifying Party shall promptly pay the Indemnified Party that pro-rata portion of the Indemnified Party’s Litigation Expense and any judgment against the Indemnified Party that is equivalent to the Indemnifying Party’s fault relative to the Indemnified Party Fault or (ii) to settle the case and, either prior to or after settlement, to seek judicial determination in that case or in a separately-filed case of the amount of the Indemnifying Party’s fault relative to the Indemnified Party Fault, and the Indemnifying Party shall be liable to the Indemnified Party for that portion of the Indemnified Party’s Litigation Expense and the settlement amount that is equivalent to the Indemnifying Party’s fault relative to the Indemnified Party Fault as determined by the court in either such scenario. If the Indemnified Party is required to take any action to seek judicial determination of the amount of the Indemnifying Party’s fault relative to the Indemnified Party Fault under this Agreement because of the Indemnifying Party’s failure to promptly assume the defense as set forth herein and is successful in obtaining a determination that the Indemnified Party Fault did not contribute to the majority of the Loss, then the Indemnified Party may also recover from the Indemnifying Party any reasonable attorney’s fees and other costs of obtaining that judicial determination. |
d. | Notwithstanding anything to the contrary contained herein, neither Party shall be required to indemnify the other Party from Losses resulting from claims or allegations of criminal conduct or misfeasance by the other Party. |
e. | The Indemnifying Party shall conduct the defense (employing counsel acceptable to the Indemnified Party), at the Indemnifying Party’s expense, against any claim, demand, suit or cause of action within the scope of paragraph i) or paragraph ii) above, whether or not litigation is actually commenced or the allegations are meritorious and, upon the Indemnified Party’s request, keep the Indemnified Party informed as to the progress of such defense. At its own option, the Indemnified Party may employ separate counsel, including in-house counsel, to conduct the Indemnified Party’s defense against such a claim. The Parties shall cooperate in the defense of any such claim. The Indemnifying Party may control the defense and settlement of such a claim, but if the settlement of a claim may have an adverse effect on any Indemnified Party, then the Indemnifying Party shall not settle such claim without the consent of the Indemnified Party, and the Indemnified Party shall not unreasonably withhold or delay its consent. To the extent that the Indemnifying Party pays any part of a judgment, award or settlement with respect to the Loss and any other expenses related to the resolution of the Loss, including costs, interest, and reasonable Attorneys’ Fees, as a result of being self-insured or as a result of insurance coverage being insufficient to cover the amount of the judgment, award or settlement, upon final resolution of the claim, demand, suit or cause of action, the Indemnified Party shall reimburse the Indemnifying Party for the pro-rata portion of any such payment based on the Indemnified Party Fault relative to the Indemnifying Party’s fault. If any Indemnified Party is required to take any action to enforce its indemnity rights under this Agreement or to assume the defense of any claim, demand, suit or cause of action for which it is entitled to receive an indemnity under this Agreement because of the Indemnifying Party’s failure to promptly assume such defense, then the Indemnified Party may also recover from the Indemnifying Party any reasonable Attorney’s Fees and other costs of enforcing its indemnity rights or assuming such defense. |
Page 30 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
f. | Notwithstanding anything to the contrary contained in this Section, the Parties intend that any amount for which any Indemnified Party might otherwise have an obligation of reimbursement to the Indemnifying Party for its pro-rata portion pursuant to this Section will be net of any insurance proceeds or other amounts paid by the Indemnifying Party’s insurance company or any other entity (“Insurance Proceeds”) that actually reduce the amount that the Indemnifying Party is required to pay on account of a Loss. Accordingly, the amount with respect to which the Indemnified Party is required to reimburse the Indemnifying Party its pro-rata portion will be reduced by any Insurance Proceeds theretofore actually paid on behalf of the Indemnifying Party in respect of the related Loss. If the Indemnifying Party receives a reimbursement required by this Section from the Indemnified Party in respect of the Indemnified Party’s pro-rata share of the amount of any Loss and subsequently receives Insurance Proceeds or the benefit of any payments made for the Indemnifying Party or on its behalf by any insurance company or other entity with respect to such Loss, then the Indemnifying Party will pay to the Indemnified Party, within [***] days after such receipt of Insurance Proceeds or benefit of any payments, an amount equal to the excess of the reimbursement that the Indemnifying Party received from the Indemnified Party over the amount of the reimbursement that would have been due under this Section from the Indemnified Party if the Insurance Proceeds had been received, realized or recovered before the reimbursement was made by the Indemnified Party. An insurer that would otherwise be obligated to pay any amount as a result of a Loss shall not be relieved of the responsibility with respect thereto or, by virtue of the indemnification or reimbursement provisions hereof, have any subrogation rights with respect thereto, it being expressly understood and agreed that no insurer or any other third party shall be entitled to a “wind-fall” (i.e., a benefit they would not be entitled to receive in the absence of the indemnification provisions) by virtue of the indemnification or reimbursement provisions hereof. The Indemnifying Party shall have a good faith obligation to seek to collect or recover any Insurance Proceeds that may in any way be available to reduce the amount of any Loss. |
g. | For purposes of this Section, “Loss” includes any liability, claim, demand, suit, cause of action, settlement payment, cost and expense, interest, award, judgment, damages (including punitive damages), diminution in value, liens, fines, fees, penalties, and Litigation Expense. “Litigation Expense” means any court filing fee, court cost, arbitration fee, and each other fee and cost of investigating or defending an indemnified claim or asserting any claim for indemnification or defense under this Agreement, including Attorney’s Fees, other professionals’ fees, and disbursements. “Attorney’s Fees” include a charge for the service of in-house counsel at the market rate for independent counsel of similar experience. |
h. | [***] purposes furnished hereunder, constitute noncompliance with any XXXX license term, then promptly upon AT&T’s notice to Supplier of such allegation, Supplier shall indemnify, defend and hold harmless AT&T against such allegation in accordance with Supplier’s obligations to do so as set forth elsewhere in this Agreement, in a manner that preserves any proprietary software of AT&T or its third- party suppliers from any public disclosure obligation or any other XXXX license noncompliance allegations. |
Page 31 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3.16 | Information |
a. | In connection with this Agreement, including Supplier’s performance of its obligations hereunder and AT&T’s receipt of Work, either Party may find it beneficial to disclose to the other Party (which may include permitting or enabling the other Party’s access to) certain of its Information. For the purpose of this clause, AT&T’s disclosure of Information to Supplier includes any Information that Supplier receives, observes, collects, handles, stores, or accesses, in any way, in connection with this Agreement. Information of a disclosing Party shall be deemed to be confidential or proprietary only if it is clearly marked or otherwise identified by the disclosing Party as being confidential or proprietary, provided that if it is orally or visually disclosed (including Information conveyed to an answering machine, voice mail box or similar medium), the disclosing Party shall designate it as confidential or proprietary at the time of such disclosure. Notwithstanding the foregoing, a disclosing Party shall not have any such obligation to so mark or identify, or to so designate, Information that the disclosing Party discloses to or is otherwise obtained by the other Party’s employees, contractors, or representatives (i) who are located on the disclosing Party’s premises; (ii) who access the disclosing Party’s systems; or (iii) who otherwise obtain AT&T Information and/or AT&T Customer Information in connection with this Agreement; any such Information so disclosed shall automatically be deemed to be confidential and proprietary. Additionally, the failure to mark or designate information as being confidential or proprietary will not waive the confidentiality where it is reasonably obvious, under the circumstances surrounding disclosure, that the Information is confidential or proprietary; any such Information so disclosed or obtained shall automatically be deemed to be confidential and proprietary. For greater certainty, Information provided by either Party to the other Party prior to the Effective Date of this Agreement in connection with the subject matter hereof, including any such Information provided under a separate non-disclosure agreement (howsoever denominated) is also subject to the terms of this Agreement. Neither Party shall disclose Information under this Agreement that includes, in any form, any of the following: customer or employee personal information, credit card and credit related information, health or financial information, and/or authentication credentials. |
b. | With respect to the Information of the disclosing Party, the receiving Party shall: |
i. | hold all such Information in confidence with the same degree of care with which it protects its own confidential or proprietary Information, but with no less than reasonably prudent care; |
ii. | restrict disclosure of such Information solely to its employees, contractors, and agents (and, in the case of AT&T, also to its Affiliates’ employees, contractors, and agents) with a need to know such Information, advise such persons of their confidentiality obligations with respect thereto, and ensure that such persons are bound by obligations of confidentiality reasonably comparable to those imposed in this Agreement; |
iii. | use such Information only as needed to perform its obligations (and, if AT&T is the receiving Party, to receive the benefits of the Work provided) under this Agreement; |
Page 32 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
iv. | except as necessary under the immediately preceding clause (iii), not copy, distribute, or otherwise use any such Information or allow anyone else to copy, distribute, or otherwise use such Information; and ensure that any and all copies bear the same notices or legends, if any, as the originals; and |
v. | upon the disclosing Party’s request, promptly return, or destroy all or any requested portion of the Information, including tangible and electronic copies, notes, summaries, extracts, mail or other communications, and provide written certification [***] business days to the disclosing Party that such Information has been returned or destroyed, provided that with respect to archival or back-up copies of Information that reside on the receiving Party’s systems, the receiving Party shall be deemed to have complied with its obligations under this clause (v) if it makes reasonable efforts to expunge from such systems, or to permanently render irretrievable, such copies. |
c. | Except for Customer Information, neither Party shall have any obligation to the other Party with respect to Information which: |
i. | at the time of disclosure was already known to the receiving Party free of any obligation to keep it confidential (as evidenced by the receiving Party’s written records prepared prior to such disclosure); |
ii. | is or becomes publicly known through no wrongful act of the receiving Party (such obligations ceasing at the time such Information becomes publicly known); |
iii. | is lawfully received from a third party, free of any obligation to keep it confidential; |
iv. | is independently developed by the receiving Party or a third party, as evidenced by the receiving Party’s written records, and where such development occurred without any direct or indirect use of or access to the Information received from the disclosing Party, or |
v. | the disclosing Party consents in writing to be free of restriction. |
d. | If a receiving Party is required to provide Information of a disclosing Party to any court or government agency pursuant to a written court order, subpoena, regulatory demand, request under the National Labor Relations Act (an “NLRA Request”), or process of law, the receiving Party must, unless prohibited by applicable law, first provide the disclosing Party with prompt written notice of such requirement and reasonable cooperation to the disclosing Party should it seek protective arrangements for the production of such Information. The receiving Party will (i) take reasonable steps to limit any such provision of Information to the specific Information required by such court or agency, and (ii) continue to otherwise protect all Information disclosed in response to such order, subpoena, regulation, NLRA Request, or process of law. |
e. | A receiving Party’s obligations with respect to any particular Information of a disclosing Party shall remain in effect, including after the expiration or termination of this Agreement, until such time as it qualifies under one of the exceptions set forth in clause (c) above. Notwithstanding anything to the contrary herein, Customer Information shall remain confidential indefinitely and shall never be disclosed or used without the prior written approval of an authorized representative of AT&T. |
Page 33 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
f. | Any vendors or consultants of AT&T or other third parties who are required by AT&T and authorized by Supplier in writing to have access to any Supplier Information for the purpose of providing services to AT&T shall first sign Supplier’s non-disclosure agreement in the form attached hereto as Appendix I, Exhibit 1. In the event that such third party is a Supplier competitor, AT&T shall not provide such third party with access to Supplier Information without Supplier’s express prior written consent which shall not be unreasonably withheld, conditioned, or delayed. |
3.17 | Infringement |
a. | Definitions. For purposes of this Section: |
i. | “Indemnified Parties” shall mean AT&T and its Affiliates, individually or collectively, as the case may be. |
ii. | “Loss” shall mean any liability, loss, claim, demand, suit, cause of action, settlement payment, cost, expense, interest, award, judgment, damages (including, without limitation, punitive and exemplary damages and increased damages for willful infringement), liens, fines, fees, penalties, and Litigation Expense. |
iii. | “Litigation Expense” means any court filing fee, court cost, arbitration fee, and each other reasonable fee and cost of investigating or defending an indemnified claim or asserting any claim for indemnification or defense under this Agreement, including without limitation reasonable attorneys’ fees and other professionals’ fees, and disbursements. |
iv. | “Provided Elements” shall mean any products, hardware, Custom Software, Standard Software, interfaces, systems, content, services, processes, methods, documents, materials, data, or information, or any functionality therein, provided to any Indemnified Party by or on behalf of Supplier (including, without limitation, by any of Supplier’s sub-suppliers or distributors, but excluding only Third Party Software resold by a Third Party to AT&T by Supplier that is governed by an applicable license agreement between AT&T and such Third Party) pursuant to this Agreement (including, without limitation, under any order, statement of work, exhibit, or other document under, subordinate to, or referencing this Agreement). |
b. | Obligations. |
i. | Supplier shall indemnify, hold harmless, and defend (which shall include, without limitation, cooperating with AT&T as set forth below in the defense of) the Indemnified Parties against any Loss resulting from, arising out of or relating to any [***] demand, claim or lawsuit brought by any third party (“Covered Claim”), regardless of whether such Covered Claim is meritorious, of: |
Page 34 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
1. | infringement (including, without limitation, direct, contributory and induced infringement) of any patent, copyright, trademark, service mark, or other Intellectual Property Right in connection with the Provided Elements, including, for example, any Covered Claim of infringement based on: |
A) | making, repair, receipt, use, importing, sale or disposal (and offers to do any of the foregoing) of Provided Elements (or having others do any of the foregoing, in whole or in part, on behalf of or at the direction of the Indemnified Parties), or |
B) | use of Provided Elements in [***] with products, hardware, software, interfaces, systems, content, services, processes, methods, documents, materials, data or information [***], including, for example, use in the [***] of such Provided Elements (a “[***] Claim”); |
2. | misappropriation of any trade secret, proprietary or non-public information in connection with the Provided Elements; |
any and all such Loss referenced in this Section b, “Obligations”, being hereinafter referred to as a “Covered Loss.”
ii. | Insofar as Supplier’s obligations under paragraph b.1. result from, arise out of, or relate to a Covered Claim that is a [***] Claim, Supplier shall be liable to pay [***] of the Covered Loss associated with such [***] Claim. [***] If Supplier believes AT&T’s assessment of Supplier’s [***] is not fair and equitable, then Supplier’s [***] shall be determined, insofar as possible, through good faith negotiation between the Parties and, ultimately, through the dispute resolution process in this Agreement; provided, however, that a failure of the Parties to agree on Supplier’s [***] shall not relieve Supplier of its obligations to pay its [***] under this Section. |
iii. | AT&T shall have sole control over the defense of any [***] Claim. Supplier shall cooperate in every reasonable way with AT&T to facilitate the defense and may, at its option and at its own expense, participate with AT&T in the defense with counsel of its own choosing. Where AT&T controls the defense under this paragraph, AT&T shall make good faith efforts to enter into a reasonable joint defense or common interest agreement with Supplier, which agreement Supplier shall negotiate in good faith; provided, however, that Supplier shall not be required to provide any information or assistance to AT&T unless or until a joint defense or common interest agreement is entered into by the Parties. |
iv. | Insofar as Supplier’s obligations under paragraph b.1. result from, arise out of, or relate to other than a [***] Claim, Supplier shall have control of the defense of the Covered Claim. In the event that Supplier controls the defense of the Covered Claim, Supplier shall retain as its lead counsel, subject to AT&T’s approval, one or more competent attorneys from a nationally recognized law firm who have significant experience in litigating intellectual property claims of the type at issue; and the Indemnified Parties may, at their option and |
Page 35 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
expense, participate with Supplier in the defense of such Covered Claim. Where Supplier controls the defense under this paragraph, Supplier shall make good faith efforts to enter into a reasonable joint defense or common interest agreement with AT&T, which agreement AT&T shall negotiate in good faith; provided, however, that AT&T shall not be required to provide any information or assistance to Supplier unless or until a joint defense or common interest agreement is entered into by the Parties. |
v. | AT&T shall notify Supplier promptly of any Covered Claim; provided, however, that any delay in such notice shall not relieve Supplier of its obligations under this Section, except to the extent that Supplier can show such delay actually and materially prejudiced Supplier. |
vi. | In no event shall Supplier settle, without AT&T’s prior written consent which shall not unreasonably be withheld, any Covered Claim, in whole or in part, in a manner that would require any Indemnified Party to discontinue or materially modify its products or services (or offerings thereof). In no event shall Supplier enter into any agreement related to any Covered Claim or to the Intellectual Property Rights asserted therein that discharges or mitigates Supplier’s liability to the third-party claimant but fails to fully discharge all of AT&T’s liabilities as to the Covered Loss. |
c. | Continued Use of Provided Elements. |
Without in any manner limiting the foregoing indemnification, if, as a result of a Covered Claim (other than a [***] Claim), (i) the Indemnified Parties’ rights under this Agreement are restricted or diminished; or (ii) an injunction, exclusion order, or other order from a court, arbitrator or other competent tribunal or governmental authority preventing or restricting the Indemnified Parties’ use or enjoyment of the Provided Elements is issued, imminent, or reasonably likely to be issued, then, in addition to its other obligations set forth in this Section, Supplier, in any case at its sole expense and at no loss, cost or damage to the Indemnified Parties or their customers, shall use commercially reasonable efforts to obtain for the Indemnified Parties the right to continue using or conducting other activities with respect to the Provided Elements; provided that if Supplier is unable to obtain such right, Supplier shall, after consulting with and obtaining the written approval of the Indemnified Parties, provide modified or replacement non-infringing Provided Elements that are equally suitable and functionally equivalent while retaining the quality of the original Provided Elements and complying fully with all the representations and warranties set forth in this Agreement; provided further that if Supplier is unable in this way to provide such modified or replacement non-infringing Provided Elements, AT&T shall, at its option: (i) terminate this Agreement with respect to the Provided Elements or (ii) require Supplier, as applicable, to remove, return, or discontinue use of the Provided Elements, and, in case of either (i) or (ii), to require Supplier to refund to AT&T the purchase price thereof or other monies paid therefor (subject to reduction based on the amount of depreciation or amortization over the useful life of the Provided Elements at issue) and to reimburse AT&T for any and all reasonable out-of-pocket expenses of removing, returning, or discontinuing such Provided Elements. If, as a result of a [***] Claim, (i) the Indemnified Parties’ rights under this Agreement are restricted or diminished; or (ii) an injunction, exclusion order, or other order from a court, arbitrator or other competent tribunal or governmental authority preventing or restricting the Indemnified Parties’ use or enjoyment of the Provided Elements is issued, imminent, or reasonably likely to be
Page 36 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
issued, and Supplier, after using commercially reasonable efforts ([***]) per [***] Claim or [***] [***] period for all [***] Claims in [***] period, which amounts, together with any other amounts paid with respect to such [***] Claim, [***] Claims set forth in Subsection b.ii. above), cannot provide a technically feasible non-infringing [***], operation or use of the Provided Elements in the [***] at issue, then if Supplier obtains and provides AT&T with a written opinion from outside counsel with a national reputation in intellectual property law that no valid non-infringement or invalidity defenses exist as to the Covered Claim, AT&T shall either cease using the Provided Elements within the [***] giving rise to the [***] Claim or Supplier shall have no further obligation to indemnify AT&T with respect to Losses associated with such [***] Claim after the date on which written opinion is provided to AT&T.
d. | Elimination of Charges. After AT&T ceases, as a result of actual or claimed infringement or misappropriation, to exercise the rights granted under this Agreement with respect to the Provided Elements, AT&T has no obligation to pay Supplier any charges that would otherwise be due under this Agreement for such rights. |
e. | Exceptions. Supplier shall have no liability or obligation to any of the Indemnified Parties for that portion of a Covered Loss which is based on (and only to the extent such portion is based on): |
i. | use of the Provided Elements by the Indemnified Parties in a manner that constitutes a breach of the scope of the license terms under this Agreement or an Order; or |
ii. | an unauthorized modification of the Provided Elements by or on behalf of an Indemnified Party; or |
iii. | Supplier’s contractually required conformance to the Indemnified Party’s written specifications, unless any one or more of the following is true: |
1. | the Provided Elements are or have been provided by or on behalf of Supplier to any third party at any time prior to receipt of the written specification from the Indemnified Party and other than as a result of Supplier’s conformance to specifications provided by such third party; or |
2. | Supplier knew that such specifications for the Provided Elements were infringing and failed to implement a technically feasible non-infringing means of complying with those specifications; or |
3. | the relevant specifications for the Provided Elements are of Supplier’s (or one or more of its sub-suppliers’) origin, design, or selection. |
iv. | use of the Provided Elements by the Indemnified Parties in a [***] that the Indemnified Parties knew was infringing. |
v. | a [***] Claim alleging infringement of a patent that issued after the date on which the Provided Element was provided to AT&T, if such Provided Element constitutes Paid for Development under this Agreement, except to the extent Amdocs Pre-Existing Materials, Amdocs Independently Developed Materials, or Amdocs Mere Reconfigurations embedded therein caused the infringement. |
Page 37 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
f. | OTHER LIMITATIONS OF LIABILITY NOT APPLICABLE. NOTWITHSTANDING ANY OTHER PROVISION IN THIS AGREEMENT TO THE CONTRARY (AND WHETHER OR NOT SUCH A PROVISION CONTAINS LANGUAGE TO THE EFFECT THAT THE PROVISION TAKES PRECEDENCE OVER OTHER PROVISIONS CONTRARY TO IT), WHETHER EXPRESS OR IMPLIED, NONE OF THE LIMITATIONS OF LIABILITY (INCLUDING, WITHOUT LIMITATION, ANY LIMITATIONS REGARDING TYPES OF OR AMOUNTS OF DAMAGES OR LIABILITIES) CONTAINED ANYWHERE IN THIS AGREEMENT WILL APPLY TO SUPPLIER’S OBLIGATIONS UNDER THIS SECTION. |
3.18 | Insurance |
The Parties agree that this Section shall apply to all existing and future Orders between AT&T and Supplier.
a. | With respect to Supplier’s performance under this Agreement, and in addition to Supplier’s obligation to indemnify, Supplier shall comply with this Section, at its sole cost and expense. |
b. | Supplier shall maintain insurance coverages and limits required by this Section and any additional insurance and/or bonds required by law: |
i. | at all times during the term of this Agreement and until completion of all Services associated with this Agreement, whichever is later; and |
ii. | with respect to any coverage maintained in a “claims-made” policy, for two (2) years following the term of this Agreement or completion of all Services associated with this Agreement, whichever is later. If a “claims-made” policy is maintained, the retroactive date must precede the commencement of Services under this Agreement; |
c. | Supplier shall procure the required insurance from an insurance company eligible to do business in the state or states where Services will be performed and having and maintaining a Financial Strength Rating of “A-” or better and a Financial Size Category of “VII” or better, as rated in the A.M. Best Key Rating Guide for Property and Casualty Insurance Companies, except that, in the case of Workers’ Compensation insurance, Supplier may procure insurance from the state fund of the state where Services are to be performed. |
d. | Supplier shall deliver to AT&T certificates of insurance stating the types of insurance and policy limits. Supplier shall provide or will endeavor to have the issuing insurance company provide at least thirty (30) days advance written notice of cancellation, non-renewal, or reduction in coverage, terms, or limits to AT&T. Supplier shall deliver such certificates: |
i. | prior to execution of this Agreement and prior to commencement of any Services; |
ii. | in connection with a policy renewal or replacement, no later than fourteen (14) days following expiration of the then-current insurance policy required in this Section; and |
Page 38 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
iii. | for any coverage maintained on a “claims-made” policy, for two (2) years following the term of this Agreement or completion of all Services associated with this Agreement, whichever is later. |
e. | The Parties agree that: |
i. | the failure of AT&T to demand such certificate of insurance or failure of AT&T to identify a deficiency will not be construed as a waiver of Supplier’s obligation to maintain the insurance required under this Agreement; |
ii. | the insurance required under this Agreement does not represent that coverage and limits will necessarily be adequate to protect Supplier, nor will it be deemed as a limitation on Supplier’s liability to AT&T in this Agreement; |
iii. | Supplier may meet the required insurance coverages and limits with any [***] of primary and Umbrella/Excess liability insurance; and |
iv. | Supplier is responsible for any deductible or self-insured retention. |
f. | The insurance coverage required of Supplier by this Section shall include: |
i. | Workers’ Compensation insurance with benefits afforded under the laws of the state in which the Services are to be performed and Employers Liability insurance with limits of at least: |
1. | $500,000 for Bodily Injury – each accident |
2. | $500,000 for Bodily Injury be disease – policy limits |
3. | $500,000 for Bodily Injury by disease – each employee |
4. | To the fullest extent allowable by Law, the policy must include a waiver of subrogation in favor of AT&T, its Affiliates, and their directors, officers and employees. |
5. | In states where Workers’ Compensation insurance is a monopolistic state-run system, Supplier shall add Stop Gap Employers Liability with limits not less than $500,000 each accident or disease. |
ii. | Commercial General Liability insurance written on Insurance Services Office (ISO) Form CG 00 01 12 04 or a substitute form providing equivalent coverage, covering liability arising from premises, operations, personal injury, products/completed operations, and liability assumed under an insured contract (including the tort liability of another assumed in a business contract) with limits of at least: |
1. | $2,000,000 General Aggregate limit |
2. | $1,000,000 each occurrence limit for all bodily injury or property damage incurred in any one (1) occurrence |
Page 39 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3. | $1,000,000 each occurrence limit for Personal Injury and Advertising Injury |
4. | $2,000,000 Products/Completed Operations Aggregate limit |
5. | $1,000,000 each occurrence limit for Products/Completed Operations |
iii. | The Commercial General Liability insurance policy must: |
1. | include AT&T, its Affiliates, and their directors, officers, and employees as Additional Insureds. Supplier shall provide a copy of the Additional Insured endorsement to AT&T. The Additional Insured endorsement may either be specific to AT&T or may be “blanket” or “automatic” addressing any person or entity as required by contract. A copy of the Additional Insured endorsement must be provided within sixty (60) days of execution of this Agreement and within sixty (60) days of each Commercial General Liability policy renewal; |
2. | include a waiver of subrogation in favor of AT&T, its Affiliates, and their directors, officers and employees; and |
3. | be primary and non-contributory with respect to any insurance or self-insurance that is maintained by AT&T. |
iv. | Business Automobile Liability insurance with limits of at least $1,000,000 each accident for bodily injury and property damage, extending to all owned, hired, and non-owned vehicles. |
v. | Umbrella/Excess Liability insurance with limits of at least $1,000,000 each occurrence and with terms and conditions at least as broad as the underlying Commercial General Liability, Business Auto Liability, and Employers Liability policies. Umbrella/Excess Liability limits will be primary and non-contributory with respect to any insurance or self-insurance that is maintained by AT&T. |
vi. | Fidelity or Crime insurance covering employee dishonesty, including but not limited to dishonest acts of Supplier and its employees, agents, Subcontractors and anyone under Supplier’s supervision or control. Supplier shall be liable for money, securities or other property of AT&T in the custody, care or control of the Supplier. Supplier shall include a client coverage endorsement written for limits of a least $1,000,000 and shall include AT&T as Loss Payee. |
vii. | Professional Liability (Errors & Omissions) insurance with limits of at least $1,000,000 each claim or wrongful act including data security breach. |
viii. | Property insurance with limits equal to the replacement cost of Supplier’s Business Personal Property at the location where Services are to be performed under this Agreement. The Property insurance policy will include a waiver of subrogation in favor of AT&T, its Affiliates, and their directors, officers and employees. |
Page 40 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
g. | To the extent that Supplier’s Subcontractors are not covered by the insurance policies required under this Section, Supplier shall require each Subcontractor that may perform Services under this Agreement or enter upon the AT&T Facilities or Supplier facilities to maintain coverages, requirements, and limits at least as broad as those listed in this Section from the time when the Subcontractor begins performance of Services, throughout the term of the Subcontractor’s performance of Services and, with respect to any coverage maintained on a “claims-made” policy, for two (2) years thereafter. |
3.19 | Invoicing and Payment |
a. | Supplier shall render an invoice under any License Order, Services Order, or Maintenance Order under this Agreement in accordance with the payment schedule as set forth in such Order. |
b. | The invoice shall specify in detail, where applicable (1) quantities of each ordered item, (2) unit prices of each ordered item, (3) the estimated amount of tax per item, (4) any relevant item and commodity codes known to Supplier, (5) total amounts for each item, (6) total estimated amount of applicable sales or use taxes, (7) discounts, (8) shipping charges, (9) total amount due, and (10) any other items specified in the Order. AT&T shall pay Supplier in accordance with the prices and invoicing provisions set forth in this Agreement within [***] days of the date of receipt of the invoice. Payment for Material or Services not conforming to the Specifications (in the event of payments due upon Acceptance), and portions of any invoice in dispute, may be withheld by AT&T until such problem has been resolved in accordance with the provisions of this Agreement. If AT&T disputes any invoice rendered or amount paid, AT&T shall promptly so notify Supplier. The Parties shall use their best efforts to resolve such dispute expeditiously, per the dispute resolution provisions in this Agreement. Any undisputed portion of invoices shall be resubmitted by Supplier and paid in accordance with this Agreement. In the event that a dispute is resolved in Supplier’s favor, AT&T will pay Disputed Payment Interest (as defined below) on the withheld fees from the date such payment was initially due. |
c. | Payment for Services performed may be either under a time and materials Services Order, or a fixed-bid Services Order. In time and materials Services Orders, AT&T shall compensate Supplier on the basis of hours actually worked. In the case of fixed-bid Services Orders, AT&T shall compensate Supplier on the basis of the agreed fixed price. Estimates for fixed bid Services Orders shall be calculated based upon [***] hours of work per month. [***]. |
d. | Supplier agrees to accept standard, commercial methods of payment and evidence of payment obligation including, but not limited to electronic fund transfers in connection with the purchase of the Material and Services. |
e. | Supplier may assess interest on past due disputed amounts at [***] Chase Manhattan Bank as quoted in the Wall Street Journal on the date of the applicable invoice, or at the maximum interest rate allowed by law (“Disputed Payment Interest”). |
Page 41 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
f. | Notwithstanding any other remedies available to Supplier under this Agreement or under applicable law, payment in arrears of more than [***] [***] shall bear interest from the date payment is due [***] Chase Manhattan Bank as quoted in the Wall Street Journal or at the maximum interest rate allowed by law, unless the amount in arrears is disputed in good faith and until such dispute is resolved. Additionally, and without affecting the foregoing, AT&T’s failure to pay any undisputed payment under this Agreement within [***] after such payment becomes due shall be considered a material breach of this Agreement by AT&T, subject to the provisions of Section 3.36b, “Termination for Cause”. |
3.20 | Labor Disputes |
a. | In the event of a labor dispute between AT&T and the union(s) representing AT&T’s employees, AT&T may exercise its right to modify the scope of Work under any Services Order with [***] days advance notice, including postponing, reducing, or terminating the Services to be provided under the Services Order and due to be performed after the commencement of a labor dispute, provided, however, that in the event of the termination of Services pursuant to this paragraph, such termination shall be deemed a termination for convenience and subject to the payment of any applicable early termination fees under such terminated Services Order. AT&T acknowledges and agrees that the exercise of such right may result in a delay in the resumption of Services when requested by AT&T. |
b. | The rights and obligations of the Parties under this Section are in addition to, and not a limitation of, their respective rights under the Section entitled “Amendments and Waivers”. |
c. | Where AT&T modifies the scope of Work to include a reduction, postponement, or termination of the Services to be provided, until reinstatement of such Services the terms of any Service Level Agreements and project delivery dates/milestones applicable to such Services shall be reasonably modified by the Parties to reflect such modification. In addition, no such modification shall relieve AT&T of its obligation to pay Supplier for any Services actually performed by Supplier (whether before or after such modification) notwithstanding Supplier’s failure or inability to achieve any payment milestone set forth in the applicable Services Order as a result of such modification. |
3.21 | Limitation of Damages |
a. | Exclusion of Indirect and Consequential Damages. EXCEPT AS PROVIDED IN THIS SECTION, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY FOR INDIRECT, CONSEQUENTIAL, INCIDENTAL, SPECIAL, EXEMPLARY OR PUNITIVE DAMAGES, INCLUDING LOST REVENUE, LOST DATA OR LOST PROFITS, ARISING OUT OF ANY BREACH OF THE OBLIGATIONS OF THIS AGREEMENT, REGARDLESS OF THE THEORY OF RECOVERY, EVEN IF SUCH PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. HOWEVER, THE FOLLOWING ELEMENTS OF LOSS OR DAMAGE, IF PROVED, SHALL BE DEEMED DIRECT OR GENERAL DAMAGES NOT EXCLUDED OR LIMITED BY THE PRECEDING SENTENCE: |
i. | LIABILITY, LOSS, OR DAMAGE FOR WHICH ONE PARTY IS OBLIGATED TO INDEMNIFY THE OTHER UNDER THIS AGREEMENT; |
Page 42 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
ii. | LOSS OR DAMAGE PROXIMATELY CAUSED BY A PARTY’S BREACH OF ITS OBLIGATIONS UNDER THE SECTIONS ENTITLED “INFORMATION” OR “ACCESS TO AT&T PREMISES AND NON-PUBLIC INFORMATION SYSTEMS”; AND |
iii. | LIQUIDATED DAMAGES AND CREDITS PROVIDED UNDER ANY PROVISION OF THIS AGREEMENT. |
b. | Limitation of Direct and General Damages. EXCEPT AS PROVIDED IN THIS SECTION, NEITHER PARTY SHALL BE LIABLE TO THE OTHER PARTY WITH RESPECT TO ANY ORDER OR THIS AGREEMENT FOR ANY DAMAGES IN EXCESS OF ONE MILLION DOLLARS WITH RESPECT TO ANY ORDER, OR FOR ANY DAMAGES IN EXCESS OF FIVE MILLION DOLLARS UNDER ALL ORDERS OR THIS AGREEMENT. HOWEVER, THE FOLLOWING ELEMENTS OF LOSS OR DAMAGE, IF PROVED, SHALL NOT BE EXCLUDED OR LIMITED BY THE PRECEDING SENTENCES: |
i. | LIABILITY, LOSS, OR DAMAGE FOR WHICH ONE PARTY IS OBLIGATED TO INDEMNIFY THE OTHER UNDER “INDEMNITY” (solely with respect to personal injury and property damage), “INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS,” AND “INDEPENDENT CONTRACTOR”; PROVIDED, HOWEVER, THAT, WITH RESPECT TO LOSS, LIABILITY, OR DAMAGE WHICH MAY BE COVERED BY LIABILITY INSURANCE OF THE TYPES REQUIRED IN THE SECTION ENTITLED “INSURANCE,” EACH PARTY SHALL AND HEREBY DOES WAIVE ANY CLAIMS DAMAGES IN EXCESS OF THE LIMITS ON INSURANCE MENTIONED IN THAT SECTION; |
ii. | LOSS OR DAMAGE PROXIMATELY CAUSED BY A PARTY’S BREACH OF ITS OBLIGATIONS UNDER THE SECTIONS ENTITLED “INFORMATION” OR “ACCESS TO AT&T PREMISES AND NON-PUBLIC INFORMATION SYSTEMS”; |
iii. | SUPPLIER’S LIABILITY PURSUANT TO SECTION 3.43e.iv TO REFUND AMOUNTS PAID FOR WORK UNDER AN ORDER FOR CUSTOM SOFTWARE DEVELOPMENT, WHERE SUCH SOFTWARE FAILS ACCEPTANCE AND HAS NEVER BEEN PUT INTO PRODUCTION; IF SUCH FAILURE HAS RESULTED SOLELY FROM SUPPLIER’S FAILURE TO PERFORM ITS OBLIGATIONS UNDER THIS AGREEMENT, SHALL BE EQUAL TO A MAXIMUM OF THE SUM OF AMOUNTS PAID BY AT&T FOR SUCH WORK, PLUS ANY LIQUIDATED DAMAGES THAT AT&T HAS RECOVERED, EVEN IF THE LIQUIDATED DAMAGES THEMSELVES HAVE REACHED THE ONE MILLION DOLLAR LIMIT PROVIDED IN THE SECOND SENTENCE OF SECTION b ABOVE; |
iv. | SUPPLIER’S LIABILITY FOR FAILURE TO MEET ITS WARRANTY OBLIGATIONS TO CORRECT CERTAIN ERRORS AND SUPPLIER’S LIABILITY FOR LIQUIDATED DAMAGES FOR BREACH OF A SERVICE LEVEL AGREEMENT BOTH OF WHICH ARE, HOWEVER, SEPARATELY LIMITED AS PROVIDED IN SECTION 3.43e; AND |
Page 43 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
v. | AT&T’S LIABILITY TO PAY FOR SERVICES RENDERED OR EXPENSES INCURRED UNDER THIS AGREEMENT OR ANY ORDER THERETO. |
3.22 | Non-Exclusive Market |
This Agreement does not grant Supplier any right or privilege to provide to AT&T any Work of the type described in or purchased under this Agreement. Except for obligations arising under an Order, this Agreement does not obligate AT&T to purchase or license any such Work. AT&T may contract with other manufacturers and vendors for the procurement or trial of Work comparable to that described in or purchased under this Agreement, and AT&T may itself perform such Work.
3.23 | Notices |
a. | Each Party giving or making any notice, consent, request, demand, or other communication (each, a “Notice”) pursuant to this Agreement must give the Notice in writing and use one of the following methods, each of which for purposes of this Agreement is a writing: in person; first class mail with postage prepaid; Express Mail, Registered Mail, or Certified Mail (in each case, return receipt requested and postage prepaid); internationally recognized overnight courier (with all fees prepaid); or email. If Notice is given by e-mail, it must be confirmed by a copy sent by any one of the other methods or by a return email by the Addressee confirming receipt. Each Party giving Notice shall address the Notice to the appropriate person (the “Addressee”) at the receiving Party at the address listed below: |
Amdocs Development Limited
000 Xxxxxx Xxxxxx
The Maritime Centre
XX Xxx 00000
0000 Xxxxxxxx, Xxxxxx
Attn: Legal Department
Email address: XxxxxxXxxxx@xxxxxx.xxx
With Copy to:
Office of General Counsel
Amdocs, Inc.
000 Xxxxxx Xxxxxx
Xxxxx 0000
Xxxxxx Xxxx, XX 00000
AT&T Services, Inc.
0000 Xxxxxxxx
Xxxx 000X00
Xxx Xxxxxxx, XX 00000
Attn: Notices Administrator
Email Address: x00000@xxx.xxx
Page 44 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
b. | A Notice is effective only if the Party giving notice has complied with the foregoing requirements of this Section and the Addressee has received the Notice. A Notice is deemed to have been received as follows: |
i. | If a Notice is furnished in person, or sent by Express Mail, Registered Mail, or Certified Mail, or internationally recognized overnight courier, upon receipt as indicated by the date on the signed receipt; |
ii. | If a Notice is sent by e-mail, upon successful transmission to the recipient’s email account, if such Notice is sent in time to allow it to be accessible by the Addressee before the time allowed for giving such notice expires, and a confirmation copy is sent by one of the other methods or the Addressee confirms by return email that the email Notice has been received. |
c. | The addresses and telephone numbers to which Notices may be given to the Addressees of either Party may be changed by written Notice given by such Party to the other pursuant to this Section. |
3.24 | Offshore Work Permitted Under Specific Conditions |
a. | Supplier shall not perform any Services under this Agreement or allow such performance by any Subcontractor at a location outside the United States (“Offshore Location”) unless AT&T approves work to be performed by Supplier or a Subcontractor at such Offshore Location. As of the Effective Date of the Agreement, Appendix C as attached hereto contains AT&T’s approval for the physical location where the work is to be performed, the Services to be performed at such location, and, the identity of any Subcontractor performing such work. Prior to Supplier making any additions or deletions to the physical locations or changes in Subcontractors performing work at an Offshore Location, the Parties shall amend Appendix C, or shall add to, or amend, the applicable Services Order or Maintenance Order. A change in the location where a Service is performed from one Offshore Location to another AT&T-approved Offshore Location shall not require an amendment to Appendix C or the applicable Order. Remote access by Supplier employees or Subcontractors from an Offshore Location for the performance of Services shall be in accordance with Appendix D, Security and Offshore Requirements. The requirements of this Section shall be in addition to Sections 3.2, “Amendments and Waivers”, and 3.44, “Work Done By Others”. |
b. | AT&T shall have the right to withdraw its consent to the performance of work at an Offshore Location at any time in AT&T’s sole discretion for any reason, in which event the Parties shall assess cost impacts, timing, and methodology and amend the Agreement to reflect any changes reasonably required to permit Supplier to continue to perform such work at a location within the United States and the Parties shall amend the Agreement, Appendix C, and/or the applicable Order accordingly. |
c. | Supplier’s compliance with this Section, and all Services performed in Offshore Locations with AT&T’s consent, shall be subject to Section 3.31, “Records and Audits”. Supplier shall provide, and shall ensure that all Subcontractors provide, AT&T with physical access to inspect all Offshore Locations. |
Page 45 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
d. | To the extent Supplier interconnects with, or otherwise has access to, the AT&T network, Supplier d. shall access, or establish network connections that would allow access, to the AT&T network from an Offshore Location in compliance with Appendix D, “Security and Offshore Requirements” to this Agreement. |
e. | If Supplier or any Subcontractor, without intending to circumvent the requirements of this Section, provides any Services under this Agreement in an Offshore Location without AT&T’s prior written consent and fails to cease providing such Services within [***] days after written notice from AT&T, such inadvertent provisioning and failure to timely cure within said[***] days shall be a material breach of this Agreement and, in addition to any other legal rights or remedies available to AT&T at law or in equity, AT&T may immediately terminate the applicable Order under which such Services are being provided, without cost, liability, or penalty to AT&T. Notwithstanding the foregoing, AT&T agrees that Supplier’s or a Subcontractor’s provision of the Services in an Offshore Location without AT&T’s prior written consent on a transient basis (e.g., a Supplier’s employee’s provision of Services from an airport while in travel status) shall be permitted and shall not be deemed to be a material breach of this Agreement. |
f. | When AT&T has granted consent for Services to be performed in an Offshore Location, Supplier shall remain fully responsible for compliance with any foreign, federal, state or local law applicable to the Supplier’s provision of such Services regardless of whether the Service is being performed by Supplier or a Subcontractor. Nothing contained within this Agreement is intended to extend, nor does it extend, any rights or benefits to any Subcontractor, and no third party beneficiary right is intended or granted to any third party hereby. |
3.25 | Order of Precedence |
The terms of this Agreement [***]. The Parties may not vary or supplement the terms of this Agreement in connection with any Order, except by Special Terms and Conditions upon which both Parties have agreed. When Special Terms and Conditions are included in an Order and agreed upon, such take precedence over any inconsistent term of this Agreement, but only with reference to the transaction governed by that Order, and Special Terms and Conditions in an Order have no other force or effect. This Agreement shall govern in lieu of all other pre-printed or standardized provisions that may otherwise appear in any other paper or electronic record of either Party (such as standard terms on order or acknowledgment forms, advance shipping notices, invoices, time sheets, and packages, shrink wrap terms, and click wrap terms).
