ACS MASTER SERVICES TERMS Table of Contents 1. Interpretation 5 2. Set-up of services 8 3. Provision of services 9 4. Rent and Sale of Equipment 10 5. Data protection 10 6. Supplier's obligations 12 7. Customer's obligations 13 8. Charges and payment 14 9. Service Credits 14 10. Changes 15 11. Proprietary rights 16 12. Service review and governance 16 13. Domain names 17 14. Confidential Information 17 15. Limitation of liability 18 16. Suspension Of The Services 19 17. Term & Termination 20 18. Exit assistance and transfer of assets 22 19. Employees 22 20. Non-solicitation 23 21. Uncontrollable event 23 22. Anti-bribery 23 23. Waiver 24 24. Severance 24 25. Entire agreement 24 26. Assignment 24 27. No partnership or agency 25 28. Third-party rights 25 29. Notices 25 30. Dispute resolution procedure 25 31. Governing law and jurisdiction 26 Direct Debit mandate 27 Schedule 1 - Set-up Services 28 Schedule 2 - Managed Service Description 30 Schedule 3 - Service Level Arrangements 46 Schedule 4 - Third Party Services 47 AGREED TERMS 1. INTERPRETATION 1.1 The definitions and rules of interpretation in this clause apply in this agreement. Acceptable Use Policy: the acceptable use policy agreed between the Customer and the Supplier or, if none is agreed, the Supplier’s acceptable use policy available on the Supplier’s website at www.acs365.co.uk/aup and as amended from time to time; agreement: these Master Services Terms, together with the Master Order Form to which they are attached, together with any Assets: means any Software or Intellectual Property provided by the Customer for use by the Supplier for the delivery of Services to the Customer. Business Day: a day other than a Saturday, Sunday or public holiday in England when banks in London are open for business. Charges: the charges payable to the Supplier, as described in the relevant Order Form. Commencement Date: the date this agreement is executed by the parties. Confidential Information: all confidential information (however recorded or preserved) disclosed by a party or its Representatives to the other party and that party's Representatives in connection with this agreement which information is either labelled as such or else which should reasonably to be considered as confidential because of its nature and the manner of its disclosure. The term "Confidential Information" does not include any information that: is or becomes generally available to the public (other than as a result of its disclosure by the receiving party or its Representatives in breach of this clause); or was available to the receiving party on a non-confidential basis prior to disclosure by the disclosing party; or was, is or becomes available to the receiving party on a non-confidential basis from a person who, to the receiving party's knowledge, is not bound by a confidentiality agreement with the disclosing party or otherwise prohibited from disclosing the information to the receiving party; or was known to the receiving party before the information was disclosed to it by the disclosing party; or the parties agree in writing is not confidential or may be disclosed; or is developed by or for the receiving party independently of the information disclosed by the disclosing party. Customer: the customer so-named on the Master Order Form. Customer Cause: any of the following causes; (a) any improper use, misuse or unauthorised alteration of the Services by the Customer; any use of the Services by the Customer in a manner inconsistent with the then-current Service Specification; (b) the use by the Customer of any hardware or software not provided by the Supplier or approved by the Supplier in the Services Specification for use by the Customer in connection with the Services. Customer Data: any information which is provided by Customer to the Supplier as part of Customer's use of the Service, including any information derived from such information. Data Protection Legislation: (a) up to but excluding 25 May 2018, the Data Protection Act 1998 and thereafter (i) unless and until the General Data Protection Regulation ((EU) 2016/679) (GDPR) is no longer directly applicable in the UK, the GDPR and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK; and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 (DPA); and (b) the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (Privacy Regulations) as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (SI 2011/1208); the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2015 (SI 2015/355); and the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2016 (SI 2016/524). “Data Controller”, “Data Processor”, “Personal Data” and “Data Subject” have the meanings in the Data Protection Legislation. Direct Third Party Services: the services of third parties and/or software programs proprietary to third parties, listed in Part 1 Schedule 5, which are to be provided to the Customer without modification. Due Date: the date for payment as specified in the Supplier’s invoice, or if date is unspecified, 30 days after the invoice date. Equipment: the Rented Equipment and Sold Equipment. Error: a failure of the Service in any material respect to conform with the Service Specification. Exit Plan: a detailed plan for the orderly transition of the Service from the Supplier to the Customer or the Replacement Supplier. Extended Term: has the meaning given in Clause 17.1. Facility: any building belonging to or occupied by the Supplier for the provision of the relevant Services. Indirect Third Party Services: the services of third parties, listed in Part 2 Schedule 5, which are to be provided to the Customer as part of the Services. Initial Term: the period for the supply of the Services from the Service Commencement Date or, if no period is specified, a period of 3 calendar years. Intellectual Property: any and all intellectual property rights of any nature anywhere in the world, whether registered, registrable or otherwise, including patents, utility models, trade marks, registered designs and domain names, applications for any of the foregoing, trade or business names, goodwill, copyright and rights in the nature of copyright, design rights, rights in databases, moral rights, know-how and any other intellectual property rights which subsist in computer software, computer programs, websites, documents, information, techniques, business methods, drawings, logos, instruction manuals, lists and procedures and particulars of customers, marketing methods and procedures and advertising literature, including the "look and feel" of any websites. MSA: this Master Services Agreement. Normal Business Hours: 8.30 am to 5.30 pm local UK time on a Business Day. Order Form: an order placed by the Customer for relevant Services, which shall be submitted on the Supplier’s standard form unless otherwise agreed by the Supplier and which shall be subject to this agreement and the relevant Service Module Terms; Permitted Purpose: the purpose of exercising or performing a party’s rights and obligations under this agreement. Project Plan: the plan to be developed to outline the provision of Services (including any set-up services). Rented Equipment: any apparatus or equipment as specified in the Order Form to be loaned to the Customer by the Supplier or any third party on behalf of the Supplier to enable the provision of Services; Replacement Supplier: the Customer’s nominated replacement supplier. Representatives: a party’s employees, officers, representatives, advisers or subcontractors. Service Commencement Date: means the date specified in the Order Form from which the Supplier is to provide the Services or the actual date from which the Supplier provides the Services, whichever is sooner. Service Credit: means any credits payable to the Customer in accordance with the Service Level Agreement. Service Level Agreement: the service level arrangements agreed in writing in respect of Services. Services: the Services specified in an Order Form subject to the relevant Service Module Terms. Software: means any software used by Supplier exclusively to provide the Service to the Customer whether owned by a third party (Third-Party Software), by the Customer (Customer Software) or by the Supplier (Supplier Software). Service Specification: the description of the Services. Sold Equipment: any apparatus or equipment as specified in the Order Form to be sold to the Customer by the Supplier or any third party on behalf of the Supplier. Step-In Rights: the ability for the Customer to step-into a direct relationship with the third party supplier of Indirect Third Party Services in place of the Supplier. Supplier: ACS Systems UK Limited with registered number 02988060 and registered office at ACS House Oxwich Close, Brackmills, Northampton, Northamptonshire, NN4 7BH. Term: the term of this agreement being the Initial Term and/or the relevant Extended Term, as appropriate. Third Party: any third party provider for any Service as stated on the Order Form. Transferring Contracts: the third-party contracts (including licenses to Third-Party Software) which the Supplier reasonably considers necessary to enable the transition of the Services to the Customer or any Replacement Supplier on expiry or termination of this agreement. Transition Services: the putting into effect of the Exit Plan or other reasonable assistance in transitioning the Services to a Replacement Supplier. TUPE: the Transfer of Undertakings (Protection of Employment) Regulations 2006, as amended from time to time. 1.1 Clause, schedule and paragraph headings shall not affect the interpretation of this agreement. 1.2 A person includes a corporate or unincorporated body (whether or not having separate legal personality) and that person's legal and personal representatives, successors or permitted assigns. 1.3 A reference to a company shall include any company, corporation or other body corporate, wherever and however incorporated or established. 1.4 Unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular. 1.5 Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders. 1.6 A reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time 1.7 A reference to a statute or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision. 1.8 A reference to writing or written includes faxes but not e-mail. 1.9 Any phrase introduced by the words including, includes, in particular or for example, or any similar phrase, shall be construed as illustrative and shall not limit the generality of the related general words. 1.10 References to clauses and schedules are to the clauses and schedules of this agreement. References to paragraphs are to paragraphs of the relevant schedule. 1.11 A person includes a natural person, corporate or unincorporated body (whether or not having separate legal personality) and that person's personal representatives, successors or permitted assigns. 2. SET-UP OF SERVICES 2.1 Where appropriate, the Customer and the Supplier shall agree a Project Plan and a Service Specification for the implementation and provision of Services. 2.2 The Supplier shall perform any installation and set-up services in accordance with the timetable set out in the Order Form. The Supplier shall use reasonable endeavours to meet the performance dates set out in the Order Form, but any such dates shall be estimates only, and time shall not be of the essence in this agreement in respect of the Supplier’s obligations. 2.3 When the Supplier considers that the relevant Service is ready for activation he shall so notify the Customer. Within 5 days of such notification the Customer shall review the operation of the Service to confirm that there are no Errors. The Customer shall give the Supplier a detailed description of any Error in writing, within the 5-day review period. 2.4 The Supplier shall use reasonable efforts to correct any Error within a reasonable time and, on completion, re-submit the Service to the Customer. The provisions of this clause 2.4 shall then apply again, up to three additional times. If the Supplier is unable to correct the Error after three attempts, either party may terminate this agreement without further liability to the other. The Customer acknowledges that a change to the Specification is not an Error and changes shall be handled pursuant to the change control procedure in clause 10. 2.5 If the Customer does not provide any written comments in the 5-day period described above, or if the Service is found to conform with the Service Specification, then the Service shall be deemed accepted as from the Service Commencement Date. 3. PROVISION OF SERVICES 3.1 The Supplier will provide the Services in accordance with the Services Specification and the Service Level Agreement as from the Service Commencement Date until expiry or termination of this agreement for any reason. 3.2 The Service Level Agreement for any particular Service shall apply with effect from the start of the first complete month occurring at least 30 days after the Commencement Date. 3.3 The Customer shall use the Services in accordance with the Acceptable Use Policy, as varied from time to time and notified to the Customer. Without prejudice to the foregoing, the Customer shall not use the Services or store, distribute or transmit any material through any part of the Services that: 3.3.1 is unlawful, harmful, threatening, defamatory, obscene, harassing or racially or ethnically offensive; 3.3.2 facilitates illegal activity; 3.3.3 depicts sexually explicit images; 3.3.4 promotes unlawful violence, discrimination based on race, gender, colour, religious belief, sexual orientation, disability, or any other illegal activities; 3.3.5 constitutes a violation or infringement of the rights of any person, firm or company (including, without limitation rights of copyright and confidentiality). 3.4 The Customer shall indemnify and hold harmless from any losses, costs and expenses suffered or incurred as a result of the Customer’s breach of clause 3.3. 3.5 The Customer shall not provide the Services to third parties without the prior written consent of the Supplier. 3.6 The Supplier shall procure the provision of the Direct Third Party Services to the Customer under the standard terms provided by the relevant third parties, copies of which shall be annexed to this agreement or sent separately to the Customer by the third party and/or presented to the Customer’s IT administrator electronically upon first log-in and the Customer agrees to be bound by such terms. The Customer acknowledges that it will have a direct relationship with those third parties and that, while the Supplier may provide the Services in relation to or supplemental to such Direct Third Party Services, if there is any inconsistency between the terms of this Agreement and the third party’s terms, the latter will prevail. 