3.26 | Orders |
AT&T may order Material, Licenses, and Services by submitting Services Orders and License Orders in connection with this Agreement that are substantially in the form of one of the Order forms set forth in Appendix B. The form of a Maintenance Order will be agreed upon by the Parties based on the specific Standard Software that is the subject of Maintenance under that Maintenance Order.
Page 46 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3.27 | Ownership of Paid-For Development, Use and Reservation of Rights |
a. | Definitions. For purposes of this Section: |
i. | “Amdocs Developed Work” means Items created, invented, or otherwise developed by Amdocs in the course of performance of Services under this Agreement or Order or other document referencing or subordinate to this Agreement and for which Development Fees are paid by AT&T. Amdocs Developed Work does not include any Amdocs Pre-Existing Materials, Amdocs Independently Developed Materials or Amdocs Mere Reconfigurations which may be provided to AT&T as part of a deliverable. |
ii. | “Amdocs Independently Developed Materials” means those Items that have been developed or created by Amdocs or on Amdocs’s behalf: (i) other than Amdocs Developed Work, (ii) without use of any AT&T Provided Items, and (iii) either (a) in the course of the performance of the Services under an applicable Order or (b) independently of any Services provided under an Order provided that it meets (i) and (ii) above. |
iii. | “Amdocs Pre-Existing Materials” means those Items owned by Amdocs, other than Amdocs Independently Developed Materials and Amdocs Mere Reconfigurations, to the extent and in the form that they both existed prior to the date Amdocs began any Amdocs Developed Work under this Agreement and were created without any use of any of AT&T Provided Items. |
iv. | “Amdocs Mere Reconfigurations” means only those specific reconfigurations of Amdocs’s Pre-Existing Materials or Amdocs Independently Developed Materials performed by or on behalf of Supplier but only to the extent that such reconfiguration is an Enhancement, modification, or update to Supplier’s Software which is strictly required to permit Supplier’s Software to function on AT&T’s network or services platform and which does not constitute Amdocs Developed Work. For clarity, Amdocs Mere Reconfigurations includes Enhancements, modifications, or updates to reuse Amdocs’s Pre-Existing Materials or Amdocs Independently Developed Materials, which are pre-existing features from Amdocs’s more current software versions, and backport (e.g., adapt) such features to AT&T’s versions of the Supplier Software currently deployed by AT&T. |
v. | “AT&T Pre-Existing Materials” means those Items owned by AT&T, to the extent and in the form that they existed prior to the date any Services began under this Agreement. |
vi. | “AT&T Provided Items” means AT&T’s Items created by or on behalf of AT&T and directly or indirectly provided to, accessed by, or furnished to Amdocs (in any form, including, without limitation, verbally) by or on behalf of AT&T or its third party providers in connection with this Agreement. |
vii. | “Development Fees” means the monies charged to AT&T under this Agreement, any Order or any other document referencing this Agreement for any development Services under this Agreement. Payments not deemed to be Development Fees under this definition shall include (i) license fees; (ii) maintenance and support fees; (iii) revenue sharing arrangements(iv) subscription fees which are recurring in nature to provide AT&T or |
Page 47 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
AT&T’s customers’ ongoing access to or usage of the Services provided by Supplier’s platform; or (v) payment of the standard purchase price for devices or other physical products which AT&T purchases from Supplier and takes title to under this Agreement, in each case as imposed generally by Amdocs on its customers in connection with the provision of services or products.
viii. | “Items” means any or all inventions, discoveries, and ideas (whether patentable or not), and all works and materials, including, but not limited to, products, devices, Computer Programs, reports, plans, models, prototypes, performance requirements, source codes, designs, files, specifications, texts, drawings, processes, data or other Information or Documentation in preliminary or final form, and all Intellectual Property Rights in or to any of the foregoing. |
ix. | “Intellectual Property Rights” or “IPR” means all patents (including all reissues, divisions, continuations, and extensions thereof) and patent applications, trade names, trademarks, service marks, logos, trade dress, copyrights, trade secrets, mask works, rights in technology, data base rights, know-how, rights in content (including performance and synchronization rights), or other intellectual property rights that are in each case protected under the Laws of any domestic or foreign governmental authority having jurisdiction. |
x. | “Software” means a set of instructions or code that Amdocs and AT&T will provide under this Agreement intended to cause a computer to produce certain results and the associated Documentation for such set of instructions or code. |
xi. | “Third Party Material” means any software (i) not developed by or on behalf of AT&T, Amdocs, their agents or their contractors under an applicable Order and (ii) not owned by Amdocs or AT&T or an Affiliate. |
b. | Special Terms and Conditions: |
Intellectual Property.
i. | Developed Works. |
1. | Ownership. Except for any Amdocs Pre-Existing Materials, Amdocs Independently Developed Materials, and Amdocs Mere Reconfigurations that may be embedded therein (but subject to subparagraph b. below), AT&T shall be the exclusive owner of all right, title, and interest in and to all Amdocs Developed Work (“Paid-For Development”). Amdocs shall assign or have assigned to AT&T and hereby assigns to AT&T all Intellectual Property Rights in and to such Paid-For Development. |
2. | License Grant to Amdocs Pre-Existing and Amdocs Independently Developed Materials. If and to the extent that Amdocs embeds any Amdocs Pre-Existing Materials and/or Amdocs Independently Developed Materials in the Paid-For Development, subject to the payment of Development Fees as set forth in this Agreement or in any applicable Order, Amdocs hereby grants and promises to grant and have granted to AT&T and its Affiliates a royalty-free, nonexclusive, |
Page 48 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
sublicensable, assignable, transferable, irrevocable, perpetual, world-wide license in and to the Amdocs Pre-Existing Materials or Amdocs Independently Developed Materials and any applicable Intellectual Property Rights of Amdocs to use, copy, modify, distribute, display, perform, import, make, sell, offer to sell, and exploit (and have others do any of the foregoing on or for AT&T’s or any of its Affiliates’ behalf or benefit) the Amdocs Pre-Existing Materials or Amdocs Independently Developed Materials, but only as embedded in the Paid-For Development by Amdocs. Any Amdocs Pre-Existing Materials and/or Amdocs Independently Developed Materials not embedded in Paid-For-Development shall be subject to the applicable license agreement. |
3. | Further Acts and Obligations. Amdocs will take or secure such action (including, but not limited to, the execution, acknowledgment, delivery and assistance in preparation of documents or the giving of testimony) as may be reasonably requested by AT&T to evidence, transfer, perfect, vest or confirm AT&T’s right, title and interest in any Paid-For Development. Amdocs shall, in all events and without the need of AT&T’s request, secure all Intellectual Property Rights in any Paid-For Development (and any licenses specified above in any Excluded Materials) from each employee, agent, Subcontractor or sub-supplier of Amdocs who has or will have any rights in the Paid-For Development or Excluded Materials. |
4. | Reservation of Rights and Limited License. Except as explicitly granted in this Agreement, AT&T is not transferring or granting to Amdocs or its Affiliates any right, title, or interest in or to (or granting to Amdocs or its Affiliates any license or other permissions in or to) any Intellectual Property Rights in or to any AT&T Pre-Existing Materials, AT&T Items, AT&T Provided Items, or Paid-For Development. Except as explicitly granted in this Agreement, Amdocs is not transferring or granting to AT&T or its Affiliates any right, title, or interest in or to (or granting to AT&T or its Affiliates any license or other permissions in or to) any Intellectual Property Rights in or to any Amdocs Pre-Existing Materials, Amdocs Independently Developed Materials, or Amdocs Mere Reconfigurations. AT&T Pre-Existing Materials, AT&T Provided Items, and Paid-For Development shall constitute AT&T Information under this Agreement. |
ii. | Ownership of Pre-Existing and Independently Developed Materials. |
1. | Subject to the licenses herein, Amdocs shall retain ownership and all right, title and interest therein and thereto of all Amdocs Pre-Existing Materials, Amdocs Independently Developed Materials, and Amdocs Mere Reconfigurations. AT&T acknowledges that Amdocs may pursue the development of Amdocs Independently Developed Materials. |
2. | AT&T shall retain ownership and all right, title and interest in and to all AT&T Pre-Existing Materials, AT&T Provided Items and Paid-For Development. |
Page 49 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3.28 | Prices |
a. | Supplier shall furnish Work at the prices set forth in Appendix A, or pursuant to firm prices quoted by Supplier for such Work. Commencing January 2018, Supplier may elect to increase the prices in Appendix A annually. Supplier agrees to review such proposed rate increases with AT&T Global Supply Chain and AT&T Technology Development management. Such increases may not exceed the [***], as published in the month preceding the month in which the price increase is proposed. [***]. The prices for all Work in Appendix A are subject to increase only in accordance with this Agreement, changes to which must be in writing, reviewed by AT&T management and signed by both Parties as an Amendment to this Agreement. |
b. | Supplier shall strive to proactively reduce its costs and corresponding prices for long term Work as charged to AT&T each calendar year, through the use of improved processes, supply chain economies and other cost reduction methods. Supplier requests AT&T’s cooperation with Supplier’s efforts to reduce Supplier’s costs for long term Work. |
c. | In the event that Supplier provides Work to AT&T through another entity with which AT&T has an agreement, such Work shall be provided at [***] the rates specified in this Agreement. |
d. | Supplier confirms that the financial terms and conditions applicable to the Services provided under this Agreement are, as of the Effective Date of this Agreement, and, during the term of this Agreement shall [***] For clarity, the Parties acknowledge that the signatory is authorized by and that the written attestation represents approval from the then-current Chief Executive Officer (CEO), currently Xxxxx Xxxxxxx, Chief Financial Officer (CFO), currently Xxxxx Xxxxxxxx-Dagim, of Amdocs Management Ltd. |
3.29 | Publicity |
a. | Supplier shall not use AT&T’s or its Affiliates’ names or any language, pictures, trademarks, service marks, or symbols which could, in AT&T’s judgment, imply AT&T’s or its Affiliates’ identity or endorsement by AT&T, its Affiliates, or any of its employees in any (i) written, electronic, or oral advertising or presentation or (ii) brochure, newsletter, book, electronic database, or other written material of whatever nature. Supplier may submit a publicity request to AT&T for written approval, which AT&T may accept or reject at its sole discretion. |
b. | AT&T acknowledges that Supplier is a publicly traded corporation and is therefore subject to certain reporting rules that may require that Supplier publish certain matters which relate to AT&T and that Supplier may make such factual publications or disclosures without marketing hyperbole or “puffery” as may be required by Law or the rules of any securities exchange on which it is traded. |
3.30 | Quality Assurance |
a. | Quality |
i. | For the term of this Agreement, Supplier and Supplier’s Subcontractor organization(s) will have a quality program in place. |
Page 50 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
ii. | CMM Level-3 Assessment. Supplier Custom Software development organization(s) that are supporting AT&T software development will obtain and maintain a CMM Level-3 Assessment, as prescribed by the Software Engineering Institute. Supplier’s OnGoing Support resources shall follow the AT&T quality assurance program and process. |
b. | Testing |
i. | Supplier shall perform or cause to be performed testing sufficient to ensure that the Work performs in accordance with the Specifications. |
ii. | If testing indicates Work does not conform to the Specifications, then Supplier shall promptly notify AT&T, in writing, of such non-conformance before shipment or provision of Work. |
iii. | AT&T will advise Supplier whether Supplier should Deliver the non-conforming Work. |
iv. | In the event AT&T instructs Supplier to Deliver non-conforming Work, Supplier shall not be relieved of any of its obligations hereunder, including warranty obligations. AT&T’s receipt of any such nonconforming Work shall not constitute a waiver of any of AT&T’s rights, warranties, or remedies under this Agreement or elsewhere. |
c. | Supplier Performance Management Program and Satisfaction Survey |
i. | Upon AT&T’s request, Supplier shall participate in an AT&T supplier performance management program and/or satisfaction survey (“Survey”). |
ii. | Supplier shall meet or exceed the quality performance requirements in the Survey categories applicable to Supplier. If the Survey reveals areas needing improvement. Supplier shall provide AT&T a plan addressing such areas within [***] after Supplier’s receipt of the Survey results. |
d. | Supplier Performance Scorecards |
At | AT&T’s request Supplier shall: |
i. | collect data relating to Supplier’s performance on a schedule established by AT&T; |
ii. | enter the data in AT&T’s supplier portal (website) available at: xxxx://xxx.xxxxxxxxxxxx.xxx/ (subject to change) in a format designated by AT&T; and |
iii. | cooperate fully with AT&T’s supplier performance management team to coordinate Supplier’s activities as related to the scorecards, which may include participation in feedback sessions, audits and issue resolution. |
3.31 | Records and Audits |
a. | Supplier shall maintain complete and accurate records relating to the Work and the performance of this Agreement. AT&T through its external, independent auditors and governmental authorities shall have the right, upon reasonable notice, to review such records (“AT&T Audits”) to verify the following: |
Page 51 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
i. | the accuracy and integrity of Supplier’s invoices and AT&T’s payment obligations hereunder; |
ii. | that the Work charged for was actually performed; |
iii. | that the Services have been and are being provided in accordance with this Agreement; |
iv. | the integrity of Supplier’s systems that process, store, support, maintain, and transmit AT&T data; |
v. | the performance of Supplier’s Subcontractors with respect to any portion of the Services; and |
vi. | that Supplier and its Subcontractors are complying with Laws in accordance with its obligations under this Agreement. |
b. | Upon reasonable request, Supplier shall provide and shall require that its Subcontractors provide to AT&T, its external auditors, and governmental authorities access, at all reasonable times and in a manner designed to not unreasonably interrupt the ordinary business operations of Supplier or its Subcontractors, to: |
i. | any facility at which the Services or any portion thereof are being performed; |
ii. | systems and assets used to provide the Services or any portion thereof; |
iii. | Supplier employees and Subcontractor employees providing the Services or any portion thereof; and |
iv. | all relevant Supplier and Subcontractor records, including financial records relating to the invoices and payment obligations and supporting documentation, pertaining to the Services. |
AT&T’s access to the records and other supporting documentation shall include the right to inspect and photocopy Supplier’s documentation and the documentation of its Subcontractors, and the right to inspect copies thereof outside of their physical location with appropriate safeguards, if such inspection is deemed reasonably necessary by AT&T.
c. | AT&T Audits may be conducted once a year (or more frequently if requested by governmental authorities who regulate AT&T’s business, if required by applicable Law or if auditors require follow-up access to complete audit inquiries or if an audit uncovers any problems or deficiencies), upon at least twenty (20) business days advance notice (unless otherwise mandated by Law). Supplier will cooperate, and will ensure that its Subcontractors cooperate, in the AT&T Audits, and will make the information reasonably required to conduct the AT&T Audits available on a timely basis. |
Page 52 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
d. | If any such audit reveals an overcharge by Supplier, and Supplier does not successfully dispute the amount questioned by such audit, Supplier shall [***] at the at the then-current “Prime Rate” set forth in the “Money Rates” table in The Wall Street Journal (“Prime Rate”). If any such AT&T Audit reveals an overcharge to AT&T during any 12-month period [***] paid by AT&T hereunder during such period, then Supplier will reimburse AT&T for the reasonable cost of such AT&T Audit. In the event such an audit results in a determination that Supplier has undercharged AT&T, then AT&T shall promptly pay to Supplier the amount of such undercharges. If, as a result of an AT&T Audit, AT&T determines that Supplier has committed a material breach of this Agreement, AT&T will notify Supplier promptly and Supplier will promptly remedy the breach. In the event Supplier disputes the Audit finding, such dispute will be subject to escalation and dispute resolution in accordance with Section 4.5. |
e. | Supplier will maintain and retain the records set forth in Subsection (a) for a period of three (3) years from their creation (unless a discovery or legal hold request is made with respect to such records, in which case Supplier shall retain such records until AT&T notifies Supplier that such discovery or legal hold request has expired). Upon notification by AT&T of a discovery or legal hold request, Supplier shall fully cooperate with such request and immediately preserve any Supplier records covered by such request and promptly provide such Supplier records requested by AT&T related to the inquiry. |
f. | Except as provided in Subsection (d), all reasonable out-of-pocket costs and expenses incurred by AT&T in connection with an AT&T Audit shall be paid by AT&T. Supplier shall be solely responsible for all costs and expenses incurred by Supplier in connection with its obligations under this Section. In the event that either Party requires that an audit be performed by an independent auditor, unless otherwise specified herein, the Party requesting such independent auditor will be responsible for the costs and expenses associated with the independent auditor. |
g. | With respect to AT&T requests for audits or inspections of Supplier Subcontractors, the following applies: |
i. | If Supplier’s agreement with its applicable Subcontractor permits an AT&T Audit, AT&T shall be permitted to conduct such audit directly or through a third party representative. Supplier shall work with AT&T in facilitating the Subcontractor’s cooperation for an expeditious and thorough audit or inspection. |
ii. | If Supplier’s contract with its applicable Subcontractor precludes AT&T from directly conducting an audit or inspection, Supplier shall use reasonable best efforts to enable AT&T to perform an audit of the Subcontractor with Supplier coordinating the audit process. Failing those efforts, Supplier shall, upon AT&T’s request, conduct the audit or inspection on behalf of AT&T, subject to terms agreed to by Supplier and AT&T for the Subcontractor audit, such as areas to be audited, applicable fees, and the timeframe for reporting audit results to AT&T. If AT&T’s request for a Supplier audit or inspection arises from, in AT&T’s good faith opinion, materially or consistently deficient Service provided by the Subcontractor under AT&T’s account, and the audit in both Parties’ opinions confirms such deficiencies, Supplier shall not charge AT&T a fee for the Supplier’s audit of its Subcontractor. |
Page 53 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
h. | General Procedures. |
i. | Notwithstanding the intended breadth of AT&T’s audit rights, AT&T shall not be given access to (i) the proprietary information of other Supplier customers, (ii) Supplier locations that are not related to AT&T or the Services or areas of Supplier locations which are used for other Supplier customers, or (iii) Supplier’s internal costs. AT&T Audits are subject to Section 3.16, “Information”. |
ii. | In performing audits, AT&T shall avoid unnecessary disruption of Supplier’s operations and unnecessary interference with Supplier’s ability to perform the Services. |
iii. | External auditors examining Supplier’s records shall not be any Supplier competitors. |
iv. | All external auditors shall sign the NDA attached as Appendix I, Exhibit 1, prior to commencing the audit. |
v. | Information provided by Supplier as part of an audit, and any reports derived from such information, shall be provided only to the AT&T personnel who are directly involved in such audit and AT&T management, and shall be used for AT&T internal use only. |
3.32 | Severability |
If any provision of this Agreement or any Order is determined to be invalid, illegal, or unenforceable, the Parties agree that the remaining provisions of this Agreement or such Order shall remain in full force if both the economic and legal substance of the transactions contemplated by this Agreement or such Order are not affected in any manner that is materially adverse to either Party by severing the provision determined to be invalid, illegal, or unenforceable.
3.33 | Supplier Citizenship and Sustainability |
Supplier shall conduct business with an abiding respect for corporate citizenship, sustainability, and human rights (“Citizenship and Sustainability”). As such, to the extent Supplier has an existing Citizenship and Sustainability program, such program shall be no less stringent than AT&T’s Principles of Conduct for Suppliers available at: xxxx://xxx.xxxxxxxxxxxx.xxx/xxxx/XxxxxxxxXxxxxxxxxxxxxxXxxxxxxxxx.xxx and the AT&T Human Rights in Communication Policy available at:
xxxx://xxx.xxx.xxx/Xxxxxx/xxxxx_xx/xxxxxxxxx/Xxxxx_Xxxxxx_Xxxxxxxxxxxxxx_Xxxxxx.xxx (“AT&T Citizenship and Sustainability Policies”). In the event that Supplier does not have a Citizenship and Sustainability program, or such program does not address all areas addressed in the AT&T Citizenship and Sustainability Policies, or there are modifications to the then-current AT&T Citizenship and Sustainability Policies, Supplier shall conduct its business operations in a manner consistent with the AT&T Citizenship and Sustainability Policies.
Upon AT&T’s request, Supplier shall provide to AT&T such information, reports, or survey responses as AT&T deems necessary to periodically monitor Supplier’s business operations in the context of Citizenship and Sustainability. Supplier shall respond to such requests within reasonable timelines as set forth by AT&T.
Page 54 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3.34 | Survival of Obligations |
Obligations and rights under this Agreement or an Order that by their nature would reasonably continue beyond the termination or expiration of this Agreement or an Order will survive the termination or expiration of this Agreement or such Order.
3.35 | Taxes |
a. | Supplier shall invoice AT&T the amount of any federal excise, state, and local transaction taxes imposed upon the sale of Material and provision of Services under this Agreement. All such taxes must be stated as separate items on a timely invoice listing the taxing jurisdiction imposing the tax. Non-taxable charges must be separately stated. AT&T shall pay all such applicable taxes to Supplier that are stated on the Material or Services invoice submitted by Supplier. Supplier shall remit taxes to the appropriate taxing authorities. Supplier shall honor tax exemption certificates, and other appropriate documents, which AT&T may submit, pursuant to relevant tax provisions of the taxing jurisdiction providing the exemption. |
b. | Except as stated in Subsection c of this Section, Supplier agrees to pay, and to hold AT&T harmless from and against, any penalty, interest, additional tax, or other charge that may be levied or assessed as a result of the delay or failure of Supplier to pay any tax or file any return or information required by law, rule or regulation or by this Agreement to be paid or filed by Supplier. |
c. | Upon AT&T’s request, the Parties shall consult with respect to the basis and rates upon which Supplier shall pay any taxes or fees for which AT&T is obligated to reimburse Supplier under this Agreement. If AT&T determines that in its opinion any such taxes or fees are not payable, or should be paid on a basis less than the full price or at rates less than the full tax rate, AT&T shall notify Supplier in writing of such determinations, Supplier shall make payment in accordance with such determinations, and AT&T shall be responsible for such determinations. If collection is sought by the taxing authority for a greater amount of taxes than that so determined by AT&T, Supplier shall promptly notify AT&T. If AT&T desires to contest such collection, AT&T shall promptly notify Supplier. Supplier shall cooperate with AT&T where AT&T contests such determination or Supplier and AT&T may agree, where such agreement will not be unreasonably withheld, conditioned, or delayed, but in both cases, AT&T shall be responsible and shall reimburse Supplier for any tax, interest, or penalty in excess of AT&T’s determination. |
d. | If AT&T determines that in its opinion it has paid Supplier for any taxes in excess of the amount that AT&T is obligated to pay Supplier under this Agreement, AT&T and Supplier shall consult in good faith to determine the appropriate method(s) of recovery of such excess payments, which method(s) may include, but is not limited to, (i) Supplier immediately refunding to AT&T such excess payments, (ii) Supplier crediting any excess payments against tax amounts or other payments due from AT&T if and to the extent Supplier can make corresponding adjustments to its payments to the relevant tax authority, and (iii) Supplier timely filing claims for refund and any other documents required to recover any excess payments and Supplier promptly remitting to AT&T all such refunds and interest received. |
Page 55 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
e. | If any taxing authority advises Supplier that it intends to audit Supplier with respect to any taxes for which AT&T is obligated to reimburse Supplier under this Agreement, Supplier shall (i) promptly so notify AT&T, (ii) afford AT&T an opportunity to participate with Supplier in such audit with respect to such taxes and (iii) keep AT&T fully informed as to the progress of such audit. Each Party shall bear its own expenses with respect to any such audit, and the responsibility for any additional tax, interest or penalty resulting from such audit is to be determined in accordance with the applicable provisions of this Taxes Section. [***]. |
f. | In addition to its rights under Subsections c., d., and e. above with respect to any tax, or tax controversy, covered by this Taxes Section, AT&T is entitled to contest, or AT&T and Supplier may agree that Supplier contest, where such agreement may not be unreasonably withheld, conditioned, or delayed, pursuant to applicable Law and tariffs, and at its own expense, any tax previously invoiced that it is ultimately obligated to pay. Supplier shall cooperate with AT&T and consider any request to contest. AT&T is entitled to the benefit of any refund or recovery of amounts that it has previously paid resulting from such a contest. Supplier shall cooperate in any such contest, but AT&T shall pay all costs and expenses incurred in obtaining a refund or credit for AT&T. |
g. | If either Party is audited by a taxing authority or other governmental entity in connection with taxes under this Taxes Section, the other Party shall reasonably cooperate with the Party being audited in order to respond to any audit inquiries in an appropriate and timely manner, so that the audit and any resulting controversy may be resolved expeditiously. |
h. | AT&T and Supplier shall reasonably cooperate with each other with respect to any tax planning to minimize taxes. The degree of cooperation contemplated by this Section is to enable any resulting tax planning to be implemented and includes, but is not limited to: (i) Supplier’s installing and loading all of the Software licensed by AT&T, and retaining possession and ownership of all tangible personal property, (ii) Supplier’s installing, loading, and/or transferring the Software at a location selected by AT&T, and (iii) Supplier’s Delivery of all of the Software in electronic form. |
i. | Supplier and any of its affiliates, as appropriate, receiving payments hereunder shall provide AT&T with a valid United States Internal Revenue Service (“IRS”) Form X-0XXX, X-0XXX-X, X-0XXX, W-8EXP, W-8IMY, or W-9 (or any successor form prescribed by the IRS). AT&T may reduce any payment otherwise due Supplier in connection with the sale of Material and provision of Services under this Agreement by the amount of any tax imposed on Supplier that AT&T is required to pay directly to a taxing or other governmental authority (“Withholding Tax”). Alternatively, if applicable law permits, AT&T agrees that it will honor a valid exemption certificate or other mandated document evidencing Supplier’s exemption from payment of, or liability for, any Withholding Tax as authorized or required by statute, regulation, administrative pronouncement, or other Law of the jurisdiction providing said exemption. AT&T shall provide Supplier with documentation evidencing withholding within a reasonable period of time. |
Page 56 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3.36 | Termination |
a. | Termination for Convenience - Either Party may terminate this Agreement for convenience upon [***] days prior written notice to the other Party setting forth the effective date of such termination. The termination of this Agreement for any reason shall not affect the obligations of either Party pursuant to any Orders previously executed hereunder, and the terms and conditions of this Agreement shall continue to apply to such Orders as if this Agreement had not been terminated. |
b. | Termination for Cause. |
i. | Termination for Cause of the Agreement - If either Party breaches any material provision of this Agreement or breaches any material provision of an Order or group of Orders the breach of which is material to this Agreement, and (i) if the breach is one that by its nature could be cured, and such breach is not cured within [***] days after the breaching Party receives written notice, or (ii) if the breach is one that by its nature cannot be cured, or (iii) if the breach is a violation of Laws which has a material and adverse effect on the non- breaching Party or the performance of the Agreement, then, in addition to all other rights and remedies at law or in equity or otherwise, the non-breaching Party shall have the right upon written notice to terminate this Agreement without any obligation or liability subject to the provisions of Section 3.36b.iii. below. |
ii. | Termination for Cause of a Services Order - If either Party breaches any material provision of an Order, and (i) if the breach is one that by its nature could be cured, and such breach is not cured within [***] days after the breaching Party receives written notice, or (ii) if the breach is one that by its nature cannot be cured, or (iii) if the breach is a violation of Laws which has a material and adverse effect on the non- breaching Party or the performance of the Order, then, in addition to all other rights and remedies at law or in equity or otherwise, the non-breaching Party shall have the right upon written notice to terminate such Order without any obligation or liability subject to the provisions of Section 3.36b.iii. below. |
iii. | Termination for Cause of a License Order - Either Party may terminate for cause a License Order, prior to Acceptance of the Software under such Order, if either Party breaches any material provision of an Order, and (i) if the breach is one that by its nature could be cured, and such breach is not cured within [***] days after the breaching Party receives written notice, or (ii) if the breach is one that by its nature cannot be cured, or (iii) if the breach is a violation of Laws which has a material and adverse effect on the non- breaching Party or the performance of the Order, then, in addition to all other rights and remedies at law or in equity or otherwise, the non-breaching Party shall have the right upon written notice to terminate such Order without any obligation or liability subject to the provisions of Section 3.36b.iv. below. |
iv. | Pre-Termination Procedures - Except for a termination for violation of Laws, prior to providing written notice of termination pursuant to Section 3.36b.i., Section 3.36b.ii, or Section 3.36b.iii. above, executives of both Parties shall meet to discuss and address the issues relevant to the proposed termination as follows: (1) in the event the Order or series |
Page 57 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
of Orders proposed to be terminated [***], the Division President of the Amdocs AT&T Division shall meet with the AT&T Vice President, Global Supply Chain, with the option to include the CIO or Senior Vice President of the AT&T Business Unit receiving Services under such Order(s); (2) in the event the Order or series of Orders proposed to be terminated [***], the Amdocs Customer Business Group President shall meet with the AT&T Senior Vice President, Global Supply Chain with the option to include the AT&T President, Technology Development; (3) in the event the Order or series of Orders proposed to be terminated [***] or the Agreement is subject to termination, the Amdocs Chief Executive Officer shall meet with the AT&T Chief Strategy Officer and President – Technology and Operations. In the event the Order or series of Orders proposed to be terminated [***] or the Agreement is subject to termination, the Party alleging a material breach (the “Moving Party”) shall, except for a termination for violation of Laws, prior to providing notice of termination, initiate an arbitration by providing the other Party written notice of its intent to arbitrate. The arbitration shall conducted under the rules of the American Arbitration Association and be heard by a single arbitrator who shall by training, education, or experience have knowledge of the general subject matter of this Agreement. The arbitrator shall determine whether the breach(es) alleged by the Moving Party justify termination for cause of the Agreement or the applicable Order(s). The arbitrator shall not have the power to vary from the provisions of this Agreement. The arbitrator shall promptly commence the arbitration proceeding with the intent to conclude the proceedings and issue a written decision stating in reasonable detail the basis for the decision, which must be supported by law and substantial evidence, as promptly as the circumstances demand and permit, but generally no later than [***] days after the arbitrator’s appointment. The arbitration may be conducted concurrently with any cure period or executive escalation, provided, however, that in the event the non-breaching Party cures the breach identified in the Moving Party’s notice, the arbitration proceeding shall not continue. |
v. | Failure of the non-breaching Party to immediately terminate this Agreement and/or any Order (x) following a breach which continues longer than such cure period, provided such breach has not been cured prior to the non-breaching Party’s providing notice of termination, or (y) following a breach that cannot be cured or that constitutes a violation of Laws shall not constitute a waiver of the non-breaching Party’s rights to terminate. [***]. |
c. | Partial Termination – Where a provision of this Agreement permits AT&T to terminate an Order for cause or convenience, such termination may, at AT&T’s option, be either complete or partial. In the case of a partial termination for cause, the terms of Section 3.36b. shall apply. In the case of a partial termination for convenience, AT&T may accept a portion of the Software or Services covered by an Order, but AT&T shall in any event compensate Supplier for the Software or Services performed through the date of such partial termination for convenience of the Order. In either event (partial termination for cause or partial termination for convenience), AT&T shall pay Amdocs for any portion of such Software or Services at the unit prices set forth in such Order (plus equitable portions of the termination charges provided in this Agreement in the event of partial termination for convenience of an Order for Software Development or OnGoing Support), and the Parties shall utilize change management procedures as set forth in Section 3.8 to issue an amendment to reflect such partial termination; provided, however, that, [***] any Order [***] under the Order) [***] of the Order, in which |
Page 58 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
[***] [***]he Parties shall [***] the [***] [***] in accordance with the [***]. Upon receipt of AT&T’s payment in relation to a partial termination for cause or convenience, Supplier shall deliver to AT&T the applicable Work relating to the Software or Services which has been prepared pursuant to such terminated Order. |
d. | Termination of Related Orders. The right to terminate an Order for cause shall also include the right to terminate any other Order for convenience in accordance with this Agreement [***] the termination of the initially terminated Order. |
e. | Termination For Convenience of an Order. AT&T may at any time Terminate for Convenience any Order for Custom Software development prior to the Delivery Date of the Software covered by such Order, by giving Amdocs written notice. AT&T may, at its option and without any Liability to Amdocs, Terminate for Convenience any OnGoing Support or Services Order by written notice to Amdocs. Upon receipt of any such termination notice, Supplier shall, if so requested by AT&T, immediately cease performing work and incurring costs in connection with such Order. [***] in accordance with the applicable Order for work under such Order performed [***], all in accordance with the provisions of the applicable Order and in accordance with Appendix A, “Prices”. [***] in the applicable Order, [***]. Upon receipt of AT&T’s payment, Supplier shall deliver to AT&T all Material, whether completed or in progress, which has been prepared prior to the effective date of termination of such Order. |
f. | In exercising its termination rights under Subsection 3.36e. above, AT&T will make commercially reasonable efforts to provide Supplier with at least [***] days prior notice for terminations of Orders for Custom Software development Services and [***] days prior notice for terminations of Orders for OnGoing Support or Services; provided, however, that if AT&T determines in good faith that an Order requires [***] termination due to budget restrictions, AT&T shall be permitted to exercise such rights [***] upon notice. |
g. | Termination for Insolvency |
i. | Right to Terminate. In the event that either Party (a) files for bankruptcy, (b) becomes or is declared insolvent, or is the subject of any proceedings related to its liquidation, insolvency or the appointment of a receiver or similar officer for it, (c) makes an assignment for the benefit of all or substantially all of its creditors or (d) enters into an agreement for the composition, extension, or readjustment of substantially all of its obligations, then the other Party may terminate this Agreement as of a date specified in a termination notice; provided, however, that [***] If either Party elects to terminate this Agreement due to the insolvency of the other Party, such termination will be deemed to be a termination for cause hereunder. |
ii. | Section 365(n). Notwithstanding any other provision of this Agreement to the contrary, in the event that Supplier becomes a debtor under the Bankruptcy Code and rejects this Agreement pursuant to Section 365 of the Bankruptcy Code (a “Bankruptcy Rejection”), (i) any and all of the licensee and sublicensee rights of AT&T arising under or otherwise set forth in this Agreement shall be deemed fully retained by and vested in AT&T as protected intellectual property rights under Section 365(n)(1)(B) of the Bankruptcy Code and further shall be deemed to exist immediately before the commencement of the |
Page 59 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
bankruptcy case in which Supplier is the debtor; (ii) AT&T shall have all of the rights afforded to non-debtor licensees and sublicensees under Section 365(n) of the Bankruptcy Code; and (iii) to the extent any rights of AT&T under this Agreement which arise after the termination or expiration of this Agreement are determined by a bankruptcy court to not be “intellectual property rights” for purposes of Section 365(n), all of such rights shall remain vested in and fully retained by AT&T after any Bankruptcy Rejection as though this Agreement were terminated or expired. AT&T shall under no circumstances be required to terminate this Agreement after a Bankruptcy Rejection in order to enjoy or acquire any of its rights under this Agreement. |
iii. | AT&T Rights Upon Supplier’s Bankruptcy. In the event of Supplier’s bankruptcy or of the filing of any petition under the federal bankruptcy laws affecting the rights of Supplier which is not stayed or dismissed within thirty (30) days of filing, in addition to the other rights and remedies set forth herein, to the maximum extent permitted by Law, AT&T will have the immediate right to retain and take possession for safekeeping all AT&T Information, AT&T licensed Third Party Software, AT&T owned Equipment, AT&T owned Material, AT&T owned Custom Software, and all other Software, Equipment, Systems, or Material to which AT&T is or would be entitled during the term of this Agreement or upon the expiration or termination of this Agreement. Supplier shall cooperate fully with AT&T and assist AT&T in identifying and taking possession of the items listed in the preceding sentence. AT&T will have the right to hold such AT&T Information, Software, Equipment, Systems, and Material until such time as the trustee or receiver in bankruptcy or other appropriate court officer can provide adequate assurances and evidence to AT&T that they will be protected from sale, release, inspection, publication, or inclusion in any publicly accessible record, document, material, or filing. Supplier and AT&T agree that without this material provision, AT&T would not have entered into this Agreement or provided any right to the possession or use of AT&T Information or AT&T Software covered by this Agreement. |
iv. | Rights To Assume In Bankruptcy. In the event of commencement of bankruptcy proceedings by or against AT&T, AT&T or its trustee in bankruptcy shall be entitled to assume this Agreement and shall be entitled to retain all of AT&T’s license rights hereunder. |
h. | Termination Upon Supplier’s Change in Control |
This Section shall apply to all agreements between any AT&T Entity and any Supplier Entity:
i. | In the event of a change in Control of Supplier (or that portion of Supplier providing Services under this Agreement) or the Entity that Controls Supplier (if any), where such Control is acquired, directly or indirectly, in a single transaction or series of related transactions, or all or substantially all of the assets of Supplier are acquired by any Entity, or Supplier is merged with or into another Entity to form a new Entity, AT&T may at its option terminate this Agreement by giving Supplier at least [***] days prior notice and designating a date upon which such termination shall be effective; provided, however, that AT&T shall not have this right if Amdocs Limited (a Guernsey corporation as of the Effective Date) retains Control of Supplier after such transaction, acquisition, or merger; |
Page 60 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
provided, further, however, if such change in Control of Supplier involves an AT&T competitor, AT&T may terminate this Agreement by giving Supplier at least [***] days prior notice, and the AT&T competitor shall be prohibited from any contact with AT&T Data, AT&T Information and any and all other information about the AT&T account, including discussions with Supplier personnel regarding specifics relating to the Services. Supplier shall not be entitled to any termination charges in connection with a termination pursuant to this Section 3.36h. For purposes of this Section, “Control” and its derivatives mean: (a) the legal, beneficial, or equitable ownership, directly or indirectly, of (i) [***] (ii) equity interests having the right to [***] or, in the event of dissolution, [***]; (b) the right to appoint, directly or indirectly, a majority of the board of directors; (c) the right to control, directly or indirectly, the management or direction of the Entity by contract or corporate governance document; or (d) in the case of a partnership, the holding by an Entity (or one of its Affiliates) of the position of sole general partner; and “Entity” means a corporation, partnership, joint venture, trust, limited liability company, association, or other organization or entity.
ii. | Subject to any legal obligation of confidentiality or applicable securities Laws, Supplier will provide AT&T with notice at the earliest permissible time of Supplier’s intention to make such a change of Control and facilitate AT&T’s receipt of sufficient information about the Entity acquiring Control for AT&T to choose to exercise its termination rights described in this Section. |
iii. | Any permitted assignee or successor in interest under this Section shall agree in writing to be bound by the terms and conditions of this Agreement. |
iv. | Regardless of AT&T’s consent or refusal to consent to an assignment under this Section, Supplier, or its successor in interest, shall continue to perform under the terms of the Agreement until such time as the Agreement terminates or expires. |
i. | Termination Charges |
i. | Except as provided below or in the applicable Order, in the event AT&T terminates any Order for convenience, AT&T shall pay Supplier, [***] |
ii. | AT&T is not liable to Supplier for any detriment resulting from termination of an Order for Material not specially developed or purchased for AT&T when termination of such Order occurs more than [***] days before the Delivery Date. |
iii. | AT&T is not liable for any termination charges in any case when termination results from the agreement of the Parties, except as otherwise agreed by the Parties. |
j. | Obligations upon Expiration or Termination |
i. | Upon expiration or termination of this Agreement or any Order, Supplier shall, upon the request of AT&T: (i) return all papers, materials, and property of AT&T held by Supplier and (ii) provide reasonable assistance as may be necessary for the orderly, non-disrupted continuation of AT&T’s business. Xxxxxxxx also agrees to assist AT&T in coordinating the |
Page 61 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
transfer of the provision of the Services to a successor supplier, which shall include continuing to provide the required level of Services to the extent Supplier is able to maintain its level of personnel necessary to provide the required level of Services, until the date of expiration or termination and providing the successor supplier with all pertinent information about the Services, subject to Section 3.16, “Information”. |
ii. | Upon expiration or termination of this Agreement or any Order, AT&T shall, upon the request of Supplier, return all papers, materials, and property of Supplier held by AT&T. Additionally, in the event of termination of an Order due to AT&T’s breach, AT&T shall return to Supplier all Material provided to AT&T by Supplier under such Order that are not owned by AT&T. |
3.37 | Third Party Administrative Services |
a. | Supplier acknowledges that a third party administrator will perform certain administrative functions for AT&T in relation to this Agreement. Such administrative functions may include: |
i. | Collecting and verifying certificates of insurance; |
ii. | Providing financial analysis; |
iii. | Verifying certifications under the Section entitled “Utilization of Minority, Women, and Disabled Veteran Owned Business Enterprises”; and |
iv. | Collecting and verifying Supplier profile information. |
b. | Supplier shall cooperate with such third party administrator in its performance of such administrative functions and shall provide such data as from time to time the third party administrator may reasonably request. Further, notwithstanding any other provision of this Agreement, Supplier agrees that AT&T may provide any information regarding Supplier to such third party administrator. AT&T shall contractually require the third party administrator to maintain confidentiality of Supplier’s information with rights to use it solely for purposes of the administrative functions it performs for AT&T. Supplier agrees to pay the third party administrator an annual fee for the performance of these administrative functions, which annual fee shall not exceed three hundred dollars ($300.00), and a one-time set-up fee of thirty dollars ($30.00). |
3.38 | Ownership of AT&T Data and AT&T Derived Data |
a. | AT&T Data is the property of AT&T. To the extent needed to perfect AT&T’s ownership in AT&T Data, Supplier hereby assigns all right, title, and interest in AT&T Data to AT&T. No transfer of title in AT&T Data is implied or shall occur under this Agreement. AT&T grants to Supplier and its approved Subcontractors a license to access, use, and copy the AT&T Data, with no right to grant sublicenses, solely for the performance of Supplier’s obligations during the Term of this Agreement and solely in compliance with AT&T’s privacy policies, including obligations relating to Customer Information as set forth in the Agreement. Supplier shall promptly return AT&T Data, at no cost to AT&T, and in the format and on the media |
Page 62 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
prescribed by AT&T (i) at any time at AT&T’s request, regardless of the expiration or termination of this Agreement, (ii) at the expiration or termination of this Agreement, or (iii) with respect to particular AT&T Data, whenever such data is no longer needed by Supplier to perform its obligations under this Agreement. AT&T Data shall not be (a) utilized by Supplier for any purpose other than as required to fulfill its obligations under this Agreement, (b) sold, assigned, leased, commercially exploited or otherwise provided to or accessed by third parties, whether by or on behalf of Supplier, (c) withheld from AT&T by Supplier, or (d) used by Supplier to assert any lien or other right against or to it. Supplier shall promptly notify AT&T if Supplier believes that any use of AT&T Data by Supplier contemplated under this Agreement or to be undertaken as part of the performance of this Agreement is inconsistent with the preceding sentence. |
b. | AT&T shall own all right, title and interest to the AT&T Derived Data. To the extent needed to perfect AT&T’s ownership in AT&T Derived Data, Supplier hereby assigns all right, title and interest in AT&T Derived Data to AT&T. AT&T grants to Supplier and its approved Subcontractors a license to access, use, and copy the AT&T Derived Data, with no right to grant sublicenses (except to an approved Supplier Subcontractor), solely for the performance of Supplier’s obligations during the Term of this Agreement and solely in compliance with AT&T’s privacy policies, including obligations relating to Customer Information. Supplier shall deliver AT&T Derived Data in the format, on the media, and in the timing prescribed by AT&T. Such delivery shall be at no cost to AT&T unless the format, media, or timing prescribed by AT&T for delivery would cause Supplier to incur substantial additional costs, in which case Supplier shall so notify AT&T and the Parties shall negotiate in good faith to determine whether the format, media, or timing can be changed to avoid Supplier’s incurring such costs or to determine whether AT&T is willing to reimburse Supplier for such costs. If the Parties fail to agree, the Parties agree to use the dispute resolution procedures in the Agreement to resolve the dispute. For the avoidance of doubt, Supplier shall not create or develop AT&T Derived Data after the expiration or termination of this Agreement. |
c. | The provisions of this Section shall apply to all AT&T Data and AT&T Derived Data disclosed or otherwise provided to, or created, developed, modified, recast or processed by, Supplier on or after the Effective Date of this Agreement. Supplier’s obligation to return AT&T Data and AT&T Derived Data upon AT&T’s request shall survive the expiration or termination of this Agreement, but shall not apply to AT&T Data and AT&T Derived Data which, at the time of AT&T’s request for return, is no longer retained by or on behalf of Supplier. |
3.39 | Third Party Beneficiaries |
The provisions of this Agreement are solely for the benefit of the Parties hereto and are not intended to confer upon any person or entity, except the Parties hereto, any rights or remedies hereunder. There are no third party beneficiaries of this Agreement, and this Agreement shall not provide any third person or entity with any remedy, claim, liability, reimbursement, claim of action, or other right in excess of those existing without reference to this Agreement.
Page 63 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3.40 | Risk of Loss |
Risk of loss shall pass to AT&T when possession of the Material passes, in the United States of America, (i) from Supplier or its intermediary to the carrier, if and when this Agreement or an Order requires Supplier to ship freight collect, and (ii) from the carrier to AT&T, if and when this Agreement or the applicable Order requires Supplier to prepay for shipment.
3.41 | Transaction Costs |
Except as expressly provided in this Agreement or an Order, each Party shall bear its own fees and expenses (including the fees and expenses of its agents, representatives, attorneys, and accountants) incurred in connection with the negotiation, drafting, execution, and performance of this Agreement and the transactions it contemplates.
3.42 | Utilization of Minority, Women, and Disabled Veteran Owned Business Enterprises |
a. | AT&T seeks to give minority-, women-, and Disabled Veteran-owned businesses the maximum opportunity to participate in the performance of its contracts; current goals are MBE-15%, WBE-5%, and DVBE-1.5%. Supplier commits to making good faith efforts to achieve goals for the participation of MBE/WBE and DVBE firms (as defined in Subsection e of this Section below entitled “MBE/WBE/DVBE Termination”). |
b. | For the avoidance of doubt, these goals apply to all annual expenditures by any AT&T entity with Supplier. This includes all expenditures under all existing agreements between AT&T and Supplier. Supplier agrees to meet in good faith to evaluate with AT&T on annual basis whether Supplier can increase participation over the life of the Agreement. |
c. | In the event Supplier Diversity subcontracting results cannot be met by Supplier due to significant legal, regulatory or business relationship changes that have a direct and substantive negative impact on the attainment of the Diversity commitments herein, AT&T and Supplier will jointly review the results and known causes of the diversity subcontracting shortfall in order to reach a mutually acceptable Diversity subcontracting target. In the event the Parties cannot resolve the Diversity subcontracting targets, then the issue will be escalated as required through the following levels: |
Level |
Supplier | AT&T | ||||||
Level 1 |
Amdocs AT&T Division President | AVP-Global Supply Chain | ||||||
Level 2 |
President –Amdocs Customer Business Unit | President-Global Supply Chain |
d. | Attached hereto and incorporated herein as Appendix E, Exhibit 1, is Supplier’s completed Participation Plan outlining its MBE/WBE/DVBE goals and specific and detailed plans to achieve those goals. Supplier will submit an updated Participation Plan annually by the first week in January. Supplier will submit MBE/WBE/DVBE Results Reports quarterly by the end of the first week following the close of each quarter, using the form attached hereto and incorporated herein as Appendix E, Exhibit 2. Participation Plans and Results Reports will be submitted to the Prime Supplier Program Manager. |
Page 64 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
e. | MBE/WBE/DVBE Termination |
i. | Supplier agrees that falsification or misrepresentation of, or failure to report a disqualifying change in, the MBE/WBE/DVBE status of Supplier or any Subcontractor utilized by Supplier, or Supplier’s failure to comply in good faith with any MBE/WBE/DVBE utilization goals established by Supplier, or Supplier’s failure to cooperate in any investigation conducted by AT&T, or by AT&T’s agent, to determine Supplier’s compliance with this Section will constitute a material breach of this Agreement. In the event of any such breach, AT&T may, at its option, pursue termination through the dispute resolution procedures of Section 4.5 upon thirty (30) days’ notice where such breach remains uncured by Supplier at the end of the notice period. Supplier acknowledges and agrees that AT&T shall not be subject to Liability, nor shall Supplier have any right to sue for damages, as a result of such termination. |
ii. | For purchases under this Agreement by Pacific Bell, Pacific Bell Directory, Pacific Bell Mobile Services, Pacific Bell Information Services, Pacific Bell Communications, and any other entity operating principally in California (collectively “California Affiliates”), Minority and Women Business Enterprises (MBEs/WBEs) are defined as businesses which satisfy the requirements of Subsection iv of this Section below and are certified as MBEs/WBEs by the California Public Utilities Commission Clearinghouse (“CPUC- certified”). |
iii. | For purchases under this Agreement by any entity that is not a California Affiliate, MBEs/WBEs are defined as businesses which satisfy the requirements of Subsection iv of this Section below and are either CPUC-certified or are certified as MBEs/WBEs by a certifying agency recognized by AT&T. |
iv. | MBEs/WBEs must be at least fifty-one percent (51%) owned by a minority individual or group or by one or more women (for publicly-held businesses, at least fifty-one percent (51%) of the stock must be owned by one or more of those individuals), and the MBEs/WBEs’ management and daily business operations must be controlled by one or more of those individuals, and those individuals must be either U.S. citizens or legal aliens with permanent residence status. For the purpose of this definition, minority group members include male or female Asian Americans, Black Americans, Filipino Americans, Hispanic Americans, Native Americans (i.e., American Indians, Eskimos, Aleuts and Native Hawaiians), Polynesian Americans, and multi-ethnic (i.e., any combination of MBEs and WBEs where no one specific group has a fifty-one percent (51%) ownership and control of the business, but when aggregated, the ownership and control combination meets or exceeds the fifty-one percent (51%) rule). “Control” in this context means exercising the power to make policy decisions. “Operate” in this context means actively involved in the day-to-day management of the business and not merely acting as officers or directors. |
Page 65 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
5 | Supplier has (i) satisfied all its obligations to any third parties with respect to all XXXX and the applicable XXXX licenses (including, of Subsection vii of this Section below and are certified as DVBEs by the California State Office of Small and Minority Business (OSMB). The DVBE must be a resident of the State of California, and must satisfy the requirements of Subsection vii of this Section below. |
vi. | For purchases under this Agreement by any entity that is not a California Affiliate, DVBEs are defined as any business concern that satisfies the requirements of Subsection vii of this Section below and is either a defined DVBE for purchases by California Affiliates, or is certified as a DVBE by a certifying agency recognized by AT&T. |
vii. | The DVBE must be (i) a non publicly-owned enterprise at least fifty-one percent (51%) owned by one or more disabled veterans; or (ii) a publicly-owned business in which at least fifty-one percent (51%) of the stock is owned by one or more disabled veterans; or (iii) a subsidiary which is wholly owned by a parent corporation, but only if at least fifty-one percent (51%) of the voting stock of the parent corporation is owned by one or more disabled veterans; or (iv) a joint venture in which at least fifty-one percent (51%) of the joint venture’s management and control and earnings are held by one or more disabled veterans. In each case, the management and control of the daily business operations must be by one or more disabled veterans. A disabled veteran is a veteran of the military, naval or air service of the United States with a service-connected disability. “Management and control” in this context means exercising the power to make policy decisions and actively involved in the day-to-day management of the business and not merely acting as officers or directors. |
3.43 | Warranty |
a. | Warranty for Custom Software. Subject to the limitations set forth in Subsection 3.43e Supplier will fix at no charge to AT&T any Error in the Custom Software created under an Order under this Agreement, which Error is identified during the Warranty Period and results solely from the negligent or intentionally wrongful acts or omissions of Supplier. |
i. | For purposes of this Agreement, the Warranty Period is [***] days commencing upon delivery into Acceptance Test, unless otherwise agreed in the applicable Order. |
ii. | Upon agreement of the Parties, this Warranty for Custom Software development may be amended or supplemented in the Order, including via the implementation of a Service Level Agreement. |
b. | OnGoing Support Orders |
i. | Subject to the limitations set forth in Section 3.43e, Supplier shall perform the OnGoing Support Services in a good and workmanlike manner, at or above industry standards. Under this warranty, Supplier shall fix Errors in the OnGoing Support Services which result solely from negligent or intentionally wrongful acts or omissions of Supplier, to the extent and in the manner as follows: |
Page 66 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
1. | For Supplier’s OnGoing Support personnel which augment AT&T’s development teams by providing development work, AT&T shall be entitled to require such personnel to reperform Services containing Custom Software Errors, at no charge to AT&T, provided such Errors (i) are reported to Supplier within [***] days commencing upon delivery into Acceptance Test, and (ii) occur as the result of Supplier’s sole responsibility. |
2. | OnGoing Support personnel providing Production Support in a defective manner shall reperform the defective Services until such Defects are corrected, at no charge to AT&T, provided such Defect(s) are reported to Supplier within [***] days after the work was originally delivered to AT&T, and provided AT&T did not contribute to the Defect(s). |
3. | Supplier’s OnGoing Support personnel shall [***] |
ii. | In addition to the above remedies, if any Supplier OnGoing Support personnel are not performing to AT&T’s reasonable satisfaction, the Parties shall attempt to resolve problem within [***] after the date on which AT&T escalates the matter to Supplier’s Project Manager. [***] |
c. | Warranty for Standard Software. Warranty support for Standard Software licensed to AT&T prior to the Effective Date of this Agreement shall be in accordance with the provisions of the applicable agreement under which it was originally licensed. Warranty for Standard Software licensed following the Effective Date of this Agreement will be specified in the applicable License Order. |
d. | Additional Supplier Warranties. Subject to the limitations set forth in Subsection 3.43e, Supplier additionally represents and warrants that: |
i. | There are no actions, suits, or proceedings, pending or threatened, which will have a material adverse effect on Supplier’s ability to fulfill its obligations under this Agreement; |
ii. | Supplier will promptly notify AT&T if, during the term of this Agreement, Supplier becomes aware of any action, suit, or proceeding, pending or threatened, which may have a material adverse effect on Supplier’s ability to fulfill the obligations under this Agreement or any Order; |
iii. | Supplier has all necessary skills, rights, financial resources, and authority to enter into this Agreement and related Orders and to provide or license the Material or Services; |
iv. | No consent, approval or withholding of objection is required from any entity, including any governmental authority, with respect to the entering into or the performance of this Agreement or any Order; |
v. | The Material and Services will be provided free of any lien or encumbrance of any kind; |
vi. | Supplier shall not intentionally or knowingly insert into the Material any Harmful Code at any time; and |
Page 67 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
7 | Supplier has (i) satisfied all its obligations to any third parties with respect to all XXXX and the applicable XXXX licenses (including,for example, any obligation to make publicly available the XXXX source code for modifications to such XXXX); (ii) that use of the XXXX in such form for such intent and purposes in no manner creates any added obligation on the part of AT&T (including, for example, the payment of any additional monies), or diminishes, conditions, or eliminates any of the right, title, or interest that Supplier grants AT&T in or to any deliverables or that Supplier may otherwise provide AT&T under this Agreement; and (iii) that use of the XXXX in such form for such intent and purposes, including, but not limited to, AT&T’s use or combination of the XXXX, in the form provided to AT&T, with any proprietary software of AT&T or AT&T’s third-party suppliers, does not subject AT&T to any obligation of disclosure or distribution to any third party or to the public of any such proprietary software, or otherwise make such proprietary software subject to the terms of any XXXX license or impair AT&T’s or its third-party suppliers’ right, title, or interest in or to such proprietary software. |
e. | Limitations on Supplier’s Warranties. |
i. | Supplier’s warranty obligations to correct Errors or re-perform Services pursuant to this Section or otherwise in the Agreement, coupled with any Liability for Liquidated Damages for breach of a Service Level Agreement pursuant to an Order, shall together be limited in each Order to a total amount equal to [***] percent [***] of the fees paid to Supplier under each Order. The Parties shall calculate such cap based upon the total value of the applicable Software Development Order. Any Services performed to fix an Error or otherwise remedy a breach of warranty above the aggregate cap shall be chargeable to AT&T (i) at an hourly rate as stated in the Order; or (ii) at a derived hourly rate for fixed bid using the per resource fixed bid rate in the Order; provided, however, Appendix A, “Prices”, will be utilized if the Order does not specify the applicable rates. The Parties shall negotiate in good faith the required levels of allocated resources required under fixed bid Services Orders for the performance of support for non-warranty Services, including Production Support. |
ii. | AT&T acknowledges that the performance by Supplier of its obligations under this Agreement is dependent upon the performance by AT&T of certain obligations and the AT&T Responsibilities as defined in Section 3.43g (the “AT&T Responsibilities”). To the extent that AT&T fails to comply with the AT&T Responsibilities, and such failure results in Supplier’s inability to perform its obligations, Supplier shall provide written notice to AT&T of the failure to comply with the AT&T Responsibilities. AT&T shall be granted a period of [***] days to cure its failure to comply with the AT&T Responsibilities. If AT&T has not cured its failure within the cure period, then Supplier is entitled to refer the matter for dispute resolution pursuant to Section 4.5. During the cure period and the pendency of the dispute resolution process, Supplier shall be relieved of its obligations and Liability in the performance of the Services (including the warranty obligations stated above) for that portion of the Services which are impacted by AT&T’s failure to fulfill the AT&T Responsibilities. |
iii. | If at any time during the warranty period AT&T believes there is a breach of any warranty, AT&T will notify Supplier setting forth the nature of such claimed breach. Supplier shall promptly investigate such claimed breach, which investigation activities shall be conducted at no charge to AT&T, and shall either (i) provide Information that no breach of warranty in fact occurred or (ii) [***], promptly use its best efforts to take such action as may be required to correct such breach under the Warranty. |
Page 68 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
iv. | AT&T’s sole remedy and Supplier’s sole obligation and Liability under the warranties stated in this Section and/or Agreement is for Supplier to correct the breach of warranty by fixing the Error, provided, however, (i) [***] in the Order [***] and (ii) where such fix fails to occur after reasonable opportunity to cure (as set forth in Sections 3.8, “Special Software Terms” and 3.9, “Acceptance or Rejection”) during Acceptance Tests, and [***] Agreement, [***], in the circumstances where (x) the uncured breach is Supplier’s sole responsibility and (y) the breach is such that the Custom Software cannot pass Acceptance Tests and cannot be placed into production. In the event of a refund under this Section, AT&T shall return all deliverables associated with the Project. THE WARRANTIES STATED HEREIN ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES, WRITTEN OR ORAL, STATUTORY, EXPRESS, OR IMPLIED, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WHICH SUPPLIER EXPRESSLY DISCLAIMS. |
f. | AT&T represents and warrants that: |
i. | As of the Effective Date there are no actions, suits, or proceedings, pending or threatened, which will have a material adverse effect on AT&T’s ability to fulfill its obligations under this Agreement. |
ii. | AT&T will promptly notify Supplier if, during the term of this Agreement, AT&T becomes aware of any action, suit, or proceeding, pending or threatened, which may have a material adverse effect on AT&T’s ability to fulfill the obligations under this Agreement or any Order. |
iii. | No consent, approval or withholding of objection is required (or, if such consent, approval or withholding of objection is required, AT&T shall obtain it) from any entity, including any governmental authority, with respect to the entering into or the performance of this Agreement or any Order. |
g. | AT&T Responsibilities. AT&T shall perform the AT&T Responsibilities as specified in the Agreement and/or the applicable Order, including but not limited to the following: |
i. | Any AT&T personnel performing services in conjunction with Supplier’s Services (either OnGoing Support or Custom Software Development) shall possess appropriate training and experience in relation to their assigned tasks. |
ii. | AT&T shall provide the agreed upon number and type of personnel as specified in order for purposes of properly fulfilling the tasks that AT&T undertakes in conjunction with a Project or Order. |
Page 69 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
iii. | AT&T shall perform its services in conjunction with any Order under this Agreement in a good and workmanlike manner, at or above industry standards. |
iv. | AT&T shall correct at its expense any Error in the Software or deficiencies in the services which result solely from the negligent acts or omissions of AT&T. |
v. | Subject to the limitations contained in Section 3.43e, and the requirement for AT&T to maintain Production Support to cover non-warranty work contained in Section 3.43, Supplier and AT&T shall negotiate in good faith (including using executive escalation procedures where necessary) to resolve any disputes over responsibility for correction of Errors or deficiencies. |
vi. | AT&T shall reasonably provide necessary co-operation, information, decisions and approvals requested by Supplier during the course of the Services. |
vii. | AT&T shall install and maintain the environment for the System unless otherwise specified in the Order. |
viii. | AT&T shall undertake reasonable efforts to ensure the co-operation of third-party vendors who are not under the direct control of Supplier, and to manage such third party vendors as required for the performance of the Services and the Custom Software development. |
ix. | AT&T shall provide, at no charge to Amdocs, office space suitable for Amdocs’ needs and the following services: computer terminals and associated peripherals including access to E-mail/Internet; a communication line from AT&T’s premises to Supplier’s’ relevant development center with minimum capacity to be specified based on the number of users in the development center; reasonable use of telephone, fax, and e-mail for business purposes; and office supplies, equipment and consumables, at AT&T’s normal standard. |
3.44 | Work Done By Others |
a. | If any part of Supplier’s Work is dependent upon work performed by others or subcontracted consistent with the terms herein, Supplier shall inspect and promptly report to AT&T any known or discovered defect that renders such other work unsuitable for Supplier’s proper performance. Supplier’s failure to so report any such known or discovered defect to AT&T shall constitute approval of such other work as fit, proper and suitable for Supplier’s performance of its Services or provision of Material. |
b. | Where a portion of the Work is subcontracted, Supplier remains fully responsible for performance thereof and shall be responsible to AT&T for the acts and omissions of any Subcontractor and any temporary worker engaged by Supplier. Any use of a Subcontractor which is not an Affiliate of Supplier (but not of a Temporary Worker (as defined below)) must be either set forth in the applicable Order or otherwise communicated to AT&T before commencement of the Work. Supplier shall endeavor to obtain and maintain insurance for acts and omissions of Subcontractors in material conformity with the Insurance Section of this Agreement. Supplier agrees to execute a subcontract with every Subcontractor which materially conforms with the terms of this Agreement and, specifically, with the Insurance Section of this Agreement. Furthermore, Supplier agrees to have its Subcontractors under the Agreement execute the non-disclosure agreement attached as Appendix I, Exhibit 3. |
Page 70 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
c. | The Parties agree that the Temporary Workers and Subcontractors engaged by Supplier may from time to time require access to the premises and facilities of AT&T for their participation in the performance of this Agreement and the Orders issued hereunder and that, if so requested by Supplier, AT&T shall deal with the personnel of the Subcontractors and with any reasonable requests of the Subcontractors in all respects as if such personnel were the personnel, and such requests were the requests, of Supplier. |
d. | Supplier may, in the ordinary course of business, subcontract (i) for third party services or products that are not exclusively dedicated to AT&T and that do not include regular direct contact with AT&T or AT&T Affiliate personnel or the performance of Services at AT&T sites or (ii) with temporary personnel firms for the provision of temporary contract labor (collectively, “Temporary Workers”); provided, that such Temporary Workers possess the training and experience, competence, and skill to perform the work in a skilled and professional manner. AT&T shall have no approval right with respect to such Temporary Workers. If, however, AT&T expresses dissatisfaction with the services of a Temporary Worker, Supplier shall work in good faith to resolve AT&T’s concerns on a mutually acceptable basis and, at AT&T’s request, replace such Temporary Worker at no additional cost to AT&T. |
3.45 | Supplier’s Compliance with Industry Standards |
Supplier represents and warrants that Supplier complies with and will continue to comply with: (i) the International Organization for Standardization (ISO)/ International Electrotechnical Commission (IEC) standard ISO/IEC 27001 as it may be modified and maintain a valid certification thereof; and (ii) specific NIST SP 800-53 according to Amdocs’ best practices, where applicable and attendant upon Supplier’s performance under this Agreement. . In the event of an inconsistency or conflict between the requirements in this clause, the Specifications, and any other provisions in this Agreement, the most stringent requirements will control.
4.0 | SPECIAL TERMS |
4.1 | Access to AT&T Premises and Non-Public Information Systems |
a. | When appropriate, Supplier Representatives shall have reasonable access to AT&T’s premises during normal business hours, and at such other times as may be agreed upon by the Parties, to enable Supplier to perform its obligations under this Agreement. Supplier shall coordinate such access with AT&T. Where required by governmental regulations, Supplier shall submit satisfactory clearance from the U.S. Department of Defense and/or other federal, state, or local authorities. |
b. | Supplier shall ensure that Supplier Representatives, while on or off AT&T’s premises, (i) protect AT&T’s materials, buildings, and structures, (ii) perform Services which do not unreasonably interfere with AT&T’s business operations, and (iii) perform such Services with care and due regard for the safety, convenience, and protection of AT&T, its employees, and its property. |
Page 71 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
c. | AT&T may require Supplier Representatives to exhibit identification credentials issued by AT&T’s third party Vendor Management System (“VMS”) vendor to gain unescorted access to AT&T’s premises for the performance of Services. In addition, if any Supplier Representatives requires access to AT&T’s Nonpublic Information Resources (as defined in the AT&T Supplier Information Security Requirements) Supplier must obtain from AT&T an [***] for each such Supplier Representative. [***] are provisioned upon successful opening of a worker record within the VMS. Supplier Representatives shall also exhibit their company’s photo identification, if any. If, for any reason, any Supplier Representative is no longer performing Services or no longer has a need to have access to AT&T’s Nonpublic Information Resources, then Supplier shall immediately close the Supplier Representatives record in the VMS and promptly return any identification credentials issued by the VMS. In cases where a Supplier Representative is being removed due to misconduct involving work at AT&T, Supplier will immediately inform the AT&T sponsoring manager of the nature of the misconduct. |
d. | AT&T currently uses a third-party VMS vendor and reserves the right to change the VMS vendor at any time and from time to time. Supplier shall enter into an agreement with AT&T’s designated VMS vendor, at no cost to AT&T, and supply any information about its Supplier Representatives reasonably required by the VMS vendor to create a worker record and enable provisioning of identification credentials and [***]. If Supplier fails to enter into an agreement with AT&T’s VMS vendor to use the VMS, Supplier’s Supplier Representatives will not be allowed access to AT&T’s premises (other than on an escorted basis) or to AT&T’s Nonpublic Information Resources. AT&T reserves the right to restrict Supplier or Supplier Representatives’ access to AT&T’s facilities and/or Nonpublic Information Resources, without liability to AT&T, until AT&T is satisfied that Supplier is compliant with its obligations under this Section. |
e. | Supplier shall ensure that information provided to AT&T or the VMS vendor for its Supplier Representatives is 1) input accurately into the VMS (including the [***] for the Supplier Representatives, the Agreement number in the “Contract or PO #” field as it may be changed, the start and end dates (end date must not be after the expiration date of the Agreement), and the worker classification obtained from the AT&T sponsoring manager), 2) maintained properly throughout the term of the engagement, and 3) closed on a timely basis upon the termination or expiration of the engagement or the need for the Supplier Representatives to have access to AT&T’s premises or Nonpublic Information Resources. Supplier shall not enable or allow any Supplier Representatives to let anyone else use the AT&T identification credentials or an [***] issued to that Supplier Representatives to gain access to AT&T premises or Nonpublic Information Resources. |
4.2 | Background Checks/Drug Screening |
[***]
Page 72 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
4.3 | Change Control |
The Parties agree that all changes to this Agreement and to an Order must be in writing and signed by the Party against whom enforcement is sought. Any change to an Order shall take the form of an amendment as described in Section 3.8, “Special Software Terms”.
4.4 | Customer Information |
a. | As between Supplier and AT&T, title to all Customer Information and customer proprietary network information (“CPNI”) (as that term is defined in Section 222 of the Communications Act of 1934, 47 U.S.C. §222, as amended, (“Section 222”) shall be in AT&T. Except as otherwise provided herein, no license or rights to any Customer Information are granted to Supplier hereunder. |
b. | Supplier acknowledges that Customer Information received may be subject to certain privacy laws and regulations and requirements, including requirements of AT&T provided or made available to Supplier. Supplier shall consider Customer Information to be private, sensitive, and confidential. Accordingly, with respect to Customer Information, Supplier shall comply with all applicable privacy laws and regulations and requirements, including, but not limited to, the CPNI restrictions contained in Section 222. Accordingly, Supplier shall: |
i. | not use any CPNI to market or otherwise sell products to AT&T’s customers, except to the extent necessary for the performance of Services for AT&T or as otherwise approved or authorized by AT&T in this Agreement or in writing; |
ii. | make no disclosure of Customer Information to any party other than AT&T, except to the extent necessary for the performance of Services for AT&T or except such disclosure required under force of law; provided that Supplier shall provide AT&T with notice immediately upon receipt of any legal request or demand by a judicial, regulatory, or other authority or third party to disclose or produce Customer Information; Supplier shall furnish only that portion of the Customer Information that it is legally required to furnish and shall provide reasonable cooperation to AT&T should AT&T exercise efforts to obtain a protective order or other confidential treatment with respect to such Customer Information; |
iii. | not incorporate any Customer Information into any database other than in a database maintained exclusively for the storage of AT&T’s Customer Information; |
iv. | not incorporate any data from any of Supplier’s other customers, including Affiliates of AT&T, into AT&T’s customer database; |
v. | make no use whatsoever of any Customer Information for any purpose except to comply with the terms of this Agreement; |
vi. | make no sale, license, or lease of Customer Information to any other party; |
vii. | restrict access to Customer Information to only those employees of Supplier or Subcontractors that require access in order to perform Services under this Agreement; |
Page 73 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
viii. | prohibit and restrict access or use of Customer Information by any of Supplier’s other customers, Supplier’s Affiliates, or third parties except as may be agreed otherwise by AT&T; |
ix. | promptly return all Customer Information to AT&T upon expiration or termination of this Agreement or applicable schedule or Order, unless expressly agreed or instructed otherwise by AT&T; and |
x. | immediately notify AT&T upon Supplier’s awareness of (i) any breach of the above-referenced provisions, (ii) any disclosure (inadvertent or otherwise) of Customer Information to any third party not expressly permitted herein to receive or have access to such Customer Information, or (iii) a breach of, or other security incident involving, Supplier’s systems or network that could cause or permit access to Customer Information inconsistent with the above-referenced provisions, and such notice shall include the details of the breach, disclosure, or security incident. Supplier shall fully cooperate with AT&T in determining, as may be necessary or appropriate, actions that need to be taken including, but not limited to, the full scope of the breach, disclosure, or security incident, corrective steps to be taken by Supplier, the nature and content of any customer notifications, law enforcement involvement, or news/press/media contact, etc., and Supplier shall not communicate directly with any AT&T customer without AT&T’s consent, which consent shall not be unreasonably withheld. |
4.5 | Dispute Resolution |
a. | Informal Dispute Resolution. |
Prior to the initiation of formal dispute resolution procedures with respect to any dispute, other than as provided in this Section, the Parties shall first attempt to resolve such dispute informally, as follows:
i. | Initial Effort. The Parties agree that they shall attempt in good faith to resolve all disputes by informal discussion. In the event of a dispute that is not resolved or resolvable through informal discussion, either Party may refer the dispute for resolution to the senior corporate executives specified in Section 4.5a.v. below upon written notice to the other Party. |
ii. | Escalation. Within seven (7) business days of a notice under Section 4.5a.i. above referring a dispute for resolution by senior corporate executives, the AT&T Contract Office and the Supplier Account Office will each prepare and provide to a Supplier Division President and to AT&T Global Supply Chain and AT&T Technology Development executive leadership, respectively, summaries of the relevant information and background of the dispute, along with any appropriate supporting documentation, for their review. The designated senior corporate executives will confer as often as they deem reasonably necessary in order to gather and furnish to the other all information with respect to the matter in issue which the Parties believe to be appropriate and germane in connection with its resolution. The designated senior corporate executives shall discuss the problem and negotiate in good faith in an effort to resolve the dispute without the necessity of any formal proceeding. The specific format for the discussions will be left to the discretion of the designated senior corporate executives, but may include the preparation of agreed-upon statements of fact or written statements of position. |
Page 74 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
iii. | Provision of Information. During the course of negotiations under this Section, all reasonable requests made by one Party to another for non-privileged information, reasonably related to the dispute, will be honored in order that each of the Parties may be fully advised of the other’s position. All negotiation shall be strictly confidential and used solely for the purposes of settlement. Any materials prepared by one Party for these proceedings shall not be used as evidence by the other Party in any subsequent arbitration or litigation; provided, however, the underlying facts supporting such materials may be subject to discovery. |
iv. | Prerequisite to Formal Proceedings. Formal proceedings for the resolution of a dispute may not be commenced until the earlier of: (i) the designated senior corporate executives under Section 4.5a.i. above concluding in good faith that amicable resolution through continued negotiation of the matter does not appear likely; or (ii) [***] days after the notice under Section 4.5a.i. above referring the dispute to designated senior corporate executives. The time periods specified in this Section 4.5a. shall not be construed to prevent a Party from instituting, and a Party is authorized to institute, formal proceedings earlier to (A) avoid the expiration of any applicable limitations period, (B) preserve a superior position with respect to other creditors, or (C) address a dispute to the extent subject to equitable or injunctive relief. |
v. | Additional Escalation. In addition to the dispute resolution provisions contained in this Section 4.5a., in connection with any exercise of its termination rights under Section 3.36, “Termination”, AT&T will, no less than [***] days prior to the effective date of such termination, but without extending any applicable time frames specified in the Agreement, provide Supplier with the right to have its Chief Executive Officer address the relevant issues with AT&T’s then-current Chief Strategy Officer/Division President – AT&T Technology and Operations. |
b. | Arbitration. |
i. | Except for a claim or controversy regarding the existence, validity or ownership of Intellectual Property Rights, and without limiting either Party’s right to seek appropriate injunctive relief in the event of a breach or threatened breach of this Agreement, any controversy or claim arising out of or relating to this Agreement, or any breach thereof, which cannot be resolved using the procedures set forth above in Section 4.5 a. shall be finally resolved under the Commercial Arbitration Rules of the American Arbitration Association then in effect. |
ii. | The Arbitration shall take place in New York, New York, and shall apply the Laws of the State of Texas. The decision of the arbitrators shall be final and binding and judgment on the award may be entered in any court of competent jurisdiction. The arbitrators shall be instructed to state the reasons for their decisions in writing, including findings of fact and law. The arbitrators shall be bound by the warranties, limitations of liability, and other provisions of this Agreement. Except with respect to the provisions of this Agreement that provide for injunctive relief rights, such arbitration shall be a precondition to any application by either Party to any court of competent jurisdiction. Each Party waives any right it may have to a trial by jury in respect of any legal action arising out of or relating to this Agreement. |
Page 75 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
iii. | Within twenty (20) business days after delivery of written notice (“Notice of Dispute”) by one Party to the other in accordance with this Section, the Parties each shall use good faith efforts to agree upon one (1) arbitrator. If the Parties are not able to agree upon one (1) arbitrator within such period of time, the Parties each shall within ten (10) business days: (i) appoint one (1) arbitrator who has at no time ever represented or acted on behalf of either of the Parties, and is not otherwise affiliated with or interested in either of the Parties and (ii) deliver written notice of the identity of such arbitrator and a copy of his or her written acceptance of such appointment to the other Party. If either Party fails or refuses to appoint an arbitrator within such ten (10) business day period, the single arbitrator appointed by the other Party shall decide alone the issues set out in the Notice of Dispute. Within ten (10) business days after such appointment and notice, such arbitrators shall appoint a third arbitrator. In the event that the two (2) arbitrators fail to appoint a third arbitrator within ten (10) business days of the appointment of the second arbitrator, either arbitrator or either Party may apply for the appointment of a third arbitrator to the American Arbitration Association. |
iv. | All arbitrators selected pursuant to this Section shall be practicing attorneys with at least five (5) years of experience in technology law applicable to the Services. Any such appointment shall be binding upon the Parties. The Parties shall use best efforts to set the arbitration within sixty (60) days after selection of the arbitrator or arbitrators, as applicable, but in no event shall the arbitration be set more than ninety (90) days after selection of the arbitrator or arbitrators, as applicable. Discovery as permitted by the Federal Rules of Civil Procedure then in effect will be allowed in connection with arbitration to the extent consistent with the purpose of the arbitration and as allowed by the arbitrator or arbitrators, as applicable. The decision or award of the arbitrator or the majority of the three arbitrators, as applicable, shall be rendered within fifteen (15) days after the conclusion of the hearing, shall be in writing, shall set forth the basis therefor, and shall be final, binding and nonappealable upon the Parties and may be enforced and executed upon in any court having jurisdiction over the Party against whom the enforcement of such decision or award is sought. Each Party shall bear its own arbitration costs and expenses and all other costs and expenses of the arbitration shall be divided equally between the Parties; provided, however, that the arbitrator or arbitrators, as applicable, may modify the allocation of fees, costs, and expenses in the award in those cases where fairness dictates other than such allocation between the Parties. |
4.6 | Electronic Data Interchange (EDI) |
a. | At the request of AT&T, the Parties shall exchange Orders, payments, acknowledgements, invoices, remittance notices, and other records (“Data”) electronically, in place of tangible documents. In such case, AT&T shall also designate whether the Parties shall exchange Data by direct electronic or computer systems communication between AT&T and Supplier, or indirectly through third party service providers with which either Party may contract or a single |
Page 76 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
AT&T-designated third party service provider with which each Party shall contract independently (“Provider”), to translate, forward, and/or store such Data. If the Parties exchange Data directly, they agree to exchange it in accordance with the Telecommunications Industry Forum EDI Guidelines for use of American National Standards Institute (ANSI) Accredited Standards Committee X12 transaction sets, unless they agree to a proprietary format or another standard such as Extensible Markup Language (XML).