3.7 The Customer acknowledges that the Supplier shall provide or resell various third party services to the Customer as part of the Services under this Agreement. The Supplier shall use reasonable endeavours to obtain the Indirect Third Party Services with Step-In Rights. 3.8 The Supplier reserves the right to: 3.8.1 modify the Supplier's IT system, its network, system configurations or routing configuration; or 3.8.2 modify or replace any hardware or software in its network or in equipment used to deliver any Service over its network, provided that this has no adverse effect on the Supplier's obligations under this agreement and its provision of the Services or the Service Level Agreement. If such changes will have an adverse effect, the Supplier shall notify the Customer and the parties shall follow the change control procedure in clause 10. 4. RENT AND SALE OF EQUIPMENT 4.1 The Supplier's standard terms of rent in force from time to time shall apply to all Rented Equipment and the Supplier's standard terms of sale in force from time to time shall apply to all Sold Equipment under this agreement. The terms of rent and sale that apply at the Commencement Date are annexed to this agreement or set out at www.acs365.co.uk/salerentterms. If there is any inconsistency between those terms of rent or sale (as appropriate in the circumstances) and the terms of this agreement, the latter shall prevail. 5. DATA PROTECTION 5.1 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation. 5.2 The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Data Controller and the Supplier is the Data Processor. 5.3 Without prejudice to the generality of clause 5.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier for the duration and purposes of this agreement. 5.4 Without prejudice to the generality of clause 5.1, the Supplier shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under this agreement: 5.4.1 process that Personal Data only on the written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier to process Personal Data (“Applicable Laws”). Where the Supplier is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer; 5.4.2 ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures; 5.4.3 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and 5.4.4 not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled: (a) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer; (b) the data subject has enforceable rights and effective legal remedies; (c) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (d) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data; 5.4.5 assist the Customer, at the Customer's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; 5.4.6 notify the Customer without undue delay on becoming aware of a Personal Data breach; 5.4.7 at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the Personal Data; and 5.4.8 maintain complete and accurate records and information to demonstrate its compliance with this clause 5. 5.5 The Customer consents to the Supplier appointing the third-party processors named in Schedule 5 (or as otherwise notified from time to time) of Personal Data under this agreement. The Supplier confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business. As between the Customer and the Supplier, the Supplier shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 5.5. 5.6 Either party may, at any time on not less than 30 days’ notice, revise this clause 5 by replacing it with any applicable controller to processor standard clauses or similar terms forming party of an applicable certification scheme (which shall apply when replaced by attachment to this agreement). 6. SUPPLIER'S OBLIGATIONS 6.1 The Supplier warrants that each of the Services will be performed with all reasonable skill and care and that it will be provided substantially in accordance with the relevant Service Specification. 6.2 The warranty in clause 6.1 shall not apply to the extent of any non-conformance which is caused by use of any of the Services contrary to the Supplier's instructions. 6.3 If the Service does not conform with the warranty in clause 6.1, the Supplier will, at its expense, use all reasonable commercial efforts to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. 6.4 Notwithstanding the foregoing, the Supplier does not warrant that the Customer's use of the Services will be uninterrupted or Error free. 6.5 Where the Sold Equipment is hosted at the Facility, the Supplier shall not use the Sold Equipment for any purpose other than for performing its obligations under a Services Contract. 6.6 The Supplier shall use reasonable endeavours to supply or procure the supply and installation of the Rented Equipment and Sold Equipment as specified in the Services Specification but any such dates shall be estimates only, and time shall not be of the essence in this agreement. 6.7 This agreement shall not prevent the Supplier from entering into similar agreements with third parties, or from independently developing, using, selling or licensing materials, products or services which are similar to those provided under this agreement. 7. CUSTOMER'S OBLIGATIONS 7.1 The Customer shall: 7.1.1 provide the Supplier with: (a) all necessary co-operation in relation to this agreement; and (b) all necessary access to such information as may be required by the Supplier; in order to render the Service, including but not limited to Customer Data, security access information and software interfaces, to the Customer's other business applications; 7.1.2 provide such personnel assistance and access to and use of its premises, facilities and utilities as may be reasonably requested by the Supplier from time to time; 7.1.3 maintain all relevant Customer equipment in good working order and suitable for the Supplier to provide the Services; 7.1.4 comply with all applicable laws and regulations with respect to its activities under this agreement, including those set out in clause 22; 7.1.5 carry out all other Customer responsibilities set out in this agreement or in any of the schedules in a timely and efficient manner. In the event of any delays in the Customer's provision of such assistance as agreed by the parties, the Supplier may adjust any timetable or delivery schedule set out in this agreement as reasonably necessary; and 7.1.6 ensure the Customer has and maintains the right in any equipment or software that it makes available to the Supplier as part of the Services, whether the same are stored on the Customer’s or the Supplier’s premises. 8. CHARGES AND PAYMENT 8.1 The Customer shall pay Charges for the Services in the amounts and at the times set out in the relevant Schedule or Services Specification or, if no Charges are specified, as calculated in the Supplier’s price list currently in force. 8.2 The Customer shall reimburse the Supplier for all actual, reasonable travel expenses including, but not limited to, airfares, hotels and meals incurred by the Supplier in performance of any set-up services, which the Supplier shall reasonably agree with the Customer in advance. 8.3 All amounts and Charges stated or referred to in this agreement are exclusive of value added tax, which shall be added to the Supplier's invoice(s) at the appropriate rate. 8.3.1 The Customer shall pay the Charges by the Due Date. Time of payment by the Customer shall be of the essence in this agreement. Save where otherwise agreed, the Customer shall pay (and the Supplier may collect) all sums due under this agreement by way of variable direct debit in accordance with the direct debit mandate attached to this MSA or as varied from time to time. 8.4 The Supplier shall have the right to alter the rates of the Charges in the Supplier price list from time to time (unless still within the Initial Term) by giving the Customer not less than four weeks' notice in writing. 8.5 If the Customer fails to make any payment in full on the due date under this agreement the Supplier may: 8.5.1 request payment on demand of all invoices issued whether or not due at that point; 8.5.2 request payment upfront for any further Services it provides; 8.5.3 charge interest on the outstanding amount, such interest to accrue on a daily basis at the rate of 4% above the base rate of Barclays Bank PLC from time to time in force or such higher rate as is prescribed under the Late Payment of Commercial Debts (Interest) Act 1998 from the due date until the date of payment, whether before or after judgment; 8.5.4 suspend the provision of the Services; 8.5.5 exercise a lien over the any Sold Equipment until such time as all outstanding payments are made in full; and 8.5.6 where payment of any invoice has been outstanding for more than 60 days after the invoice due date sell any Sold Equipment and account to the Customer for all sums received less a sum equal to all sums outstanding due to the Supplier and an administrative fee to cover the costs of sale equal to 15% of the sums outstanding due to the Supplier at the time of sale of the Sold Equipment such fee to be a minimum of £75 plus VAT. 9. SERVICE CREDITS 9.1 If the Supplier fails to provide the Services in accordance with the relevant Service Specification, the Customer shall become entitled to a Service Credit as specified in the Service Level Agreement, provided that the failure or other problem relating to the Services: 9.1.1 did not result from a Customer Cause or a cause outside the Supplier's control; and 9.1.2 was promptly notified to the Supplier. 9.2 Service credits may arise as specified in any part of the Services but shall be isolated in respect of that particular Service and a service credit under one type of service shall not automatically give rise to a service credit under another. 9.3 Where a proportion of a Service was affected, the Supplier may pro-rate the service credits in accordance with the extent to which it, in its reasonable discretion, assessed the Service in question to be affected. 9.4 On expiry or termination of this agreement for any reason, any unpaid Service Credits represent a debt due from Supplier to Customer. 9.5 Save in respect of Service Credits which the Supplier applies to an invoice, payment of all sums due to the Supplier by the Customer shall be made without any set off whatsoever. 9.6 If any Service Credits are due then they will be shown as a deduction from the next invoice in respect of that Service. 10. CHANGES 10.1 If either party wishes to change the scope of the Service (including Customer requests for additional services), it shall submit details of the requested change to the other in writing. 10.2 If either party requests a change to the scope or execution of the Services, the Supplier shall, within a reasonable time, provide a written estimate to the Customer of: 10.2.1 the likely time required to implement the change; 10.2.2 any variations to the Charges arising from the change; 10.2.3 the likely effect of the change on the Service Specification if applicable; and 10.2.4 any other impact of the change on the terms of this agreement. 10.3 If the Supplier requests a change to the scope of the Services, the Customer shall not unreasonably withhold or delay consent to it. 10.4 If the Customer wishes the Supplier to proceed with the change, the Supplier has no obligation to do so unless and until the parties have agreed in writing the necessary variations to its charges, the Project Plan and any other relevant terms of this agreement to take account of the change. 11. PROPRIETARY RIGHTS 11.1 The Customer acknowledges and agrees that, as between the parties, the Supplier and/or its licensors own all Intellectual Property in all materials connected with the Services and in any material developed or produced in connection with this agreement by the Supplier, its officers, employees, subcontractors or agents. The Supplier grants the Customer a non-exclusive licence to use the Intellectual Property for the purposes of the Services. Except as expressly stated, this MSA does not grant the Customer any rights to such Intellectual Property. 11.2 The Supplier acknowledges that, as between the parties, the Customer and/or its licensors own all Intellectual Property in the Assets. 11.3 Subject to the Customer complying with clause 11.4, the Supplier shall indemnify the Customer against all costs, expenses, damages and losses as a result of or in connection with any claim brought against the Customer for actual or alleged infringement of a third party's Intellectual Property Rights arising out of, or in connection with, the receipt, use or supply of the Services. 11.4 The Customer shall: 11.4.1 notify the Supplier in writing of any claim against it in respect of which it wishes to rely on the indemnity in clause 11.3; 11.4.2 allow the Supplier, at its own cost, to conduct all negotiations and proceedings and to settle such claim; 11.4.3 provide the Supplier with such reasonable assistance regarding such claim as is required by the Supplier at the Supplier’s cost. 12. SERVICE REVIEW AND GOVERNANCE 12.1 The Customer’s and Supplier’s project managers shall have quarterly meetings to monitor and review the performance of this agreement, to discuss any changes proposed in accordance with clause 10 and to discuss the Service Level Agreement. These meetings shall be minuted by the Supplier’s project manager and copies of those minutes shall be circulated to, and approved by, both parties. 12.2 Before each quarterly meeting, the Customer's project manager shall notify the Supplier's project manager, and vice versa, of any problems relating to the provision of the Services for discussion at the meeting. At each meeting, the parties shall agree a plan to address such problems. In the event of any problem being unresolved or a failure to agree on the plan, the matter shall be resolved in accordance with the Dispute Resolution Procedure. Progress in implementing the plan shall be included in the agenda for the next quarterly meeting. 12.3 A review meeting to assess the performance of the Supplier in the delivery of the Services shall be held annually (Review Meeting). Each meeting shall be attended by senior representatives of the Customer and of the Supplier, together with the project managers. 12.4 The Customer and the Supplier shall review the Service Level Arrangement at each Review Meeting and will, in accordance with clause 10, agree modifications to reflect changes in the Customer's requirements for the Services. 13. DOMAIN NAMES 13.1 If the Customer instructs the Supplier to obtain a domain name for the Customer, the Supplier shall act as an agent for the Customer in dealing with the relevant Domain Name Registrar. The contract for the domain name shall be between the Customer and the relevant Domain Name Registrar. Save where the Supplier agrees to provide it as part of the Services, the Customer agrees that it shall be solely responsible for renewals, legal, technical, administrative, billing or other requirements imposed by the relevant domain name registration authority (and relevant costs and expenses thereof). 