b. | The following additional conditions apply to any such exchanges: |
i. | Garbled Transmissions: If any Data is received in an unintelligible, electronically unreadable, or garbled form, the receiving Party shall promptly notify the originating Party (if identifiable from the received Data) in a reasonable manner. In the absence of such notice, the originating Party’s record of the contents of such Data shall control. |
ii. | Signatures: Each Party will incorporate into each EDI transmission an electronic identification consisting of symbols or codes (“Signature”). Each Party agrees that any predetermined Signature of such Party included in or affixed to any EDI transmission shall be sufficient to verify that such Party originated, “signed” and “executed” such transmission. Neither Party shall disclose to any unauthorized person the Signatures of the Parties hereto. |
iii. | Statute of Frauds: The Parties expressly agree that all Data transmitted pursuant to this Section shall be deemed to be a “writing” or “in writing” for purposes of Section 2-201 of the Uniform Commercial Code (“UCC”) or any other applicable Law requiring that certain agreements be in writing and signed by the party to be bound thereby. Any such Data containing or having affixed to it a Signature shall be deemed for all purposes: (i) to have been “signed” and “executed”; and (ii) to constitute an “original” when printed from electronic files or records established and maintained in the normal course of business. |
iv. | Method of Exchange: Each Party shall be responsible for its own costs to provide and maintain the equipment, software, and services necessary to effectively and reliably transmit and receive Data, and the associated charges of any Provider with which it contracts. Supplier shall be solely responsible for the cost of storing its information or Data on a Provider’s computer network, which may be retrieved by AT&T at no additional charge to AT&T by Supplier. Either Party may change a Provider upon [***] days’ prior written notice to the other Party, except that if a single Provider for both Parties has been designated by AT&T, then AT&T may change the Provider upon [***] days’ prior written notice to Supplier. |
v. | Warranty of Data Integrity: Supplier represents and warrants that Data and/or information either transmitted to AT&T by Supplier or stored by Supplier on a Provider’s network for access by AT&T a) does not knowingly or intentionally contain any Harmful Code or Vulnerability, and b) does not knowingly or intentionally infringe or violate any third party’s copyright, patent, trademark, trade secret, or other proprietary rights or rights of publicity or privacy. |
Page 77 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
4.7 | Entry on AT&T Property |
a. | If the performance of the Services provided hereunder requires Supplier’s entry upon property owned or controlled by AT&T, Supplier is hereby notified that AT&T presumes for safety planning purposes that all tile and sheet/rolled vinyl flooring contains asbestos unless verified otherwise through sampling of the material and that AT&T-owned buildings constructed prior to 1981 may contain other asbestos containing materials (“ACM”) and/or presumed asbestos containing materials (“PACM”). All AT&T buildings, regardless of age, may also contain both natural and manmade conditions and/or activities involving risk of harm. AT&T has not inspected such property for the purposes of this Agreement and has not taken any efforts to discover or make safe dangerous conditions or activities for the purpose of Supplier’s performance of Services. |
b. | If the performance of the Services provided hereunder requires disturbance of ACM/PACM other than flooring material (surfacing/fireproofing coatings, thermal system insulation (TSI) or other suspect materials), then Supplier must contact the project manager and request records to determine the presence, location, and quantity of ACM/PACM in or adjacent to which Supplier’s employees may reasonably be expected to work. At AT&T’s discretion, the project manager may supply records that indicate which areas, if any, of the premises contain ACM. If AT&T does not provide records or does not know if the premises contain ACM, the material will be presumed to be asbestos containing until proven otherwise. If records regarding the presence, location, and quantity of ACM do not exist, the project manager may arrange for a survey of materials that may be disturbed to determine the presence, location, and quantity of asbestos. If AT&T is aware that ACM or PACM is indicated in materials that may be disturbed, AT&T will advise Supplier of the presence, location, and quantity of all known ACM and/or PACM at the work site. Supplier will have no obligation to provide Services in areas of premises containing ACM and/or PACM if its work could potentially disturb the ACM/PACM, except work requiring the drilling or cutting/lifting of asbestos containing flooring in accordance with paragraph e below. Supplier will not be liable for any liquidated damages related to any delay associated with AT&T’s failure or delay in providing Supplier with information related to the presence, location, and quantity of ACM/PACM. |
c. | If ACM or PACM is indicated on AT&T’s premises, it is AT&T’s responsibility to ensure that the ACM/PACM does not present a hazard while Supplier conducts work operations on the premises. If it is determined that Supplier’s work, other than drilling or cutting/lifting of asbestos-containing flooring, will potentially disturb ACM/PACM, releasing asbestos fibers into the air, AT&T must have a contractor meeting the requirements of applicable Laws remove the asbestos prior to Supplier’s performing work in the area. |
d. | Upon entering AT&T’s premises, Supplier shall be responsible for inspecting the Services site for visually obvious unsafe conditions and taking the necessary safety precautions for protection of Supplier, its employees, and its agents and ensuring a safe place for performance of the Services. As a material condition of this Agreement, Supplier, for itself and its employees and agents, assumes all risk of visually obvious dangers associated with the property, and responsibility for the following OSHA notice requirements: |
Page 78 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
i. | informing its employees of the information provided by the AT&T Asbestos Records Contact regarding the presence, location and quantity of ACM/PACM present in the property in or adjacent to which Supplier’s employees may reasonably be expected to work and the precautions to be taken to reasonably insure that airborne ACM/PACM is kept well below permissible exposure levels; and |
ii. | informing the appropriate AT&T project manager and other employers of employees at the property of the presence, location, and quantity of any newly-discovered ACM/PACM identified by Supplier within twenty-four (24) hours of its discovery. |
e. | Should Services require the drilling or cutting/lifting of presumed asbestos containing/asbestos-containing flooring (e.g., floor tile or sheet rolled goods such as linoleum), Supplier agrees that its employees and Subcontractors performing such drilling or cutting/lifting will use AT&T’s Technical Practice 76300 (section G) Procedure for Drilling or Cutting/Lifting Asbestos-Containing/Presumed Asbestos Containing Flooring (“AT&T’s Procedure”) which has a Negative Exposure Assessment when drilling or cutting/lifting such flooring and that only employees and Subcontractors who have received the annual training required to perform AT&T’s Procedure will perform such drilling or cutting/lifting procedures. |
i. | In accordance with AT&T’s Procedure, AT&T shall either supply Supplier written documentation verifying the absence of ACM in states where asbestos disturbance is not allowed and Supplier shall proceed with drilling or cutting/lifting when the cuts or drills will be in non-asbestos containing floors. |
ii. | If no information regarding asbestos content of the flooring is available, in accordance with AT&T’s Procedure, the AT&T project manager will arrange for either 1) a licensed asbestos building inspector to obtain a sample of the floor to determine asbestos content or lack thereof; or 2) a licensed asbestos abatement contractor to drill the holes or remove the asbestos-containing materials and properly dispose of the debris. |
iii. | Supplier will not be liable for any liquidated damages related to any delay associated with AT&T’s failure or delay in providing Supplier with the information, documentation, or work by a licensed asbestos contractor pursuant to this paragraph (e). |
f. | Supplier hereby releases AT&T from any and all claims or causes of action in connection with the responsibilities assumed by Supplier in paragraphs d.i, d.ii., and e. of this Section above, and agrees to indemnify, hold harmless, and defend AT&T, its Affiliates, and its and their employees, agents, officers, and directors against any Loss arising therefrom or in connection therewith, in accordance with the Section of this Agreement entitled “Indemnity.” |
g. | If, in Supplier’s judgment, the Services, other than Services requiring the drilling or cutting/lifting of asbestos-containing flooring, should not proceed due to the presence of ACM/PACM and/or any other unsafe condition, the correction of which may require changes or alterations in AT&T’s operations or property, Supplier shall notify the AT&T project manager immediately, and shall suspend the Services until Supplier and AT&T agree on the corrections or alterations necessary for the safe performance of the Services. Supplier will not be liable for any liquidated damages related to any delay associated with such a suspension. |
Page 79 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
4.8 | Error Severity Level Description And Resolution Plan |
The Parties agree that the use of this Section, and/or the use of Section 4.9, Liquidated Damages for Delay in Delivery, may be applied as identified in the related Custom Software development Order. The Parties also agree that this Section 4.8, Error Severity Level Description And Resolution Plan, may also apply to OnGoing Support Orders following Warranty.
a. | During the Warranty Period of the applicable Custom Software development Order, if Custom Software fails to operate in conformance with the Specifications, or if any of the following specified errors (each an “Error”) occurs, Supplier agrees to respond and perform as follows: |
1 FATAL: Reported problems preventing all useful work from being done or potential data loss or corruption, or Software Functionality is inoperative; inability to use has a critical impact to AT&T’s operations. |
• Acknowledgment
• Work Around, temporary fix
• Final fix, update, or new release
• Communications |
• [***] | ||
2 SEVERE IMPACT: Problems disable major Functionality required to do productive work or Software is partially inoperative and is considered as severely restrictive by AT&T. |
• Acknowledgment
• Work around, temporary fix
• Final fix, update, or new release
• Communications |
• [***] | ||
3 DEGRADED OPERATIONS: Reported problems disabling specific non-essential Functionality; Error condition is not critical to continuing operation and/or AT&T has determined a work-around for the Error condition. |
• Acknowledgment
• Work around, temporary fix
• Final fix, update, or new release
• Communications |
• [***] | ||
4 MINIMAL IMPACT: Any deviation from Specifications not otherwise included in a Severity 1, 2, or 3 category. |
• Acknowledgment
• Work around, temporary fix
• Final Fix, update, or new release
• Communications |
• [***] |
Page 80 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
b. | In the case of a FATAL or SEVERE IMPACT Error condition, Supplier shall use its best efforts to acknowledge notification of such Error condition within the time frames indicated. |
c. | Supplier shall correct any and all Errors in the Custom Software in accordance with the Error Severity Levels specified above. In addition, at any time during the Error correction or technical support process, AT&T may invoke the below-listed escalation procedure: |
i. | Supplier’s escalation process is to ensure that when a problem is not being resolved in a satisfactory manner, (i) both AT&T and Supplier have a common perception of the nature and criticality of the problem, (ii) the visibility of the problem is raised within Supplier’s organization, and (iii) appropriate Supplier resources are allocated toward solving the problem. |
ii. | The following escalation process may be invoked by AT&T when an Error, defect, non-conformity, or technical support issue has been reported to Supplier, the Error substantially affects AT&T’s use of the Software, and Supplier has not yet provided a patch or bypass around the Error. |
iii. | The escalation processes can be initiated by contacting the next higher management level within Supplier’s organization. Such Supplier designate will work with AT&T’s designated contact and management to bring a satisfactory solution to the situation. The effort will be focused on developing an action plan and coordinating whatever Supplier resources are required to meet AT&T’s needs as rapidly as possible, within the policy stated above. |
iv. | During the period of the action plan, regular status update communications will be established between AT&T’s designate and Supplier’s designate. |
v. | If an action plan cannot be agreed to, or if the action plan fails to provide a satisfactory solution within the time frame defined in the action plan, the problem will be escalated to Supplier’s highest management level. |
d. | If any FATAL or SEVERE IMPACT Custom Software Error cannot be corrected by Supplier within the indicated timeframes, Supplier shall provide [***] or a portion thereof that the FATAL or SEVERE IMPACT Error remains unresolved after the work around/temporary fix resolution period specified above. [***] |
e. | In addition, if a FATAL Error remains unresolved [***] hours after reporting thereof by AT&T or if a SEVERE IMPACT Error remains unresolved [***] hours after reporting by AT&T, upon AT&T’s request, Supplier shall provide a Software engineer at AT&T’s site(s), at no additional charge, to resolve the Software Error. |
f. | The Parties acknowledge that DEGRADED OPERATIONS and/or MINIMAL IMPACT Errors are generally less serious than FATAL or SEVERE IMPACT Errors. The Parties further acknowledge and agree that elongated resolution of such Errors can be detrimental to AT&T’s use of the Software. Therefore, in the event that DEGRADED OPERATIONS Errors remain unresolved [***] days after AT&T’s initial report of the Error and AT&T’s notice of required resolution to Supplier, or MINIMAL IMPACT Errors remain unresolved [***] days after AT&T’s report of the Error and AT&T’s notice of required resolution to Supplier, Supplier shall [***] for each day beyond [***] days for DEGRADED OPERATIONS Errors and/or [***] days for MINIMAL IMPACT Errors that the Error remains unresolved. [***] |
Page 81 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
g. | Supplier shall provide AT&T with toll-free telephone hotline assistance related to operation of the Software, including questions about individual features or suspected malfunctions. In addition, Supplier shall provide AT&T with emergency after-hours or weekend contact numbers through which support can be obtained in the event of unavailability of the Software due to a FATAL or SEVERE IMPACT Error. If a FATAL Error is reported after hours, or during the weekend, Supplier shall begin workaround/temporary fix activities as soon as possible. |
4.9 | Liquidated Damages for Delay in Delivery |
The Parties agree that the use of this Section, and/or the use of Section 4.8, Error Severity Level Description And Resolution Plan, may be applied as identified in the related Custom Software development Services Order.
Upon discovery of anything indicating a reasonable certainty that Custom Software and/or Services will not be delivered by the scheduled Delivery Date, Supplier shall notify AT&T and provide the estimated length of delay. The Parties shall work jointly toward resolving the delayed delivery. If the Parties reach agreement on an extended Delivery Date and Supplier fails to meet the extended Delivery Date, then AT&T may (i) if such delay amounts to a material breach, exercise AT&T’s termination rights under the Agreement with respect to the applicable Order, (ii) [***] hereunder, and/or (iii) further extend the Delivery Date. No payments, progress or otherwise, made by AT&T to Supplier after any scheduled Delivery Date shall constitute a waiver of Liquidated Damages. Delivery Dates shall be extended as and to the extent Supplier is unable to meet the original Delivery Date due to causes outside of Supplier’s control. Such extension shall be proportionate to the delay caused by factors outside Supplier’s control.
Notwithstanding anything to the contrary in the Agreement, in the event of Supplier’s failure to meet a Delivery Date as defined in the Services Order (as it may have been extended in accordance with the terms as set forth herein) AT&T shall be entitled to Liquidated Damages according to the following schedule:
Days Late |
Liquidated Damages | |
0-14 |
$0 | |
15-44 |
10% of fees under the Services Order | |
45-74 |
10% of fees under the Services Order | |
75+ |
10% of fees under the Services Order |
Page 82 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
The foregoing Liquidated Damages shall be calculated cumulatively and shall be capped at a total of thirty percent (30%) of the fees under the Services Order. AT&T’s taking of Liquidated Damages for failure to meet a Delivery Date shall not preclude AT&T from claiming actual damages in excess of the Liquidated Damages; provided, however, that the amount of Liquidated Damages taken by AT&T shall be deducted from any damages awarded to AT&T. Liquidated Damages taken by AT&T for failure to meet a Delivery Date shall be excluded from the limitations of liability set forth in the Agreement.
4.10 Independent Contractor
Supplier hereby represents and warrants to AT&T that:
a. | Supplier is engaged in an independent business and will perform all obligations under this Agreement as an independent contractor and not as the agent or employee of AT&T; |
b. | Supplier’s personnel performing Services shall be considered solely the employees of Supplier and not employees or agents of AT&T; |
c. | Supplier has and retains the right to exercise full control of and supervision over the performance of the Services and full control over the employment, direction, assignment, compensation, and discharge of all personnel performing the Services; |
d. | Supplier is solely responsible for all matters relating to compensation and benefits for all of Supplier’s personnel who perform Services. This responsibility includes, but is not limited to, (i) timely payment of compensation and benefits, including, but not limited to, overtime, medical, dental, and any other benefit, and (ii) all matters relating to compliance with all employer obligations to withhold employee taxes, pay employee and employer taxes, and file payroll tax returns and information returns under local, state, and federal income tax Laws, unemployment compensation insurance and state disability insurance tax laws, social security and Medicare tax Laws, and all other payroll tax Laws or similar Laws with respect to all Supplier personnel providing Services; |
e. | Supplier will indemnify, defend, and hold AT&T harmless from all liabilities, costs, expenses, and claims related to Supplier’s failure to comply with the immediately preceding paragraph, in accordance with Section 3.15, “Indemnity”; and |
f. | To the extent permissible under applicable Law, Supplier shall ensure that all individuals who provide Services under this Agreement sign an “Agreement Regarding Non-Employment Status with AT&T” in the form attached hereto as Appendix G. Individuals currently providing Services shall sign no later than [***] days following the execution of this Agreement. Any individual who begins providing Services only in connection with new or amended Orders shall sign no later than [***] days following the date such individual commences providing Services. Supplier shall make available an executed copy to AT&T upon AT&T’s request. |
Page 83 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
4.11 | Payment Card Industry Data Security Standards (PCI-DSS) |
To the extent Supplier processes, transmits, and/or stores credit cardholder data and/or related transaction status for or on behalf of AT&T, Supplier must be Payment Card Industry-Data Security Standards (PCI-DSS) compliant. Upon AT&T’s request, Supplier shall promptly submit a copy of Supplier’s executed Attestation of Compliance (AOC) to x00000@xxx.xxx.
4.12 | Previous Services for AT&T |
Supplier will determine whether each individual who performs Services for AT&T has performed Work as an employee or temporary worker for AT&T, or any AT&T Affiliate, in the six (6) months preceding the individual’s proposed commencement of Work for AT&T. Supplier will provide AT&T with written notice of any individuals who meet the foregoing criteria. AT&T may require that Supplier provide another individual to perform the Work.
4.13 | Affordable Care Act |
For purposes of the Affordable Care Act (ACA), and in particular for purposes of Section 4980H of the Internal Revenue Code of 1986, as amended, and the regulations thereunder, with respect to each individual provided by Supplier to work on AT&T project(s) for at least thirty (30) hours per week for at least ninety (90) days, whether consecutive or not, Supplier represents and warrants that it or one of its Subcontractors is the common law employer of such individual and shall be responsible for either providing healthcare coverage as required by the ACA (to the extent applicable) or for paying any Section 4980H assessable payments that may be required for failure to provide to such individual:
a. | health care coverage, or |
b. | affordable healthcare coverage. |
In no event will AT&T be considered to be the common law employer of such individual for purposes of the ACA. Supplier is required to maintain for a period of ten (10) years from the effective date of the ACA Information to show compliance with the ACA notwithstanding any other provision in this Agreement to the contrary.
4.14 | Supplier’s Audited Financial Statements |
In the event that Supplier is not a publicly traded corporation, Supplier shall provide to AT&T (or its third party delegate), upon request and at no charge, its bona fide and unedited audited fiscal year financial statements and other financial documents as reasonably requested by AT&T to allow an assessment of Supplier’s financial condition. If Supplier is a subsidiary of, is owned by, has a majority of its interest held by, or is controlled by an entity (e.g., a parent company) that is not a publicly traded corporation, then Supplier shall furnish such documents for both Supplier and its owning, controlling or parent company. If Supplier is a subsidiary of, is owned by, has a majority of its interest held by, or is controlled by an entity (e.g., a parent company) that is a publicly traded corporation, then Supplier shall furnish publicly available documents regarding its parent company.
Page 84 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
5.0 | SPECIAL SOFTWARE TERMS |
5.1 | Modifications |
AT&T may alter, modify, add or make other changes to Custom Software provided hereunder at its own risk and expense or contract with third parties for such modifications. AT&T shall notify such third parties of their non-disclosure obligations. The conditions and charges, if any, for Supplier support of such modifications shall be subject to separate agreement between AT&T and Supplier. Supplier shall have no responsibility to warrant, maintain or support such modified portion of the Custom Software or any portion of the Custom Software that is adversely affected by such modification. Title to any such addition or modification shall remain with AT&T.
5.2 | Program Material |
a. | At no additional cost, Supplier shall provide AT&T with the Program Material. Supplier shall provide such Program Material no later than the originally scheduled Delivery Date. |
b. | AT&T shall have the right to reproduce all Program Material and all machine-readable forms of the Custom Software. Any such reproductions shall include any copyright or similar proprietary notices contained in the items being reproduced. |
6.0 | MISCELLANEOUS PROVISIONS |
6.1 | Allowable Expenses |
a. | AT&T is not responsible for any travel, meal, or other business related expense incurred by Supplier whether or not incurred in its performance of its obligations under this Agreement, unless such expense complies with the requirements of AT&T’s Vendor Expense Policy attached hereto and incorporated herein as Appendix H, and is not otherwise restricted under the terms of this Agreement or any applicable Order. Upon request by AT&T, Supplier shall use commercially reasonable efforts to provide in a timely manner supporting documentation for any unusual or out of the ordinary expenses or in instances when the applicable AT&T approver cannot make a reasonable determination on the propriety of the transaction without such documentation. The Parties further agree that for the purpose of determining when an expense is “incurred” pursuant to Section 2.1 of the Vendor Expense Policy, Supplier shall be deemed to incur such expense when the invoice or expense voucher for such expense is submitted to Supplier’s Accounts Payable department for payment. |
b. | Additionally, the Parties agree as follows: |
i. | Travel and living expenses will not be paid for resources working at their primary work location or in the same metropolitan area as their primary work location. |
ii. | Travel and living expenses for all Orders shall be limited to [***] unless agreed otherwise by the Parties in a specific Order. |
6.2 | Reporting |
a. | All work whether on a time and materials or fixed bid basis will be reported in a standard billing format to be agreed upon. |
Page 85 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
b. | Supplier will follow reasonable time reporting practices and guidelines, as specified and/or modified by AT&T from time to time and agreed with Supplier, for all time and materials engagements and Projects. In time and materials Projects (and not fixed price Projects), Supplier shall describe hours worked reported by personnel level; new development versus maintenance; domestic/offshore hours by release item; and employee, the hours worked and time incurred. |
c. | For all AT&T Technology Development time and materials Orders, Supplier resources will report time in AT&T’s Cost Management Project Management (CMPM) application, or the then-current time reporting system, by [***] and all hours shall be reported by the [***] before the CMPM application closes. AT&T will provide PMT codes for all assigned/requested work to allow for Amdocs resources to charge their time accordingly. In the event that a PMT code is not available or has not been provided, AT&T will provide an alternative PMT code to use until the correct PMT code can be identified at which point the hours will be moved over from the alternative to the correct PMT code. |
6.3 | Disaster Recovery and Business Continuity Plan: |
a. | Supplier will provide a Disaster Recovery and Business Continuity Plan at all times during the term of this Agreement for their offshore operations associated with each Project and or Application that is assigned to them by AT&T as set forth in Appendix J, “Disaster Recovery and Business Continuity Plan”. Such Disaster Recovery and Business Continuity Plan shall be reviewed and agreed upon with AT&T. |
b. | This should include, but not be limited to: |
i. | Demonstrate the existence of a recovery strategy, which is without charge to AT&T that is exercised with documented conclusions and recommended improvements. |
ii. | Ensure that failover processes and procedures are in place to support AT&T applications and these failover processes and procedures are exercised annually (at a minimum). |
iii. | Ensure that adequate communication documents, processes, and procedures are readily available and kept up to date. |
6.4 | Clauses Applicable to Call Center Work |
In the event an Order involves Call Center Work, the following clauses shall apply.
a. | AT&T Clean Desk Policy |
AT&T Data, records, and Customer Information must always be protected from unauthorized access, use, or disclosure. Additional protections or exceptions mandated by unique circumstances with appropriate approvals may be added to this Standard Policy by agreement of the Parties per individual Order.
Supplier shall take all necessary steps to ensure that no Supplier person who has access to AT&T Data, records, or information regarding any AT&T customer (“Agent”) has the ability to record any AT&T Customer Information either via written, electronic, or any other instrumentation. Accordingly, in all areas where AT&T Data, records, or information regarding AT&T customers is accessible or viewable, Supplier must ensure the following:
Page 86 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
i. | That all Agents are prevented access to any writing instruments or paper of any kind, within reason. |
ii. | Electronic devices that may be used to record video, take photographs, or otherwise communicate information (examples include, but are not limited to, mobile phones, Bluetooth devices, e-Readers, gaming devices, wearable electronics, personal tablets, or laptops) are prohibited. |
iii. | Notes displaying sensitive information such as user IDs, passwords, customer account numbers, or other sensitive personal information of AT&T customers is strictly prohibited. AT&T Customer Information must NEVER be written down, typed, recorded (voice or image), or transmitted. These prohibitions notwithstanding, Agents may type Customer Information into authorized AT&T systems only where it is required; and Supplier shall record and retain customer calls and screen shots as required in accordance with this Agreement and its Orders. |
iv. | Supplier shall disable all external storage ports (CD ROM, DVD, or USB drives) from all Agents’ desktop or laptop computers that are used to access AT&T systems or data. |
v. | For all desktop, laptop, or tablet computers that are used by Agents to access AT&T systems or Data, Supplier shall block access to all internet sites except those approved for use by AT&T. Additionally, access to any websites that allow for webmail, file sharing, data storage, or online notepad capabilities (examples: gmail, yahoo mail, dropbox, one drive, etc.) is prohibited on any desktop or laptop computer that is used by Agents to access AT&T systems or data. |
Additionally, the following procedures must also be in place:
i. | Clear fax machines, printers, and copiers of any AT&T Data, records, or Customer Information immediately. |
ii. | Agents shall lock desktop and laptop computers when leaving their stations for any period of time. |
iii. | Laptops and tablets that allow for access to AT&T Data, records, or Customer Information must be physically secured in place and may not be removed from the Supplier location. |
iv. | Supplier shall physically secure any area where AT&T Data, records, or Customer Information is accessible to prevent access by unauthorized persons. |
Supplier shall perform routine inspections to be completed no less than [***] to ensure adherence to these processes. If any inspection shows non-compliance with the processes as outlined herein, Supplier shall promptly take all actions necessary to immediately comply and shall bear the cost thereof.
AT&T Clean Desk Audits may be conducted as needed and at AT&T’s sole discretion without advance notice.
b. | Customer Protection Policy |
i. | In addition to the reporting and notification requirements contained elsewhere in this Agreement, Supplier also agrees to take all appropriate steps to prevent and respond to these specific type of Incidents involving the mistreatment of AT&T’s customers. To protect AT&T’s customers, as well as AT&T, its Affiliates, and its services, from the effects of such mistreatment, Supplier will not permit any of its Customer Service Representatives (CSRs) or other employees (e.g., trainers, supervisors, etc.) to engage in any of the following actions: |
Page 87 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
1. | Using vulgar, offensive, abusive, or sexually oriented language in communications with Customers. |
2. | Making derogatory references to race, color, religion, national origin, sex, age, sexual orientation, marital status, veteran’s status, or disability in communications with Customers. |
3. | Xxxxxxx, screaming, or making rude, argumentative, abrasive, or sarcastic comments in communications with Customers. |
4. | Flirting or making social engagements with Customers or AT&T representatives, including the exchange of personal email addresses. |
5. | Intentional acts of call avoidance, including but not limited to: |
A) | Intentional disconnection of a Customer during a call. |
B) | Intentional transfer of a call that the CSR is trained to handle back into the queue. |
C) | Intentional dissemination of inaccurate information or troubleshooting steps in order to release a call without assisting the Customer. |
D) | Intentionally ignoring a Customer that has been presented to the CSR from a call queue. |
6. | Intentionally abandoning a Customer on hold for an excessive period of time without providing a status update to the Customer. |
7. | Refusing to escalate to a supervisor at the Customer’s request. |
8. | Refusing to assist Customers with requests that the CSR is trained to handle. |
9. | Any unauthorized access, release, or use of confidential information, such as Customer account information. This shall include, but not be limited to, accessing a Customer’s email account without permission and/or creating a password for a Customer without authorization. |
10. | Retaining, collecting, accessing, and/or using Customer Information for reasons outside the scope of support of an Order. |
11. | Any attempt to falsify AT&T’s records or any record related to a Customer. |
12. | Any statements that intentionally misrepresent, or provide misleading information about, AT&T or its products, pricing, or promotions. |
13. | Any intentional or reckless acts that create a risk of compromising the privacy of Customer Information, including failure to strictly comply with the “Clean Desk Policy,” as defined herein and in Appendix D, which requires that AT&T Information be secured any time a CSR goes on a break or is away from the CSR’s work area. |
Page 88 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
ii. | Supplier shall submit a [***] report to AT&T’s Vendor Manager identifying any instances where any of the prohibited conduct listed in Subsection a of this Section occurred at a Supplier facility during the preceding month. Supplier shall deliver the report to AT&T’s Vendor Manager on the [***] or on the next business day if the [***] day is a weekend or holiday. This report shall include: (i) the name of the facility where the Incident occurred; (ii) the date of the Incident; (iii) a brief description of the Incident; and (iv) a brief description of the action taken by Supplier to address the Incident. Supplier shall not identify individual CSRs by name or identification number in such reports. |
iii. | Supplier and AT&T agree that violations of this Customer Protection Policy will injure AT&T’s relationships with its Customers and that the amount of such injury may be difficult to quantify. As a remedy for any such injury, Supplier and AT&T agree that, in the event that a Supplier CSR or other employee violates any of the above provisions of this Customer Protection Policy, Supplier shall pay to AT&T liquidated damages in the amount of [***] for each such violation. A violation is one provision one time. Multiple violations are those violations of the same provision more than once or of multiple provisions one or more times. AT&T will be entitled to collect this [***] under this Agreement. Such liquidated damages are not a penalty but rather represent a reasonable estimate of the damages that would occur from Supplier’s breach of the foregoing obligation. |
iv. | In order to protect its customers from further mistreatment in circumstances involving any of the behaviors that fall within the scope of Subsection b.i. of this Section, AT&T may request that Supplier immediately remove a CSR or any other employee of Supplier (e.g., trainers, supervisors, etc.) from all AT&T Programs. |
v. | Supplier shall be wholly responsible for accepting or rejecting a request to remove pursuant to Subsection b.iv. of this Section and for any other remedial measures related to the CSR or other employee of Supplier. [***] |
7.0 | RELATIONSHIP MANAGEMENT |
7.1 | Relationship Management |
a. | The Parties shall approach the relationship with Supplier performing the Services in a close working relationship with AT&T Technology Development, subject to Section 4.10, “Independent Contractor”, of this Agreement. Supplier will bring its expertise, knowledge, and technology solutions to AT&T Technology Development executive leadership, and shall work in concert with the AT&T Technology Development organization in bringing solutions to AT&T Business Units. |
b. | Supplier will reasonably endeavor to solicit the active participation by AT&T Global Supply Chain and AT&T Technology Development representation, prior to presentation of Technology Development-related solutions to the AT&T Business Unit, and Supplier will reasonably endeavor to include the AT&T Global Supply Chain and AT&T Technology Development representatives where appropriate in meetings with AT&T Business Units. |
Page 89 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
7.2 | Proposed Projects |
a. | Whenever AT&T is considering contracting with Supplier for a proposed Project, AT&T’s and Supplier’s Leadership representatives shall make reasonable efforts to meet or otherwise discuss the Project. A draft describing the requirement of Software and the Functionality required for such proposed Project may be prepared and submitted by AT&T to Supplier. Such description may include the name of the proposed Project, the name, address, and telephone number of AT&T’s Project Manager, any special time requirements for the proposed Project, the platform on which the Software is to operate and the programming language desired, any methods or criteria for testing the Software (in addition to or different from those specified elsewhere in this Agreement), and any other conditions which are significant to AT&T in considering the assignment of such Project. |
b. | Upon reasonable time to review the requirements, Supplier shall notify AT&T as to whether Supplier will submit to AT&T a Proposal Statement for the proposed Project. If Supplier elects to submit a Proposal Statement, it shall include, but not be limited to, each of the following items whenever such item is applicable to the Project: |
i. | Supplier’s interpretation of the initial scope of the functional specifications based on Supplier’s knowledge of AT&T’s technology direction, hardware, and software standards for such Project, and any Standard Software which will be used as a part of the Software, if applicable; |
ii. | Supplier’s license fees, and maintenance support fees, for any Standard Software which may be included in the Software, if applicable; |
iii. | Supplier’s estimate of the costs for the development of the Custom Software. Such estimate shall be in sufficient detail that AT&T may readily determine the costs applicable to the computer environment, Services, labor time, and Material. Such estimate shall provide either (i) a fixed fee, or (ii) an express statement that Supplier proposes to accomplish the development work on a time and charges basis; and |
iv. | The anticipated Delivery Date for the Software. |
c. | Such proposals shall include a breakdown of the estimated hours and expenses, where applicable. Estimates are provided based upon then- current information, and factors arising during the preparation of the Services Order or License Order may necessitate proposed changes in resource estimates and/or expenses. |
d. | Each such Proposal Statement shall be subject to AT&T’s written acceptance, and any such Proposal Statement may be modified as agreed by the Parties prior to placing a Services Order. |
e. | Within a reasonable time after receiving Supplier’s written Proposal Statement covering any proposed Project, AT&T shall notify Supplier in writing of AT&T’s acceptance or rejection of such Proposal Statement. AT&T shall also identify any requirements that have not already been addressed by Supplier in the Proposal Statement. |
f. | If the Proposal Statement is accepted, the Parties shall prepare an Order for Software and/or Services substantially similar to the Forms of Order in Appendix B, as applicable. Unless otherwise agreed in the Order, AT&T shall incur no obligation, cost, or expense as a result of Supplier’s preparation of a Proposal Statement or AT&T’s rejection of same. Supplier shall have no Liability in connection with (i) a Proposal Statement; (ii) an Order unless executed by both Parties; or (iii) rejection of a draft Order. |
Page 90 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
g. | AT&T shall have no obligation under this Agreement to compensate Supplier for any Services rendered absent the execution of an Order. |
h. | When such an Order is executed by AT&T and Supplier, Supplier shall proceed to develop such Custom Software or provide the applicable |
Services in compliance with the Specifications contained within such Order.
7.3 | Project Management |
a. | Supplier and AT&T shall each designate a Project Manager, and shall identify those individuals on the Order. The Project Managers shall act as the primary interface between the Parties during the development of Custom Software and Delivery of Services by Supplier. The Parties’ respective Project Managers shall be responsible for ensuring the continuity of communications between the Parties as the Project proceeds. |
b. | On a periodic basis during the development of Custom Software, the Parties shall meet for Supplier to inform AT&T of the Project status. Such meetings shall include each Party’s Project Manager as well as appropriate additional personnel and, where appropriate upon request, Supplier shall provide AT&T at each such meeting with a written status report on the work being performed by Supplier. Alternatively, the Parties may elect to forego all, or some, of such meetings and may agree that Supplier may simply provide AT&T with periodic written reports on the status of the Projects being undertaken by Supplier under this Agreement and related Orders, including appropriate financial information. The frequency of meetings and status reports shall be determined by the Project Managers. |
c. | AT&T may inspect any work and all related data and Documentation being performed by Supplier, including work being performed at Supplier’s premises, upon reasonable prior notice, as set forth in Section 3.31. AT&T shall conduct any such inspection in a manner which causes no delay or material disruption to the performance of the Project. |
d. | A Party shall notify the other in a timely fashion of any anticipated or known delay in the performance of any of its responsibilities and shall include all relevant information concerning the delay or potential delay. Any delay by AT&T shall increase any dependent Supplier deadline or milestone by a period at least equal to the amount of the AT&T delay. In such event the Parties will employ the agreed change management protocols to document the resultant changes to the Project Plan and anticipated fees and expenses. |
e. | Any Project change that reflects a material change in price or schedule must so specifically state in writing and be approved by both Parties in writing before a change is implemented by a Party. For avoidance of doubt, the changes agreed upon in writing between the Parties will be memorialized as an amendment to the applicable Order under which there is a material change to the Project. |
f. | In the event there is a dispute that will materially impact a Project that is not resolved by the Parties’ Project Managers, each Party shall be entitled to submit notice of the dispute to the other Party in writing, described in complete detail, and signed by an authorized representative of the disputing Party. Within fifteen (15) days after a Party receives a written description of the dispute, a meeting shall be conducted between the Parties’ respective account managers to |
Page 91 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
resolve the dispute. If the dispute is not resolved within fifteen (15) days after the initial dispute resolution meeting, the dispute shall be escalated to the higher management levels of the respective organizations. If the issue is not resolved within thirty (30) days following the meeting at the management levels, the dispute may be escalated to executive leadership defined in Section 4.5, “Dispute Resolution”. |
g. | If AT&T, within [***] days after commencement of work by an individual provided by Supplier, determines, in its sole discretion, that the individual does not demonstrate the training or the skills to perform the Services in a satisfactory fashion or is not performing the Services in a professional, effective, and efficient manner, the Parties’ Project Managers will attempt to resolve the matter within [***] days. If the Parties [***] Supplier shall [***] In addition to the above remedies, if any Supplier OnGoing Support personnel are not performing to AT&T’s reasonable satisfaction, the Parties shall attempt to resolve the problem within [***] days after the date on which AT&T escalates the matter to Supplier’s Project Manager. [***] shall be [***]. |
h. | In the event that Supplier subcontracts all or a portion of the Project to a Subcontractor the following will apply. Supplier shall notify AT&T in advance of utilizing a Subcontractor in accordance with Section 3.44, “Work Done By Others”, and such Subcontractors shall be identified by company name and work location on the Services Order. AT&T reserves the right to reasonably review and approve any or all Subcontractors used. Where required under the terms of the applicable Services Order, Supplier shall be responsible for all Acceptance testing including unit, chain, stress, and end-to-end production validation as part of the Delivery of the Subcontractor’s Material and/or Services to Supplier and Supplier shall review and/or audit the activities and work product(s) of the Subcontractor for managing the Custom Software subcontract and reporting results to AT&T, in accordance with the Order. Notwithstanding the foregoing, Supplier will not be required to identify to AT&T the name of a Subcontractor that is an Affiliate of Supplier, provided that Supplier will be responsible for performance by such Subcontractor as specified in this Section. |
i. | Knowledge transfer to the AT&T-named team is to be included as a part of every Project to the extent and in the manner specified in the applicable Order. This may include, but is not limited to, design walkthroughs, detailed design reviews, test result walkthroughs, processing and job flow review, operational and architectural review, environment review, and any other reasonable request at AT&T’s sole discretion, and the appropriate documentation as provided by Supplier. |
j. | If required by AT&T and specified in the Services Order, Supplier shall supply Project-related personnel for a post-termination transition period during which Supplier’s personnel remain on site, or available for consultation. The fees shall be no more than Supplier’s then- current standard rates, and the time frame for such a transition period shall be determined by AT&T and specified in the Services Order. |
7.4 | Hardware and Third Party Software Considerations |
a. | AT&T does not accept bundled Hardware and Software costs. Where a solution is proposed containing Hardware resale from Supplier, Supplier shall break out the Hardware component. |
b. | All Hardware and Third Party Software acquisitions by AT&T through Supplier should either align with AT&T’s corporate standards and strategic direction or be supported by an authorized Technology Strategies and Standards (“TSS”) exception, in either case as determined by AT&T and as such determination is communicated to Supplier. |
Page 92 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
c. | All Hardware and Third Party Software purchases by AT&T through Supplier will be managed through its defined acquisition process. |
d. | Except as otherwise agreed and provided in the Order, the terms and conditions governing the supply, warranty and maintenance, and other aspects of Hardware and Third Party Software purchases by AT&T through Supplier will be the terms and conditions offered by the relevant manufacturer(s) or vendor(s). |
e. | Supplier has, from time to time, reseller agreements with manufacturers and/or vendors of Hardware and Third Party Software. AT&T may allow Supplier to submit bids to AT&T to purchase such components through Supplier. |
8.0 | Standard Software License |
8.1 | License Grant |
Supplier grants to AT&T a non-exclusive, non-transferable (except as set forth in Section 3.4 or in the License Order), perpetual, irrevocable (subject to full payment (except of amounts in good faith dispute)) license to copy (as expressly permitted herein), Modify (as expressly permitted herein), and operate (collectively, “Use”) (i) the Standard Software identified in a License Order, and (ii) all New Releases, Restorals, Resolutions, and Updates, and all Revisions or similar types of deliverables relating to them that are covered under or to be provided under the applicable Maintenance Order, that Supplier shall make to such Standard Software which are provided by Supplier to AT&T under this Agreement. A license granted under this Agreement does not convey or transfer ownership of any copy of Standard Software. AT&T promises to limit its Use of the Standard Software as set forth in the following Section 8.3 entitled “Limitations on Use” and in the applicable License Order.