13.2 The Supplier gives no warranty that the domain name requested will not infringe the rights of any third party and all such enquiries shall be the responsibility of the Customer, and the domain name shall form the Customer's intellectual property for the purposes of this agreement. 13.3 If the Supplier licenses to the Customer an IP address as part of the Services, such IP address shall (to the extent permitted by law) revert to the Supplier after termination of this agreement for any reason whatsoever, whereupon the Customer shall cease using the address. At any time after such termination, the Supplier may re-assign the address to another user. 14. CONFIDENTIAL INFORMATION 14.1 Each party shall keep the other party's Confidential Information confidential and shall not: 14.1.1 use such Confidential Information except for the Permitted Purpose; or 14.1.2 disclose such Confidential Information in whole or in part to any third party, except as expressly permitted by this clause. 14.2 Each party shall take all reasonable steps to ensure that the other's Confidential Information to which it has access is not disclosed or distributed by its employees or agents in violation of the terms of this agreement. 14.3 The Customer acknowledges that the Supplier's Confidential Information includes any network documentation, proposals, designs, plans, software or other materials created by the Supplier in connection with the Service and the Customer agrees not to make use of any such material for any purpose other than receipt of the Service from the Supplier. 14.4 The Supplier acknowledges that the Customer Data is the Confidential Information of the Customer. 14.5 A party may disclose the other party's Confidential Information to those of its Representatives who need to know such Confidential Information for the Permitted Purpose, provided that: 14.5.1 it informs such Representatives of the confidential nature of the Confidential Information prior to disclosure; and 14.5.2 at all times, it is responsible for such Representatives' compliance with the confidentiality obligations set out in this clause. 14.6 A party may disclose Confidential Information to the extent required by law, by any governmental or other regulatory authority or by a court or other authority of competent jurisdiction provided that, to the extent it is legally permitted to do so, it gives the other party as much notice of such disclosure as possible. 14.7 Each party reserves all rights in its Confidential Information. No rights or obligations in respect of a party's Confidential Information other than those expressly stated in this agreement are granted to the other party, or to be implied from this agreement. 14.8 The provisions of this clause 14 shall continue to apply after termination of this agreement. 15. LIMITATION OF LIABILITY 15.1 This clause 15 sets out the entire financial liability of the Supplier (including any liability for the acts or omissions of its employees, agents and subcontractors) to the Customer in respect of: 15.1.1 any breach of this agreement; 15.1.2 any use made by the Customer of the Services; and 15.1.3 any representation, misrepresentation (whether innocent or negligent), statement or tortious act or omission (including negligence) arising under or in connection with this agreement. 15.2 Except as expressly and specifically provided in this agreement: 15.2.1 the Customer assumes sole responsibility for results obtained from the use of the Services, and for conclusions drawn from such use. The Supplier shall have no liability for any damage caused by Errors or omissions in any information, instructions or scripts provided to the Supplier by the Customer in connection with the Services, or any actions taken by the Supplier at the Customer's direction; and 15.2.2 all warranties, conditions and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded from this agreement. 15.3 Nothing in this agreement excludes or limits the liability of the Supplier for: 15.3.1 death or personal injury caused by the Supplier's negligence; 15.3.2 fraud or fraudulent misrepresentation; 15.3.3 breach of any obligation as to title implied by statute; or 15.3.4 any other liability which cannot lawfully be excluded or limited. 15.4 This MSA states the Customer's full and exclusive right and remedy, and the Supplier's only obligation and liability in respect of, the performance and/or availability of the Services, or its non-performance and non-availability. 15.5 Subject to clause 15.3 and clause 15.4: 15.5.1 the Supplier's total aggregate liability in contract, tort (including negligence or breach of statutory duty), misrepresentation (whether innocent or negligent), restitution or otherwise, arising in connection with the performance or contemplated performance of this agreement (including any indemnities under this agreement) shall be limited to 150% of the Charges paid by the Customer under this MSA during the 12 months preceding the date on which the claim arose or if within the first 12 months then 150% of the total of Charges that were scheduled to fall due in the first year. 16. SUSPENSION OF THE SERVICES 16.1 The Supplier may at its sole discretion upon giving notice to the Customer either orally (confirming such notification in writing) or in writing elect to suspend immediately the provision of the Services until further notice where: 16.1.1 the Supplier is entitled to terminate this agreement pursuant to Clause 17.2; 16.1.2 the Supplier or a Third Party needs to carry out any maintenance service to the Sold Equipment or the Supplier’s own equipment necessary to provide the Services in which event the Supplier shall use its reasonable endeavours to ensure there is minimum disruption to the Services; 16.1.3 the Supplier or a Third Party suspects that the Equipment or Services are being used fraudulently or otherwise unlawfully; 16.1.4 the Supplier is entitled to suspend provision of any other telecommunication service under the terms of any other agreement between the Supplier and the Customer; or 16.1.5 the Supplier is obliged to comply with an order, instruction or request of government, an emergency services organisation or other competent administrative or regulatory authority. 16.2 Any exercise by the Supplier of its right of suspension in respect of an event referred to this clause 16 shall not exclude the Supplier’s right subsequently to terminate this Agreement. 16.3 In the event a suspension is implemented as a consequence of the breach, fault or omission of the Customer, the Customer shall reimburse the Supplier for all reasonable costs and expenses incurred in the implementation of such suspension and/or the recommencement of the provision of the Services as appropriate. 16.4 The Supplier shall not be liable to the Customer for any charges incurred by the Customer for the use of other services whether provided by the Supplier or any other person during any period of unavailability referred to in Clause 16.1. 17. TERM & TERMINATION 17.1 This agreement shall commence on the Commencement Date and shall, unless terminated earlier in accordance with this clause, continue in force for the Initial Term. The term of the agreement shall automatically be extended for successive 12-month periods (Extended Term) at the end of the Initial Term and at the end of each Extended Term, unless a party gives written notice to the other party, not later than 120 days before the end of the Initial Term or the relevant Extended Term, to terminate this agreement at the end of the Initial Term or the relevant Extended Term, as the case may be. 17.2 Without prejudice to any rights that have accrued under this agreement or any of its rights or remedies, but subject to clause 18 (Exit Assistance), either party may terminate this agreement with immediate effect by giving written notice to the other party if: 17.2.1 the other party commits a material breach of any term of this agreement or and (if such breach is remediable) fails to remedy that breach within a period of 30 days after being notified in writing to do so; or 17.2.2 the other party suspends, or threatens to suspend, payment of its debts, or is unable to pay its debts as they fall due or admits inability to pay its debts, or (being a company) is deemed unable to pay its debts within the meaning of section 123 of the Insolvency Act 1986, or (being an individual) is deemed either unable to pay its debts or as having no reasonable prospect of so doing, in either case, within the meaning of section 268 of the Insolvency Act 1986, or (being a partnership) has any partner to whom any of the foregoing apply; 17.2.3 the other party commences negotiations with all or any class of its creditors with a view to rescheduling any of its debts, or makes a proposal for or enters into any compromise or arrangement with its creditors other than (in the case of a company) for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party; or 17.2.4 a petition is filed, a notice is given, a resolution is passed, or an order is made, for or in connection with the winding up of that other party (being a company) other than for the sole purpose of a scheme for a solvent amalgamation of that other party with one or more other companies or the solvent reconstruction of that other party; or 17.2.5 an application is made to court, or an order is made, for the appointment of an administrator, or if a notice of intention to appoint an administrator is given or if an administrator is appointed, over the other party (being a company); or 17.2.6 the holder of a qualifying floating charge over the assets of that other party (being a company) has become entitled to appoint or has appointed an administrative receiver; or 17.2.7 a person becomes entitled to appoint a receiver over the assets of the other party or a receiver is appointed over the assets of the other party; or 17.2.8 a creditor or encumbrancer of the other party attaches or takes possession of, or a distress, execution, sequestration or other such process is levied or enforced on or sued against, the whole or any part of the other party's assets and such attachment or process is not discharged within 14 days; or 17.2.9 any event occurs, or proceeding is taken, with respect to the other party in any jurisdiction to which it is subject that has an effect equivalent or similar to any of the events mentioned in clause 11.2(c) to clause 11.2 (i) (inclusive); or 17.2.10 the other party suspends or ceases, or threatens to suspend or cease, carrying on all or a substantial part of its business. 17.3 Any provision of this agreement which expressly or by implication is intended to come into or continue in force on or after termination of this agreement shall remain in full force and effect. 17.4 Termination of this agreement for any reason, shall not affect the accrued rights, remedies, obligations or liabilities of the parties existing at termination. 17.5 On termination of this agreement for any reason, then the following provisions shall apply to such termination as appropriate: 17.5.1 the Supplier shall immediately cease provision of the Services but may provide Transition Services for a further period in accordance with clause 18.2; 17.5.2 each party shall return and make no further use of any equipment, property, materials and other items (and all copies of them) belonging to the other party; 17.5.3 the Supplier may destroy or otherwise dispose of any of the Customer Data in its possession unless the Supplier receives, no later than ten days after the effective date of the termination or expiry of this agreement, a written request for the delivery to the Customer of the most recent backup of the Customer Data. The Supplier shall use reasonable commercial efforts to deliver the backup to the Customer within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all Charges outstanding at, and resulting from, termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by the Supplier in returning or disposing of Customer Data; and 17.5.4 the accrued rights of the parties as at termination, or the continuation after termination of any provision expressly stated to survive or implicitly surviving termination, shall not be affected or prejudiced. 17.6 On termination of a Services Schedule for any reason but not this agreement as a whole, the provisions of clauses 17.5.1 to 17.5.4 shall apply in respect of the Services in that Services Schedule, but all other Services Schedules (if any) shall continue in force. 17.7 Notwithstanding its obligations in clause 17.5.3, if a party is required by any law, regulation, or government or regulatory body to retain any documents or materials which it would otherwise be required to return or destroy under clause 17.5.3, it shall notify the other party in writing of such retention, giving details of the documents or materials that it must retain. Clause 12 shall continue to apply to any such retained documents and materials. 18. EXIT ASSISTANCE AND TRANSFER OF ASSETS 18.1 Supplier shall, on request from Customer at any time after the expiry of six months from the Commencement Date, prepare or update the Exit Plan. 18.2 Upon notice of termination by the Customer under clause 17.2, the Customer may activate the Step-In Rights with the Indirect Third Parties to continue with the Indirect Third Party Services on a direct relationship basis. 18.3 The Customer may, at any time before termination of this agreement, for any reason, request the Supplier to provide the Transition Services. The Supplier will, in return for a reasonable charge (to be agreed in advance), provide such Transition Services for a maximum period of three months, or until termination of this agreement in accordance with clause 17, whichever is later. 18.4 On expiry or termination of this agreement the Supplier will promptly produce a list of the Rented Equipment and of the Transferring Contracts. The Supplier shall then sell, and the Customer shall buy, the Rented Equipment for net book value, calculated in accordance with Supplier's reasonable then-current depreciation policy. Title to such Rented Equipment shall pass to the Customer on payment for the same. 18.5 The Supplier and Customer shall co-operate to procure the novation or assignment to the Customer and/or Replacement Supplier of the Transferring Contracts. 18.6 The Customer shall: 18.6.1 accept assignments from the Supplier or join with the Supplier in procuring a novation of each Transferring Contract; and 18.6.2 once a Transferring Contract is novated or re-assigned to the Customer or the Replacement Supplier, the Customer shall carry out, perform and discharge all the obligations and liabilities created by or arising under that Transferring Contract and exercise its rights arising under that Transferring Contract or, as applicable, procure that the Replacement Supplier does the same. 19. EMPLOYEES 19.1 The parties do not intend for any employees, officers, agents and contractors to transfer pursuant to TUPE from the employment of the Customer into the employment of the Supplier in connection with the commencement and/or the provision of the Services. 19.2 If, notwithstanding clause 19.1, any employees, officers, agents and contractors transfer (or are alleged to transfer) from the employment of the Customer into the employment of the Supplier, the Customer, on the demand of the Supplier, shall indemnify and fully reimburse the Supplier, for all time, from and against all direct or indirect actions, proceedings, claims, demands, costs, losses, expenses (including legal expenses), damages, liabilities and penalties whatsoever incurred, suffered or paid by the Supplier in respect of the employment or termination of the employment or other liability relating to each transferring individual. 20. NON-SOLICITATION 20.1 Except in respect of any transfer of staff pursuant to TUPE, neither party shall (except with the prior written consent of the other party) directly or indirectly solicit or entice away (or attempt to solicit or entice away) from the employment of the other party any person employed or engaged by such other party in the provision of the Services or (in the case of the Customer) in the receipt of the Services at any time during the Term or for a further period of 12 months after the termination of this agreement other than by means of a national advertising campaign open to all comers and not specifically targeted at any of the staff of the other party. 20.2 If either the Supplier or the Customer commits any breach of clause 20.1, the breaching party shall, on demand, pay to the claiming party a sum equal to one year's basic salary or the annual fee that was payable by the claiming party to that employee, worker or independent contractor plus the recruitment costs incurred by the claiming party in replacing such person. 21. UNCONTROLLABLE EVENT The Supplier shall have no liability to the Customer under this agreement if it is prevented from, or delayed in, performing its obligations under this agreement, or from carrying on its business, by acts, events, omissions or accidents beyond its reasonable control, including, without limitation, strikes, lock-outs or other industrial disputes (whether involving the workforce of the Supplier or any other party), failure of a utility service or transport network, act of God, war, riot, civil commotion, malicious damage, compliance with any law or governmental order, rule, regulation or direction, accident, breakdown of plant or machinery, fire, flood, storm or default of suppliers or subcontractors, provided that the Customer is notified of such an event and its expected duration and that if the period of delay or non-performance continues for 4 weeks, the party not affected may terminate this agreement by giving 14 days' written notice to the other party. 22. ANTI-BRIBERY 22.1 Each party shall: 22.1.1 comply with all applicable laws, regulations, mandatory codes and sanctions relating to anti-bribery and anti-corruption including but not limited to the Bribery Act 2010 (“Relevant Requirements”); 22.1.2 have and shall maintain in place throughout the Term its own policies and procedures, including adequate procedures under the Bribery Act 2010, to ensure compliance with the Relevant Requirements, and will enforce them where appropriate; 22.1.3 promptly report to the other party any request or demand for any undue financial or other advantage of any kind received by it in connection with the performance of this agreement; 22.1.4 immediately notify the other party if a foreign public official becomes one of its officers or employees or acquires a direct or indirect interest in the first party (and the first party warrants that it has no foreign public officials as officers, employees or direct or indirect owners at the date of this agreement). 22.2 Breach of this clause 22 shall be deemed a material breach under clause 17.2.1. 22.3 For the purposes of this clause 22 a person associated with a party includes but is not limited to any subcontractor of that party. 23. WAIVER No failure or delay by a party to exercise any right or remedy provided under this agreement or by law shall constitute a waiver of that or any other right or remedy, nor shall it preclude or restrict the further exercise of that or any other right or remedy. No single or partial exercise of such right or remedy shall preclude or restrict the further exercise of that or any other right or remedy. 24. SEVERANCE 24.1 If any court or competent authority finds that any provision of this agreement (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision shall, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this agreement shall not be affected. 24.2 If any invalid, unenforceable or illegal provision of this agreement would be valid, enforceable and legal if some part of it were deleted, the parties shall negotiate in good faith to amend such provision such that, as amended, it is legal, valid and enforceable, and, to the greatest extent possible, achieves the parties' original commercial intention. 25. ENTIRE AGREEMENT 25.1 This agreement constitute the entire agreement between the parties and supersedes all previous discussions, correspondence, negotiations, arrangements, understandings and agreements between them relating to its subject matter. 25.2 Each party acknowledges that in entering into this agreement it does not rely on, and shall have no remedies in respect of, any representation or warranty (whether made innocently or negligently) that is not set out in this agreement. 25.3 Each party agrees that its only liability in respect of those representations and warranties that are set out in this agreement (whether made innocently or negligently) shall be for breach of contract. 25.4 Nothing in this clause shall limit or exclude any liability for fraud. 26. ASSIGNMENT 26.1 The Customer shall not, without the prior written consent of the Supplier, assign, transfer, charge, subcontract or deal in any other manner with all or any of its rights or obligations under this agreement. 26.2 The Supplier may at any time assign, transfer, charge, subcontract or deal in any other manner, with all or any of its rights or obligations under this agreement without the consent of the Customer. 27. NO PARTNERSHIP OR AGENCY Nothing in this agreement is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, nor authorise any party to make or enter into any commitments for or on behalf of any other party. 28. THIRD-PARTY RIGHTS This agreement is made for the benefit of the parties to it and (where applicable) their successors and permitted assigns, and is not intended to benefit or be enforceable by anyone else. 29. NOTICES 29.1 Any notice or other communication required to be given to a party under or in connection with this contract shall be in writing and shall be delivered by hand or sent by pre-paid first-class post or other next working day delivery service, at its registered office (if a company) or (in any other case) its principal place of business, or sent by fax to the other party's main fax number. 29.2 Any notice or communication shall be deemed to have been received if delivered by hand, on signature of a delivery receipt or at the time the notice is left at the proper address, or if sent by fax, at 9.00 am on the next Business Day after transmission, or otherwise at 9.00 am on the second Business Day after posting or at the time recorded by the delivery service. 29.3 This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution. For the purposes of this clause, "writing" shall not include email. 30. DISPUTE RESOLUTION PROCEDURE 30.1 If a dispute arises out of or in connection with this agreement or the performance, validity or enforceability of it (Dispute) then the parties shall follow the procedure set out in this clause: 30.1.1 the operational managers of each party shall attempt to resolve the dispute as soon as practicably possible; 30.1.2 if the operational managers are not able to resolve the dispute within 5 Business Days, either party shall give to the other written notice of the Dispute, setting out its nature and full particulars (Dispute Notice), together with relevant supporting documents. On service of the Dispute Notice, the senior executives of both parties attempt in good faith to resolve it; and 30.1.3 if the senior executives of each party are for any reason unable to resolve the Dispute within 15 Business Days of it being referred to them, the parties will attempt to settle it by mediation in accordance with the CEDR Model Mediation Procedure. Unless otherwise agreed between the parties, the mediator shall be nominated by CEDR Solve. To initiate the mediation, a party must serve notice in writing (Mediation notice) to the other party to the Dispute, requesting a mediation. A copy of the Mediation notice should be sent to CEDR Solve. The mediation will start not later than 20 Business Days after the date of the Mediation notice. 30.2 The commencement of mediation shall not prevent the parties commencing or continuing court proceedings in relation to the Dispute. 31. GOVERNING LAW AND JURISDICTION 31.1 This agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales. 31.2 The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim that arises out of or in connection with this agreement or its subject matter or formation (including non-contractual disputes or claims). DIRECT DEBIT MANDATE Instruction to your Bank or Building Society to pay by Direct Debit Please fill in the form using a ball point pen and send it to: ACS Systems UK Ltd ACS House Oxwich Close Brackmills Originator’s Identification Number Northampton, NN4 7BH 9 6 0 1 3 5 Reference Number Name(s) of Account Holder(s) Instruction to your Bank or Building Society Bank / Building Society account number Please pay ACS Systems UK Ltd Direct Debits from the account detailed in this instruction subject to the safeguards, assured by the Direct Debit Guarantee. I understand that this instruction may remain with ACS Systems UK Ltd and if so details will be passed electronically to my Bank or Building Society. Branch Sort Code Signature(s) Name and full postal address of your Bank/ Building Society To the Manager Bank/Building Society Address Date: Postcode Banks and Building Societies may not accept Direct Debit Instructions for some types of account. This guarantee should be detached and retained by the Payer. The Direct Debit Guarantee • This Guarantee is offered by all Banks and Building Societies that take part in the Direct Debit Scheme. The efficiency and security of the Scheme is monitored and protected by your own Bank or Building Society. • If the amounts to be paid or the payment dates change ACS Systems UK Ltd will notify you 10 working days in advance of your account being debited or as otherwise agreed. • If an error is made by ACS Systems UK Ltd or your Bank or Building Society you are guaranteed a full and immediate refund from your branch, of the amount paid. • You can cancel a Direct Debit at anytime by writing to your Bank or Building Society. Please also send a copy of the letter to us. SCHEDULE 1 - SET-UP SERVICES Part 1 Outline 1. Timetable 1.1 The Supplier will agree with the Customer an appropriate timetable for Planning and Due Dilligence, Implementation and Roll-out tasks to be completed. 2. Planning and Due Diligence 2.1 The Supplier shall conduct a due diligence exercise to examine all relevant Customer Sites, the Customer-side Equipment and the Customer's contracts with third parties, and will then] prepare the Project Plan in co-operation with the Customer. The Project Plan will list any Assets to be transferred to the Supplier in accordance with Part 2 of this Schedule . 3. Implementation 3.1 The Supplier and the Customer shall co-operate in implementing the Managed Services in accordance with the implementation provisions of the Project Plan. 4. Roll-out 4.1 The Supplier and the Customer shall co-operate in rolling out the Managed Services in accordance with the roll-out provisions of the Project Plan. Part 2 Asset transfer In consideration of the sum of one pound sterling (£1.00) receipt of which is, as of the Effective Date, acknowledged, the Customer agrees that: 1. Customer-side Equipment 1.1 If the Project Plan identifies any Customer-side Equipment then the Customer will, as from the Acceptance Date, transfer that Customer-side Equipment with full title guarantee. 2. Third-Party Software 2.1 If the Project Plan identifies any Third-Party Software then the Customer will, in accordance with the Project Plan, either: 2.1.1 arrange for the novation of its licences to such Third-Party Software from itself to the Supplier, such novations to be effective as of the Acceptance Date; or 2.1.2 terminate its own licences to such Third-Party Software and assist the Supplier in obtaining, as from the Acceptance Date, licences directly from the licensor on similar terms. 3. Customer Software 3.1 If the Project Plan identifies any Customer Software then the Customer will, as from the Acceptance Date, grant the Supplier a royalty-free licence to use such Customer Software for the purpose of providing the Managed Services for the duration of this agreement. 4. Intellectual Property Rights 4.1 If the Project Plan identifies any Intellectual Property Rights (aside from the Third-Party Software and the Customer Software) that is needed by the Supplier to provide the Managed Services then the Customer will, as from the Acceptance Date, but in accordance with the Project Plan: 4.1.1 arrange for the novation of its licences to such Intellectual Property Rights from itself to the Supplier, such novations to be effective as of the Acceptance Date; 4.1.2 terminate its own licences to such Intellectual Property Rights and assist the Supplier in obtaining, as from the Acceptance Date, licences directly from the licensor on similar terms; or 4.1.3 grant the Supplier a royalty-free licence to use such Intellectual Property Rights for the purpose of providing the Services for the duration of this agreement in accordance with clause 11. 5. No warranty 5.1 Any transfer (whether by way of sale, licence or sub-licence) of Assets made by Customer to Supplier under this section is made on an "as is" basis. The Customer excludes all representations (unless fraudulent), warranties and conditions and other contractual terms howsoever arising whether by statute, common law or otherwise and whether express or implied (except that the items are free from encumbrances) to the maximum extent permitted by applicable law in relation to those Assets. SCHEDULE 2 - SERVICE SPECIFICATION 1 GENERAL 1.1 This Service Specification is a complete description of the Services to be provided by the Supplier to the Customer under the Agreement. 