8.2 | License Fee |
a. | The license fee shall be specified in the applicable License Order. If the license fee is based upon a limitation on the number of Users, Named Users, or Concurrent Users authorized to use the Software and servers (as all may be detailed in the Order) (the “Use Parameters”) then AT&T may amend the License Order at any time to increase such Use Parameters by paying an additional fee, as agreed by the Parties, which shall be set forth in an amendment to the applicable License Order. |
b. | AT&T’s Use Parameters, if applicable, will be reviewed every [***], commencing on the first business day of the last calendar month of the first full calendar quarter following execution of this Agreement and on [***] thereafter (the “Verification Date”) to verify whether AT&T’s Use has exceeded the Use Parameters set forth in the applicable License Order. The Use levels as of each Verification Date shall be notified by AT&T to Supplier and, upon Supplier’s request, certified to Supplier by an authorized representative of AT&T within [***] of the Verification Date. If the level of AT&T’s Use at the time of such review, as compared to the level of Use at the previous Verification Date, has increased, then AT&T will pay Supplier subsequent license fees if and to the extent specified in the applicable License Order, in accordance with such increase. [***], Supplier shall have the right, through an independent |
Page 93 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
auditor of national standing reasonably acceptable to AT&T to be appointed by Supplier [***], to audit during normal business hours AT&T’s records relating to AT&T’s Use levels relating to the Standard Software solely for the purpose of confirming AT&T’s Use levels. Such audit shall be subject to AT&T’s standard confidentiality and security requirements. If the Use level revealed by such audit is [***] larger than the level provided to Supplier by AT&T, then without derogating from Supplier’s rights hereunder, [***]. Supplier may issue an invoice to AT&T for, and AT&T will pay against such invoice, subsequent license fees to Supplier no later than [***] following the Verification Date or, if applicable, [***] after an audit report issued in accordance with this Section showing that such subsequent license fees are due. |
8.3 | Limitations on Use |
a. | Internal Use – AT&T will Use the Standard Software only to perform and record the transactions of AT&T and AT&T Affiliates relating to AT&T’s and AT&T Affiliates’ business for AT&T’s and AT&T Affiliates’ customers with a presence in the United States, including their transactions and obligations involving Permitted Third Parties. AT&T will not Use the Standard Software to operate a commercial time- sharing service or commercial service bureau (i.e., providing transaction services as a part of an independent revenue-creating business) for anyone other than AT&T Affiliates. AT&T may Use the Standard Software to serve every AT&T Affiliate, except to the extent that a License Order expressly limits the group of AT&T Affiliates that the Standard Software may be used to serve. Notwithstanding the foregoing, AT&T may Use the Software for AT&T-branded or bundled products, which may include communications products of AT&T Affiliates and third parties. For the avoidance of doubt, the Parties may increase or reduce the limitations on permitted Use of Standard Software in the License Order for such Standard Software. |
b. | Designated Site – AT&T may Use the Standard Software at [***] locations where AT&T and AT&T Affiliates conduct business activities unless the License Order limits such Use to a Designated Site. If AT&T moves the work operations previously performed at a Designated Site to a new location, then, if the applicable License Order limits Use to the Designated Site, AT&T may nevertheless transfer the license to the new location, which shall thereupon become the new Designated Site in place of the location that was formerly the Designated Site and, during a reasonable transition period, not to exceed [***], AT&T may Use the Standard Software at both locations. Users and Permitted Third Parties may access the Standard Software from locations other than the Designated Site. AT&T may maintain backup and archival copies of the Software at a location other than the Designated Site. AT&T may conduct Acceptance Tests at a location other than the Designated Site. If a License Order identifies both a Designated Site and a Designated System, the license granted under the License Order shall be a Designated System license and not a Designated Site license. In such a case, the information concerning the Designated Site shall be deemed to be included only for the purpose of identifying the location of the Designated System at the time of Delivery. |
c. | Designated System – Subject to the scope of license specified in a License Order, AT&T may Use the Standard Software on [***] machines, systems, or networks, unless the License Order expressly limits such Use on a Designated System. If AT&T moves the work operations previously performed on a Designated System to a new machine, system, or network, then AT&T may transfer the license to such new machine, system, or network, which shall thereupon become the new Designated System in place of the former Designated System. |
Page 94 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
During a reasonable transition period, which shall not exceed [***], AT&T may Use the Standard Software on both the former Designated System and the new Designated System. Users and Permitted Third Parties may access the Standard Software from machines, systems, and networks other than those located at the Designated Site. |
d. | Users – AT&T may permit [***] Users to access and operate the Standard Software on its behalf, unless the License Order expressly limits the maximum number of Users who may Use the Standard Software. AT&T may permit [***] Users to access and operate the Standard Software concurrently, unless the License Order limits the number of Concurrent Users. AT&T may permit any User to access and operate the Standard Software, unless the License Order expressly promises to limit operation to Named Users. AT&T may reassign Named User passwords as long as they do not exceed the limit of Named Users. AT&T may permit Permitted Third Parties to access the Standard Software in order to complete their transactions with AT&T, subject to any limit a License Order may place on the numbers or types of Users. |
e. | Processing Speed – AT&T may install and operate the Standard Software on [***] machines having any processing aggregate capacity to process data at any speed, unless a License Order expressly limits the aggregate processing speed of all machines on which the Standard Software may be installed and Used. |
f. | Number of Copies – AT&T may make, store, and operate [***] copies of the Standard Software, unless a License Order expressly promises to limit the number of copies that AT&T may operate under the license. If a License Order expressly limits the number of copies that AT&T may operate, then AT&T may make and store a reasonable number of additional copies, above that limit, solely for backup and archival purposes. |
g. | Distribution and Transfer – Except as permitted in Section 3.4, AT&T will not distribute any copy of any Standard Software or transfer any license granted under this Agreement to any unlicensed entity, or grant a sublicense to any other party, without the prior written consent of Supplier. |
h. | Modification – AT&T may Modify the Standard Software only by use of the capabilities provided within the Standard Software itself unless the provisions of this Agreement or a License Order expressly entitle AT&T to receive and use source code and other Design Materials associated with the Standard Software. |
i. | Reverse Engineering – AT&T will not engage in any reverse engineering process intended to uncover and disclose the source code, when the modification capabilities provided within the Standard Software do not enable it to do so, unless provisions of this Agreement or the License Order expressly provide that AT&T has the right to receive source code or other Design Materials associated with the Standard Software and Supplier or its escrow agent have failed to turn them over following a proper demand from AT&T. |
8.4 | Modification |
a. | AT&T may alter, modify, add to, or make other changes to Standard Software provided hereunder at its own risk and expense or, subject to Section 3.16(f), contract with third parties for such modifications. AT&T shall notify such third parties of their non-disclosure obligations. The conditions and charges, if any, for Supplier support of such modifications shall be subject to separate agreement between AT&T and Supplier. Title to any such addition or Modification shall remain with AT&T. |
Page 95 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
b. | Supplier shall not be obligated to correct problems in Computer Programs or Software developed or modified by AT&T or any third party, including Computer Programs added to or interoperating with the Standard Software or arising from Use inconsistent with requirements stated in the Documentation; provided, however, that Supplier shall be required to respond to service calls reporting such problems and to determine to AT&T’s reasonable satisfaction that the Standard Software is not responsible for the problem or the inconsistent Use giving rise to the reported problem. Supplier may correct an Error by providing AT&T with reasonable operating instructions that correct the Error if such operating instructions do not conflict with, and are not inconsistent with, the terms of this Agreement or the applicable License Order. All corrections to the Standard Software will be performed only by Supplier or its Subcontractors. Supplier shall not be responsible to the extent any party other than Supplier or its Subcontractors corrects the Standard Software in any manner. Additionally, Maintenance does not encompass the remediation of problems or bugs determined by Supplier to have been caused by the failure or malfunction of any software, tools, equipment, or facilities not provided by Supplier. In the event a problem has been reported to Supplier and it is found that the problem is not an Error, Supplier shall have no obligation to correct such problem; provided, however, that, if Supplier incurs any out-of-pocket expenses in dispatching a Supplier employee to work on-site at AT&T to fix a problem that is found not to be an Error, AT&T shall reimburse Supplier for such documented expenses incurred, in accordance with AT&T’s expense policy. Supplier shall only be required to provide Maintenance for supported releases of the Standard Software (as defined in the applicable Maintenance Order). |
8.5 | Source Code Availability |
a. | If a License Order so provides, Supplier shall provide AT&T with a complete copy of the current version of the source code for the Standard Software and any other Design Material necessary to enable AT&T to maintain such Standard Software. Supplier shall provide, at no additional charge, such source code and Information prior to the originally scheduled Delivery Date and, during the term of this Agreement, Supplier shall promptly provide AT&T with copies of any changes in or additions to such source code or other Design Material. |
b. | Supplier shall cause AT&T to be named as a preferred beneficiary of Supplier’s Three-Party Master Depositor Escrow Services Agreement dated October 16, 2009, (the “Escrow Agreement”) between Amdocs Software Systems Limited and Iron Mountain Intellectual Property Management, Inc. (the “Escrow Agent”) subject to and in accordance with the terms of Appendix M. Within [***] of execution of a License Order for Standard Software, Supplier shall [***]. |
8.6 | Title |
AT&T acknowledges Supplier’s representation and agrees that, as between the Parties, all right, title, and interest to, and all copyrights, patents, trade secrets, and/or any other intellectual property rights in, the Standard Software are and will remain solely the property of Supplier and/or Supplier’s licensors (or affiliates). AT&T is granted no title or ownership rights in the Standard Software.
Page 96 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
9.0 | Execution of Agreement |
9.1 | Transmission of Original Signatures and Executing Multiple Counterparts |
Original signatures transmitted and received via facsimile or other electronic transmission of a scanned document (e.g., pdf or similar format) are true and valid signatures for all purposes hereunder and shall bind the Parties to the same extent as that of original signatures. This Agreement may be executed in multiple counterparts, each of which shall be deemed to constitute an original but all of which together shall constitute only one document.
THIS AGREEMENT CONTAINS A BINDING ARBITRATION
PROCEDURE WHICH MAY BE ENFORCED BY THE PARTIES.
IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed as of the Effective Date.
Amdocs Development Limited | AT&T Services, Inc. | |||||||
By: | /s/ Xxxxxx Xxxxxxx | By: | /s/ Xxxxx Xxxxx | |||||
Name: | Xxxxxx Xxxxxxx | Name: | Xxxxx Xxxxx | |||||
Title: | Authorized Signatory | Title: | Lead Sourcing Manager | |||||
Date: | October 14, 2021 | Date: | October 14, 2021 |
Page 97 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
APPENDICES
Page 98 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix A – Supplier’s Price(s)
Supplier shall provide Services, if any, including any applicable deliverables, for the following prices defined within this Appendix A.
A. | Job Classification Descriptions Examples |
Senior Project Manager/Senior Team Lead: [***] or more years’ experience in information technology with at least [***] in a Project Manager or Team Lead role. Proven ability to manage and lead projects of a large scale. Project Management Certification or Degree. Leadership and communication skills.
Project Manager/Team Leader: [***] or more years’ experience in information technology with at least [***] in a Project Manager or Team Lead role. Supplier Certified as a specialist in at least two applications or systems areas relevant to the Project. Demonstrated leadership experience, and solid communication skills; able to work independently and manage other employees.
Senior Developer/Analyst: [***] or more years’ programming or equivalent technical experience; good communication skills; application design experience. Supplier Certified as a specialist in at least one application or system relevant to the Project. Ability to create clear, concise, and detailed design documents.
Developer/Analyst: [***] or more years’ experience, program design and development experience; knowledge of applications or systems relevant to the Project; ability to write documentation and conduct unit and system level tests.
Entry Level Developer: Entry Level, typically with a university degree or equivalent qualifications, with one year or less programming experience, knowledgeable of structured programming and computer science principles require to meet the needs of AT&T.
Senior System Architect: The Senior System Architect is responsible for the same activities as the System Architect but has a broader scope of responsibilities and more in-depth business and technical knowledge. Responsible for multiple Projects or large complex Projects with cross- functional teams and business processes. Demonstrates expert knowledge in multiple technical and business functional areas as well as performing a larger leadership role in the organization. Applies broad in-depth business and technical knowledge to establish technical direction and priorities. Resolves and works on issues across multiple functional areas. Effectively monitors and takes action to ensure coordination and effectiveness of
all components and activities and decides on issues requiring escalation. Incumbents understand the system flow for a Project throughout an entire functional area (e.g., Billing, Customer Care), not just a subsystem area. He or she has medium to long range planning responsibilities.
System Architect: Responsible for providing technical system solutions and determining overall design direction. Provides technical leadership and is responsible for the technical integrity within a subsystem or application. Also provides technical expertise to generate maintainable, quality solutions. Includes documenting system requirements, creating application designs, validating high
Page 99 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
level designs to ensure accuracy and completeness against the business requirements, and programming the solutions. Attends Project meetings when technical advice is needed and communicates the Project design to other architects. May resolve design issues and develop strategies to make ongoing improvements that support system flexibility and performance. Assesses the technical feasibility of new technologies to enable integration into existing processes.
Senior Data Base Administrator: Responsible for high level database administration and related tasks on multiple DMBS platforms. Participates in the evaluation, selection, and implementation of appropriate DBMS based on client requirements. May create logical model and transform logical design into efficient physical databases, performing data normalization/denormalization, and considering volume, capacity, and requirements for performance, data conversion, purge/archive, and operation viability. Responsible for implementing database architecture strategies. Manages database administration projects that may span across parts of the enterprise and ensures that deliverables are completed on time. Strives to drive overall costs lower for database performance, data conversion, and administration services. Acts as consultant to clients and other IT organizations on database-related issues. Leads efforts to implement standards across the enterprise for ease of support and recovery in relation to database administration (database security, disaster recovery, scripts, and database documentation). Evaluates and deploys new technology to improve database efficiency and recoverability. Performs advanced problem determination and recoveries. Mentors Database Administrators and Associate Analysts.
Database Administrator: Responsible for database administration and related tasks on one or more DMBS platforms. Under the guidance of the Sr. DBA, may create logical model and transform logical design into efficient physical databases, performing data normalization/denormalization, and considering volume, capacity, and requirements for performance, data conversion, purge/archive and operation viability. Responsible for meeting assigned deliverables. Responsible for assisting in driving overall costs lower for database performance, data conversion, and administration services. Works with clients and other IT organizations to ensure positive impact. May consult with clients on database admin- related issues and design considerations. Implements standards across the enterprise for ease of support and recovery in relation to database administration (database security, disaster recovery, scripts, and database documentation standards).
B. | Rates |
i. | All rates defined below are based on a fixed price monthly amount of [***], and are applicable to new Orders, additions of scope to existing Orders, and extensions of existing Orders executed between the Parties against this Agreement. |
ii. | Consulting Services |
The fixed price for Consulting Services is a [***] of [***]
iii. | Non-Consulting and Requirements Services |
The fixed price for Non-Consulting and Requirements Services is a [***] of [***]
iv. | Production Support Services |
The fixed price for Production Support Services is a [***] of [***]
v. | Development Services |
The fixed price for Development Services is a [***] of [***]
vi. | Testing Services |
The fixed price for Testing Services is a [***] of [***]
Page 100 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Supplier Material prices will be handled in an Order.
C. | Maintenance Fees: Maintenance Fees shall be set forth in the applicable Order. |
Page 101 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix B – Forms of Order
Page 102 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix B, Exhibit 1 – For Orders Requiring Signature
Page 103 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Order
No. 53258.W.<XXX>
Between
Amdocs Development Limited
And
AT&T Services, Inc.
Page 104 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Order
This Order is by and between Amdocs Development Limited, a Cyprus corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), and shall be governed pursuant to the terms and conditions of Master Services Agreement Number 53258.C (as amended, the “Master Services Agreement”), which by this reference are incorporated as if fully set forth herein. Any terms and conditions in this Order that vary from or are inconsistent with the terms and conditions of the Master Services Agreement shall apply to this Order only, and shall survive the termination or expiration of the Master Services Agreement.
For the avoidance of doubt, terms and conditions preprinted on any Purchase Order or Purchase Order acceptance or acknowledgement (if any) shall not be given any effect as they are superseded by the terms and conditions herein.
1. | AT&T Agreement Number: 53258.W.<XXX> must appear on all invoices |
Amdocs Order Number: <Enter No.>
2. | Term of Services: Effective dates are <Month, DD, YYYY>, through <Month, DD, YYYY>. |
3. | Project Name and Description: <Enter Details> |
4. | The Custom Software and Program Material and/or Scope of Other Services Ordered: |
This Order is to <Enter specific details>
5. | Third Party Software: <Enter here if any; “None” is acceptable> |
6. | Additional Items Ordered: <Enter here if any; “None” is acceptable> |
7. | Milestones/Resources: |
a. | Milestones: |
Planned milestones as of the Effective Date of this Order are as follows:
<Table below is an example and may be modified as required>
Milestone No. |
Description | Date | ||||||
1 |
b. | Offshore Resources: |
Amdocs Offshore resources working on this Order may be located at AT&T-approved locations found in the Master Services Agreement, and at the following address(es):
<Address Number Street and Room>
<City, State/Province Zip>
<Country>
Page 105 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Amdocs Offshore resources can only access AT&T Systems/data in accordance with the Master Services Agreement, Appendix D, “Security and Offshore Requirements”.
c. | USA-Based Resources: |
Amdocs USA-based resources shall work pursuant to the general directions provided by AT&T to Amdocs towards the assigned milestones but shall not in any way be deemed to be employees of AT&T.
d. | Staffing Details: |
Planned roles and full time equivalent (“FTE”) resources needed:
<Table below is an example and may be modified as required>
Role |
USA-Based FTEs | Offshore FTEs | Total | |||||||||
8. | Deliverables/Release Items: |
Amdocs will provide the deliverables and/or release items for the Project as defined in this Section and the table below.
<Table below is an example and may be modified as required>
Milestone No. |
Deliverable | Description | Estimated Delivery Date | |||
9. | Application Components: <Enter details below, “None” is acceptable and delete table> The following applications are included in the scope of this Order. |
MOTS ID |
Application Name | % of time spent on Application | ||||||
Total |
100 | % |
10. | Amdocs Responsibilities: <Enter details below, “None” is acceptable> |
In addition to providing the deliverables herein, Amdocs will be responsible for the following:
• | <List additional Amdocs Responsibilities> |
11. | AT&T Responsibilities: <Enter details below, “None” is acceptable> |
In addition to AT&T Responsibilities defined in Section 3.43g of the Master Services Agreement, AT&T will be responsible for the following:
• | <List additional AT&T Responsibilities> |
Page 106 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
12. | Compensation: |
This is a <fixed price or Time and Materials (“T&M”)> Order for the <total amount or not-to-exceed amount> of <Enter amount> for the
Work effort. The total price is based on <Enter basis for pricing, e.g. rate, monthly or hourly, any proration, and/or assumed hours>.
<Enter Travel and living expenses language in accordance with the Master Services Agreement, if applicable> The following table represents the payment schedule for this Order:
PaymentSchedule:
<Table below is an example and may be modified as required>
Activity During |
FTEs | Rate | Total Invoice |
Invoice Date |
||||||||||||
Total |
13. | Project Managers: |
AT&T:
<AT&T Contact Name>
<Title>
<Street and Room>
<City, State Zip>
<xxxxx@xxx.xxx>
Amdocs:
<Amdocs PM Contact Name>
<Title>
<Street and Room>
<City, State Zip>
<xxxxx@xxxxxx.xxx>
14. | Special Terms and Conditions: |
a. | Invoice/Billing |
Invoices and billing information are to be sent electronically to:
<Enter applicable AT&T Business Unit/Finance Name>: <xxxxx@xxx.xxx>
Copies of all invoices are to be sent to:
<AT&T Contact Name>
<Title>
<Street and Room>
<City, State Zip>
<xxxxx@xxx.xxx>
Page 107 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
AT&T will notify Amdocs of any changes regarding invoices and billing information at <Enter Phone Number (xxx)xxx-xxxx> or email: <XXXX@xxxxxx.xxx>.
b. | The following terms and conditions shall be applicable to the deliverables to be provided by Amdocs under this Order: |
i. | Amdocs shall provide the deliverables set forth in this Order on a project/deliverables basis for the not-to-exceed amount set forth in Section 12. The scope of the project shall not be changed without agreement of the Parties in accordance with the Change Management Process. The Parties anticipate that the Work will be completed and/or the deliverables provided by , 202_. Should either Party reasonably believe that the scope of the project or deliverables has changed or that, due to unforeseen difficulties, the project cannot be completed and/or the deliverables provided by that date, that Party shall have the right to request that the Parties negotiate in good faith to change the scope of the project or deliverables, the time frame within which the project will be completed and/or the deliverables provided, and/or the compensation to be paid to Amdocs for the deliverables. |
ii. | Amdocs shall be responsible for providing the deliverables in accordance with the descriptions set forth in this Order. |
iii. | Amdocs agrees that all dates for provision of the deliverables are firm, and Amdocs will complete performance in material conformance with the specifications and requirements set forth above. Deliverables provided by Amdocs shall be deemed to be accepted by AT&T when they are provided in accordance with such specification and requirements (“Acceptance”). |
iv. | Amdocs shall be solely responsible for the resources it uses to provide the deliverables. Amdocs shall be responsible to select the resources to provide the deliverables, and AT&T shall not have the right to, and shall not, select, interview, or otherwise influence Amdocs in the selection process. It shall be Amdocs’ responsibility to select resources with the appropriate skills and experience to provide the deliverables. Amdocs shall be responsible at its own expense to ensure that all resources are properly trained. Supplier shall supervise the resources in such a manner as to ensure that the deliverables are timely provided in accordance with the specifications and requirements set forth herein. Amdocs shall designate a point of contact to be the liaison between Amdocs’ resources and AT&T. That point of contact shall be responsible for clarifying any issues about the deliverables with AT&T, and AT&T shall not have any right to control any of the resources or the means or method of Amdocs’ provision of the deliverables. |
v. | Amdocs shall set the work schedule of its resources in order to timely complete the deliverables, and shall be responsible for any modifications to the work schedule. |
vi. | Amdocs is solely responsible for all matters relating to compensation and benefits, including payroll taxes, unemployment compensation, disability insurance, and health and welfare benefits, of all resources who provide the deliverables. Amdocs shall also be responsible for compliance with all Laws dealing with working conditions, including payment of any overtime worked by Xxxxxx’ resources required by such Laws. |
Page 108 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
vii. | Amdocs agrees that it is providing the deliverables as described in this Order and Amdocs is managing the resources providing the deliverables. |
viii. | Amdocs shall manage its resources data in AT&T’s selected vendor management systems as it relates to assignment start and end dates, contract/PO # and deliverables-based classification. Resource end dates must correspond to the term of this Order. |
15. | Liquidated Damages for Delay in Delivery: <Will be applied only if relevant> |
Delayed Delivery Dates under this Order shall be handled in accordance with Section 4.9, “Liquidated Damages for Delay in Delivery,” of the Master Services Agreement.
16. | Error Severity Level Description And Resolution Plan: <Will be applied only if relevant> |
Errors found in the Custom Software or Ongoing Support provided under this Order shall be handled in accordance with Section 4.8, “Error Severity Level Description And Resolution Plan,” of the Master Services Agreement.
17. | Payment Terms: |
Payment terms for invoices issued under this Order shall be in accordance with Section 3.19, “Invoicing and Payment,” of the Master Services Agreement, which are, as of the Effective Date of this Order, net [***] days from the date of receipt of the invoice.
18. | Ownership of Paid-For Development: |
For the avoidance of doubt, and for purposes of interpreting AT&T’s right to Program Material and Documentation created hereunder, title to all Work output hereunder shall be determined in accordance with the Master Services Agreement, Section 3.27, “Ownership of Paid-For Development, Use and Reservation of Rights”. <Replace with other terms if agreed by the Parties>
19. | Information: |
In addition to all other rights provided by Section 3.16, “Information”, pursuant to the Master Services Agreement, any Information received by Amdocs from AT&T or other parties engaged in this Work shall be considered and treated as confidential Information under the Order, regardless of any requirement to put it in writing under the Master Services Agreement or separate Non-Disclosure Agreement (NDA).
20. | Termination: |
The Termination and Partial Termination provisions applicable to this Order are contained in Section 3.36, “Termination”, of the Master Services Agreement. <Replace with other terms if agreed by the Parties>
Page 109 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
IN WITNESS WHEREOF, the Parties have caused this Order to be executed as of the Effective Date.
Amdocs Development Limited | AT&T Services, Inc. | |||||||
By: | By: | |||||||
Name: | <Supplier Signatory Name> | Name: | Xxxxx Xxxxx | |||||
Title: | <Supplier Signatory Title> | Title: | Lead Sourcing Manager | |||||
Date: | Date: |
Page 110 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix B, Exhibit 2 – For Use When Issuing A Purchase Order
Page 111 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
No. 53258.Z.<XXX>
Between
Amdocs Development Limited.
And
AT&T Services, Inc.
Page 112 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
This Statement of Work (“SOW”) is by and between Amdocs Development Limited, a Cyprus corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), and shall become a part of a Purchase Order which is governed pursuant to the terms and conditions of Master Services Agreement Number 53258.C (as amended, the “Master Services Agreement”), which by this reference are incorporated as if fully set forth herein. Any terms and conditions in this SOW that vary from or are inconsistent with the terms and conditions of the Master Services Agreement shall apply to this SOW only, and shall survive the Termination or expiration of the Master Services Agreement.
For the avoidance of doubt, terms and conditions preprinted on any Purchase Order or Purchase Order acceptance or acknowledgement (if any) shall not be given any effect as they are superseded by the terms and conditions herein.
1. | AT&T Agreement Number: 53258. Z.<XXX> must appear on all invoices |
Amdocs Order Number: <Enter No.>
2. | Term of Services: Effective dates are <Month, DD, YYYY>, through <Month, DD, YYYY>. |
3. | Project Name and Description: <Enter Details> |
4. | The Custom Software and Program Material and/or Scope of Other Services Ordered: This SOW is to <Enter specific details> |
5. | Third Party Software: <Enter here if any; “None” is acceptable> |
6. | Additional Items Ordered: <Enter here if any; “None” is acceptable> |
7. | Milestones/Resources: |
a. | Milestones: |
Planned milestones as of the Effective Date of this SOW are as follows:
<Table below is an example and may be modified as required>
Milestone No. |
Description | Date | ||||||
1 |
b. | Offshore Resources: |
Amdocs Offshore resources working on this SOW may be located at AT&T-approved locations found in the Master Services Agreement, and at the following address(es):
<Address Number Street and Room>
<City, State/Province Zip>
<Country>
Amdocs Offshore resources can only access AT&T Systems/data in accordance with the Master Services Agreement, Appendix D, “Security and Offshore Requirements”.
Page 113 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
c. | USA-Based Resources: |
Amdocs USA-based resources shall work pursuant to the general directions provided by AT&T to Amdocs towards the assigned milestones but shall not in any way be deemed to be employees of AT&T.
d. | Staffing Details: |
Planned roles and full time equivalent (“FTE”) resources needed:
<Table below is an example and may be modified as required>
Role |
USA-Based FTEs | Offshore FTEs | Total | |||||||||
8. | Deliverables/Release Items: |
Amdocs will provide the deliverables and/or release items for the Project as defined in this Section and the table below.
<Table below is an example and may be modified as required>
Milestone No. |
Deliverable | Description | Estimated Delivery Date |
|||||||||
9. | Application Components: <Enter details below, “None” is acceptable and delete table> |
The following applications are included in the scope of this SOW.
MOTS ID |
Application Name | % of time spent on Application | ||||
Total | 100% |
10. | Amdocs Responsibilities: <Enter details below, “None” is acceptable> In addition to providing the deliverables herein, Amdocs will be responsible for the following: |
• | <List additional Amdocs Responsibilities> |
11. | AT&T Responsibilities: <Enter details below, “None” is acceptable> |
In addition to AT&T Responsibilities defined in Section 3.43g of the Master Services Agreement, AT&T will be responsible for the following:
• | <List additional AT&T Responsibilities> |
12. | Compensation: |
This is a <fixed price or Time and Materials (“T&M”)> SOW for the <total amount or not-to-exceed amount> of <Enter amount> for the Work effort. The total price is based on <Enter basis for pricing, e.g. rate, monthly or hourly, any proration, and/or assumed hours>.
<Enter Travel and living expenses language in accordance with the Master Services Agreement, if applicable>
Page 114 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
The following table represents the payment schedule for this SOW:
Payment Schedule:
<Table below is an example and may be modified as required>
Activity During |
FTEs | Rate | Total Invoice | Invoice Date | ||||||||||||||
|
|
|
|
|
|
|
|
|
||||||||||
|
|
|
|
|
|
|
|
|
||||||||||
|
||||||||||||||||||
Total |
||||||||||||||||||
|
|
|
|
|
|
|
|
13. | Project Managers: |
AT&T:
<AT&T Contact Name>
<Title>
<Street and Room>
<City, State Zip>
<xxxxx@xxx.xxx>
Amdocs:
<Amdocs PM Contact Name>
<Title>
<Street and Room>
<City, State Zip>
<xxxxx@xxxxxx.xxx>
14. | Special Terms and Conditions: |
a. Invoice/Billing
Invoices and billing information are to be sent electronically to:
<Enter applicable AT&T Business Unit/Finance Name>: <xxxxx@xxx.xxx>
Copies of all invoices are to be sent to:
<AT&T Contact Name>
<Title>
<Street and Room>
<City, State Zip>
<xxxxx@xxx.xxx>
AT&T will notify Amdocs of any changes regarding invoices and billing information at <Enter Phone Number (xxx)xxx-xxxx> or email:
<XXXX@xxxxxx.xxx>.
Page 115 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
c. | The following terms and conditions shall be applicable to the deliverables to be provided by Amdocs under this SOW: |
i. | Amdocs shall provide the deliverables set forth in this SOW on a project/deliverables basis for the not-to-exceed amount set forth in Section 12. The scope of the project shall not be changed without agreement of the Parties in accordance with the Change Management Process. The Parties anticipate that the Work will be completed and/or the deliverables provided by , 202 . Should either Party reasonably believe that the scope of the project or deliverables has changed or that, due to unforeseen difficulties, the project cannot be completed and/or the deliverables provided by that date, that Party shall have the right to request that the Parties negotiate in good faith to change the scope of the project or deliverables, the time frame within which the project will be completed and/or the deliverables provided, and/or the compensation to be paid to Amdocs for the deliverables. |
ii. | Amdocs shall be responsible for providing the deliverables in accordance with the descriptions set forth in this SOW. |
iii. | Amdocs agrees that all dates for provision of the deliverables are firm, and Amdocs will complete performance in material conformance with the specifications and requirements set forth above. Deliverables provided by Amdocs shall be deemed to be accepted by AT&T when they are provided in accordance with such specification and requirements (“Acceptance”). |
iv. | Amdocs shall be solely responsible for the resources it uses to provide the deliverables. Amdocs shall be responsible to select the resources to provide the deliverables, and AT&T shall not have the right to, and shall not, select, interview, or otherwise influence Amdocs in the selection process. It shall be Amdocs’ responsibility to select resources with the appropriate skills and experience to provide the deliverables. Amdocs shall be responsible at its own expense to ensure that all resources are properly trained. Supplier shall supervise the resources in such a manner as to ensure that the deliverables are timely provided in accordance with the specifications and requirements set forth herein. Amdocs shall designate a point of contact to be the liaison between Amdocs’ resources and AT&T. That point of contact shall be responsible for clarifying any issues about the deliverables with AT&T, and AT&T shall not have any right to control any of the resources or the means or method of Amdocs’ provision of the deliverables. |
v. | Amdocs shall set the work schedule of its resources in order to timely complete the deliverables, and shall be responsible for any modifications to the work schedule. |
vi. | Amdocs is solely responsible for all matters relating to compensation and benefits, including payroll taxes, unemployment compensation, disability insurance, and health and welfare benefits, of all resources who provide the deliverables. Amdocs shall also be responsible for compliance with all Laws dealing with working conditions, including payment of any overtime worked by Xxxxxx’ resources required by such Laws. |
vii. | Amdocs agrees that it is providing the deliverables as described in this SOW and Amdocs is managing the resources providing the deliverables. |
Page 116 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
viii. | Amdocs shall manage its resources data in AT&T’s selected vendor management systems as it relates to assignment start and end dates, contract/PO # and deliverables-based classification. Resource end dates must correspond to the term of this SOW. |
15. | Liquidated Damages for Delay in Delivery: <Will be applied only if relevant> |
Delayed Delivery Dates under this SOW shall be handled in accordance with Section 4.9, “Liquidated Damages for Delay in Delivery,” of the Master Services Agreement.
16. | Error Severity Level Description And Resolution Plan: <Will be applied only if relevant> |
Errors found in the Custom Software or Ongoing Support provided under this SOW shall be handled in accordance with Section 4.8, “Error Severity Level Description And Resolution Plan,” of the Master Services Agreement.
17. | Payment Terms: |
Payment terms for invoices issued under this SOW shall be in accordance with Section 3.19, “Invoicing and Payment” of the Master Services Agreement, which are, as of the Effective Date of this SOW, net [***] days from the date of receipt of the invoice.
18. | Ownership of Paid-For Development: |
For the avoidance of doubt, and for purposes of interpreting AT&T’s right to Program Material and Documentation created hereunder, title to all Work output hereunder shall be determined in accordance with the Master Services Agreement, Section 3.27, “Ownership of Paid-For Development, Use and Reservation of Rights”. <Replace with other terms if agreed by the Parties>
19. | Information: |
In addition to all other rights provided by Section 3.16, “Information”, pursuant to the Master Services Agreement, any Information received by Amdocs from AT&T or other parties engaged in this Work shall be considered and treated as confidential Information under the SOW, regardless of any requirement to put it in writing under the Master Services Agreement or separate Non-Disclosure Agreement (NDA).
20. | Termination: |
The Termination and Partial Termination provisions applicable to this SOW are contained in Section 3.36, “Termination”, of the Master Services Agreement. <Replace with other terms if agreed by the Parties>
Page 117 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix B, Exhibit 3 – For License Orders for Standard Software
Important: Mark this Order number on all Invoices |
License Order Number: |
|
Effective/Order Date: | : | ||||||||
Supplier Name |
Buyer Name | |||||||||||
Xxxxxxx |
Xxxxxxx | |||||||||||
Xxxx, Xxxxx, Xxx |
Xxxx, Xxxxx, Zip | |||||||||||
Send Invoices |
Refer Questions To: | |||||||||||
To: |
This Order is issued subject to the Terms and Conditions of Master Agreement No. 53258.C (as amended, the “Master Agreement”), which are incorporated herein by this reference.
Description: Supplier shall provide the following Computer Programs together with all user instructions and manuals and other information necessary to enable Buyer to use the Computer Programs (“Software”):
Amdocs Licensing Entity:
Licensed AT&T Affiliates / Users:
The following AT&T Affiliates and Users are added to the standard licensed AT&T Affiliates and Users licensed under Section 8.0 of the Master Agreement permitted to Use the Software under this Order:
☐ | No additional AT&T Affiliates or Users |
☐ | Additional AT&T Affiliates and Users: |
Notwithstanding Section 8.0 of the Master Agreement, the following AT&T Affiliates and Users are not permitted to Use the Software under this Order:
☐ | None |
☐ | Excluded AT&T Affiliates and Users: |
Variations in Scope of License:
The following license rights and license restrictions (in addition to the rights and restrictions set forth in Section 8.0 of the Master Agreement) apply to the Use of the Software under this Order.
☐ | None |
☐ | Additional Rights: |
☐ | Additional Restrictions: |
Published Specifications: (Attach (or reference) Published Specifications to this Order)
Page 118 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
The license fee for the Use of the Software is as follows:
The annual charge for Maintenance services is [***] of the license fee set forth above (plus any subsequent license fees, if applicable), subject to increases by a percentage amount not to exceed the year-to-date percentage increase in the Consumer Price Index for All Urban Consumers (“CPI-U”), Selected Areas, U.S. City Average, as published in the month preceding the month in which the price increase is proposed. The maximum permissible annual increase shall be [***]
Acceptance Test Plan: (Attach Test Plan to this Order)
Duration of Acceptance Test Period: ☐ 60 days ☐ 30 days ☐ Other:
Additional Warranty Period (Beyond six month default): ☐ None ☐ 6 months ☐ 9 months ☐ Other
Maintenance:
☐ | Check here if Maintenance services are included in this Order. |
The Delivery Date for the Software shall be as follows: |
The delivery location for the Software shall be: | |
Source Code ☐ will ☐ will not be delivered for Software. |
Delivery shall be made by: | |
☐ Electronic Transmission | ||
☐ Other (Specify Type): |
Scope of license (check one and provide additional information in the corresponding column): |
Designated System: |
Designated Site: | ||
☐ Enterprise License |
Manufacturer’s Name: |
Street Address: | ||
☐ Designated System |
Model Name: |
| ||
☐ Designated Site |
Model Number: | City, State, and Zip Code: | ||
☐ Other |
Serial Number: |
|
Number of Users: The number Users authorized to Use the Software licensed under this Order is unlimited unless a limited number is entered here:
The maximum number of Users authorized to Use the Software under this Order is ( ). |
Number of Copies/Server Instances: If this is a Designated Site or Enterprise License, AT&T is authorized to Use an unlimited number of copies or server instances of the Software unless a limited number is entered here: | |
The maximum number of copies/server instances Buyer is authorized to Use under this Order is ( ). |
IN WITNESS WHEREOF, each of the Parties has caused this Order to be executed by its duly authorized representative.
Supplier Name: |
Title: | Date: | Signature: | |||
Buyer Name: |
Title: | Date: | Signature: |
Page 119 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix C – Offshore Locations
The Parties agree that the following are AT&T-approved locations as of the Effective Date of this Agreement and any modifications to this list shall be managed in accordance with Section 3.24.
Countries where services are authorized by AT&T to be performed (physical location address is also required if the Services involve Information Technology-related work or if a “virtual” or “work-from-home” address is authorized) |
Cities where services will be performed for AT&T |
Services to be performed at approved Physical Location |
Name of Supplier / Supplier Affiliate, and/or Subcontractor performing the services | |||||
Brazil |
[***] | [***] | [***] | [***] | ||||
Brazil |
[***] | [***] | [***] | [***] | ||||
Brazil |
[***] | [***] | [***] | [***] | ||||
Brazil |
[***] | [***] | [***] | [***] | ||||
Brazil |
[***] | [***] | [***] | [***] | ||||
Brazil |
[***] | [***] | [***] | [***] |
Page 120 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Countries where services are authorized by AT&T to be performed (physical location address is also required if the Services involve Information Technology-related work or if a “virtual” or “work-from-home” address is authorized) |
Cities where services will be performed for AT&T |
Services to be performed at approved Physical Location |
Name of Supplier / Supplier Affiliate, and/or Subcontractor performing the services | |||||
Brazil |
[***] | [***] | [***] | [***] | ||||
Brazil |
[***] | [***] | [***] | [***] | ||||
Brazil |
[***] | [***] | [***] | [***] | ||||
Canada |
[***] | [***] | [***] | [***] | ||||
Canada |
[***] | [***] | [***] | [***] | ||||
Cyprus |
[***] | [***] | [***] | [***] | ||||
Cyprus |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] |
Page 121 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Countries where services are authorized by AT&T to be performed (physical location address is also required if the Services involve Information Technology-related work or if a “virtual” or “work-from-home” address is authorized) |
Cities where services will be performed for AT&T |
Services to be performed at approved Physical Location |
Name of Supplier / Supplier Affiliate, and/or Subcontractor performing the services | |||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] |
Page 122 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Countries where services are authorized by AT&T to be performed (physical location address is also required if the Services involve Information Technology-related work or if a “virtual” or “work-from-home” address is authorized) |
Cities where services will be performed for AT&T |
Services to be performed at approved Physical Location |
Name of Supplier / Supplier Affiliate, and/or Subcontractor performing the services | |||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | ||||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] |
Page 123 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Countries where services are authorized by AT&T to be performed (physical location address is also required if the Services involve Information Technology-related work or if a “virtual” or “work-from-home” address is authorized) |
Cities where services will be performed for AT&T |
Services to be performed at approved Physical Location |
Name of Supplier / Supplier Affiliate, and/or Subcontractor performing the services | |||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
India |
[***] | [***] | [***] | [***] | ||||
Israel |
[***] | [***] | [***] | [***] | ||||
Israel |
[***] | [***] | [***] | [***] | ||||
Israel |
[***] | [***] | [***] | [***] | ||||
Israel |
[***] | [***] | [***] | [***] | ||||
Israel |
[***] | [***] | [***] | [***] | ||||
Israel |
[***] | [***] | [***] | [***] | ||||
Israel |
[***] | [***] | [***] | [***] | ||||
Israel |
[***] | [***] | [***] | [***] | ||||
Israel |
[***] | [***] | [***] | [***] | ||||
Mexico |
[***] | [***] | [***] | [***] | ||||
Mexico |
[***] | [***] | [***] | [***] | ||||
Mexico |
[***] | [***] | [***] | [***] |
Page 124 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Mexico |
[ | ***] | [ | ***] | [ | ***] | [ | ***] | ||||||||
Mexico |
[ | ***] | [ | ***] | [ | ***] | [ | ***] | ||||||||
Mexico |
[ | ***] | [ | ***] | [ | ***] | [ | ***] | ||||||||
Mexico |
[ | ***] | [ | ***] | [ | ***] | [ | ***] | ||||||||
Mexico |
[ | ***] | [ | ***] | [ | ***] | [ | ***] | ||||||||
Mexico |
[ | ***] | [ | ***] | [ | ***] | [ | ***] | ||||||||
Mexico |
[ | ***] | [ | ***] | [ | ***] | [ | ***] |
Page 125 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Countries where services are authorized by AT&T to be performed (physical location address is also required if the Services involve Information Technology-related work or if a “virtual” or “work-from-home” address is authorized) |
Cities where services will be performed for AT&T |
Services to be performed at approved |
Name of Supplier / Supplier
Affiliate, and/or performing the services | |||||
Mexico |
[***] | [***] | [***] | [***] | ||||
UK |
[***] | [***] | [***] | [***] | ||||
UK |
[***] | [***] | [***] | [***] |
Page 126 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix D – Security and Offshore Requirements
Supplier Information Security Requirements (“SISR”); Offshore Information Technology Services Requirements; Requirements for Offshore Information Technology Services Requiring Elevated Rights; and Limited Offshore Remote Access (“XXXX”)
AT&T Supplier Information Security Requirements (SISR) – v6.5, January 2020
The following AT&T Supplier Information Security Requirements (“Security Requirements”) apply to Supplier Entities when performing any action, activity or work under the Agreement where any of the following occur (hereinafter referred to as “In-Scope Work”):
1. | The collection, storage, handling, backup, disposal, and/or access to In-Scope Information; |
2. | Providing or supporting AT&T branded applications and/or services using non-AT&T Information Resources; |
3. | Connectivity to AT&T’s Nonpublic Information Resources; |
4. | The development or customization of any software for AT&T; or |
5. | Website hosting and/or development for AT&T. |
These Security Requirements (i) are not intended to apply to products or applications acquired from the Supplier by AT&T for use by AT&T, and (ii) shall not limit more stringent security or other obligations set forth elsewhere in the Agreement. Upon request, Supplier shall provide to AT&T or its delegate evidence of compliance with these Security Requirements, which may include copies of policies, procedures, network data flow diagrams, reports, and other supporting documentation.
Definitions:
Unless otherwise set forth in these Security Requirements, capitalized terms shall have the same meaning as set forth in the Agreement. For the avoidance of doubt, where there is a conflict between capitalized terms found in the SISR and those found elsewhere in the Agreement, the capitalized terms found in the SISR shall control.
“Administrative User” means a user with super user or elevated/enhanced security rights and permission for configuring, controlling, installing, or managing Information Resources. This is applicable regardless of the types of devices and environments managed, including within Supplier’s facilities and/or within Cloud Service Provider (CSP) cloud environments.
“Cloud Service” is a service delivered via an “as a Service” cloud service model (e.g., Software as a Service (SaaS), Storage as a Service (XXxxX), Database as a Service (DBaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS)).