2 GLOSSARY OF TERMS AND INTERPRETATION 2.1 The definitions and rules of interpretation in this clause apply in this Service Specification: Abnormal Operating Condition (AOC): where Equipment or Software operates outside of the optimal operating conditions as defined within a relevant manufacturer’s guidelines. Where the aforementioned definition is not included within a manufacturer’s guidelines the Supplier, at its sole discretion, will determine where an AOC arises. Agreement Type: the Customer can elect to have either Proactive Remote or Proactive IT agreement types, the former provides a lower cost alternative but does not include IT Roadmaps/Strategy documentation and attendance on-site is charged at the Supplier’s prevailing ad-hoc rates. Backup System: the Software and/or Hardware System owned and utilised by the Supplier to perform backups of data or such other replacement system agreed between the parties from time to time. Domain Name Registrar: the organisation or commercial entity, accredited by the Internet Corporation for Assigned Names and Numbers (ICANN) or by a national country code top-level domain (ccTLD) authority. DOA: dead on arrival. Firewall/Router: the Hardware/Software System utilised by the Supplier to protect the Customer’s IT systems. HO: the Customer’s head office. ISP: Internet Service Provider. Onsite Days: defined in paragraph 20.1 of this Schedule 2. Onsite Engineer: the Supplier’s engineer that will attend the Customer’s office in accordance with paragraph 20.1 of this Schedule 2. IMACs: Installs, Moves, Additions and Changes are small projects that fall outside of the remit of the defined support tasks are as defined in paragraph 21 of this Schedule 2. Peripherals: a device attached to a host Personal Computer or any other IT accessory forming part of the Customer’s IT System or provided by the Supplier from time to time. Personal Computer: any desktop or laptop forming part of Customer’s IT System used by a User. PIC: the Supplier’s Pro-active Information Centrewhich monitors, manages and reports on Customer’s IT System. Primary Data Link: Customer’s primary data link to the internet. Secondary Data Link: Any alternative data link to the internet that may be available. Senior Account Manager: the individual identified by the Supplier to act as principle project manager. Technical Account Manager: the individual identified by the Supplier to support the Senior Account Manager in technical delivery of the contact as and when required. VoIP: Voice Over Internet Protocol. User: the employees and agents of the Customer who use the Licensed Software [up to the maximum number specified in the Order Form]. 3 WIDE AREA NETWORK (WAN) INFRASTRUCTURE Where WAN Support is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 3.1 The Solution (a) The Customer shall have at least one cata link to the Internet known as the “Primary Data Link”. The Customer will establish the Primary Data Link at the HO and enter into the relevant ISP agreement by the Service Commencement Date. (b) The Primary Data Link may include but not be limited to the following uses: internet access, any external communication and if appropriate the Customer’s VoIP system. (c) The Customer may at its discretion provide another data link, the “Secondary Data Link” for the following uses a) Customer’s VoIP system; and b) if the Primary Data Link is unavailable at any time. 3.2 Support (a) The Supplier shall be responsible for managing the ISP and the ISP agreement, on the Customer’s behalf, on a day to day basis including but not limited to: (i) Managing bandwidth utilisation and making appropriate recommendations to the Customer in terms or increasing or decreasing the bandwidth of its data link. (ii) Monitoring the ISP’s performance against its contractual service levels and presenting performance information to the Customer as appropriate. (iii) Acting as primary point of contact to the ISP in the event of any issues pertaining to performance, availability and any other issue relevant to the overall service provided by the ISP. In such circumstances the Supplier shall manage the ISP until the issue is resolved and will provide regular updates to the Customer until the issue is resolved. (iv) Manage any change to the ISP service on the Customer’s behalf and communicate progress to the Customer. (b) The Supplier will monitor and manage both the Primary Data Link and the Secondary Data Link utilising both the in-built capabilities of the Firewall/Router and the PIC for each link including but not limited to: (i) Configuring the PIC to send a ping across the link every 3 minutes, and in the event there is a failure, to receive a good return for more than 10 minutes this will raise an alert within the PIC system for further investigation by an engineer; (ii) Configure PIC to connect to the email server and send a test email to an external mail server. The external mail server is configured to automatically reply. If this reply is not received by the Customer’s server within 10 minutes then an alert is raised; (iii) If a suitable Secondary Data Link and Hardware are available, configure the Firewall/Router hardware using the OSPF and HSRP protocols to actively monitor both the Primary Data Link and router hardware and automatically undertake a failover within 10 minutes of an issue arising. 3.3 Domain Name Records (a) The Domain Name Registrar will be responsible for managing Customer’s domain name records. (b) The Supplier shall be responsible for managing the Domain Name Registrar on Customer’s behalf and registering all required domain names and will act as primary point of contact to the Domain Name Registrar in the event of any issues pertaining to performance, availability and any other issue relevant to the overall service provided by the Domain Name Registrar. In such circumstances the Supplier shall manage the Domain Name Registrar until the issue is resolved and will provide regular updates to the Customer until the issue is resolved. 4 LOCAL AREA NETWORK (LAN) INFRASTRUCTURE Where LAN Support is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 4.1 The Solution (a) The Supplier will utilise the Customer’s network switching to provide suitable Local Area Network connectivity. (b) Where supported by the Hardware available The Supplier will configure the switches to support the appropriate virtual LANs (or VLANS) and protocols to provide appropriate performance for both voice and data traffic. (c) The Supplier will ensure that appropriate internal routing between VLANs be configured and maintained. (d) The Supplier will ensure that an appropriate IP addressing scheme, including where appropriate subnets for multiple sites in line with industry best practices. 4.2 Support - (a) The Supplier will be responsible for the complete management, support and proactive maintenance of the Customer’s LAN infrastructure. (b) The Supplier will rectify any faults on the LAN infrastructure in accordance with the Service Level Agreement. The Supplier will utilise the Switching manufacturer’s warranties or if purchased by the Customer extended warranties to replace the Equipment if required. (c) The Supplier will monitor and manage the LAN infrastructure using the PIC and where appropriate other management and monitoring tools in order to ensure that all switches are fully functional. 5 WIRELESS LOCAL AREA NETWORK (WLAN) INFRASTRUCTURE Where WLAN Support is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 5.1 The Solution (a) The Supplier will utilise the Customer’s WLAN Hardware to provide suitable Wireless Local Area Network connectivity. (b) Where supported by the Hardware available the Supplier will configure the WLAN Hardware to support the appropriate virtual LANs (or VLANS), SSIDs and protocols to provide appropriate performance for both voice and data traffic. (c) The Supplier will ensure that appropriate internal routing between VLANs be configured and maintained. (d) The Supplier will ensure that an appropriate IP addressing scheme, including where appropriate subnets for multiple sites be provided in line with industry best practices. 5.2 Support - (a) The Supplier will be responsible for the complete management, support and proactive maintenance of the Customer’s WLAN infrastructure. (b) The Supplier will rectify any faults on the WLAN infrastructure in accordance with the Service Levels. The Supplier will utilise the Switching manufacturer’s warranties or if purchased by the Customer extended warranties to replace the Equipment if required. (c) The Supplier will monitor and manage the WLAN infrastructure using the PIC and where appropriate other management and monitoring tools in order to ensure that all Hardware elements are fully functional. (d) The Customer will cover any reasonable costs in order to obtain physical access to WLAN Hardware components such as the provision of elevated work platforms to access Wireless Access Points mounted at height. 6 CORE SERVER INFRASTRUCTURE Where Server Support is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 6.1 The Solution (a) The Supplier will support the Customer’s Servers, both Virtual and Physical, as detailed in the Order Form provided that the Servers are running a supported Operating System (b) Supported Operating Systems include: (i) Apple MacOS X Server (ii) Microsoft Windows Server products which are within Microsoft’s Mainstream or Extended Support periods as defined by the Microsoft Lifecycle Support Policy (an up to date list can be found at support.microsoft.com/lifecycle) (iii) At the Supplier’s sole discretion it may choose to provide support for Servers running other Operating Systems. Such support may be withdrawn by the Supplier at any time by providing the Customer 30 days written notice of the end of support. (iv) The Supplier will support the Customer’s SAN Infrastructure including storage nodes, disk controllers and arrays and attendant SAN switching hardware. 6.2 Support (a) The Supplier shall be responsible for the complete management and support of the Customer’s IT System. The Supplier will maintain all Equipment in accordance with the Specifications. (b) If any change to the Customer’s IT System is made, the Supplier will update any appropriate Network Diagrams and all associated records and documentation within 10 Working Days of the change being made and will promptly provide a copy to the Customer upon request. (c) The Supplier will ensure that any faults on the Customer’s IT System is rectified in accordance with the Service Levels. The Supplier will utilise the Hardware manufacturer’s warranties or if purchased by the Customer extended warranties to replace the Equipment if required. (d) The Supplier will ensure that any required Operating System Service Packs, hotfixes, patches and updates are applied to the Customer’s Servers as appropriate, such works should be conducted in accordance with Planned Maintenance periods where-ever possible. (e) The Supplier will utilise the PIC to monitor the Customer’s IT System including but not limited to the following: (i) For all servers and SAN Nodes the Supplier will monitor and alert where AOCs are detected for the following key indicators: System uptime, system reboots (alerting if the server is rebooted or shutdown and again and again if remains unavailable for more than 15 minutes), CPU utilisation, memory utilisation and performance and disk health, performance and utilisation. (ii) The Supplier will monitor, filter and report where all server event logs for abnormal conditions in the following systems and services: Disk drive events, memory dumps, network events, event log, events, common workstation events, PIC agent problem, APC Agent Events, Unexpected System Shutdown, AntiVirus Events, Security Logon Events. (iii) Where the Customer has an on-premise Exchange Server the Supplier will also monitor the various Microsoft Exchange sub-services, database health, performance and utilisation and alert where AOCs are detected. (iv) For Domain Controller Servers the Supplier will also monitor FRS, NetLogon, NTDS, UserEnv, W32Time, DFRS, DHCP Server and DNS Server Services and alert where AOCs are detected. (f) In the event that any part of the Customer’s IT System is disposed of during the Term, the Supplier will ensure, at the Customer’s cost, that the equipment is wiped and returned to factory defaults before disposal in line with the WEEE directive, the Customer’s current IT Security Policy and all relevant legislation and provide written certification of its destruction. (g) All new Equipment including Personal Computers and Peripherals will be tested either upon arrival at the Supplier’s premises prior to dispatch to the HO, or at HO. Should any item be deemed to be DOA, the Supplier will arrange for its replacement in accordance with the manufacturer’s and approved distributor’s procedures and take all reasonable steps to avoid disruption to the implementation of any new Equipment including where practicable providing temporary or interim Equipment until the Equipment is replaced, at the Suppliers cost. 7 PLANNED MAINTENANCE 7.1 The Supplier and the Customer will agree planned maintenance windows to the Customer’s IT System. 7.2 The Supplier must give the Customer as much notice as possible of any planned maintenance outside of these times. The Supplier will work with the Customer to ensure that where possible all planned maintenance is scheduled to have as little impact as possible on the business operations of the Customer. 7.3 In the event that the Supplier has to effect or respond to an urgent outage where practicable the Supplier will contact the Customer, giving at least 30 minutes’ notice and the reason for the urgent outage and the duration of the outage and/or all Users will be sent a PIC alert via the PIC messaging system giving 15 minutes notice and another alert giving a 5 minutes notice before an urgent planned outage. This will be in exceptional circumstances only. 8 PERSONAL COMPUTER AND PERIPHERALS Where Personal Computer and Peripheral Support is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 8.1 Support (a) The Supplier will provide complete management and support of the Customer’s existing and new Personal Computers provided they are running supported Operating Systems (b) Supported Operating Systems include: (i) Apple MacOS X (ii) Microsoft Windows products which are within Microsoft’s Mainstream or Extended Support periods as defined by the Microsoft Lifecycle Support Policy (an up to date list can be found at support.microsoft.com/lifecycle) (iii) At the Supplier’s sole discretion it may choose to provide support for Personal Computers running other Operating Systems. Such support may be withdrawn by the Supplier at any time by providing the Customer 30 days written notice of the end of support. (c) The Supplier will ensure that any faults relating to any Personal Computer or Peripherals will be rectified in accordance with the Service Levels. The Supplier will utilise the Hardware manufacturer’s warranties or if purchased by the Customer extended warranties to replace the Equipment if required. (d) The Supplier will deploy PIC to all Personal Computers and will monitor for and alert where abnormal conditions are detected in the following areas including but not limited to CPU utilization, memory utilization and performance, disk health, performance and utilization. The Supplier will also use PIC to monitor for other abnormal software events in conjunction with the PIC End-Point Security module. PIC will also perform regular system audits of Personal Computers, Peripherals and associated software for use by the Supplier and the Customer in ensuring compliancy and compiling of Asset Registers as may be required. (e) In the event that any Personal Computer or Peripheral equipment is disposed of during the Term the Supplier will ensure, at the Customer’s cost, that the equipment is wiped and returned to factory defaults before disposal in line with the WEEE directive, the Customer’s current IT Security Policy and all relevant legislation and provide written certification of its destruction. 