“Cyber Security” is the protection of Information Resources and In-Scope Information from attacks, data theft, breaches, unauthorized access, social engineering, credential sharing, and other similar security threats.
Page 127 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
“Demilitarized Zone” or “DMZ” is a network or sub-network that sits between a trusted internal network, such as a corporate private Local Area Network (LAN), and an untrusted external network, such as the Internet. A DMZ helps prevent outside users from gaining direct access to trusted internal networks. Inbound packets from the untrusted external network terminate within the DMZ and are not allowed to flow directly through to the trusted internal network and all inbound packets that flow to the trusted internal network must originate within the DMZ.
“Information” means confidential or proprietary data and information regardless of form (e.g., tangible, intangible, electronic), method of transmission (e.g., mail, electronic mail), or whether in the possession of the other Party prior to the Agreement Effective Date, including (a) any data or information of a third party with respect to which a Party owes a duty of confidentiality, that is reasonably related to either: (i) this Agreement or any Order; or (ii) the potential acquisition by AT&T of Supplier products or services that are beyond the scope of this Agreement or an Order; (b) SPI, trade secrets, discoveries, ideas, concepts, know-how, techniques, processes, procedures, designs, specifications, strategic information, proposals, requests for proposals/information, products or proposed products, drawings, blueprints, tracings, diagrams, models, samples, flow charts, databases, data sets, algorithms, software, code, computer programs, marketing plans, operational information, network architecture, engineering information, infrastructure components and configuration, networks, systems, facilities, products, rates, regulatory compliance, competitors and other technical, financial, or business information; and (c) with respect to the respective Party, AT&T Customer Information, AT&T Data Assets, AT&T Derived Information, and Supplier Customer Information.
“Information Resource(s)” means systems, applications, websites, networks, network elements, and other computing and information storage devices, along with the underlying technologies and delivery methods (e.g., social networks, mobile technologies, Mobile and Portable Devices, Cloud Services, data analytics, call and voice/video recording, Application Program Interfaces (APIs)), used in connection with In-Scope Work.
“In-Scope Information” means Information.
“Mobile and Portable Devices” means mobile and/or portable computers, devices, media and systems capable of being easily carried, moved, transported or conveyed that are used in connection with In-Scope Work. Examples of such devices include laptop computers, tablets, USB hard drives, USB memory sticks, Personal Digital Assistants (PDAs), and mobile phones (e.g., smartphones).
“Multi-Factor Authentication” (also known as Two-Factor Authentication and Strong Authentication) means the use of at least two of the following three types of authentication factors:
• | A physical or logical credential the user has, such as an electronically readable badge, a token card or a digital certificate; |
• | A knowledge-based credential, such as a password or PIN; and |
• | A biometric credential, such as a fingerprint or retina image. |
Page 128 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
“Nonpublic Information Resources” means Information Resources used in connection with InScope Work that are not directly accessible from the Internet.
“Security Gateway” means a set of control mechanisms between two or more networks having different trust levels which filter and log traffic passing, or attempting to pass, between networks, and the associated administrative and management servers. Examples include firewalls, firewall management servers, hop boxes, session border controllers, proxy servers, and intrusion prevention devices.
“Sensitive Customer Data” or “SCD” means the data elements listed in the Table 2—AT&T SCD Data Elements located at the end of these Security Requirements. All data elements in Table 2 are considered In-Scope Information.
“Sensitive Personal Information” or “SPI” means the data elements listed in the Table 1—AT&T SPI Data Elements located at the end of these Security Requirements. All data elements in Table 1 are considered In-Scope Information.
“Service Account” means a UserID used for installing, executing, or administering an application or system. Service accounts manage the local events/processes of an application or system.
“Strong Cryptography” means the use of cryptography based on industry-tested, accepted, and uncompromised algorithms with minimum key lengths of 128-bits for symmetric algorithms and 2048-bits for asymmetric algorithms, and proper key management practices which incorporate a documented policy for the management of the encryption keys, including the expiration of encryption keys at least once every two years, and associated processes adequate to protect the confidentiality and privacy of the keys and credentials used as inputs to the cryptographic algorithm.
“Strong Encryption” means the use of encryption technologies based upon Strong Cryptography.
“Supplier Entity” or “Supplier Entities” means Supplier, its affiliates, and its/their subcontractors (including suppliers providing non-AT&T Cloud Services to Supplier).
In accordance with the foregoing, Supplier shall, and shall cause Supplier Entities to:
System Security
1. | Maintain and adhere to a documented Cyber Security program. |
2. | Use Strong Encryption to protect In-Scope Information stored on all desktop devices used in connection with In-Scope Work and located in areas accessible by the public. |
3. | Maintain and adhere to a documented vulnerability management process to: |
a. | Actively monitor industry resources (e.g., xxx.xxxx.xxx, pertinent software vendor mailing lists and websites, and information from subscriptions to automated notifications) for timely notification of all applicable security alerts that pertain to Information Resources; |
Page 129 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
b. | [***] scan Information Resources with industry-standard security vulnerability scanning software to detect security vulnerabilities. Scans must cover all Information Resources used to perform In-Scope Work; |
c. | Remediate all critical, high, and medium risk security vulnerabilities, including those discovered through industry publications, vulnerability scanning, virus scanning, IDS/IPS alerts, and the review of security logs, and promptly apply appropriate security patches; and |
d. | [***] remediate, regardless of variable settings, all Internet facing vulnerabilities with a Common Vulnerability Scoring System (CVSS) [***]. Equivalent industry standard scoring can be used in place of CVSS. |
4. | Install and use Intrusion Detection Systems (IDS) and/or Intrusion Prevention Systems (IPS) that monitor all traffic entering and leaving Information Resources in connection with In-Scope Work. For avoidance of doubt both Network and Host IDS/IPS are acceptable solutions. At Supplier’s discretion, this requirement is optional for implementations of Host Intrusion Detection Systems (HIDS) and/or Host Intrusion Prevention Systems (HIPS) on mobile devices. |
5. | Assign security administration responsibilities for configuring the security parameters of Information Resources to authorized users only. |
6. | Xxxxxx Information Resources by utilizing a minimum-security baseline configuration based upon industry best practices to reduce potential ways of attack, including: |
a. | Changing default passwords, prohibiting weak passwords and exact matches to the UserID, removing unnecessary software, UserIDs, usernames or logins, and disabling or removing unnecessary services (is not intended to apply to software that is part of a standard software configuration). Such hardening of the system’s security configurations, operating system software, virtual private clouds (VPCs), firmware and applications is to prevent exploits that attack flaws in the underlying code; and |
b. | Not using Information Resources, unless agreed upon from AT&T, to perform InScope Work past the date when: |
i. | The Information Resource will cease to be supported by issued security updates (including whenever Supplier ceases to obtain and/or implement such security updates, such as when Supplier ceases to purchase and/or extend the maintenance services under which such security updates are provided); or |
ii. | Any extended security patching support ends. |
7. | a. | Enforce the rule of least privilege by requiring application, database, network and system administrators to restrict access of all users to only the commands, In-Scope Information and Information Resources necessary for them to perform authorized functions. |
b. | Ensure that controls are in-place to limit, protect, monitor, detect and respond to all Administrative User activities. |
Examples | of such controls that must be enforced include: |
1. | The rule of least privilege; |
2. | Separation of duties; |
3. | Individual accountability; |
4. | Change management; |
5. | Auditability of Administrative User accounts and their activities in production environments since we do not store end customers’ data in non-production environments; and |
Page 130 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
6. | Audit log retention for a minimum of [***]. |
Physical Security
8. | Ensure that all Information Resources intended for use by multiple users are located in secure physical facilities with access restricted to authorized individuals only. For audit purposes, monitor and record access to such areas. |
9. | Physically secure any area where In-Scope Information is accessible to prevent access by unauthorized persons. For audit purposes, monitor and record access to such areas. |
Network Security
10. | Ensure that Supplier’s Information Resources, when providing Internet-accessible services to AT&T, have Denial of Service (DoS/DDoS) and Security Gateway protections in place. Web servers must reside in a DMZ and Information Resources persistently storing In-Scope Information (such as application and database servers) must reside in a trusted internal network. |
11. | For the purpose of demonstrating compliance with certain Security Requirements applicable to the protection of In-Scope Information, upon AT&T’s request, provide to AT&T [***]. |
12. | Use Strong Encryption when transmitting In-Scope Information over any untrusted network or when transmitting In-Scope Information over any network that is neither controlled by AT&T nor Supplier. This applies to all technologies used for the transmission of In-Scope Information. (Additional transmission requirements are found in subsequent controls.) |
13. | Require Multi-Factor Authentication for any remote access use of Nonpublic Information Resources. |
Information Security
14. | Segregate AT&T’s applications and In-Scope Information from any other customer’s and Supplier’s own applications and information, either by using logical access controls and/or physical access controls to provide protection from unauthorized access. |
15. | Maintain and adhere to documented processes for: |
a. | Any business continuity plan and/or disaster recovery plan requirements under the Agreement; and |
b. | Any retention, return, and/or destruction requirements for In-Scope Information under the Agreement. |
16. | Supplier shall ensure the use of In-Scope Information is only for the performance of In-Scope Work. |
17. | Maintain documented processes and controls to: |
a. | Detect and terminate unauthorized attempts to access and/or change In-Scope Information, and/or system or application configuration files; |
b. | Log all successful and unsuccessful login attempts and logoffs; and |
Page 131 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
c. | Monitor and investigate unauthorized activity and remediate any successful unauthorized activity |
Identification and Authentication
18. | Assign unique UserIDs to authorized individual users and Service Accounts. Assign individual ownership to Service Accounts. Should Service Accounts be shared among users, individual accountability must be maintained at all times. |
19. | Maintain a documented UserID lifecycle management process for all Information Resources across all environments that includes: |
a. | Manual and/or automated processes for approved account creation and/or modification; |
b. | Account disabling within t[***] days of user termination or the occurrence of any other condition rendering the account as no longer needed, followed by removal of the account within [***] days; |
c. | Disabling and/or removing inactive accounts used by an individual after no more than [***] days of inactivity except in cases where the account is assigned to a customer of AT&T or used by a current or retired employee of AT&T to process their own information; and |
d. | Initiating processes to review, no less than [***], access privileges and account validity. |
20. | Limit failed login attempts to no more than [***] consecutive attempts by locking the user account. Access to the user account can be reactivated through the use of a manual process requiring verification of the user’s identity or, where such capability exists, can be automatically reactivated after at least [***] from the last failed login attempt. |
21. | Terminate interactive sessions on a user’s workstation, or activate a secure, locking screensaver requiring authentication, after a period of inactivity not to exceed [***]. On all other Information Resources terminate inactive interactive sessions not to exceed [***] |
22. | a. | Use Strong Encryption and/or one-way hashing based upon Strong Cryptography whenever authentication credentials are stored. This requirement applies to all classifications of users. |
b. | Passwords must be complex and meet the following password construction requirements: |
• | Be a minimum of eight (8) characters in length; |
• | Include characters from at least two (2) of these groupings: alpha, numeric, and special characters; |
• | Not be the same as the UserID with which they are associated; and |
• | Expire passwords at regular intervals not to exceed [***] calendar days with the exception of Service Accounts which must have minimum of sixteen (16) characters in length and expire at least every [***] years. |
c. | In situations where PINs are utilized, the following requirements must be met: |
• | Be a minimum of four (4) numbers; |
• | Not contain repeating or sequential numbers; |
• | Expire PINs at regular intervals not to exceed [***] days with the exception of PINs used as part of a Multi-Factor Authentication implementation or voice mail system; and |
• | Shall not be used as the sole authentication factor, except for use in voice mail systems. |
Page 132 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
23. | When providing users with a new or reset password, or other authentication credentials, use a secure method to provide this information, and require a password reset at first login whenever a temporary credential is used. |
Warning Notice
24. | In jurisdictions where unauthorized access to Information Resources and In-Scope Information is a violation of the law, add the following statement to the displayed warning notice: “Unauthorized access is a violation of law” or similar warning language. |
Software, Software Code, and Data Integrity
25. | Have and use documented procedures to: |
a. | Install and run a current antivirus solution to scan for and promptly remove or quarantine viruses and other malware; and |
b. | Configure end user devices to ensure end users are restricted from the ability to install unauthorized software; or disable required software. |
26. | Separate non-production Information Resources from production Information Resources and separate In-Scope Information from non-production Information Resources. |
27. | Maintain a documented change control process including back-out procedures for all production environments. |
28. | For applications which utilize a database that allows modifications to In-Scope Information, logs for forensic analysis purposes shall be created and retained for a minimum of [***] either on-line or on backup media as follows: |
a. | Where transaction logging is supported have database transaction logging features enabled; or |
b. | Where transaction logging is not supported have some other mechanism that logs all modifications to In-Scope Information stored within the database including timestamp, UserID and information modified. |
29. | a. | For all software developed or customized for AT&T under the Agreement, review and scan such software to find and remediate malicious code and/or security vulnerabilities in accordance and subject to an Order terms including agreement regarding funding. Upon request, make scan results and remediation plans available to AT&T. |
Specifically,
i. | Source code vulnerability scanning must be performed prior to initial deployment and upon code changes; and |
ii. | Dynamic analysis must be performed for all web applications prior to initial deployment, upon code changes and/or at least annually subject to a Project funded by AT&T. |
b. | Where technically feasible, for all software used, that is not developed for AT&T under the Agreement, review and scan such software prior to initial deployment, upon code changes and/or at least annually. |
30. | For all software developed or customized for AT&T under the Agreement, during initial implementation and upon any modifications or updates, meet the following requirements: |
a. | Ensure that there are no embedded credentials (i.e., hardcoded passwords, SSH keys); and |
Page 133 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
b. | Perform quality assurance testing for the security components (e.g., identification, authentication, and authorization functions), as well as any other activity designed to validate the security architecture. |
Monitoring and Auditing Controls
31. | Restrict access to security logs to authorized individuals and protect security logs from unauthorized modification. |
32. | Review, on [***], all anomalies from security and security-related audit logs and document and resolve logged security problems in a timely manner. Automated processes may promptly issue alarms and/or alerts that cause prompt investigation and review by responsible individuals, and if automated processes successfully resolve a logged security problem, no further action by responsible individuals is required. |
33. | a. | When presented with evidence by AT&T of a threat to AT&T or AT&T’s customers’ Nonpublic Information Resources originating from the Supplier’s network (e.g., worm, virus or other malware, bot infection, Advanced Persistent Threat (APT), DoS/DDoS attack), Supplier shall promptly cooperate with AT&T and take all reasonable and necessary steps to isolate, mitigate, terminate and/or remediate all known or suspected threats. |
b. | When Supplier learns of or discovers a known or suspected threat/vulnerability impacting AT&T or AT&T’s customers’ (including notifications received from security researchers, industry resources, or bug bounty program), Supplier must promptly notify and cooperate with AT&T, and take all reasonable and necessary steps to isolate, mitigate, and/or remediate such known or suspected threat/vulnerability. |
c. | In the event Supplier discovers that it is non-compliant, or AT&T finds Supplier to be non-compliant with these Security Requirements, then Supplier shall implement corrective action promptly, but within no more than [***] after Supplier’s initial discovery, or AT&T’s initial notification to Supplier, of such non-compliance, whichever is earlier. |
Reporting Violations
34. | Maintain a documented procedure to be followed in the event of a suspected attack upon, intrusion upon, unauthorized access to, loss of, or other security breach involving In-Scope Information in which Supplier shall: |
a. | Promptly investigate and determine if such an attack has occurred; and |
b. | If a successful attack has occurred involving In-Scope Information or if it is impossible to determine whether the attack was successful then Supplier shall promptly notify AT&T by contacting: |
i. | Asset Protection by telephone at [***] from within the US and at [***] from elsewhere; and |
ii. | Supplier’s contact within AT&T for service-related issues. |
35. | After notifying AT&T whenever there is a successful attack upon, intrusion upon, unauthorized access to, loss of, or other breach of In-Scope Information, provide AT&T with regular status updates, including, actions taken to resolve such incident, at mutually agreed intervals for the duration of the incident and, within [***] days of the closure of the incident, provide AT&T with a written report describing the incident, actions taken by the Supplier during its response and Supplier’s plans for future actions to prevent a similar incident from occurring. |
Page 134 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Mobile and Portable Devices
36. | Use Strong Encryption to protect all In-Scope Information stored on Mobile and Portable Devices. |
37. | Use Strong Encryption to protect all In-Scope Information transmitted using or remotely accessed by network-aware Mobile and Portable Devices. |
38. | Maintain documented policies, standards and procedures for Mobile and Portable Devices used to access and/or store In-Scope Information that include the following requirements: |
a. | All users must be authorized for such access and their identity authenticated; |
b. | Mobile and Portable Devices must be physically secured and/or in the physical possession of authorized individuals; |
c. | Where technically feasible, use a remote wipe capability on such devices to promptly and securely delete In-Scope Information when such devices are not in the physical possession of authorized individuals nor otherwise physically secured; and |
d. | Jailbroken or rooted smartphones cannot be used to perform In-Scope Work. |
39. | Implement and maintain a documented policy that prohibits the use of any: |
a. | Supplier-issued Mobile and Portable Devices to access and/or store In-Scope Information unless the device is administered and/or managed by Supplier; and |
b. | Non-Supplier issued Mobile and Portable Devices to access and/or store In-Scope Information unless the device is adequately segregated and protected by utilizing a Supplier administered and/or managed secure container-based and/or sandbox solution. |
Security Gateways
40. | Require Multi-Factor Authentication for administrative and/or management access to Security Gateways, including any access for the purpose of reviewing log files. |
41. | Maintain documented controls, policies, processes and procedures to ensure that unauthorized users do not have administrative and/or management access to Security Gateways, and that user authorization levels to administer and manage Security Gateways are appropriate. |
42. | [***], ensure that each Security Gateway rule was properly authorized and is traceable to a specific business request, and that all rule sets either explicitly or implicitly end with a “DENY ALL” statement. |
43. | Use monitoring tools to ensure that all aspects of Security Gateways (e.g., hardware, firmware, and software) are operational at all times. Ensure that all non-operational Security Gateways are configured to deny all access. |
Wireless Networking
44. | When using radio frequency (RF) based wireless networking technologies (e.g., Bluetooth and Wi-Fi) to perform or support In-Scope Work for AT&T, ensure that all In-Scope Information transmitted must use appropriate encryption technologies sufficient to protect the confidentiality of In-Scope Information; provided, however, in any event such encryption shall use no less than key lengths of 256-bits for symmetric encryption and 2048-bits for asymmetric encryption. The use of RF-based wireless headsets, keyboards, microphones, and pointing devices, such as mice, touch pads, and digital drawing tablets, is excluded from this requirement. |
Page 135 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Connectivity Requirements
45. | In the event that Supplier has, or will be provided, connectivity to AT&T’s or AT&T’s customers’ Nonpublic Information Resources in connection with In-Scope Work, then Supplier shall not establish additional interconnections to AT&T’s and AT&T’s customers’ Nonpublic Information Resources without the prior consent of AT&T and shall: |
a. | Use only the mutually agreed upon facilities and connection methodologies to interconnect AT&T’s and AT&T’s customers’ Nonpublic Information Resources with Supplier’s Information Resources; and |
b. | If the agreed upon connectivity methodology requires that Supplier implement a Security Gateway, maintain logs of all sessions using such Security Gateway. Such session logs must include origination IP address, destination IP address, ports/service protocols used, durations of access, and sufficiently detailed information to assist with a security incident or a forensic investigation (e.g., identification of the end user or application accessing AT&T). Session logs must be retained for a minimum of [***]. |
Supplier Entity Compliance
46. | Supplier shall: |
a. | Ensure that all Supplier Entities performing any In-Scope Work are contractually obligated to comply with these Security Requirements, or requirements that are no less stringent; |
b. | Maintain and adhere to a documented program by which Supplier Entity compliance to these Security Requirements is evaluated by Supplier and all corrective actions are documented and implemented; and |
c. | Upon AT&T’s request, provide documentation and/or evidence to adequately substantiate such compliance. |
Protection of AT&T’s SPI & SCD
47. | Use Strong Encryption to protect AT&T’s SPI and/or AT&T’s SCD (see Tables 1 and 2) when transmitted over all networks (including Supplier Entity trusted networks). This applies to all technologies used for the transmission of SPI and/or SCD. |
48. | Use Strong Encryption to protect AT&T’s SPI and/or AT&T’s SCD (see Tables 1 and 2) when stored. |
Non-AT&T Cloud Services
49. | Enforce Multi-Factor Authentication for all Administrative Users of non-AT&T Cloud Services. |
Page 136 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
50. | Use Strong Encryption to protect all In-Scope Information (including SPI and SCD) when: |
a. | Transmitted over all networks to, from, and within a non-AT&T Cloud Service; and |
b. | Stored within a non-AT&T Cloud Service. |
Table 1—AT&T SPI Data Elements
Data elements in the following tables must be treated as SPI when used in their entirety, unless explicitly stated in the following table. This applies to all data formats including scanned images, screen captures and recordings, PDFs, JPGs and any other unified communication, and collaboration tools/content.
Individual Identification and Familial Information
Data Element |
Description | |
Government Issued Identification Number | Includes: | |
1. Driver’s License Number | ||
2. Taxpayer Identification Number—In an individual’s name. Excludes those in a company name. | ||
3. U.S. Social Security Number | ||
4. National/State/Region issued identity number | ||
5. Government Identity Card | ||
6. Government identifiers for professionals | ||
7. Government sponsored health or food plan identifier | ||
8. Passport Number | ||
9. Alien Registration Number | ||
10. Birth Certificate Number | ||
11. Other government issued identification number | ||
Excludes any such numbers that are issued on the understanding that they must be a matter of public record, e.g., U.S. FCC Radio License. | ||
Date of Birth (DOB) | An individual’s full and complete date of birth (DOB), i.e., including month, day and year. Excludes partial DOB where only month and day are used without year. |
Page 137 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Financial Data | ||
Data Element |
Description | |
Payment Card Number | Primary Account Number (PAN) for all types of payment cards. | |
Includes: | ||
1. AT&T corporate payment card number | ||
2. Consumer payment card number | ||
Payment Card Security Data | The security data used in association with a payment card (corporate, personal, etc.) to confirm legitimate use. Includes: | |
1. Card Security Codes (CSC) | ||
2. Personal Identification Numbers (PINs) used with payment cards but excludes PINs used to authenticate access to AT&T systems (see “Customer Authentication Credentials” data element). | ||
Financial Institution Account Number | Includes all types of financial institution accounts (savings, checking, investments, pensions, etc.) both personal and business in an individual’s name. Excludes bank routing number. | |
Computer Identification and Authentication | ||
Data Element |
Description | |
Biometric Data | Measures of human physical and behavioral characteristics used for authentication purposes, for example DNA, fingerprint, voiceprint, retina or iris image. | |
Includes: Full biometric data.
Excludes: | ||
1. Templates (e.g. “vector” equivalents) that contain discrete data points derived from biometric data, i.e. templates that do not hold the complete biometric image, where the template cannot be reverse engineered back to the original biometric image, and genetic test information. | ||
2. Signature. |
Page 138 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Background and Other Related Data | ||
Customer Authentication Credentials | Values used by customers to authenticate and permit access to: | |
Data Element |
Description | |
Applies to Customers only | ||
1. The customer’s personal information, including Customer Proprietary Network Information (CPNI) and XX&X Proprietary
(Sensitive Personal Information) | ||
— or — | ||
2. An application enabling the customer to subscribe to, or unsubscribe from, AT&T services | ||
— or — | ||
3. An AT&T service the customer is subscribed to | ||
Includes: | ||
1. Personal Identification Numbers (PINs), passwords, passcodes | ||
2. Templates (e.g. “vector” equivalents) of biometrics, photographs or signatures | ||
Excludes: | ||
1. Excludes Card Security Codes (CSC) and PINs used in association with payment cards. | ||
2. Full biometrics | ||
3. Full photograph | ||
4. Full signature | ||
Customer Authentication Credential Hints | Answers to questions used to retrieve customer authentication credentials. | |
Data Element |
Description | |
Applies to Customers only | ||
Location-Based Information (LBI) | Information that identifies the current or past location of a specific individual’s mobile device. | |
A mobile device’s location (e.g. a map address, or latitude and longitude together with altitude where known) derived from the mobile device through activities such as GPS or network connectivity rather than as a result of user action (e.g. revealing location in the content of an email, or SMS). |
Page 139 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Criminal History | Information about an individual’s criminal history, e.g. criminal check portion of a background check. | |
Background Checks | Third party (non-AT&T) checks including credit history, employment history, driving records. | |
Racial or Ethnic Origin | Data specifying and/or confirming an individual’s racial or ethnic origin. | |
Trade Union Membership | Data specifying and/or confirming an individual is a member of a trade union. | |
Information Related to an Individual’s Political Affiliation, Religious Belief, or Sexual Orientation | Data specifying and/or confirming an individual’s political affiliation, religious or similar beliefs, or sexual life or orientation. | |
Health Data | ||
Data Element |
Description | |
U.S. Protected Health Information (PHI) | Includes any U.S. health information used in AT&T’s Group Health Care plans or belonging to AT&T’s customers that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individuals that include information about: | |
• The individual’s past, present or future physical or mental health or condition,
• The provision of health care to the individual
— or —
• The past, present, or future payment for the provision of health care to the individual. | ||
Data Element |
Description | |
Health information of retirees, employees, or employee beneficiaries used by AT&T for purposes other than a group health plan is not PHI. |
Page 140 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Background and Other Related Data | ||
Data Element |
Description | |
Medical and Health Information | Any information concerning physical or mental health conditions or disabilities. Includes: | |
1. Medical record number | ||
2. Health plan beneficiary number | ||
3. Medical device identifiers and serial numbers | ||
4. Prescription (Rx) number | ||
5. Health insurance identification or account number | ||
6. Medical treatment – Information about the management and care of a patient or the combating of disease or disorder. | ||
7. Medical diagnosis | ||
8. Medical history | ||
9. Medical payment information | ||
10. Medical claims data | ||
11. Medical images and metadata | ||
12. Drugs, therapies, or medical products or equipment used | ||
13. Family health or morbidity history—an account of all medical events and problems experienced by members of the family | ||
14. Other medical and health information | ||
Genetic Information | Includes: Information about an individual’s genetic tests. | |
Customer Privacy Data | ||
Data Element |
Description | |
Customer Web Browsing and Search History | Includes: | |
1. Information about what searches our customers perform | ||
2. Web sites our customers visit | ||
3. Web pages our customers view | ||
4. Applications our customers use on an AT&T Network (wireline and wireless including wi-fi). | ||
Excludes: | ||
1. Searching, browsing and activities associated with customers’ use of official AT&T corporate web sites |
Page 141 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Data Element |
Description | |
2. History captured at the network level prior to processing (e.g. raw data streams not associated with a customer). | ||
Customer Viewing History | Information about programs watched or recorded, games and applications used, etc. (e.g. DIRECTV (DTV) Set Top Box viewing, DIRECTV NOW viewing, videos viewed). | |
Customer Web Communications Payload AT&T Use | When captured as part of service analysis, e.g., Deep Packet Inspection (DPI) data. |
Footnotes:
Where data elements have the term “Subject to non-U.S. jurisdiction” associated with them, that data element is to be classified as AT&T Proprietary (Sensitive Personal Information) when applied to data elements subject to non-U.S. jurisdiction, irrespective of whether the data is created, handled, processed, destroyed or sanitized inside or outside the United States.
Table 2—AT&T SCD Data Elements
Data elements in the following table must be treated as SCD when used in their entirety, unless explicitly stated in the following table. This applies to all data formats including scanned images, screen captures and recordings, PDFs, JPGs and any other unified communication, and collaboration tools/content.
Page 142 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Sensitive Customer Data (Customer Privacy) – Involving Personally Identifiable Information
Data Element |
Description | |
Customer “messaging” content | Including: | |
Email, text messages, conference call recordings, and voice mail call recordings. | ||
Excluding: | ||
1. “Messaging” between customers and AT&T in conducting official AT&T corporate business. | ||
2. Any other data. | ||
Customer Telemetry Data Customer Use |
Automated communications for monitoring by the customer (rather than AT&T). Including all data that is generated by our customers’ use of the Digital Life® service or any other Internet of Things (IOT) service that is used by the customer to monitor or control the service. For example, video files. |
2. | Offshore Information Technology Services Requirements |
In the event Supplier currently provides or will be providing Offshore Information Technology Services in conjunction with this Agreement, then, in addition to the foregoing, the following requirements shall apply to Supplier:
1 | Strong authentication controls must be established for firewalls, firewall management servers, and firewall hop boxes. Options for strong authentication may include two-factor authentication methods such as tokens, smart-cards and/or one-time passwords. |
2 | Supplier must ensure that firewall configurations are hardened by selecting a sample of firewalls and verifying that the default rule set ensures the following: |
a. | IP source routing is disabled. |
b. | Loopback address is prohibited from entering the internal network, |
c. | Anti-spoofing filters are implemented. |
d. | Broadcast packets are disallowed from entering the network, |
e. | ICMP redirects are disabled. |
f. | Fragmented packets are dropped. |
g. | Ruleset ends with a DENY ALL statement |
3 | Screen savers or connection timeouts are required to prevent unauthorized access to unattended workstations. |
4 | Perform [***] revalidations on the user account list on firewalls, firewall management servers, and firewall hop boxes to ensure that only those users authorized for access to manage these devices have an account. This includes the need to revalidate the authorization level of each user account to ensure appropriate permission levels are maintained. |
Page 143 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
5 | Production support personnel and development personnel must have enough separation and auditable controls to ensure that standard change management procedures are always consistently followed. |
6 | Developers cannot access production platforms “at will”. For some trouble-shooting situations, developers may be provided access to production platforms but only on an “as needed basis” and for a limited duration. All temporary access should be documented (who, what, when, where and why). |
7 | Track and approve changes to firewall rules is required and must be validated annually. Inappropriate firewall rules must be removed immediately. |
8 | Require a clean desk policy at the end of the day. |
9A | Supplier resources shall be notified of the restriction that AT&T Data may not be downloaded and taken offsite. |
9B | Wireless networking technologies must not be used for communicating unless the following steps are taken by Amdocs to maintain the confidentiality and integrity of the communication and to prevent unauthorized access to the transmitting device and/or receiving device. When wireless networking technologies are used: |
(i) | All communications over wireless networks must be transmitted via Virtual Private Network (VPN) session(s) using Strong Encryption. |
(ii) | Strong authentication (e.g., two factor token or digital certificates) must be used for authenticating VPN access. |
(iii) | Wireless hardware (with the exception of wireless network cards and access points) must be located in a physically secure area (e.g., in a locked wiring closet or locked machine room). |
(iv) | All services not being used on the access point, router, and VPN concentrator must be disabled. |
(v) | Enable Media Access Control (MAC)-based filtering so that only specified wireless cards can communicate to the access point. |
10 | Supplier must implement procedures to ensure that AT&T Data is not downloaded and removed by Supplier. To the extent Supplier suspects that AT&T Data may have been removed, Supplier agrees to conduct searches of suspected persons and their belongings when exiting AT&T restricted areas and Supplier’s premises to the extent such searches are permissible by local law. |
11 | Notify individuals that removal of AT&T Data from the work area or Supplier’s premises is not allowed, to include signage that communicates this policy and that people and personal property including, without limitation, packages, briefcases, and purses are subject to inspection prior to exiting AT&T restricted areas and Supplier’s premises. |
Page 144 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
12 | Verify that all printed media containing AT&T Data (any information obtained from or provided by AT&T, including information about AT&T Systems, its employees and its customers) is securely stored, and that a mechanism is in place to protect the security and privacy of AT&T Data. Procedures are required to restrict access to AT&T Data to authorized Supplier personnel only, and to ensure that all media containing AT&T Data is accounted for and reconciled on [***] to ensure that the information is not removed from Supplier’s premises. |
13 | All access to electronic documentation of AT&T Data retained locally must be password protected and restricted to the very minimum number of Supplier personnel. Supplier must implement procedures to ensure that AT&T Data is not downloaded and removed by Supplier personnel, including, at a minimum, searches. To the extent Supplier suspects that AT&T Data may have been removed, Supplier agrees to conduct searches of persons and their belongings when exiting AT&T restricted areas and Supplier’s premises to the extent searches are permissible under local law. |
14 | All electronically stored or printed AT&T Data no longer needed must be shredded onsite or destroyed onsite by authorized Supplier personnel assigned to AT&T projects. Shred bins must be located in AT&T restricted areas and locked until the shredding takes place. |
15 | A [***] Metric Report of Perimeter Security on the Supplier’s system should be reported to AT&T that consists of: |
• | Location |
• | Date |
• | # of Intrusions |
• | Type of Intrusions |
• | Source |
• | Destination |
• | Detail |
• | Actions |
Security IDS audit logs must be retained online for [***] and offline for a period of at least [***]
16 | Remote access to AT&T Networks or AT&T Data is prohibited. All work on AT&T projects must be performed within the AT&T restricted area on Supplier’s premises and any exceptions must be in accordance with the Limited Offshore Remote Access in this Appendix D. Prior written exception to this prohibition must be obtained from [***] Supplier’s use of laptops offsite must have written approval from the [***] |
Page 145 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
17 | Randomly check Supplier-based email and internet-based email so that AT&T Data is not sent to an unauthorized recipient. Effective January 1, 2011, Amdocs must check for the AT&T Proprietary – Restricted and AT&T Proprietary – Sensitive Personal Information markings in emails and attachments sent from Amdocs to non-AT&T personnel outside. Any unauthorized transmissions must be reported by Amdocs in an email to the [***] promptly but in any case within [***] |
18 | B2B VPN connections to AT&T are required to be secured from other remote connections. |
19 | Device-specific monitoring tools must be used to assure that firewall hardware is operational. |
20 | To minimize the risk exposure to visiting AT&T employees in locations that are of medium-high risk of terrorist attacks, Supplier shall take necessary security measures customary for the location. |
21 | All access points into the Supplier’s building(s) where AT&T work is being performed must be locked by either physical keys or a card key system, or controlled by a guard service to restrict access only to authorized individuals. These mechanisms must be in working order and utilized at all times. Proper identification must be worn by all persons inside the Supplier’s building and a procedure in place to challenge those not wearing appropriate identification in the Supplier’s building. The cable vault, electrical and telephone areas should be secured to give access only to those authorized. |
22 | Card key access lists and event logs must be reviewed by Supplier at a minimum of weekly to validate that building card key access is limited to only those individuals with a need to be in the Supplier’s building and restricted area where AT&T work is being performed. Ensure that all keys are accounted for and limited to those individuals with a need to be in the Supplier’s building and restricted areas and all locks are changed on a regular interval (at a minimum annually). Ensure that Supplier personnel surrender company identification, keys and access cards before leaving the premises when access to an area is no longer required or upon voluntarily or involuntarily ceasing to work for Supplier and that the access cards are deactivated. Weekly reviews should include employee, contractor and supplier termination records and any associated unauthorized access attempts in the event logs. |
23 | Alarmed doors and monitored electronic systems are required to detect unauthorized access or access attempts with a plan to respond to and document incidents. 24/7 recorded video surveillance is required of the area where work on AT&T projects is performed, including entry and exit points. |
Page 146 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
24 | Prior to permitting any person access to an AT&T project source or origin code (for example, software development), and at annual intervals thereafter, Supplier must ensure that such person (employee, contractor, subcontractor) is not on the Denied Persons List or the Specially Designated Nationals List of the US Department of Commerce – Bureau of Industry and Security. – Those lists are located at xxxx://xxx.xxx.xxx.xxx/XxxxxxxxxxXxxXxxxxxxxxxx/XxxxxXxXxxxx.xxx. |
Prior to permitting any person direct or indirect access, whether physical, virtual, or otherwise, to any of AT&T’s company, employee, or customer information, or any of AT&T’s or AT&T’s customers’ premises, systems, software, or networks, Supplier must have a reputable security company perform a criminal background check and verification of the identity of such person (employee, contractor, or subcontractor including onsite security guards responsible for physical security of Supplier’s premises and AT&T restricted areas, and unescorted cleaning/maintenance personnel).
25 | A security plan must be in place to include training of Supplier personnel to report suspicious activity/security incidents and complaints that did or could affect AT&T, to include documentation, follow-up and reporting to the AT&T IT:OFFSHORE organization and, as necessary, law enforcement. |
Information to be reported to the Executive Director of the IT:OFFSHORE organization would consist of at least:
• | Date of Incident |
• | Who—Identify those involved and be descriptive (suspects, vehicles, property, license plate numbers, ... ) |
• | What—What happened and how? |
• | When—When did the incident occur? |
• | Where—Where did the incident take place? |
• | Action Taken – What action was taken? Was law enforcement notified? |
26 | An exercise of Supplier’s recovery strategy must be conducted annually. Within [***] days from the completion of a disaster recovery exercise by Amdocs, Amdocs will produce a documented conclusion with a corrective action plan and proposed committed timeframes for corrective action upon which the Parties will agree within [***] days from receipt of the action plan. |
27 | Failover processes and procedures are required to support AT&T applications and these failover processes and procedures are exercised annually (at a minimum). |
28 | Business continuity communication documents, processes, and procedures must be readily available and current. |
29 | As soon as reasonably possible after the execution of this Agreement and on an annual basis thereafter, Supplier will, at no charge to AT&T, perform a security audit utilizing a reputable independent auditor, as agreed by the Parties. Such security audit shall ensure that Supplier will strictly follow these AT&T Supplier Information Security Requirements. |
Page 147 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3. | Requirements for Offshore Information Technology Services Requiring Elevated Rights |
In the event Supplier currently provides or will be providing system, database, and or network administrator/root (or privileged, super user, or the like) access to host operating systems located on AT&T non-public networks in conjunction with this Agreement from an Offshore Location, then, in addition to the foregoing, the following requirements shall apply to Supplier:
1 | Access for privileged offshore users will be via a front-end Citrix farm that requires SecurID authentication, with front end Citrix servers located in a DMZ segment. An alternative to this is an AT&T-provided Client VPN with a SecurID token used over a secure connection (NOT the public Internet) as reviewed and approved by AT&T’s Chief Security Office (CSO). |
2 | Auditing options must be enabled on any Supplier perimeter equipment which controls access to the Supplier equipment used to do AT&T work. To ensure integrity of audit log entries, all Supplier system clocks must be synchronized to the same time source. Synchronization to AT&T clocks is not required. At a minimum, security audit log(s) must be automatically updated for the following system events: |
a. | Successful and unsuccessful login attempts. |
b. | Successful and unsuccessful attempts to switch to another user’s account (where applicable). |
c. | Logoffs. |
d. | User attempts to access files or resources outside their privilege level. |
e. | User access to all privileged files and/or processes. |
f. | Operating system configuration changes. |
g. | Operating system program changes. |
h. | All changes that can feasibly be captured, to system hardware and software. |
i. | All security-related changes, including adding users. |
j. | Failures for computer, program, communications, and operations. |
k. | Starting and stopping of audit logging. |
Security audit logs must be maintained online for [***] and offline for [***]
Page 148 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3 | AT&T reserves the right to perform vulnerability scans and review the scanning results of Supplier systems in a pre-announced, scheduled manner on Supplier’s equipment on an AT&T isolated LAN segment and Supplier Network equipment used to access AT&T Networks, systems, and data or Supplier agrees to reveal to the [***] the detailed scanning findings and closure activities related to vulnerabilities found [***] |
Information to be reported to the AT&T-IT OCE would consist of at least:
• | Date of discovery of vulnerability |
• | How it was remediated |
• | What was remediated |
• | What are the plans to remediate |
• | Estimated Date of closure |
4 | An Intrusion Prevention System (IPS) is required on Supplier’s data network to prevent unauthorized access. |
4. | Limited Offshore Remote Access (“XXXX”) to AT&T Systems |
The following outlines the AT&T requirements and procedures to which the Supplier must adhere for allowance of select pre-authorized offshore Supplier personnel to have remote access to AT&T systems, for which the Supplier is already under contract with AT&T to perform IT support services.
This remote access program (the “Limited Offshore Remote Access”) set forth herein defines the program requirements and how the Supplier shall work with the AT&T Offshore Compliance and Enablement organization to determine if Supplier can utilize the XXXX for an existing or new information technology Services engagement. Examples of engagements where AT&T will consider Supplier’s request for XXXX would be a Work Order where offshore Supplier personnel are required to perform after-hours work monitoring support services and access AT&T data.
I. | Definitions |
AT&T IT Offshore Compliance & Enablement (IT OCE) - AT&T Information Technology organization that manages oversight of the Limited Offshore Remote Access program. The IT OCE will serve as the front door and provide authorization to Supplier. IT OCE point of contact is identified below.