8.2 Delivery and set up of new Personal Computers (a) The Supplier will be responsible for providing new or replacement Personal Computers, at the Customer’s cost, installing the required User settings and software build and adding the User profile with relevant permissions and policies to the network as appropriate. (b) Where the Order Form includes a permanent Onsite Engineer or Pre-Agreed Onsite Engineering Days, the Onsite Engineer will deliver within 7 Working Days of the order being approved any new Personal Computers with the appropriate User settings and software build. (c) Where the Agreement includes IMACs (Installs Moves Additions or Changes) the Supplier will arrange installation of any new Personal Computer with the appropriate User settings and software build under the auspices for the IMAC system. (d) If the Customer has an emergency requirement or does not have and requires delivery on a non-Onsite Day, the Supplier will use its best endeavours to accommodate this requirement and the Customer shall be responsible for paying additional Desktop Set Up Charges as may be agreed in advance between the parties. (e) In the event that a new Personal Computer or Peripheral is DOA, the Supplier will arrange for its replacement in accordance with the manufacturer’s and approved distributor’s procedures and take all reasonable steps to avoid disruption to the implementation and complete the installation as soon as possible; where this requires installation outside of the designated Onsite Days this will be undertaken at the Supplier’s cost. The Supplier will, where practicable providing temporary or interim hardware until the Personal Computer or Peripheral is replaced, at the Supplier’s cost. (f) The Customer may at its option procure Personal Computers or Peripherals from a third party, under such circumstances the Supplier shall remain responsible for setting up Personal Computers in accordance with paragraphs 8.2(a), (b) and (c). The Customer will make the Personal Computer available to the Supplier at least 24 hours in advance of the installation and will liaise with the Supplier in respect of the set up and installation activity. 9 ASSET MANAGEMENT Where Asset Management is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 9.1 The Supplier will utilise PIC to keep a register of components within the Customer’s IT System including all Hardware and Software (the Asset Register). The Asset Register will include model, part and serial numbers (where applicable). 9.2 Any adds or changes to Customer’s Hardware or Software will be incorporated into the Asset Register within 2 Working Days of the add or change occurring. 9.3 The Supplier will provide a copy of the Asset Register or any specific part thereof (e.g. only Personal Computers) to the Customer within 2 Working Days of the request being made by the Customer. 10 SOFTWARE MANAGEMENT Where Software Management is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 10.1 General (a) All Personal Computers will be loaded with the necessary Software and the Customer’s standard settings and permission controls and policies either via the application of group policies, scripts from PIC or the use of a standardised system or ghost image as recommended by the Supplier. The Supplier will work with the Customer to ensure that the Customer’s standard settings, permission controls and policies are fit for purpose at all times and are amended when necessary. (b) Prior to the Service Commencement Date the Customer shall ensure that it is legally compliant in respect of all its Software licences and Third Party Products. The Supplier shall ensure that the Customer continues to be legally compliant throughout the Term of the Agreement. (c) The Supplier will take reasonable steps to preclude Customer employees and third parties from installing new software on Customer Equipment. (d) Notwithstanding paragraph paragraph (c) above, the Supplier will not be held responsible where an individual User has deliberately circumvented the protections put in place and has installed software onto a Personal Computer. Regular audits will be undertaken to ensure that individuals are not downloading software and the results will be shared with the Customer. (e) The Supplier shall ensure that the Customer is made aware of the different software licence options that may be available to the Customer from time to time, taking into account the Customer’s business interests. 10.2 Patch Management (a) The Supplier will undertake patch management to ensure that patches are implemented upon release. (b) The Supplier will use PIC to automatically apply software patches on each night, beforehand the PIC system will automatically send an on-screen reminder asking Users to leave their computers on, but logged off, for the update. (c) Should any Personal Computer be unavailable for update PIC will attempt to use wake-on-LAN functionality to start the Personal Computer in order to update it. Should a computer not be connected to the LAN or internet at the agreed interval this will be logged and scheduled for update at the next interval, should a computer miss more than 3 intervals then Helpdesk will be alerted and will liaise with the Customer to ensure that the computer is patched as soon as practicable. (d) The Supplier will use PIC to provide reports on the patch status of all Personal Computers and will provide summary information every month to the Customer. 11 BASIC SECURITY Where Basic Security Management is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 11.1 The Solution (a) The Supplier will deploy, at the Customer’s cost, a tiered security solution to prevent unauthorised or malicious access to Customer’s IT System. This will include but not be limited to: (i) PIC’s anti-virus and anti-spyware software deployed to Personal Computers and servers; (ii) perimeter scanning of e-mail traffic for virus or malicious or unsuitable content by the Router/Firewall and Cloud based E-Mail Management products; and (iii) the provision of restrictions to User access and permissions via Windows group policies (for example to prevent installation of unauthorised software). (b) The Supplier will utilise a suitable Router/Firewall to provide perimeter firewall security, traffic inspection and VPN access. (c) Where provided the Supplier will deploy, at the Customers cost, suitable Multi-Factor Authentication systems and Hardware Appliances/Tokens or Soft-tokens to supplement the existing network protection. (d) The Supplier will utilise the Mimecast Unified Email Management Software or suitable alternative to filter incoming e-mail for spam, inappropriate content, viruses and malicious software before the e-mail reaches the Exchange server. (e) Where provided the Supplier will deploy, at the Customers cost, Cisco Umbrella cloud based web filtering includes web-access filtering to ensure that web browsing is restricted to appropriate sites and inappropriate content, virus and malicious software a barred from access by the Customer’s Users. 11.2 Support (a) The Supplier will be responsible for the complete management and support, including proactive maintenance of the security infrastructure comprised in the Customer’s IT System. (b) The Supplier will ensure that any faults to the security infrastructure will be rectified in accordance with the Service Levels. The Supplier will utilise the Hardware manufacturer’s warranties or if purchased by the Customer extended warranties to replace the Equipment if required. (c) The Supplier will monitor and manage the security infrastructure using PIC and where appropriate other management and monitoring tools in order to ensure that all firewalls, routers, authentication devices and software systems are fully functional. The Supplier will monitor for abnormal activity which may indicate an attack or vulnerability. If such activity arises, a call will be raised with the Helpdesk who will investigate and resolve appropriately in line with the agreed Service Levels. (d) In the event that any security infrastructure is disposed of during the Term the Supplier will, at the Customer’s cost, ensure that the equipment is wiped and returned to factory defaults before disposal in line with the WEEE directive, the Customer’s current IT Security Policy and all relevant legislation and provide written certification of its destruction. 12 DATA STORAGE AND BACKUP Where Data Storage and BackUp is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 12.1 The Solution (a) The Supplier will ensure that the Customer’s IT System includes appropriate BackUp System to protect the Customer’s data. (b) The Supplier will ensure that the backup system is documented and the extent of its protection and capabilities clearly understood by the Customer. (c) Where the solution is an on-premise tape/disk based solution the Supplier will provide appropriate training to enable the Customer will be responsible for carrying out the Tape/Disk rotation and taking the relevant tape/disk off-site. (d) Whatever solution is utilised the Customer will be responsible for meeting all appropriate provisioning and operating costs, including subscription charges, software license and associated maintenance costs, tapes/disk cartridges, drive hardware costs 12.2 Support (a) Where a Cloud based backup solution is provided by Datastore or similar third-party the Supplier will ensure the backup service is monitored by both PIC and third parties/Datastore’s own software systems with capacity and completion or failure alerts provided to the Helpdesk and the Customer. In the event of a failure, a Priority 2 Call would be initiated and resolved accordingly. (b) Where the solution is an on-premise tape/disk based backup solution is used the Supplier will ensure the BackUp System is monitored by PIC or other suitable software systems with capacity and completion or failure alerts provided to the Helpdesk and the Customer. In the event of a failure, a Priority 2 Call would be initiated and resolved accordingly. (c) In the event that a major restore is required, for instance in a disaster, the Supplier will utilise the backup solutions capability to restore systems onto a suitable platform on a best endeavours basis. (d) For minor restoration of data the Supplier will utilise the backup solutions capability to restore data onto the Customer’s IT System as appropriate. 13 REMOTE ACCESS Where Remote Access Support is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 13.1 The Solution (a) The Supplier will deploy, at the Customer’s cost, a suitable Remote Access system to provide the Customer’s nominated Users with the ability to access the agreed systems outside of the Customer’s HO. 13.2 Support (a) The Supplier shall be responsible for the management and support of the remote access solution this may include (but is not limited to) Microsoft Remote Desktop Services, Citrix XenApp, Citrix XenDesktop, Microsoft Outlook Web Access and mobile IPSec/SSL based VPN connectivity. (b) The Supplier shall support the agreed Remote Access systems upon Customer owned Personal Computers and at the Supplier’s sole discretion upon other equipment/client devices provided by Users or third-parties authorised to use Remote Access systems by the Customer. (c) The Supplier is responsible for ensuring that Remote Access system is available to suitably configured Personal Computers at any location with a suitable Internet connection. To this end the Supplier will utilise it’s PIC software and other systems to monitor the availability of the solution. (d) The Supplier will ensure that any faults to the Remote Access system will be rectified in accordance with the Service Levels. (e) The Supplier is not responsible for providing, maintaining, diagnosing or resolving issues with Internet connectivity at none-Customer site locations such as User’s Homes, Hotels or other third-party premises 14 SMARTPHONE/TABLET SUPPORT Where Smartphone/Tablet Support is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 14.1 The Solution (a) The Supplier will deploy an appropriate Mobile Device Management (MDM) solution to enable the monitoring, support and management of Smartphone/Tablet mobile computing and communication devices owned by the Customer running a supported operating system. (b) Supported operating systems include Apple iOS and Google Android. The Supplier may add or withdraw support for any operating system or specific version of a supported operating system by giving the Customer 90 days written advance notice. (c) The Supplier will configure the MDM solution to enforce the Customer’s IT Security Policy and work with the Customer to ensure that suitable security precautions are taken to protect company data accessible via the Customer’s Smartphone/Tablet devices. (d) Where appropriate and practicable the Supplier will utilise its PIC software systems to monitor, alert and ensure availability of the MDM solution. 14.2 Support (a) The Supplier will provide remote support to ensure the connectivity, security and functionality of the Customer’s Smartphone/Tablet devices this will include (i) Ensuring that Customer’s E-Mail, Calendar and Contact data is synchronising correctly to the supported device (ii) Ensuring that the device can correctly and securely connect to any Customer owned Wireless Local Area Network (iii) Ensuring that the device is under proper management and appropriately secured by the MDM solution (b) The Supplier will not provide support on individual apps installed upon the mobile device, support for e-mail, calendar and contact synchronisation, email systems outside of those provided to Users for the business purposes of the Customer. (c) Any Smartphone/Tablet related problems will be reported by Users to the Helpdesk, the Helpdesk will then seek to resolve any issues and respond to any queries. If requested by the Customer, the Supplier will act as a primary point of contact to the Customer’s Mobile Network Provider in the event of any issues pertaining to Smartphone/Tablet device use. In such circumstances the Supplier shall manage the Mobile Network Provider until the issue is resolved and will provide regular updates to the Customer until the issue is resolved. 15 PRINTERS Where Printer Support is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 15.1 The Supplier will support the Customer owned desktop and workgroup Printers, this will not include the provision of consumable OR non-consumable parts where required. 15.2 If a printer is deemed to be end of life and therefore beyond economic repair the Supplier will advise the Customer and recommend that the printer be replaced. Until such replacement is provided the Supplier will use reasonable endeavours to keep the printer operational. 15.3 The Supplier will carry out maintenance upon the printers including but not limited to monitoring network aware printers with PIC for printer volumes and faults allied to regular physical inspections and the installation of maintenance kits as recommended as part of the manufacturer’s service schedule. 16 TELEPHONY Where Telephony Support is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 16.1 The Solution (a) The Supplier will provide support for the on-premise Customer’s Avaya IP Office or Cisco CM/CCME/UC telephony solution or alternatively the Supplier will provide support for the Hosted 8x8 or BT telephony solution. The Supplier will liaise with the Telecommunications Provider to support the relevant POTS, ISDN or SIP Trunking services that connect the Telephony solution to the outside world. (b) Where voice traffic will be channelled through the Primary Data Link, the Supplier will work with Telecommunications Provider and ISP to ensure that the firewall is configured to allow an adequate amount of bandwidth to be dedicated to voice traffic and the LAN is configured to ensure the relevant QOS/Priority and VLANs are provisioned to support the solution. 16.2 Support (a) Any telephony related problems will in the first instance be reported by Users to the Helpdesk. The Supplier will then act as primary point of contact to the Telecommunications Provider in the event of any issues pertaining to performance, availability and any other issue relevant to the overall service provided by the Telecommunications Provider. In such circumstances the Supplier shall manage Telecommunications Provider until the issue is resolved and will provide regular updates to the Customer until the issue is resolved. 17 HOSTED APPLICATIONS Where Hosted Applications is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 17.1 Support (a) The Supplier will provide reasonable support for Hosted Applications including – (i) Microsoft Office365 (ii) Hosted Microsoft Exchange (iii) Mimecast Unified Email Management (iv) Websense Web Security Gateway (v) Other pre-agreed Software (b) Where practicable the Supplier will utilise the PIC system to monitor and report upon the availability and health of these services. (c) Any Hosted Application related problems will in the first instance be reported by Users to the Helpdesk. The Supplier will then act as primary point of contact to the Hosted Applications Provider in the event of any issues pertaining to performance, availability and any other issue relevant to the overall service provided by the Hosted Applications Provider. In such circumstances the Supplier shall manage the Hosted Applications Provider until the issue is resolved and will provide regular updates to the Customer until the issue is resolved. 18 ENDPOINT ANTI-VIRUS PROTECTION 18.1 The Solution (a) The Supplier will deploy standard business grade Endpoint Anti-Virus protection as a module of its PIC system to help protect the Customer’s IT System from Viruses and Malware. (b) The Endpoint Anti-Virus module will be updated and managed by the PIC software system. 18.2 Support (a) The Supplier will ensure that the Endpoint Anti-Virus module is correctly configured, up-to-date and that any appropriate exclusions set to ensure the smooth running of the Customer’s IT System. (b) When new Anti-Virus signatures become available the Supplier will utilise the PIC software system to update the Endpoint Anti-Virus modules deployed on the Customer’s IT System in accordance with the planned maintenance schedule. (c) In the case of a fault, virus outbreak or issue the Supplier will use the Endpoint Anti-Virus and other appropriate tools to resolve the issue. 19 HELPDESK SUPPORT 19.1 General (a) The Supplier will provide a manned helpdesk for first and second line User support (Helpdesk). (b) The Helpdesk will be based at the Supplier’s main offices in Northampton. The Helpdesk will remain located in the UK for the Term. (c) The Helpdesk will be available to the Customer from 8:30am until 5:30pm on Working Days. 19.2 Call Handling (a) Calls made to the Helpdesk will be logged and qualified by a first line operative, the call will be given a unique reference number and the caller will be advised of this number. (b) An initial assessment of the call is made by the first line operative and if possible the call will be resolved at this stage. If the call cannot be resolved at this stage it will be escalated either to a second line engineer, a field engineer or the Onsite Engineer as appropriate. (c) During the initial assessment undertaken in accordance with paragraph 19.2(b) the operator will confirm the priority level of the incident in accordance with the table below: Priority Definition Critical Any incident that affects core business services which may or may not affect multiple Users. High Any incident affecting multiple Users which disrupts work. Medium Any incident affecting a single User which disrupts work. Low Moves and changes to IT environment, requests for information etc. (d) All calls will be logged, monitored and prioritised on the Supplier’s Customer Relationship Management (CRM) system. (e) All work carried out on a particular call will be entered on the Supplier’s CRM system and an electronic record will be maintained. The electronic record will be provided if requested in writing by the Customer within 2 Working Days of receiving the request. (f) The Supplier will provide the Customer and nominated Users with access to open and recent incident history and the ability to log new calls. 19.3 Other Methods of Reporting Issues or Queries (a) Users will be able to report issues or queries to the Helpdesk via email to the Helpdesk’s dedicated email address and through a call logging form included in the Suppliers website (b) Such requests must include the Users contact details and a brief description of the issue, an automated response will be sent upon receipt of this e-mail. This e-mail will then be checked and a call logged on the Supplier’s CRM system and a unique reference number issued to the sender before the call will be handled in accordance with paragraphs 19.2(a) –(e). 20 ONSITE ENGINEER 20.1 An engineer (Onsite Engineer) will attend the HO a pre-agreed number of Working Days per week (Onsite Days), unless otherwise agreed by the Customer. In the event that an Onsite Day is a bank holiday the Onsite Engineer shall attend the HO on the following Working Day. 20.2 The Onsite Engineer shall be at the HO from 8.30am to 5.30pm on Onsite Days. 20.3 At the Supplier’ s option and at no costs to the Customer the Onsite Engineer may from time to time attend the HO on non Onsite Days in addition to Onsite Days. 20.4 The Customer will provide the Onsite Engineer with a workstation at the HO. 20.5 The Onsite Engineer on nominated Onsite Days will: (a) provide second line technical support to Users ensuring incidents are resolved as quickly and effectively as possible; (b) work closely with the Helpdesk and field engineers to ensure a high level of communication is maintained; (c) create and maintain strong relationships with the Customer; (d) ensure that purchased equipment is installed within the Service Levels to the appropriate standards and industry best practices and to the Customer’s satisfaction; (e) provide assistance to the Customer, Technical Account Manager and Senior Account Manager in the technical design, implementation and support of the Customer’s projects; (f) ensure that audit and system documentation including but not limited to the asset register, network maps and diagrams and system configuration details of switches/firewalls/servers/desktop computers etc. are created and maintained; (g) be accountable for the implementing the outcome of any change control and the upkeep of digital records including incident reports and jobsheets; (h) work under its own initiative as part of the Supplier’s service team to ensure high quality support to the Customer; (i) undertake any other duties as required to satisfy the Customer’s and the Supplier’s requirements under the Agreement; (j) be approachable and continue to provide high quality support to Users at all times regardless of Onsite Day status; (k) be responsible for maintaining all onsite records including software, backup tapes etc; (l) be responsible for the asset management of all the Customer’s IT System Peripherals and ensure that the Service Manager is notified of the Customer’s spares use. 21 Installs/Moves/Additions/Changes (IMAC) Provision 21.1 Installs/Moves/Additions/Changes (IMAC) are an alternative to Onsite Days should these be included, and how many, will be specified within the Order Form. An IMAC is a defined as a small job that will take no more than 2 hours for an engineer to complete but which falls outside the other areas of the service description. 21.2 The Supplier will perform up to two IMACs simultaneously up to the maximum monthly allowance indicated on the Order Form. Works that require additional time to complete will be classed as Projects and quoted and charged accordingly. Should the Customer require additional IMACs above the agreed monthly allowance these will be charged for at the Suppliers standard hourly rates. 21.3 An IMAC may include (a) The Installation of software, hardware or components such as the installation of a new Personal Computer for a new User. (b) The Movement of a piece of hardware to a new location, for example the movement of a Personal Computer from one desk to another. (c) The Addition of a new peripheral or component, for example the installation of a memory upgrade into an existing Personal Computer. (d) Changes to the system such as the deployment of a new operating system onto a Personal Computer or the reconfiguring of a Personal Computer for another User. (e) Any other work or task that the Supplier reasonably believes to be outside the scope of other areas of the service description. 22 REPORTING AND ACCOUNT MANAGEMENT 22.1 The Supplier shall allocate an Account Manager and a Technical Account Manager to the Customer for the Term who will be responsible for the day to day management of the Customer account and provision of Services under this Agreement. 22.2 The parties will hold meetings on a quarterly basis unless otherwise mutually agreed. At the meetings the parties will discuss: (a) General overall performance. (b) Recommendations of any adds or changes to the Services. (c) Any Change Requests. (d) Any Additional Orders / future requirement. (e) Any other relevant issues. 22.3 The Supplier shall submit a Quarterly Report which will report against the Service Level Agreement, activity levels, health of the network, licensing issues, spend to date, invoice status, forecast spend, fault trending and any other items as mutually agreed. 22.4 The Account Manager and Technical Account Manager will be responsible for actively investigating new technologies. Software updates and new releases, products, systems that may be of use to the Customer and would enhance its overall operating environment and making appropriate recommendations to the Customer. The Customer may from time to time request that the Supplier investigate specific technologies, products or solutions that it may be interested in, the Supplier shall take appropriate actions accordingly and make recommendations to the Customer. 22.5 The Account Manager is responsible for answering any day to day queries that the Customer may have with regard to the purchase of new equipment, issues pertaining to the Agreement or to an Order. The Senior Account Manager is responsible for regularly attending meetings with the Customer, ensuring that Service delivery is maintained including the production of and presentation of reports, ongoing IT strategy and assisting the procurement and delivery of larger projects. 22.6 Where, as indicated on the Order Form, the Customer has elected for a Procative IT Agreement Type The Supplier will be responsible for working with the Customer to prepare and update The Customer’s IT strategy document. The IT strategy documents will be reviewed and updated as necessary every year. The IT strategy shall set out: (a) a Summary of the strategy and services employed in the previous year; (b) anticipated changes to business objectives, working practices or growth within the Customer that may impact on the Customer’s IT System and its IT service requirements; (c) any ongoing system limitations that have affected the Customer’s operations or are likely to do so in the next year; (d) proposed changes to the system and working practices to the systems within the next six, twelve and twenty-four months (including budgetary estimates of likely investment required if appropriate) to support the contents of sub-paragraph (b) and mitigate the impact of sub-paragraph (c); (e) review of the market position of key suppliers or vendors utilised for the benefit of service provision across the Customer’s IT System; (f) review of the Customer’s existing enterprise tools (accounting tools, customer management system etc.) and recommendations around upgrading or changing the existing tools, or implementing new enterprise tools that would enhance the Customer’s overall operating environment; and (g) summarising industry trends and new technologies that may be of interest to the Customer in the future. 22.7 At least once a year, but if requested by the Customer more often, the Supplier will perform User surveys to ascertain the level of User satisfaction and areas of IT service provision which may require further work to improve, the content of these surveys will be to agreed by the Senior Account Manager and the Service Manager and the Senior Account Manager will compile the results and publish reports to the Service Manager for each survey. 