“AT&T Proprietary - Restricted Information” or “Restricted Information” means: any Information that has a higher level of sensitivity and therefore must be shared only among persons with a clear business need to know; or any Information that requires a high degree of protection by law and loss or unauthorized disclosure could require notification by AT&T to government
Page 149 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
agencies, individuals or law enforcement; or any Information that if revealed widely could present an increased risk of compromising computer systems, fraud, or increased likelihood of disrupting business operations. Examples of Restricted Information include, but are not limited to, unpublished financial information, designs and development plans for new or improved products, services, or processes, Customer Proprietary Network Information (CPNI), marketing information including customer contact lists, software source code for business critical applications, other companies’ confidential information that is shared with AT&T under contract or an NDA, internal AT&T authentication credentials (e.g., passwords, PINs and password hint answers), and security and/or network information including: logs, engineering or architecture diagrams, configuration files, firewall rules, security incident reports, and vulnerability information.
Limited Offshore Remote Access (“XXXX”) - the ability, with prior AT&T IT OCE approval, for an Offshore Supplier resource to connect to AT&T systems via AT&T client VPN from their Resource Home Location for the purposes of completing contracted work for AT&T.
“Remote Access Laptop” - limited in use by Amdocs Offshore resources that require a laptop to perform their day-to-day duties, who support the AT&T account, from the Amdocs facility, Resource Home Location or travel. There will be no transfer of or storage of SPI and AT&T Proprietary - Restricted Information or Restricted Information on this device. For clarity the only access to SPI and AT&T Proprietary - Restricted Information or Restricted Information will be as defined in Article II #3 below, “Remote Access Laptop with AT&T Data other than SPI”.
Resource Home Location - The home residence of a Supplier resource. Each approved Supplier resource can have XXXX from only one Resource Home Location.
Controlled and Audited Supplier Facility - The designated offshore Supplier work location, which is governed by controls specified by AT&T. This is the Supplier resource’s primary work location.
Remote Access Solution - From the Resource Home Location, an approved Supplier resource will use a Remote Access Laptop/Desktop to connect to the AT&T Secure VPN Gateway.
Permanent Workstation/Virtual Workstation - laptop or desktop located in a controlled and audited Supplier facility that is used to access the AT&T network for contracted services.
II. | XXXX requirements: |
1. | General requirements: Supplier shall adhere to the following: |
a. | Each individual XXXX user shall be reviewed and either approved or denied [***] from receipt of written request to the AT&T IT Offshore Compliance & Enablement (IT OCE). |
b. | Each individual XXXX request must be linked with a specific statement of work covered under an existing or pending Work Order issued under a current Master Agreement between AT&T and the Supplier. |
c. | Supplier is to maintain a history log of all requests for XXXX. |
Page 150 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
d. | Supplier is to submit all new XXXX requests to IT OCE, in a format specified by AT&T. |
e. | The IT OCE Sr. Technical Director or equivalent will approve or deny each request. |
f. | [***] is the AT&T IT OCE interface at the time of this document being implemented. This is subject to change by AT&T. |
g. | Supplier may also request AT&T IT OCE approval for temporary remote access from a location other than the Resource Home Location. |
h. | Resource Home Location shall be subject to voluntary inspection /verification, as agreed upon by the Parties, by Supplier or AT&T representative if AT&T information/resource is present. The Supplier resource must notify AT&T/Supplier of any changes in Resource Home Location. |
i. | Amdocs will notify AT&T immediately upon an Amdocs resource’s change in status that would no longer require them to have XXXX. |
2. | [***] and immediately upon approval, all offshore Supplier personnel approved for XXXX must complete Supplier-provided compliance training, which shall include but not be limited to: |
a. | A review of all of the requirements outlined in this Agreement that pertain to the end-users of the Remote Access Solution. The review shall include but not be limited to: the use of the Remote Access Solution from only a single Resource Home Location; the Remote Access Laptop theft/loss reporting requirements; and the prohibition of the use of the Remote Access Solution for anything other than responding to on-call situations. |
b. | Review of the following guidelines: xxxxx://xxxx00.xxx.xxx.xxx/xxxxx/XxxxxXxxxxxxxxx/XXX/Xxxxxxxxxxxxxx/XxxxxxXxxxxx.xxxx. |
c. | Upon AT&T request, Supplier shall provide to the AT&T IT Offshore Compliance & Enablement (IT OCE) team confirmation that the above training has been completed annually and upon XXXX approvals. |
3. | Remote Access Laptop with AT&T Data other than SPI or AT&T Proprietary – Restricted Information (“APRI”) or Restricted Information (“RI”) requirements: |
Supplier shall adhere to the following:
a. | Supplier shall designate, provide and support the Remote Access Laptop to be used from the Resource Home Location, Amdocs Facility and travel. |
Page 151 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
b. | Each Remote Access Laptop shall have anti-virus and firewall software installed and operating. |
c. | The configuration file that controls these settings required for XXXX shall be read only for the user and editable only by authorized domain administrators (e.g., settings that control full hard drive encryption, antivirus and [***], for application installations) or resources approved for XXXX shall not have administrator rights on the Remote Access Laptop. |
d. | Each Remote Access Laptop shall have a full hard drive encryption solution, such as [***], installed and operating, with all data encrypted as long as the laptop is “locked” (screensaver has turned on) or the Remote Access Laptop is shut down. The configuration file that controls the above settings shall be read only for the user and editable only by authorized domain administrators. |
e. | Remote Access Laptops with no [***] software or equivalent product installed must require both a password and biometric (i.e., thumb print scan) authentication for both logging into the device and “unlocking” the device (gaining control of the device after the screensaver has turned on). The configuration file that controls the above settings shall be read only for the user and editable only by authorized domain administrators. |
f. | Password and/or biometric-protected screensavers must be set with the inactivity timeout set to [***] minutes or less. The configuration file that controls the above settings shall be read only for the user and editable only by authorized domain administrators. |
g. | Each Remote Access Laptop shall have the [***] or equivalent product installed and operating, with the configuration file that controls the above settings set to be read only for the user and editable only by authorized domain administrators. Supplier shall initiate the [***] or equivalent data wipe process for all lost or stolen laptops within [***] [***] of the reported theft or loss of a Remote Access Laptop. Supplier is to notify AT&T at [***] of a lost or stolen Remote Access Laptop within [***], including in such notification a description of AT&T information that was on the Remote Access Laptop. Supplier shall provide full and proactive cooperation with any investigation related to AT&T. In addition to Amdocs’ obligation to indemnify , in the event of such a loss of equipment, if it is determined that the lost equipment included personnel Information (personal data such as HR information, SSN, address, etc.) and the Supplier has failed to comply with the provisions of subsections b, c, d, e, and f, above the Supplier shall provide [***]. |
h. | Each Remote Access Laptop shall only be able to connect to [***] network at any one time. |
i. | Remote Access Laptops shall use either (i) a VPN connection to AT&T through AT&T’s approved Client VPN or (ii) another VPN connection to connect to the Supplier’s corporate network. The Remote Access Laptop may not use both (i) and (ii) at the same time or any other connection method(s). |
j. | The data and voice connection in the Resource Home Location and all associated costs shall be provided by the Supplier per the Supplier’s policy and will be either a wired or wireless connection. AT&T will not be required to cover the charges for data and voice connections in the Resource Home Locations. Wired data connections are preferred. However, if the connection is wireless (e.g., WIFI or cellular wireless connection), the connection must be encrypted and adequately secured. |
k. | Supplier resources shall be notified of the restriction that AT&T Data may not be downloaded and taken offsite. |
Page 152 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
l. | Except where expressly stated, all aforementioned software and hardware shall be provided by the Supplier. |
m. | Security audit logs shall be maintained by the Supplier to track system events, including login attempts, user sessions, logoffs, configuration changes, and other pertinent events and data. Logs shall be retained online for [***] and offline for [***]. |
n. | At all times, the Remote Access Laptop shall be kept in the possession of either the AT&T-approved offshore Supplier resource to whom Supplier has assigned the device or Supplier personnel that are responsible for administering the XXXX. |
4. | Changes in Program: |
a. | The Limited Remote Offshore Access program is subject to change as directed by AT&T. |
b. | AT&T reserves the right to cancel any approved Limited Remote Offshore Access requests upon written notice to the Supplier. |
5. | Work from Resource Residence |
Notwithstanding any contradicting terms in this Agreement, the Parties agree that Supplier resources providing Services under this Agreement are approved to use a Remote Access Laptop/Desktop to connect to the AT&T Secure VPN Gateway from their residence in the USA and outside of USA while adhering to applicable terms in Subsection 3. Remote Access Laptop with AT&T Data other than SPI or AT&T Proprietary – Restricted Information (“APRI”) or Restricted Information (“RI”) requirements.
Page 153 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix E – Prime Supplier MBE/WBE/DVBE Participation Plan and Results
Page 154 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix E, Exhibit 1 – Prime Supplier MBE/WBE/DVBE Participation Plan
PRIME SUPPLIER MBE/WBE/DVBE PARTICIPATION PLAN
YEAR REPORTING:
PRIME SUPPLIER NAME: | ||||
ADDRESS: |
||||
COMPANY E-MAIL: | ||||
TELEPHONE NUMBER: |
DESCRIBE GOODS OR SERVICES BEING PROVIDED UNDER THIS AGREEMENT:
(What product or service is the Prime Supplier providing to AT&T)
DESCRIBE YOUR M/WBE-DVBE OR SUPPLIER DIVERSITY PROGRAM AND THE PERSONNEL DEDICATED TO THAT PROGRAM
(Prime Supplier should note their outreach activities to diverse suppliers, membership in National Diversity Organizations, commitment from company leadership on engaging diversity suppliers, etc.)
THE FOLLOWING, TOGETHER WITH ANY ATTACHMENTS IS SUBMITTED AS AN MBE/WBE/DVBE PARTICIPATION PLAN.
1. | GOALS |
A. | WHAT ARE YOUR MBE/WBE/DVBE PARTICIPATION GOALS? |
MINORITY BUSINESS ENTERPRISES (MBEs)
WOMAN BUSINESS ENTERPRISES (WBEs)
DISABLED VETERAN BUSINESS ENTERPRISES (DVBEs)
B. | WHAT IS THE ESTIMATED ANNUAL VALUE OF THIS CONTRACT: $ |
C. | WHAT ARE THE DOLLAR AMOUNTS OF YOUR PROJECTED MBE/WBE/DVBE PURCHASES: |
Multiply % in A. above against contract value listed in B. above
Page 155 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
MINORITY BUSINESS ENTERPRISES (MBEs) $
WOMAN BUSINESS ENTERPRISES (WBEs) $
DISABLED VETERAN BUSINESS ENTERPRISES (DVBEs) $
2. | LIST THE PRINCIPAL GOODS AND SERVICES TO BE SUBCONTRACTED TO MBE/WBE/DVBEs OR DELIVERED THROUGH MBE/WBE/DVBE VALUE ADDED RESELLERS |
(What part of the Prime Suppliers supply chain provides opportunities for diversity subcontracting)
Page 156 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix E, Exhibit 2 – MBE/WBE/DVBE Results Report
MBE/WBE/DVBE RESULTS REPORT
DETAILED PLAN FOR USE OF MBE/WBE/DVBEs AS SUBCONTRACTORS, DISTRIBUTORS, VALUE ADDED RESELLERS
For every product and service you intend to use, provide the following information.
(attach additional sheets if necessary)
Company Name |
Classification (MBE/WBE/DVBE) |
Products/Services to be provided |
$ Value | Date to Begin | ||||
__________________ | _____________ | __________ | ________ | __________ | ||||
__________________ | _____________ | __________ | ________ | __________ |
XXXXXX AGREES THAT IT WILL MAINTAIN ALL NECESSARY DOCUMENTS AND RECORDS TO SUPPORT ITS EFFORTS TO ACHIEVE ITS MBE/WBE/DVBE PARTICIPATION GOAL(S). SELLER ALSO ACKNOWLEDGES THE FACT THAT IT IS RESPONSIBLE FOR IDENTIFYING, SOLICITING AND QUALIFYING MBE/WBE/DVBE SUBCONTRACTORS, DISTRIBUTORS AND VALUE ADDED RESELLERS.
THE FOLLOWING INDIVIDUAL, ACTING IN THE CAPACITY OF MBE/WBE/DVBE COORDINATOR FOR SELLER, WILL:
Administer the MBE/WBE/DVBE Participation Plan, submit summary reports, and cooperate in any studies or surveys as may be required in order to determine the extent of compliance by the Seller with the participation plan.
In accordance with Section 3.42, Supplier shall email a copy of the annual plan to [***]. Thereafter, Supplier shall furnish its [***] results to AT&T in accordance with instructions to be provided to Supplier following AT&T’s receipt of Supplier’s initial annual plan. When reporting results, Supplier shall count only expenditures with entities that are certified as MBE, WBE, or DVBE firms by Third Party certifying agencies recognized by AT&T, as listed on xxxx://xxx.xxxxxxxxxxxx.xxx.
NAME: | ||||
TITLE: | ||||
TELEPHONE NUMBER: | ||||
AUTHORIZED SIGNATURE: | ||||
DATE: |
Page 157 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix F – Acceptance Letter
Acceptance Letter
[Print on AT&T Letterhead Stationery]
[Date]
[Name]
[Supplier Name]
[Street Address]
[City], [State] [Zip]
Attn:
In accordance with Section 3.0, “General Terms”, of that certain Master Services Agreement 53258.C, between Amdocs Development Limited and AT&T Services, Inc., effective [Effective Date], the undersigned accepts the Custom Software described on Order [Order No.] to the above-mentioned Agreement as of [Date of Acceptance].
AT&T Services, Inc. | ||
By: | ||
Print Name: | ||
Title: | ||
Date: |
Page 158 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix G – Agreement Regarding Non-Employment Status with AT&T
This Agreement (“Agreement”) dated is made by the individual named below (“I” or “me”), who is engaged to perform work at [Insert name of AT&T company that worker will be doing work for.] (“AT&T Company”), as a worker of Amdocs Development Limited (“Supplier”) under the terms and conditions of the agreement named below between Supplier and AT&T Services, Inc.
a. | Status |
I have been hired by Supplier as a full or part-time employee, a temporary worker, or as an independent contractor and Supplier will be providing services to AT&T Company. I understand that no employment relationship between me and the AT&T Company is created by this Agreement or by my agreement with the Supplier to provide services to Supplier or AT&T Company.
I acknowledge and agree that Supplier shall be solely responsible for all payments to me including payment of compensation, premium payments for overtime, bonuses, and other incentive payments, if any, and payments for vacation, holiday, sick days or other personal days, if any. Also, I will be solely responsible for negotiating and agreeing with Supplier for participation in any Supplier benefit plans, including any pension, savings, or health and welfare plan. Unless AT&T Company expressly provides otherwise in writing, I further understand and agree that I am not eligible to participate in or receive any benefits under the terms of the AT&T Company’s pension plans, savings plans, health plans, vision plans, disability plans, life insurance plans, stock option plans, or any employee benefit plan sponsored by the AT&T Company for any period of time. I understand and agree that the cash payments and benefits which I receive from Supplier shall represent the sole compensation to which I am entitled, and that Supplier will be solely responsible for all matters relating to compliance with all employer tax obligations arising from the performance of Services in connection with this Agreement. These tax obligations include but are not limited to the obligation to withhold employee taxes under local, state and federal income tax laws, unemployment compensation insurance tax laws, state disability insurance tax laws, social security and Medicare tax laws, and all other payroll tax laws or similar laws.
b. | Work Policies and Rules |
i. | I understand that it is my responsibility to ensure that my personal conduct and comments in the workplace are ethical, evidence a high degree of integrity, and support a professional environment free of (i) inappropriate behavior, language, jokes, or actions; (ii) harassment or biased, demeaning, offensive, or derogatory behavior to others based upon race, color, religion, national origin, sex, age, sexual orientation, marital status, veteran’s status, or disability; or (iii) violence. I further agree to refrain from (i) words or conduct that is threatening, intimidating, and/or disrespectful of others, (ii) bringing a firearm or other weapon on any AT&T premises; and (iii) using data services on a wireless device, such as texting or accessing the mobile web or other distracting activities, while driving to or from AT&T’s premises or while operating a vehicle in the performance of any work for AT&T. |
ii. | If AT&T Company provides me access to its computer systems, I agree (a) to use such systems in a professional manner, (b) to use such systems only for business purposes and |
Page 159 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
solely for the purposes of performing under the agreement named below, (c) to use such systems in compliance with AT&T Company’s applicable standards and guidelines for computer systems use, and (d) to use password devices, if applicable and if requested by AT&T Company. Without limiting the foregoing, AT&T Company property, including but not limited to Intranet and Internet services, shall not be used for personal purposes or for any purpose which is not directly related to the business which is the subject of the agreement named below. I acknowledge and agree that I must have a valid AT&T Company business reason to access the Intranet and/or the Internet from within AT&T Company’s private corporate network.
c. | Administrative Terms |
i. | This Agreement shall be effective as of the date executed below, and shall remain in effect notwithstanding my termination of employment with Supplier or termination of my work at AT&T Company. |
ii. | In the event that any provision of this Agreement is held to be invalid or unenforceable, then such invalid or enforceable provisions shall be severed, and the remaining provisions shall remain in full force and effect to the fullest extent permitted by law. |
I have read, understand and agree to abide by this Agreement.
By: | ||
Date: |
Name: | ||
AT&T User ID (if assigned) |
Address: |
Agreement No. between Supplier and AT&T: |
Effective Date: |
Page 160 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix H – Vendor Expense Policy
1.0 | General |
The AT&T Vendor Expense Policy (VEP) provides guidelines to be followed by all vendors of AT&T in requesting reimbursement for business travel, meals and other business related expense. Expenses outside this policy are not reimbursable.
The following principles apply to requests for expense reimbursement:
When spending money that is to be reimbursed, vendors must ensure that an AT&T Company (“Company”) receives proper value in return.
Personal expenditures reported for reimbursement should be billed exactly as they were incurred. The use of averages for any type expenditure or combination of expenditures is not permitted except as specifically provided or documented in a contract.
Every vendor and AT&T employee who certifies or approves the correctness of any voucher or bill should have reasonable knowledge the expense and amounts are proper and reasonable. In the absence of the adoption of such policy, or existing contractual agreements, these guidelines are considered the minimum requirements for requesting reimbursement of Company funds.
Deviations from this VEP must be approved in writing by the sponsoring Senior Manager or Officer of an AT&T Company.
Receipts will be requested and reviewed for any unusual or out of the ordinary expenses or where the approver cannot make a reasonable determination of the propriety of the invoice without a receipt.
1.1 | Non-Reimbursable Expenses |
The following is a list, although not all inclusive, of expenses considered not reimbursable:
• | Airline club membership fees, dues, or upgrade coupon |
• | Baggage fees beyond the first piece of luggage |
• | Xxxxxx/Hairstylist/Beautician Expenses |
• | Birthday cakes, lunches, balloons, and other personal celebration/recognition costs |
• | Break-room supplies for the vendor, such as coffee, xxxxxxx, paper products, soft drinks, snack food |
• | Car rental additional fees as an example: Global Positioning System (GPS) devices, or fee charged for airline frequent flyer miles. |
• | Car Washes |
• | Clothing, personal care items, and toiletries |
• | Credit card fees |
• | Dependent care |
• | Entertainment expenses |
Page 161 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
• | Expenses associated with spouses or other travel companions |
• | Expenses to cover meals or expenses for an AT&T employee, whether in a home location or on official travel |
• | Flowers, cards and gifts |
• | Health Club and Fitness facilities |
• | Hotel pay-per-view movies, Video Games and/or mini bar items |
• | Hotel no-show or cancellation charges |
• | Insurance for rental car and or flight |
• | Internet access in hotels (added to 3.5) |
• | Laundry (except when overnight travel is required for 7 or more consecutive nights) |
• | Lawn care |
• | Lost: luggage, cash, personal items and valuables, and tickets |
• | Magazines & newspapers |
• | Meals not consistent with AT&T’s Global Employee Expense Policy and or meals not directly required for doing business on the AT&T account (e.g. vendors cannot voucher lunch with each other simply to talk about AT&T) |
• | Medical supplies |
• | Membership fees to exercise facilities or social/country clubs |
• | Movies purchased while on an airplane |
• | Office expenses of vendors for example: a calendar |
• | PC, cell phone, and other vendor support expenses (unless specifically authorized in the agreement) |
• | Personal entertainment |
• | Phone usage / Wi-Fi on airline unless prior written approval by AT&T |
• | Safe rentals during a hotel stay |
• | Souvenirs, personal gifts |
• | Surcharges for providing fast service (not related to delivery charges such as FedEx, UPS, etc.). AT&T expects all vendors to complete the terms of contracts in the shortest period practicable. Charges for shortening the timeframe in which contracts are fulfilled are not permissible. |
• | Tips for housekeeping and excessive tips, i.e., in excess of 15% to 18% of cost of meal or services, excluding tax |
• | Tobacco Products |
• | Traffic or Parking Fines |
• | Travel purchased with prepaid air passes. |
• | Upgrades on airline, hotel, or car rental fees |
• | Water (bottled or dispensed by a supplier), (unless authorized for specific countries where it is recommended that bottled water is used) |
• | Fee charged for advanced reservation for airport parking |
• | Supplier shall not bill for travel, meal, or living expenses when its employees are working from their own homes or office locations or at an AT&T location that is one hour’s driving time or less away from the employees’ residences or office locations. |
Page 162 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
The failure to comply with the above mentioned restrictions will result in the Company refusing payment of charges or pursuing restitution from the vendor.
2.0 | Responsibilities |
2.1 | Vendor’s Responsibility |
Vendors are responsible for ensuring clarification of any questions from sponsoring AT&T managers relative to reimbursable business expenses.
It is mandatory that financial transactions are recorded in a timely manner.
Out-of-pocket business expense(s) for vendors that are not submitted for reimbursement within 90 calendar days from the date incurred are considered non-reimbursable.
Company managers who are responsible for approving reimbursable expenses of vendors should ensure they are submitted and approved in a timely manner.
3.0 | Travel Policy |
Vendors must first consider the feasibility of using videoconferencing or teleconferencing as an alternative to travel. Travel that is to be reimbursed by AT&T should be incurred only as necessary and pre-approved by AT&T (unless otherwise authorized in the agreement).
AT&T reserves the right to dispute any expense submittal and if not verifiable as valid may reject reimbursement. Reimbursements will be made to vendor only after expenses are verified as valid.
3.1 | Travel Authorization |
Travel requiring overnight stays must be pre-approved by the sponsoring AT&T 3rd Level Manager or above and should be approved only if it is necessary for the vendor to travel to perform required work.
3.2 | Travel Reservations |
Vendors are expected to procure the most cost efficient travel arrangements, preferably equivalent to the AT&T discount rate. AT&T does not reimburse for travel purchased with prepaid air passes.
3.3 | Travel Expense Reimbursement |
Vendor travel expenses incurred for company business are reimbursable only as specified in these guidelines. Travel expenses may include the following:
• | Transportation (airfare or other commercial transportation, car rental, personal auto mileage, taxi and shuttle service) |
• | Meals and lodging |
• | Parking and tolls |
• | Tips/xxxxxx service (if necessary and reasonable) |
• | Vendors who stay with friends or relatives or other vendor employees while on a Company business trip will NOT be reimbursed for lodging, nor will they be reimbursed for expenditures made to reciprocate their hospitality by buying groceries, being host at a restaurant, etc. |
Page 163 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
The expense must be ordinary and necessary, not lavish or extravagant, in the judgment of the AT&T sponsoring management. Any reimbursement request must be for actual expenditures only.
3.4 | Air Travel Arrangements |
Vendors must select lowest logical coach airfare (fares available in the market at the time of booking, preferably well in advance of trip to attain lowest possible airfare). Vendors must consider non-refundable fares, routing requiring one additional interim stop in each direction, or an alternate flight within 2 hours of the original departure and arrival time. First class bookings are not reimbursable. Vendors can request business class when a single segment of flight time (“in air time” excluding stops, layovers and ground time) is greater than 8 continuous hours providing the relevant manager pre-approves.
3.5 | Hotel Arrangements |
AT&T has established Market-Based Room Rate Guidelines for vendors to reference when making hotel reservations in the United States. Vendors should contact their AT&T sponsoring manager to receive guidance for hotel rates when traveling in the U.S. Sponsoring managers may access Travel Central to obtain information on the AT&T U.S. Market Guidelines. Vendors traveling outside the U.S. should reference the GSA, Government Per Diem as a guide: xxxxx://xxxxxxx.xxxxx.xxx/xxx000/xxx_xxxx.xxx. Non-US vendors may use these dollar per diems as a guide, but any locally specified per diems will take precedence. Vendors are expected to abide by these guidelines when making hotel arrangements or use specified AT&T preferred hotels/maximum location rates or reasonably priced hotels outside of the U.S. The AT&T sponsoring manager can advise which hotel/max rate to use if there is a hotel in the location concerned. AT&T will only reimburse vendors up to the established room rate guideline/AT&T preferred hotel rate in each market, or for actual hotel lodging charges incurred, whichever is less.
There must be a strong business justification for incurring any cost for internet access, and a request for reimbursement must be accompanied by a detailed explanation regarding reason for charge.
Note: Vendors must indicate the number of room nights on the transaction line when invoicing for reimbursement of hotel expenses. Copies of all hotel bills must be made available for any invoice containing lodging charges.
3.6 | Ground Transportation |
While away from their home location overnight, vendors are expected to utilize rapid transit or local shuttle service. If the hotel provides a complimentary shuttle, vendors are to use this service before paying for transportation. If complimentary service is not provided a taxi or other local transportation is reimbursable as a business expense. Tips provided to taxi drivers cannot exceed 15% of the value of the total fare.
A rental car is appropriate when the anticipated business cost is less than that of other available public transportation. Except to the extent necessary to accommodate several travelers and/or luggage requirements, vendors will not be reimbursed for automobile rentals other than economy or mid-sized/intermediate models.
Page 164 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
“Loss Damage Waiver” and “Extended Liability Coverage” are not considered reimbursable in the US. Prepaid fuel or refueling charges at the time of return are not reimbursable. Rental cars should be refueled before returning to the rental company, since gas purchased through the rental company carries an expensive refueling service charge.
3.7 | Use of Personal Vehicle |
When use of personal vehicle is required for business travel, AT&T will reimburse for daily mileage for amounts over 50 miles (first 50 miles not reimbursable). This includes parking and toll fees. Vendors/suppliers should provide the following information:
• | Purpose of the trip |
• | Date |
• | Starting Point and Destination |
• | Mileage log –when combining numerous trips, a mileage log should be provided showing the total mileage of the daily trips less the 50 miles not allowed for reimbursement (See Section 3.16, “Expenses Incurred in the vicinity of home/work location” below). |
3.8 | Parking |
If airport parking is necessary, vendors must use long term parking facilities. Additional costs for short term, valet or covered parking are not reimbursable.
3.9 | Entertainment |
Entertainment expense is not reimbursable to vendors. Entertainment includes meal expense involving AT&T personnel, golf fees, tickets to events and related incidental expenses. Hotel charges for a pay-per-view movie, individual sightseeing tours, or other individual activities (i.e., golf, sporting event, movie, etc.) are not reimbursable.
3.10 | Laundry and Cleaning |
Reasonable laundry charges during business trips of seven or more consecutive nights are reimbursable based on actual expenses incurred.
3.11 | Communications |
• | The actual cost of landline telephone calls for AT&T business is reimbursable. The use of AT&T products is required when available. |
• | AT&T will not reimburse vendors for cell phone bills unless approved under the contract. With prior consent of the sponsoring AT&T Senior Manager, only individual calls that exceed a vendor’s rate plan that are necessary to conduct business for AT&T may be reimbursed. |
• | Charges for high speed internet access are not reimbursable unless specifically approved in the contract. |
3.12 | Business Meals (Travel and Non-Travel) |
Vendors when dining alone on an out-of-town business trip are expected to spend $62 USD or less per day inclusive of tax and gratuity for meals within the U.S. and $153 USD equivalent or less per day inclusive of tax and gratuity for meals outside the U.S. except where governed by law or mandatory per diem. This includes all meals purchased during the day. Vendors should take into consideration the travel destination and exercise good judgment in incurring reasonable meal expenses.
Page 165 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
AT&T managers authorizing invoices will be held accountable for ensuring that vendors are following this policy and are spending Company funds economically.
3.13 | Flowers, Greeting Cards, Gifts and Incentive Awards |
The cost of gifts, flowers, birthday lunches, or greeting cards is considered a personal expense and is not reimbursable. For example, vendors making a donation or providing a gift for a fund-raiser for AT&T may not submit such an expense to AT&T for reimbursement.
3.14 | Loss or Damage to Personal Property |
The Company assumes no responsibility for loss or damage to a vendor’s personal property during business functions or hours.
3.15 | Publications |
Subscriptions to or purchases of magazines, newspapers and other publications are not reimbursable.
3.16 | Expenses incurred in the vicinity of home/work location |
Supplier shall not bill for travel, meal or living expenses when employees are working from their own homes, office locations or an AT&T location that is within 50 miles of the employees’ residence or work location.
Page 166 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix I – Non-Disclosure Agreements
Page 167 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Page 168 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix I, Exhibit 1 – Non-Disclosure Agreement between Amdocs and External Auditors, Other Vendors, or Consultants for AT&T
NON – DISCLOSURE AND CONFIDENTIALITY AGREEMENT
THIS NON-DISCLOSURE AND CONFIDENTIALITY AGREEMENT (“Agreement”) is made as of the day of , 20 (the “Effective Date”) by and between , a company incorporated under the laws of , having its principal offices at (“Company” or [“include the name of the other party”]) and Amdocs , a company incorporated under the laws of , having its principal offices at (“Amdocs”).
WHEREAS Amdocs may disclose to Company information that is part of Amdocs’ Confidential Information (as defined below) in relation to (“Purpose”) and, therefore, the parties wish to set forth the manner in which Amdocs’ Confidential Information will be treated;
NOW, THEREFORE, for good and valuable consideration, the receipt and sufficiency of which is hereby acknowledged, the parties, intending to be legally bound, agree as follows:
1. | “Confidential Information” means any information of a confidential nature relating to Amdocs that is disclosed (whether before or after the Effective Date and whether in writing, verbally, by inspection or demonstration, or by any other means, and whether directly or indirectly) by Amdocs or by another person on its behalf to the Company or to another person on its behalf including, without limitation, any information relating to the Purpose or to Amdocs’ financial or credit status, product information, computer programs, documentation, trade secrets, systems, methodology, marketing and other commercial knowledge, techniques, specifications, operations, processes, plans or intentions, know-how, design rights, market opportunities, and business affairs. “Confidential Information” shall also include the Purpose. For purposes of this Agreement, any Confidential Information related to or disclosed by Amdocs’ affiliates, clients, consultants, and/or subcontractors shall be considered Confidential Information. [For Amdocs competitors, add: Notwithstanding the foregoing, Company shall not be entitled to access or use in any matter any Confidential Information consisting of . If Company obtains any such Confidential Information, it shall return it to Amdocs as soon as possible.] |
2. | Company agrees: (a) to keep confidential and not to disclose the Confidential Information to anyone, other than to its employees who have a need to know such Confidential Information for the Purpose [For Amdocs competitors, add—and who are listed on Exhibit A attached hereto and made a part hereof (the “Authorized Individuals”) (the Company’s personnel not listed in Exhibit A shall not be permitted access, nor shall they be exposed to any Confidential Information under any circumstances)]; and (b) not to use the Confidential Information for any purposes other than the Purpose; and (c) not to alter, decompile, disassemble, reverse engineer, or otherwise modify the Confidential Information. |
3. | Company shall protect the Confidential Information using at least the same degree of care that it uses to protect its own trade secrets, but no less than a reasonable degree of care. Without limiting the generality of the foregoing, Company shall: (a) inform parties to whom the disclosure is permitted under this Agreement about the confidential status of the Confidential Information and restrictions of this Agreement; (b) take adequate steps to bind such recipients with respect to the use and protection of the Confidential Information under terms and conditions substantially similar to those herein; and (c) require each employee to whom Confidential Information is disclosed [For Amdocs competitors, add—Authorized Individual] to sign a written acknowledgment in substantially the form of Exhibit [A][B] attached hereto and made a part hereof. |
Page 169 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
4. | [For Amdocs competitors—For a period commencing on the date first stated above and ending two (2) years following the conclusion of the involvement, whether directly or indirectly, of any Authorized Individual in the Purpose, such Authorized Individual shall not be assigned by Company to: (i) perform software development, maintenance, or support services relating to any Amdocs products for any third parties, or (ii) participate in any Competitive Project. For purposes of this Agreement a “Competitive Project” is any bid or project in which Amdocs and Company are competing with respect to the provision of licenses or services. |
5. | [For Amdocs competitors, add – Company undertakes not to (i) disclose to any third parties that it has any familiarity with or knowledge of the Confidential Information disclosed under this Agreement; or (ii) disparage Amdocs products or services related to the Purpose.] |
6. | Upon the termination and/or expiration of this Agreement for any reason or the conclusion of discussions regarding the Purpose and/or at the request of Amdocs, the Company shall immediately: |
(a) | return to Amdocs any Confidential Information; and/or |
(b) | destroy any document or other material in any form that contains Confidential Information; and |
(c) | confirm to Amdocs in writing such return and/or destruction. |
7. | All Confidential Information furnished hereunder shall remain the property of Amdocs, its affiliates, or their licensors, as the case may be. No patent, trademark, copyright, or other proprietary right or license is granted to the Company under this Agreement. |
8. | Confidential Information under this Agreement is provided on an “AS IS” basis. Amdocs makes no a representation or warranty, express or implied, with respect to the truth, accuracy, completeness, or reasonableness of the Confidential Information. |
9. | The confidentiality obligations of the Company set forth herein shall not apply to such Confidential Information that Company can prove by written records: |
(a) | becomes public domain without fault on the part of the Company; |
(b) | is lawfully obtained by the Company from any source other than Amdocs, free of any obligation to keep it confidential; |
(c) | is previously known to the Company without an obligation to keep it confidential; |
(d) | is expressly released in writing from such obligations by Amdocs; or |
(e) | is required to be disclosed pursuant to law, regulation, judicial or administrative order, or request by a governmental or other entity authorized by law to make such request; provided, however, the Company first notifies Amdocs to enable it to seek relief from such requirement, and renders reasonable assistance requested by Amdocs in connection therewith. |
Page 170 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
10. | This Agreement shall be in full force and effect for a period of five (5) years commencing on the Effective Date. However, the obligations set out in Clauses 2, 5, 6 and 14[Need to conform if Sections 4 and 5 are not used because the Company is not an Amdocs Competitor] shall survive the termination and/or expiration of this Agreement for any reason. |
11. | Company acknowledges that its breach of this Agreement may cause Amdocs extensive and irreparable harm and damage, and agrees that Amdocs shall be entitled to seek injunctive relief to prevent use or disclosure of its Confidential Information not authorized by this Agreement, in addition to any other remedy available to Amdocs under equity or applicable law. |
12. | The failure to exercise or delay in exercising a right or remedy provided by this Agreement or by law does not constitute a waiver of the right or remedy or a waiver of other rights or remedies. No single or partial exercise of a right or remedy provided by this Agreement or by law prevents a further exercise of the right or remedy or the exercise of another right or remedy. |
13. | This Agreement constitutes the entire agreement between the parties and supersedes any prior or contemporaneous oral or written representation with regard to the subject matter hereof. This Agreement may not be modified except by a written instrument signed by both parties. If any provision of this Agreement is determined by a court of competent jurisdiction to be invalid or unenforceable, such invalidity or unenforceability shall not invalidate or render unenforceable the entire Agreement and the Agreement shall be construed as if not containing such invalid or unenforceable provision(s), and the rights and obligations of the parties shall be construed and enforced accordingly. Parties agree to cooperate to replace the invalid or unenforceable provision(s) with valid and enforceable provision(s) that will achieve the same result (to the maximum legal extent) as the provision(s) determined to be invalid or unenforceable. |
14. | This Agreement shall be governed by and construed under the laws of the State of New York, U.S.A., excluding conflicts of law provisions. Each party irrevocably and unconditionally waives any right it may have to a trial by jury in respect of any legal action arising out of or relating to this Agreement or the transactions contemplated hereby. |
15. | This Agreement may be executed in several counterparts, each of which shall be deemed an original and all of which shall constitute one and the same instrument and shall become effective when counterparts have been signed by each of the parties; it being understood that all parties need not sign the same counterparts. |
IN WITNESS WHEREOF, the parties hereto have executed this Agreement on the date(s) specified below
[Include the name of the other party] | Amdocs Development Limited | |||||||
By: | By: | |||||||
Name: | Name: | |||||||
Title: | Title: | |||||||
Date: | Date: |
Page 171 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
LIST OF AUTHORIZED INDIVIDUALS
First and last name | Title | Office address |
Page 172 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
[Exhibit A]
Exhibit A [B]
ACKNOWLEDGMENT OF NON-DISCLOSURE OBLIGATIONS
I have read and understand the Non-Disclosure and Confidentiality Agreement dated between Amdocs and Company and agree to be bound by all the provisions of that Agreement as if I were a party thereto.
Signature: | ||
Name: | ||
Employer: | ||
Title: | ||
Date: |
Page 173 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix I, Exhibit 2 – Non-Disclosure between a Vendor, Consultant, Or Third Party to AT&T and AT&T
Page 174 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
NON-DISCLOSURE AGREEMENT
THIS AGREEMENT, effective on the date when signed by the last Party (“Effective Date”), is between <AT&T Company>, a <AT&T State Inc> corporation, on behalf of itself and its Affiliates (collectively “AT&T”), and <Supplier Name>, a <Supplier State Inc> corporation, on behalf of itself and its Affiliates (collectively the “Receiving Party”). Each Party may be referred to in the singular as a “Party” or in the plural as the “Parties” to this Agreement.
The Parties agree as follows:
1. | In connection with ongoing discussions or negotiations between AT&T and the Receiving Party concerning Project Name (the “Project”), AT&T may find it beneficial to disclose to the Receiving Party certain confidential or proprietary information in written, oral, or other tangible or intangible forms, which may include, but is not limited to, discoveries, ideas, concepts, know-how, techniques, designs, specifications, drawings, blueprints, tracings, diagrams, models, samples, flow charts, data, computer programs, disks, diskettes, tapes, marketing plans, customer names, and other technical, financial, or business information (individually and collectively, “Information”). Information provided by AT&T or its contractors shall be deemed to be confidential and proprietary unless otherwise exempt as specified below. |
2. | The Receiving Party understands that, except as otherwise agreed in writing, the Information which it may receive concerning AT&T’s future plans with respect to the Project is tentative and is not intended to represent firm decisions concerning the implementation of such plans. Information provided by AT&T does not represent a commitment to purchase or otherwise acquire any products or services from the Receiving Party. If AT&T desires to purchase or otherwise acquire any products or services from the Receiving Party, the Parties will execute a separate written Agreement to govern such transactions. |
3. | The Receiving Party shall: |
a. | hold such Information in confidence with the same degree of care with which the Receiving Party protects its own confidential or proprietary Information, but no less than reasonably prudent care; |
b. | restrict disclosure of the Information solely to its employees, contractors, and agents with a need to know such Information, advise those persons of their obligations hereunder with respect to such Information, and ensure that such persons are bound by obligations of confidentiality no less stringent than those imposed in this Agreement; |
c. | use the Information only as needed for the purposes of the Project; |
d. | except for the purposes of the Project, not copy, distribute, or otherwise use such Information or knowingly allow anyone else to copy, distribute, or otherwise use such Information, and any and all copies shall bear the same notices or legends, if any, as the originals; and |
e. | upon request, promptly return to the AT&T all Information that is in tangible form; as to Information that was disclosed in intangible form, including, but not limited to electronic mail, upon request by AT&T, the Receiving Party shall certify in writing within five (5) business days to AT&T that all such Information has been destroyed or, if the Information was recorded on an erasable storage medium, that all such Information has been erased. |
Page 175 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
4. | The Receiving Party possessing or receiving Information shall have no obligation to preserve the confidential or proprietary nature of any Information which: |
a. | was already known to the Receiving Party free of any obligation to keep it confidential at the time of its disclosure by AT&T as evidenced by the Receiving Party’s written records prepared prior to such disclosure; or |
b. | is or becomes publicly known through no wrongful act of the Receiving Party; or |
c. | is rightfully received from a third person having no direct or indirect secrecy or confidentiality obligation to AT&T with respect to such Information; or |
d. | is independently developed by an employee, contractor, or agent of the Receiving Party or another party not associated with the Project and who did not have any direct or indirect access to the Information; or |
e. | is approved for release by written authorization by AT&T; or |
f. | it is required to disclose pursuant to an order of a duly empowered government agency or a court of competent jurisdiction, provided due notice and an adequate opportunity to intervene is given to AT&T, unless such notice is prohibited by such order. |
5. | This Agreement shall apply to all Information relating to the Project disclosed by AT&T and shall continue for a period of five (5) years thereafter. The term of this Agreement is three (3) years from the above stated Effective Date. |
6. | The Information shall be deemed the property of AT&T, who exclusively shall retain all rights to such Information. Nothing contained in this Agreement shall be construed as granting or conferring any rights by license or otherwise in any such Information to the Receiving Party. |
7. | This Agreement shall benefit and be binding upon the Parties hereto and their respective Affiliates, successors, and assigns. For the purposes of this Agreement, the term “Affiliate” means (1) a company, whether incorporated or not, which owns, directly or indirectly, a majority interest in either Party (a “parent company”), and (2) a company, whether incorporated or not, in which a five percent (5%) or greater interest is owned, either directly or indirectly, by: (i) either Party or (ii) a parent company. |
8. | NOTWITHSTANDING ANYTHING IN THIS AGREEMENT TO THE CONTRARY, AT&T MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY NATURE WHATSOEVER WITH RESPECT TO ANY INFORMATION FURNISHED HEREUNDER, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR AGAINST INFRINGEMENT. |
9. | In the event the Receiving Party discloses, disseminates, or releases any confidential or proprietary Information received from AT&T, except as provided in Section 4, such disclosure, dissemination, or release shall be deemed a material breach of this Agreement. AT&T may demand prompt return of all confidential and proprietary Information previously provided to the Receiving Party and terminate this Agreement. The provisions of this Section are in addition to any other legal rights or remedies AT&T may have in law or in equity. |
10. | This Agreement may only be changed or supplemented by a written amendment signed by authorized representatives of the Parties to this Agreement. |
Page 176 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
11. | This Agreement shall be governed by and construed in accordance with the laws of the State of Texas, irrespective of its choice of law principles. Each Party agrees to comply with all laws, including, but not limited to, laws and regulations regarding the export of information outside the United States. The Receiving Party will not knowingly transmit, directly or indirectly, in whole or in part, any Information of AT&T, or export, directly or indirectly, any product of the Information in contravention of the laws of the United States or the laws of any other country governing the aforesaid activities. The Receiving Party will not transfer any Information received hereunder or any product made using such Information to any country prohibited from receiving such data or product by the U.S. Department of Commerce Export Administration Regulations without first obtaining a valid export license and written consent of AT&T. In the event the Receiving Party violates the foregoing, it agrees to defend, indemnify, and hold harmless AT&T from and against any claim, loss, liability, expense or damage including fines or legal fees, incurred by AT&T with respect to the export or re-export activities contrary to the foregoing. Notwithstanding any other provision of this Agreement or any Supplement attached hereto, this Section shall survive any termination or expiration of this Agreement and any Supplements attached hereto. |
IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed, which may be in duplicate counterparts, each of which will be deemed to be an original instrument but all of which together shall constitute only one document, as of the date the last Party signs.
Page 177 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
<Supplier Name> | AT&T Services, Inc. | |||||||
By: | By: | |||||||
Printed Name: | Printed Name: | |||||||
Title: | Title: | |||||||
Date: | Date: |
Page 178 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix J—Disaster Recovery Plan (“DRP”) and Business Continuity Plan (“BCP”)
Amdocs BCP/DRP Summary
Amdocs is a global company with development centers located around the world. At Amdocs, we are totally committed to providing the best possible products and services to our customers, and our commitment includes the ability to continue providing those products and services in the event of a major catastrophe at one of our development centers.
Our global presence inherently supports the BCP concept. All BCP/DRP operations world-wide are coordinated by a dedicated corporate BCP/DRP team. Since all of our development centers are interconnected, in the event of a major catastrophe, employees from damaged locations can relocate to alternate Amdocs facilities—in the same region or another region, depending on the situation—to continue supporting customer operations.
Our DRP strategy is based on ongoing replication of data to other Amdocs facilities, allowing full recovery of data from damaged sites and ensuring our capability to fully restore the damaged environment. Amdocs data centers are remotely monitored 24 x 7 x 365 and supported by technical professionals spread across the globe. In addition to DRP preparations, backups are performed on a daily basis, and tapes are tested and shipped to off-site storage facilities on a regular basis.
Our BCP/DRP plans are regularly tested and updated as needed to comply with changes in technologies and business needs.
The size of the company and the level of expertise across sites allow Amdocs, in case of a catastrophic event, to send development, operational, and technical reinforcement teams to customer sites to provide support and resolve issues following a disaster. In addition, other professional groups can be sent to assist and reinforce disaster recovery personnel. This allows Amdocs to provide ongoing support to our customers in a disaster situation until normal operations can resume.
Below are the alternate BCP/DRP destinations for the Amdocs sites currently supporting AT&T.
Development Site |
Alternative BCP/DRP Site | |||
Haifa |
[***] | |||
Nazareth |
[***] | |||
Raanana |
[***] | |||
Negev |
[***] | |||
Cyprus / Maritime |
[***] | |||
India / Magarpatta |
[***] |
Page 179 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix K—EU Data Privacy and GDPR Data Processing Obligations
The provisions in this Appendix shall be applicable to the Processing of Personal Data that is subject to Data Privacy Laws. To the extent that there is a conflict between the terms and conditions elsewhere in this Agreement and those in this Appendix, the latter shall control to the extent of such conflict.
1. | Definitions |
The following definitions shall apply to this Appendix:
Data Controller: a natural or legal person who is considered to be a “controller” in relation to the Personal Data under the GDPR.
Data Processor: a natural or legal person who is considered to be a “processor” of the Data Controller under the GDPR.
Data Privacy Laws: applicable laws or regulations of the European Union (including those applicable in the European Economic Area) and member states of the European Economic Area in relation to Personal Data.
Data Subject: has the meaning ascribed to “data subject” under the GDPR.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Personal Data: any information that is considered under the GDPR to be “personal data” that Supplier Processes under this Agreement.
Personal Data Breach: has the meaning ascribed to “personal data breach” under the GDPR, to the extent that such breach occurs with respect to Personal Data.
Process and Processing: have the meaning ascribed to “process” or “processing” under the GDPR.
Restricted Jurisdiction: a country outside the European Union or, if applicable, a specific territory or sector within such a country, or an international organization, in each case, which the European Commission has not decided ensures an adequate level of data protection.
Sub-Data Processor: a natural or legal person who is engaged (directly or indirectly) by the Data Processor to carry out specific Processing activities on behalf of the Data Controller.
Supervisory Authority: any governmental authority, agency or regulator in relation to Personal Data, including “supervisory authorities” as understood under Data Privacy Laws.
2. | Supplier as Data Processor or Sub-Data Processor |
This Section 2 applies to the extent that in relation to particular Personal Data:
• | AT&T is a Data Controller and Supplier is its Data Processor; or |
• | AT&T is a Data Processor and Supplier is its Sub-Data Processor. |
2.1. | Supplier Obligations |
Without limiting its obligations under Section 2, Supplier shall:
(a) | Process such Personal Data only in accordance with the instructions that are set forth in this Agreement and Exhibit 1 to this Appendix or are otherwise agreed to by the Parties in writing including as to the subject-matter and duration of the Processing, the nature and purpose of the Processing, the type of Personal Data and categories of Data Subjects; |
Page 180 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
(b) | ensure that Supplier’s employees, agents and contractors who Process such Personal Data are subject to written obligations of confidentiality; |
(c) | implement the technical and organizational security measures that are set forth in this Agreement and Exhibit 1 to this Appendix to ensure a level of security appropriate to the risk, taking into account: (i) the state of the art, costs of implementation, nature, scope, context and purposes of the Processing; and (ii) the risks of accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to such Personal Data that is Processed with respect to all Processing of Personal Data; |
(d) | not have such Personal Data Processed by another natural or legal person except to the extent that Supplier has: |
• | received the prior specific or general written authorization of AT&T for such Processing; |
• | imposed on such other natural or legal person data protection obligations that are the same in all material respects as those set forth in this Appendix, to the extent required pursuant to Data Privacy Laws; |
• | with respect to Sub-Data Processors for which Supplier has received general written authorization, informed AT&T in writing of any changes concerning the addition or replacement of such Sub-Data Processors and obtained AT&T’s written consent prior to allowing Processing by such Sub-Data Processor; |
(e) | notify AT&T in writing through its business contact of any communications or requests in relation to Personal Data received from Data Subjects, Supervisory Authorities or other third parties without undue delay following receipt of such communications or requests. Supplier shall provide such notices via e-mail to its business contact with a copy to xxxxxxxxxxxxx@xxx.xxx with the subject line stating “URGENT—Personal Data Related.” |
(f) | taking into account the nature of Supplier’s Processing activities, assist AT&T at AT&T’s reasonable request to enable the (i) Data Controller to fulfill its obligations to respond to requests by Data Subjects in relation to their rights under Data Privacy Laws, and (ii) Data Controller (and if different, AT&T) to fulfill its obligations to respond to requests by Supervisory Authorities and other third parties; |
(g) | taking into account the nature of Supplier’s Processing of such Personal Data and information available to Supplier: |
• | notify AT&T by calling AT&T Asset Protection (at [***] within the U.S. or [***] outside the U.S.) of any Personal Data Breach without undue delay after becoming aware of such breach; and |
Page 181 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
• | without undue delay provide reasonable assistance to AT&T in relation to any obligations of the Data Controller (including under Data Privacy Laws) in relation to: |
• | a Personal Data Breach; and |
• | the performance of data protection impact assessments by the Data Controller. |
To the extent that the assistance required of Supplier under subsections (f) and (g) above may require Supplier to incur substantial costs, Supplier will notify AT&T in advance of incurring such costs and the Parties will negotiate in good faith the fees, if any, to be paid to Supplier for such assistance.
(h) | securely delete all such Personal Data, including all existing copies (or, to the extent AT&T reasonably requests, securely return the Personal Data and copies to AT&T in a commonly used data format (to be agreed by the Parties acting reasonably), when no longer needed for the purposes for which it was collected, which shall be within [***] of the end of the term of this Agreement at the latest unless otherwise reasonably requested by AT&T, provided, however, that no such deletion will be required to the extent that (a) applicable law requires storage of such data beyond such period; or (b) AT&T instructs Supplier in writing to retain such data beyond such period; and |
(i) | at AT&T’s request, make available to AT&T all information necessary to demonstrate compliance with Supplier’s obligations under this Appendix concerning the Supplier’s data security and privacy procedures relating to the processing of Personal Data for the purpose of demonstrating compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller in accordance with Section 3.31 of this Agreement, provided that Supplier shall notify AT&T in writing if it believes in good faith that the exercise of rights under this Section 3.1(i) would infringe Data Privacy Laws. Supplier agrees that AT&T has the right under the GDPR to disclose some or all of the information contained in, or obtained in connection with, this Appendix to : |
• | Data Controllers, Supervisory Authorities, Data Subjects; and |
• | other third parties to the extent required under Data Privacy Laws; and |
(j) | provide and keep current its processing-related information, Data Protection Officer information, and point of contact information in a medium and form acceptable to AT&T. |
2.2. | Cross-Border Transfers to Restricted Jurisdictions. With respect to Personal Data originating in a country identified in Table 1, below, and processed by Supplier in a Restricted Jurisdiction, Supplier shall process (including making any transfers of) such data in accordance with (i) the terms and conditions set out in this Appendix, (ii) Appendix L, Standard Contractual Clauses and (iii) Data Privacy Laws. |
Page 182 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
TABLE 1 |
||||||
Austria |
FINLAND | LATVIA | PORTUGAL | |||
BELGIUM | FRANCE | LIECHTENSTEIN | ROMANIA | |||
BULGARIA | GERMANY | LITHUANIA | SLOVAKIA | |||
CROATIA | GREECE | LUXEMBOURG | SLOVENIA | |||
CYPRUS | HUNGARY | MALTA | SPAIN | |||
CZECH REPUBLIC | ICELAND | NETHERLANDS | SWEDEN | |||
DENMARK | IRELAND | NORWAY | SWITZERLAND | |||
ESTONIA | ITALY | POLAND | UNITED KINGDOM |
2.3. | Permitted Sub-Data Processors |
AT&T acknowledges that it has authorized Supplier to engage the natural or legal persons identified by Supplier as of the date of this Appendix in Exhibit 2 to this Appendix to process Personal Data on behalf of the Data Controller. In respect of any permitted Sub-Data Processors, AT&T hereby authorizes Supplier to enter into the Standard Contractual Clauses for and on behalf of AT&T to the extent necessary to secure compliance with the Data Privacy Laws.
Page 183 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
EXHIBIT 1—Description Of Processing Of Personal Data
The below describes the Processing of Personal Data under this Agreement.
Additional details with breakdown of applications currently identified as impacted by European data is provided in Attachment 1 – Impact By Application. The Parties will maintain the details of Attachment 1 – Impact By Application and the list of Subcontractors for Exhibit 2 without the need to amend this Agreement to include the updates.
Subject Matter
Supplier Processes Personal Data in relation to provision of the Services under this Agreement.
Nature of Processing
Personal Data will be subject to the following Processing operations: [Note: Insert “Y” to indicate those that apply and “N” to indicate those that don’t]
[Y] Provisioning, testing, delivering, monitoring, maintaining, managing and de-provisioning/winding down the Services
[Y] Managing network devices
[N] Monitoring and analyzing network utilization/network management information
[Y] Identifying and resolving service performance issues
[Y] Creating, storing, utilizing, and delivering reports and related data
[Y] Enabling access to AT&T facilities and systems
[Y] Transmitting and storing electronic communications
[Y] Creating, storing and delivering bills; and receiving, storing, investigating and responding to billing inquiries
[N] Storing, utilizing, and maintaining contract documents and related materials
[Y] Xxxxxxx, utilizing, and maintaining other documents and records containing Personal Data
[Y] Communicating with AT&T employees/representatives, AT&T’s customer’s employees/representatives, other suppliers’ (other than Supplier’s) employees/representatives and/or the employees/representatives of such suppliers’ subcontractors of any tier regarding the Services
[Y] Performing other functions in support of the Services (please specify): Please see Exhibit Attachment 1 – Impact by Application.
[Y] Transferring Personal Data to Restricted Jurisdictions in connection with any processing operation
Page 184 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Purpose of Processing
Supplier Processes Personal Data to provide the Services, perform its obligations and exercise its rights under this Agreement, and comply with its legal obligations
Categories of Personal Data
The Personal Data processed for AT&T concerns the following categories of Personal Data: [ Note: Insert “Y” to indicate those that apply and “N” to indicate those that don’t]
[Y] Business contact data
[Y] Electronic communications metadata
[Y] Device identification data
[Y] Geolocation data
[Y] Authentication credentials
[Y] Recorded content of electronic communications
[Y] Application content (e.g., managing content in a database)
[Y] Payment card and similar payment data/other financial data
[Y] Government issued identification numbers
[Y] Personal (e.g., date of birth, family-related, education-related, personal history-related)
[Y] Other (please specify): AT&T Webphone data stored in Datalake
Categories of Sensitive Personal Data (if applicable)
The Personal Data processed for AT&T concerns the following special categories of Personal Data [Note: Insert “Y” to indicate those that apply and “N” to indicate those that don’t]
[N] Racial or ethnic origin
[N] Political affiliation
[N] Religious beliefs
[N] Sexual orientation
[N] Trade union membership
[N] Genetic data
[Y] Biometric data
[N] Health Data
Page 185 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Categories of Data Subjects
The Personal Data processed by Supplier concern the following categories of Data Subjects: [ Note: Insert “Y” to indicate those that apply and “N” to indicate those that don’t]
[Y] Employees/representatives of AT&T and/or its affiliates (i.e., the AT&T group of companies)
[Y] Employees/representatives of AT&T’s customers and/or their affiliates
[N] Employees/representatives of AT&T’s suppliers (other than Supplier) and/or their subcontractors of any tier
[Y] Other (please specify): AT&T Webphone data stored in Datalake
Duration of Processing
Until the Personal Data is no longer needed for the purposes for which it was collected, which shall be at the end of the term of this Agreement at the latest unless otherwise requested by AT&T.
Location of Processing
Approved locations under Appendix C – Offshore Locations of the Agreement and/or locations listed in an Order for Services with respect to which the GDPR would be applicable.
Details of Supplier Data Protection Officer(s) and point(s) of contact for all notices (if different than Supplier Data Protection Officer(s))*
Name | [***] | |||
Title | [***] | |||
Location | [***] | |||
[***] | ||||
Telephone 1 | [***] | |||
Telephone 2 | [***] |
* | Supplier shall keep current its contact information for its Data Protection Officer(s) and other point(s) of contact listed above, without the need to amend this Agreement, by informing Supplier’s AT&T business contact of all changes in a medium and form acceptable to AT&T. |
Page 186 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
EXHIBIT 2—Subcontractors Authorized By AT&T To Process Personal Data*
COMPANY NAME & |
POINT OF CONTACT NAME & TITLE |
POINT OF CONTACT PHONE & EMAIL |
||||||
Telarix |
[ | ***] | [ | ***] | ||||
TCS |
[ | ***] | [ | ***] |
* | Supplier shall keep current its subcontractor contact information listed above, without the need to amend this Agreement, by informing Supplier’s AT&T business contact of all changes in a medium and form acceptable to AT&T. |
Page 187 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix L—Standard Contractual Clauses (Processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
Name of the data exporting organization: |
Address: | ||||||||
Tel.: |
; fax: | ; e-mail: | ||||||
Other information needed to identify the organization |
(the data exporter)
And
Name of the data importing organization: |
Address: | ||||||||
Tel.: |
; fax: | ; e-mail: | ||||||
Other information needed to identify the organization |
(the data importer)
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix
1.
Page 188 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Clause 1
Definitions
For the purposes of the Clauses:
(a) | ‘personal data’, ‘special categories of data’, ‘process/processing’, ‘controller’, ‘processor’, ‘data subject’ and ‘supervisory authority’ shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data1; |
(b) | ‘the data exporter’ means the controller who transfers the personal data; |
(c) | ‘the data importer’ means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC; |
(d) | ‘the subprocessor’ means any processor engaged by the data importer or by any other subprocessor of the data importer who agrees to receive from the data importer or from any other subprocessor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract; |
(e) | ‘the applicable data protection law’ means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established; |
(f) | ‘technical and organisational security measures’ means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. |
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
1 Parties may reproduce definitions and meanings contained in Directive 95/46/EC within this Clause if they considered it better for the contract to stand alone.
Page 189 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Clause 3
Third-party beneficiary clause
1. | The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary. |
2. | The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. |
3. | The data subject can enforce against the subprocessor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses. |
4. | The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law. |
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
(a) | that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State; |
(b) | that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data protection law and the Clauses; |
(c) | that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 to this contract; |
(d) | that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; |
Page 190 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
(e) | that it will ensure compliance with the security measures; |
(f) | that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; |
(g) | to forward any notification received from the data importer or any subprocessor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; |
(h) | to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; |
(i) | that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and |
(j) | that it will ensure compliance with Clause 4(a) to (i). |
Clause 5
Obligations of the data importer2
The data importer agrees and warrants:
(a) | to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; |
(b) | that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; |
2 | Mandatory requirements of the national legislation applicable to the data importer which do not go beyond what is necessary in a democratic society on the basis of one of the interests listed in Article 13(1) of Directive 95/46/EC, that is, if they constitute a necessary measure to safeguard national security, defense, public security, the prevention, investigation, detection and prosecution of criminal offences or of breaches of ethics for the regulated professions, an important economic or financial interest of the State or the protection of the data subject or the rights and freedoms of others, are not in contradiction with the standard contractual clauses. Some examples of such mandatory requirements which do not go beyond what is necessary in a democratic society are, inter alia, internationally recognized sanctions, tax-reporting requirements or anti-money-laundering reporting requirements. |
Page 191 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
(c) | that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred; |
(d) | that it will promptly notify the data exporter about: |
(i) | any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation, |
(ii) | any accidental or unauthorised access, and |
(iii) | any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so; |
(e) | to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred; |
(f) | at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority; |
(g) | to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter; |
(h) | that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent; |
(i) | that the processing services by the subprocessor will be carried out in accordance with Clause 11; |
(j) | to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter. |
Clause 6
Liability
1. | The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or subprocessor is entitled to receive compensation from the data exporter for the damage suffered. |
Page 192 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
2. | If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his subprocessor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity. |
The data importer may not rely on a breach by a subprocessor of its obligations in order to avoid its own liabilities.
3. | If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the subprocessor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the subprocessor agrees that the data subject may issue a claim against the data subprocessor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the subprocessor shall be limited to its own processing operations under the Clauses. |
Clause 7
Mediation and jurisdiction
1. | The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject: |
(a) | to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority; |
(b) | to refer the dispute to the courts in the Member State in which the data exporter is established. |
2. | The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law. |
Clause 8
Cooperation with supervisory authorities
1. | The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law. |
2. | The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any subprocessor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law. |
Page 193 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
3. | The data importer shall promptly inform the data exporter about the existence of legislation applicable to it or any subprocessor preventing the conduct of an audit of the data importer, or any subprocessor, pursuant to paragraph 2. In such a case the data exporter shall be entitled to take the measures foreseen in Clause 5 (b). |
Clause 9
Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established, namely
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Subprocessing
1. | The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses3. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor’s obligations under such agreement. |
2. | The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses. |
3. | The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely |
3 | This requirement may be satisfied by the subprocessor co-signing the contract entered into between the data exporter and the data importer under this Decision. |
Page 194 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
4. | The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority. |
Clause 12
Obligation after the termination of personal data processing services
1. | The parties agree that on the termination of the provision of data processing services, the data importer and the subprocessor shall, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or shall destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore. |
2. | The data importer and the subprocessor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1. |
On behalf of the data exporter:
Name (written out in full):
Position:
Address:
Other information necessary in order for the contract to be binding (if any):
Signature
(stamp of organisation)
On behalf of the data importer:
Name (written out in full):
Position:
Address:
Other information necessary in order for the contract to be binding (if any):
Signature
(stamp of organisation)
Page 195 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this
Appendix
Data exporter
The data exporter is (please specify briefly your activities relevant to the transfer):
Data importer
The data importer is (please specify briefly activities relevant to the transfer):
Data subjects
The personal data transferred concern the following categories of data subjects (please specify):
Categories of data
The personal data transferred concern the following categories of data (please specify):
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
Processing operations
The personal data transferred will be subject to the following basic processing activities (please specify):
APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES
DATA EXPORTER
This Appendix forms part of the Clauses and must be completed and signed by the parties
Name:
Authorized Signature
DATA IMPORTER
Name:
Authorized Signature
Page 196 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
ILLUSTRATIVE INDEMNIFICATION CLAUSE (OPTIONAL)
Liability
The parties agree that if one party is held liable for a violation of the clauses committed by the other party, the latter will, to the extent to which it is liable, indemnify the first party for any cost, charge, damages, expenses or loss it has incurred.
Indemnification is contingent upon:
(a) | the data exporter promptly notifying the data importer of a claim; and |
(b) | the data importer being given the possibility to cooperate with the data exporter in the defence and settlement of the claim4. |
4 | Paragraph on liabilities is optional. |
Page 197 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES
Appendix M – Escrow Agreement
This Appendix forms part of the Clauses and must be completed and signed by the parties A copy of the escrow agreement referenced in Section 8.5b is attached below:
Page 198 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix O – California Consumer Privacy Act Requirements
Definition of CCPA Personal Information
“CCPA Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with an individual or household. Individuals whose data is encompassed by this definition may include, but are not limited to, customers, potential customers, and employees of AT&T. CCPA Personal Information may include, but is not limited to, AT&T Customer Information.
Scope
Supplier must treat all personal information it processes on behalf of AT&T, whether provided by AT&T to Supplier or accessed or collected on AT&T’s behalf by Supplier, as CCPA Personal Information unless instructed otherwise in writing by AT&T.
Obligations
Supplier must not sell, rent, lease, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, an individual’s CCPA Personal Information to another business or third party for monetary or other valuable consideration.
Supplier must not retain or use CCPA Personal Information for any purpose other than the specific purpose of performing the Services specified in this
Agreement.
Supplier must not disclose CCPA Personal Information to any party other than AT&T, except to perform Services for AT&T in accordance with this
Agreement, or except to the extent that disclosure is required by law.
Supplier must not retain, use or disclose CCPA Personal Information outside of the business relationship between Supplier and AT&T.
The Supplier’s obligations that pertain to Customer Information also apply to CCPA Personal Information. If there is a conflict between or among provisions, the most consumer protective provision that also complies with the terms of this Appendix will control.
Supplier must, in performing its duties under this Agreement, abide by all obligations set forth in the CCPA which apply to Amdocs in its role of an IT service provider and not use or disclose any CCPA Personal Information in violation of any restrictions in the CCPA, applicable to Amdocs in connection with this Agreement.
Requests for Data Access
If Supplier collects CCPA Personal Information on behalf of AT&T in accordance with this Agreement, AT&T reserves the right to require Supplier to provide to AT&T all the CCPA Personal Information collected, at any time, in AT&T’s sole discretion (a “Data Access Request”).
Data Access Requests will be provided to Supplier in writing and will identify individual(s) or household(s) whose information Supplier must provide to
AT&T.
Supplier will have [***] to comply with a Data Access Request by providing the information requested to AT&T.
Page 199 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Supplier must maintain complete and accurate records relating to its compliance with each Data Access Request. AT&T and its auditors will have the right to review Supplier’s compliance with any Data Access Request (“Data Access Audit”). AT&T Audits will apply to Data Access Audits.
For a Data Access Audit, Supplier must provide AT&T access at all reasonable times to the records relating to Data Access Requests; systems used to access information identified in the requests; and employees and contractors who facilitated compliance with Data Access Requests.
Requests for Data Deletion
AT&T reserves the right to require Supplier to delete all CCPA Personal Information associated with an individual or household at any time, in AT&T’s sole discretion (a “Data Deletion Request”).
Data Deletion Requests will be provided to Supplier in writing and will identify individual(s) or household(s) whose information must be deleted.
Supplier will have [***] to comply with a Data Deletion Request by (a) deleting the data identified and (b) providing written confirmation to AT&T. If Supplier is required by law to retain information that is subject to a Data Deletion Request or determines it must retain information to provide the Services specified in this Agreement, it will so advise AT&T in writing within [***], and AT&T will provide further direction.
Supplier must maintain complete and accurate records relating to its compliance with each Data Deletion Request (which records must not include data that was required to be deleted). AT&T and its auditors have the right to review Supplier’s compliance with any Data Deletion Request (“Data Deletion Audit”). AT&T Audits apply to Data Deletion Audits.
For a Data Deletion Audit, Supplier must provide AT&T access at all reasonable times to the records relating to Data Deletion Requests; systems used to delete information identified in the requests; and employees and contractors who facilitated compliance with Data Deletion Requests.
Page 200 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
Appendix N – Legacy Software Maintenance
Support and Maintenance Terms for Legacy Standard Software as listed in the table in Section 7 below
1. Error Severity Level Classification
a. Supplier’s Obligation to Provide a Resolution—If AT&T encounters an Error, Harmful Code or Vulnerability in the course of AT&T’s Use of the Standard Software and reports the Error to Supplier as provided in this Section, then Supplier shall proceed to provide a Restoral, if applicable, and a Resolution to AT&T within [***].
b. Reporting and Classification of Errors—AT&T’s authorized representative may report an Error, Harmful Code or Vulnerability by placing a telephone call to Supplier’s nationwide toll free number designated by Supplier to receive such reports. When making such a report, AT&T’s representative shall: report local time at which the call is placed; identify the Computer Program affected by name, Major Release, and Minor Release; identify the computer on which the Error was encountered; describe the unintended results that the computer is producing or the intended results that the computer is failing to produce; provide the call-back telephone number at which AT&T’s authorized representative can be reached; and assign a Severity Level to the Error as follows. AT&T’s authorized representative shall assign:
1.“Severity Level 1” [***];
2.“Severity Level 2” to an Error, other than an Error of Severity Xxxxx 0, that [***];
3.“Severity Level 3” to an Error, other an Error of Severity Level 1 or Severity Level 2, that [***]; and
4.“Severity Level 4” to any Error other than an Error of Severity Xxxxx 0, Xxxxxxxx Xxxxx 0, or Severity Level 3.
c. Variations—The obligations of Section 2 of this Appendix N (“Error Severity Resolutions Plan”) through Section 4 of this Appendix N (“Error Severity Liquidated Damages”) may be adjusted by mutual agreement of the Parties reflected in the applicable Order for Standard Software (e.g., the Parties may agree to such an adjustment if Amdocs represents that Amdocs no longer maintains sufficient maintenance resources to meet the resolution requirements of this Appendix N).
d. Installation of Maintenance Modifications and Bug Fixes—AT&T shall install Maintenance Modifications and bug fixes provided by Amdocs, test and implement such corrections and perform any clean-up activity required to correct side effects of the Error.
e. Limitations on Maintenance/Warranty—Amdocs shall not be obligated to [***]; provided, however, that Amdocs shall be required to [***]. Amdocs may correct an Error by providing AT&T with reasonable operating instructions that correct the Error if such operating instructions do not conflict with, and are not inconsistent with, the terms of this Agreement or the applicable Order. All corrections to the Standard Software will be performed only by Amdocs or its Subcontractors. Amdocs shall not be responsible to the extent any party other than Amdocs or its Subcontractors corrects the Standard Software in any manner. Additionally, Maintenance does not encompass the remediation of problems or bugs determined by Amdocs to have been caused by the failure or malfunction of any software, tools, equipment, or facilities not provided by Amdocs. In the event a
Page 201 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
problem has been reported to Amdocs and it is found that the problem is not an Error, Amdocs shall have no obligation to correct such problem; provided, however, that, if Amdocs incurs any out-of-pocket expenses in dispatching an Amdocs employee to work on-site at AT&T to fix a problem that is found not to be an Error, AT&T shall reimburse Amdocs for such documented expenses incurred, in accordance with AT&T’s expense policy. Amdocs shall only be required to provide Maintenance for supported releases of the Standard Software. Releases are “supported releases” for the greater of [***] from the Delivery of a release and the period represented by [***] immediately prior Major Releases.
2. | Error Severity Resolution Plan |
Supplier shall respond to a Severity Level report from AT&T, as follows:
a. Supplier’s authorized representative shall return AT&T’s call, obtain any information necessary to begin corrective measures, and advise AT&T’s authorized representative that Supplier has commenced efforts to diagnose and correct the Error or Vulnerability, all to be done: (i) within [***] of the time when AT&T’s call was placed, in the case of a Severity Level 1 report; (ii) within [***] hours, in the case of a Severity Level 2; (iii) within [***] in the case of Severity Level 3; and (iv) within [***], in the case of a Severity Level 4.
b. Supplier shall provide a Restoral to AT&T: (i) within [***] of the time when AT&T’s call was placed, in the case of a Severity Level 1 report; (ii) within f[***], in the case of a Severity Level 2; and (iii) within [***], in the case of a Severity Level 3.
c. Unless Supplier has provided a Resolution of the Error to AT&T, Supplier shall keep AT&T informed of its progress toward effecting a Resolution by communicating a report: (i) daily, in the case of a Severity Level 1; (ii) every [***] hours, in the case of a Severity Level 2; (iii) [***], in the case of a Severity Level 3; and (iv) at least [***] days in advance of the Supplier’s release of the Resolution, in the case of a Severity Level 4.
d. In any event, Supplier shall provide a Resolution to AT&T: (i) within [***] of the time AT&T’s call was placed, in the case of a Severity Level 1; (ii) within [***], in the case of a Severity Level 2; (iii) within [***], in the case of Severity Level 3; and (iv) in the first Major Release or Minor Release that Supplier plans to issue at least [***] after the date of AT&T’s call, in the case of a Severity Level 4.
e. Dispatch to AT&T’s Site—If Supplier should fail to provide a Resolution to AT&T within (i) within [***] of the time AT&T’s call was placed, in the case of a Severity Level 1 or (ii) [***] of the time AT&T’s call was placed, in the case of a Severity Level 2, then, in addition to AT&T’s other remedies under this Agreement, Supplier shall dispatch a software engineer to AT&T’s site to assist in bringing about a Resolution, if AT&T so requests.
f. Continuation of Obligation Resolution Plan—Supplier’s obligations under this Section 2 shall continue during the Warranty Period and, so long as AT&T purchases Maintenance, after the expiration of the Warranty Period.
3. | Error Severity Escalation Plan |
If Supplier’s should fail at any time to communicate the reports required under Error Severity Resolution Plan, or if the content of any such report that AT&T receives may give reasonable cause for concern that Supplier may fail to provide a Resolution in the required time, then AT&T may bring its concerns to the personal
Page 202 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
attention of highest executive manager in Supplier’s administrative organization responsible for providing a Restoration until AT&T’s concerns are satisfied. If that executive manager is unable to satisfy AT&T’s reasonable concerns, [***] after having been apprised of them, then AT&T may bring them to the personal attention of the highest executive officer of Supplier until AT&T’s concerns are satisfied. Supplier will provide to AT&T, and keep current, an escalation document that includes names, titles and telephone numbers, including after-hours telephone numbers, of Supplier personnel responsible for providing technical support to AT&T. Supplier will maintain a streamlined escalation process to speed resolution of reported problems.
4. | Error Severity Liquidated Damages |
IF AMDOCS SHOULD FAIL TO PROVIDE A RESTORAL TO AT&T WITHIN THE TIME REQUIRED AS DESCRIBED IN THE ERROR SEVERITY RESOLUTION PLAN, THEN AT&T WILL SUFFER DAMAGES IN AN AMOUNT THAT MAY BE DIFFICULT TO ESTABLISH WITH CERTAINTY. THEREFORE, IN ADDITION TO ITS NON-MONETARY REMEDIES UNDER THIS AGREEMENT, AT&T SHALL RECOVER, AS REASONABLE LIQUIDATED DAMAGES, AND NOT AS A PENALTY:
a. [***], IN THE CASE OF FAILURE TO PROVIDE A RESTORAL TO AN ERROR OF SEVERITY LEVEL 1 OR SEVERITY LEVEL 2, AND
b. [***], IN THE CASE OF A FAILURE TO PROVIDE A RESTORAL OF SEVERITY LEVEL 3, [***], THAT ELAPSES FROM THE TIME WHEN AMDOCS IS FIRST OBLIGATED TO PROVIDE A RESTORAL UNTIL THE TIME WHEN AMDOCS ACTUALLY DOES PROVIDE A RESTORAL OR RESOLUTION, WHICHEVER AMDOCS PROVIDES FIRST.
The foregoing Liquidated Damages shall be calculated cumulatively and shall be capped [***] at a total of [***] of the annual Maintenance Fee. AT&T’s taking of Liquidated Damages shall not [***].
5. | Support During the Warranty Period |
a. Elements of Support—In addition to its obligation to provide Restorals and Resolutions to AT&T in accordance with its obligations under the Section entitled “Error Severity Level Classification” and “Error Severity Resolution Plan,” Supplier shall during the Warranty Period (i) license and Deliver to AT&T all Enhancement Modifications, including all New Releases and related Revisions, that Supplier may offer to “Maintenance Customers” (i.e., those customers purchasing Maintenance), as set forth in Subsection b, below, (ii) provide technical support, as set forth in Subsection c; below and (iii) permit AT&T to participate in Supplier’s customer groups as set forth in Subsection d, below.
b. Enhancements and New Releases—Upon Delivery of a New Release and associated Revisions, AT&T shall have the right, but no obligation, to conduct Acceptance Tests of the New Release, and in no event shall AT&T be required to accept, install, Use, or continue to Use any Enhancement or New Release as a condition of retaining, maintaining (except as applicable to supported releases described in Section 1(e) above), or extending any license, warranty, or indemnity promised by Supplier with respect to any Major Release or Minor Release previously licensed and delivered under this Agreement or any Order. Amdocs shall ensure that [***].
Page 203 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
c. Technical Support and Training
1. Help-Desk Support—Supplier shall provide telephone support and technical advice to assist AT&T in diagnosing and solving any problems it may encounter in the installation, operation and use of the Standard Software. Supplier shall provide AT&T with an escalation document, identifying persons and telephone numbers to whom it may direct problems that are not solved at the Help Desk. If Supplier does not operate its Help Desk around the clock, over weekends, or on holidays, then Supplier shall provide an additional telephone number to which AT&T may direct problems in cases of emergency arising after the normal business hours of the Help Desk, over weekends, and on holidays.
2. On-Site Support—Supplier shall dispatch a software engineer to AT&T’s site when necessary to solve problems that cannot be solved by means of the Help Desk at no additional cost to AT&T.
3. Revisions—Whenever Supplier provides AT&T with any Enhancement Modification of any Computer Program provided under this Agreement or any Order, Supplier shall also provide AT&T with a Revision to the corresponding Documentation; provided, however, that Supplier may provide necessary Revisions to the corresponding Documentation, if any, with a subsequent release of the Documentation if the Enhancement Modification is minor.
4. Training—Following Delivery of Software under an Order, Supplier shall provide AT&T the number of hours of training in the Use of the Standard Software, or training classes in the use of the Standard Software, set forth in the Order, at [***]. AT&T may purchase additional hours of training or training classes at a price to be determined in the Order.
5. AT&T’s Point(s) of Contact—If the Order designates one (1) or more identified persons or an administrative organization within AT&T to act on AT&T’s behalf in dealing with Supplier in relation to Supplier’s support obligations under this Agreement, then Supplier shall conduct its dealings with AT&T through such identified persons or organization.
d. Customer Groups—If Supplier maintains any customer board or user group to exchange information about, or compare experiences with, or suggest further developments to any Standard Software licensed to AT&T under this Agreement or any Order, then Supplier shall permit AT&T to participate in such board or group on an equal basis with Supplier’s other customers.
6. | Maintenance Support Following Expiration of the Warranty Period |
a. Continuing Obligation to Provide Restorals, Resolutions, Updates, and New Releases—Following the expiration of any Warranty Period, Supplier shall continue to perform its obligation to provide Restorals, Resolutions, Updates, New Releases and related Revisions to AT&T in accordance with its obligations under the Sections entitled “Error Severity Level Classification” and “Error Severity Resolution Plan” [***] to AT&T, and if AT&T purchases and pays for other elements of Supplier support under any of its options as provided below in this Section, then Supplier will provide those other elements as well.
b. Any bug fixes to the version of the Standard Software originally licensed under Order(s) to this Agreement that are provided to Supplier’s Maintenance Customers shall be provided to AT&T [***].
c. As long as Maintenance is current, AT&T shall be provided electronic copies of all relevant training materials, which it may use to make unlimited copies for internal use (e.g., “golden disk” for internal use).
d. [***].
Page 204 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
e. AT&T may terminate maintenance at any time upon [***] written notice to Supplier. In the event of such termination, any prepaid amount shall be refunded to AT&T on a prorated basis.
f. AT&T’s Options with Respect other Elements of Support
1. Full Support under Maintenance Order—Upon the expiration of any Warranty Period, AT&T may elect to continue to receive continuing Supplier support, referred to as “Maintenance”, as provided under Sections 1 through 5, above, from year to year, upon placement of an Order and payment to Supplier of an annual fee, which shall be referred to as a “Maintenance Fee”. For each of the first [***] years for which AT&T may purchase Maintenance, the Maintenance Fee shall be an amount no greater than [***] of the license fee actually charged to and paid by AT&T on the initial Order for the perpetual license in question; provided, however, that the basis on which Maintenance Fees are calculated will also take into account any subsequent license fees paid by AT&T. After the [***] year, the annual Maintenance Fee may be increased by a percentage amount not to exceed [***]. The maximum permissible annual increase shall be [***] Maintenance Fees shall be charged quarterly in arrears.
2. Renewal After Lapsed Maintenance—If AT&T does not elect to continue receiving Maintenance at the end of any period when it may do so under this Agreement, or terminates or cancels Maintenance as provided in this Agreement, AT&T may nevertheless elect to resume receiving Maintenance at a later time upon placing an Order at a cost [***], plus the Maintenance Fee for the current period. Upon receipt of payment from AT&T, Supplier shall provide AT&T with all Enhancements and Modifications to the Standard Software that Supplier included in New Releases provided to its other customers during the time when AT&T was not receiving Maintenance.
3. Individual Elements of Support—If AT&T does not elect to continue receiving Maintenance at the end of any period when it may do so under this Agreement, or terminates or cancels Maintenance as provided in this Agreement, AT&T may then or thereafter purchase elements of Supplier support, individually or in any combination, as follows: (i) on-call assistance from the Help Desk from time to time at [***], (ii) on-call on-site assistance of Supplier’s software engineer at [***], and (iii) hours of training or training classes at [***]. In addition, if the Order so provides, Supplier will provide AT&T with all Design Materials, including source code, and any modifications thereof, sufficient to enable AT&T or its consultants and contractors to maintain the Standard Software for AT&T’s own use.
7. | Legacy Maintenance Pricing: |
AT&T Entity |
Amdocs Entity | Application | 2019 | 2020 | 2021 | 1/1/2022 — 3/31/2022 | ||||||
[***] | [***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] | [***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] | [***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] | [***] | [***] | [***] | [***] | [***] | [***] |
Page 205 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.
AT&T Agreement No. 53258.A.005
AT&T Entity |
Amdocs Entity |
Application |
2019 |
2020 |
2021 |
1/1/2022— 3/31/2022 | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
[***] |
[***] | [***] | [***] | [***] | [***] | [***] | ||||||
Grand |
||||||||||||
Total |
[***] | [***] | [***] | [***] |
Page 206 of 206
Confidential
This Agreement and information contained therein is not for use or disclosure outside of the parties to this agreement except under written agreement of the parties.