23 CLIP TRAINING PORTAL 23.1 The Solution (a) The Supplier will provide the Customer’s Users with access to a web-based training portal providing training course, videos and content covering: (i) Basic Security Awareness (ii) Microsoft Office 365 Suite and Office applications (iii) Currently supported Microsoft Windows Operating Systems 23.2 Support (a) The Supplier will be responsible for the content, management and support of the training portal including setting up of new users. 24 ATTENDANCE ONSITE 24.1 Support (a) Where The Supplier judges it necessary or advisable for support works to be carried out on-site by it’s Field Engineers The Supplier will arrange to attend site, during Normal Business Hours, to carry out such works. (b) Where The Customer requests on-site works to be carried out outside of Normal Business Hours, at locations other than the Customer’s Head Office or where the Agreement Type, as indicated on the Order Form, is a Proactive Remote contract then the Supplier, at its sole discretion and having advised the Customer in advance, may charge at its prevailing ad-hoc engineering rates. 25 24/7 SUPPORT Where 24/7 Support is specified within the Order Form the Supplier will provide and Support the Solution as detailed below 25.1 Support (a) The Supplier will provide remote telephone based support 24/7 for critical and high priority incidents. Support does NOT include Christmas Day, Boxing Day, New Years Eve or New Years Day. 26 SECURITY AS A SERVICE STANDARD PACKAGE Where Security as a Service Standard is specified within the Order Form the Supplier will provide and Support the Solution as detailed below, this is in addition to Basic Security Management as detailed in Section 11 of this schedule. 26.1 Security Awareness Training (a) The Supplier will provide and deploy a comprehensive Cyber Security Awareness Computer-based Training Solution for all Customer Users. (b) The Supplier will, in conjunction with the Customer, create and conduct on-going Cyber Security Awareness Training programme utilising the computer-based training solution provided and provide the Customer with regular and on-going reports. (c) The Supplier will ensure that the Security Awareness Training programme is conducted in accordance with good industry practice and the requirements of the NCSC Cyber Essentials programme. 26.2 Mobile Device Management (a) The Supplier will provide Microsoft’s Enterprise Mobility Suite E3 for all users and will deploy the Intune Mobile Device Management component to provide Mobile Device Management and support in accordance with the Smartphone/Tablet Support service module as per Section 14 of this schedule and in accordance with good industry practice and the requirements of the NCSC Cyber Essentials programme. 26.3 Identity and Access Management (Multi-Factor Authentication) (a) The Supplier will provide Microsoft’s Enterprise Mobility Suite E3 for all users and will deploy the Microsoft Azure Active Directory component to provide Multi-Factor Authentication to supported devices and systems in accordance with good industry practice and the requirements of the NCSC Cyber Essentials programme. 26.4 Information Protection (a) The Supplier will provide Microsoft’s Enterprise Mobility Suite E3 for all users and will deploy the Microsoft Azure Information and Data Protection components to provide Information and Data Protection to supported devices and systems in accordance with good industry practice and the requirements of the NCSC Cyber Essentials programme. 26.5 Vulnerability Assessment (a) The Supplier will perform annually a comprehensive vulnerability assessment using appropriate security tools and produce a written report for the Customer highlighting any areas of risk with recommendations to remediate. (b) The Supplier will agree a programme of works to remediate any risks that would be in-breach of the NCSC Cyber Essentials certification programme with the Customer, and where no additional software or hardware is required, at the Supplier’s cost – implement this programme of works. 26.6 Cyber Essentials Consultancy (a) The Supplier will provide consultancy, at it’s cost, to support the Customer in attaining the NCSC Cyber Essentials certification this will include, but is not limited to: (i) Meeting any registration or certification costs levied by the governing authority (ii) Providing advice and support in completing all necessary paperwork (iii) Providing example processes and procedures that the Customer may need to adopt to attain certification (iv) Providing remedial engineering works to ensure compliance, where such works do not require the provision of additional hardware or software solutions to be completed. (b) The Supplier will ensure that all works carried out by The Supplier under the auspices of the Managed Service Agreement meet the Cyber Essentials best practices and guidance to ensure ongoing compliance. 26.7 Support (a) The Supplier will be responsible for the complete management and support, including proactive maintenance of the security infrastructure comprised in the Customer’s IT System. (b) The Supplier will ensure that any faults to the security infrastructure will be rectified in accordance with the Service Levels. The Supplier will utilise the Hardware manufacturer’s warranties or if purchased by the Customer extended warranties to replace the Equipment if required. (c) The Supplier will monitor and manage the security infrastructure using PIC and where appropriate other management and monitoring tools in order to ensure that all firewalls, routers, authentication devices and software systems are fully functional. The Supplier will monitor for abnormal activity which may indicate an attack or vulnerability. If such activity arises, a call will be raised with the Helpdesk who will investigate and resolve appropriately in line with the agreed Service Levels. (d) In the event that any security infrastructure is disposed of during the Term the Supplier will, at the Customer’s cost, ensure that the equipment is wiped and returned to factory defaults before disposal in line with the WEEE directive, the Customer’s current IT Security Policy and all relevant legislation and provide written certification of its destruction. 27 SECURITY AS A SERVICE PLUS PACKAGE Where Security as a Service Plus is specified within the Order Form the Supplier will provide and Support the Solution as detailed below, this is in addition to Basic Security Management as detailed in Section 11 of this schedule. 27.1 Security Awareness Training (a) The Supplier will provide and deploy a comprehensive Cyber Security Awareness Computer-based Training Solution for all Customer Users. (b) The Supplier will, in conjunction with the Customer, create and conduct on-going Cyber Security Awareness Training programme utilising the computer-based training solution provided and provide the Customer with regular and on-going reports. (c) The Supplier will ensure that the Security Awareness Training programme is conducted in accordance with good industry practice and the requirements of the NCSC Cyber Essentials Plus programme. 27.2 Mobile Device Management (a) The Supplier will provide Microsoft’s Enterprise Mobility Suite E5 for all users and will deploy the Intune Mobile Device Management component to provide Mobile Device Management and support in accordance with the Smartphone/Tablet Support service module as per Section 14 of this schedule and in accordance with good industry practice and the requirements of the NCSC Cyber Essentials Plus programme. 27.3 Identity and Access Management (Multi-Factor Authentication) (a) The Supplier will provide Microsoft’s Enterprise Mobility Suite E5 for all users and will deploy the Microsoft Azure Active Directory component to provide Multi-Factor Authentication to supported devices and systems in accordance with good industry practice and the requirements of the NCSC Cyber Essentials Plus programme. 27.4 Information Protection 27.5 The Supplier will provide Microsoft’s Enterprise Mobility Suite E5 for all users and will deploy the Microsoft Azure Information and Data Protection components to provide Information and Data Protection to supported devices and systems in accordance with good industry practice and the requirements of the NCSC Cyber Essentials Plus programme. 27.6 Cisco Umbrella (a) The Supplier will provide and deploy, Cisco Umbrella cloud based web filtering includes web-access filtering to ensure that web browsing is restricted to appropriate sites and inappropriate content, virus and malicious software a barred from access by the Customer’s Users. The system will be setup and maintained in accordance with good industry practice and the requirements of the NCSC Cyber Essentials Plus programme. 27.7 Vulnerability Assessment (a) The Supplier will perform annually a comprehensive vulnerability assessment using appropriate security tools and produce a written report for the Customer highlighting any areas of risk with recommendations to remediate. (b) The Supplier will agree a programme of works to remediate any risks that would be in-breach of the NCSC Cyber Essentials Plus certification programme with the Customer, and where no additional software or hardware is required, at the Supplier’s cost – implement this programme of works. 27.8 Cyber Essentials Consultancy (a) The Supplier will provide consultancy, at it’s cost, to support the Customer in attaining the NCSC Cyber Essentials Plus certification this will include, but is not limited to: (i) Meeting any registration or certification costs levied by the governing authority (ii) Annual on-site Auditing in accordance with the certification requirements (iii) Providing advice and support in completing all necessary paperwork (iv) Providing example processes and procedures that the Customer may need to adopt to attain certification (v) Providing remedial engineering works to ensure compliance, where such works do not require the provision of additional hardware or software solutions to be completed. (b) The Supplier will ensure that all works carried out by The Supplier under the auspices of the Managed Service Agreement meet the Cyber Essentials Plus best practices and guidance to ensure ongoing compliance. 27.9 Support (a) The Supplier will be responsible for the complete management and support, including proactive maintenance of the security infrastructure comprised in the Customer’s IT System. (b) The Supplier will ensure that any faults to the security infrastructure will be rectified in accordance with the Service Levels. The Supplier will utilise the Hardware manufacturer’s warranties or if purchased by the Customer extended warranties to replace the Equipment if required. (c) The Supplier will monitor and manage the security infrastructure using PIC and where appropriate other management and monitoring tools in order to ensure that all firewalls, routers, authentication devices and software systems are fully functional. The Supplier will monitor for abnormal activity which may indicate an attack or vulnerability. If such activity arises, a call will be raised with the Helpdesk who will investigate and resolve appropriately in line with the agreed Service Levels. (d) In the event that any security infrastructure is disposed of during the Term the Supplier will, at the Customer’s cost, ensure that the equipment is wiped and returned to factory defaults before disposal in line with the WEEE directive, the Customer’s current IT Security Policy and all relevant legislation and provide written certification of its destruction. SCHEDULE 3 - SERVICE LEVEL ARRANGEMENTS 1 SERVICE LEVELS 1.1 In accordance with clause 9 of the Agreement the Supplier will perform the Services in accordance with the Service Levels during the Term. In the event that the Supplier fails to meet a Service Level it will be liable to the Customer for any applicable Service Credits set out below. 1.2 The parties will monitor the Supplier’s performance against all Service Levels throughout the Term. The Supplier shall submit metrics against all Service Levels set out in this Schedule 3 in the Quarterly Report. 1.3 All Service Levels shall be measured over a monthly period. 1.4 A Service Credit shall not be payable unless the Customer requests it within 40 Business Days of the end of the calendar month in respect of which the Service Level was not met. The maximum Service Credit allowable in a given month is limited to [20]% of the total monthly Fee payable for that month 1.5 Incident Response Times (a) All incidents reported to the Helpdesk shall be prioritised in accordance with the priority definition set out in paragraph 19.2 of Schedule 2. (b) The Supplier will contact the User who reported the incident and will agree with the User what the incident is about and provide them with the following information regarding the incident reported: (i) The Supplier will allocate an owner to the incident. (ii) Feedback from initial attempts to resolve the issue by phone or remotely. (iii) Whether the incident is related to a software failure or not. and (iv) A clear outline from the Supplier as to what the next stages are and the target resolution time. (v) The Supplier response will be provided in accordance with the Service Levels set out below: Service Level # Incident Priority Level Service Level (time from initial call or email from User in Working Hours or Working Days) Service Credit 1 Critical 98% of all incidents responded to in 1 hour £100 High 95% of all incidents responded to in 4 hours N/A Medium 95% of all incidents responded to in 8 hours N/A Low 95% of all incidents responded to in 2 days N/A SCHEDULE 4 - THIRD PARTY SERVICES Part 1: Direct Third Party Services [INSERT] Part 2: Indirect Third Party Services [INSERT] SCHEDULE 5 : GDPR DATA PROCESSING Part A: Processing, Personal Data and Data Subjects 1. Processing by the Provider 1.1 Scope For the provision of IT Managed Services and Support of systems and software as agreed within our Master Services Agreement. 1.2 Nature 1.3 Backup, Storage and Migration of Data or other such processing as may be required in the course of the delivery of the agreed services. 1.4 Purpose of processing Data will be processed purely for the purposes of delivering the services detailed in our Master Services Agreement or other project works that may be agreed from time to time. Duration of the processing The term of our Master Services Agreement, including any extended terms that may be entered into. 2. Types of personal data Names and contact details such as addresses, telephone numbers, mobile telephone numbers , e-mail addresses and any other such Data that may be required for the purposes of 3. Categories of data subject Employees, contractors, suppliers and customers of the Data Controller. Part B: Third Party Processors Microsoft UK Ltd, Datastore365 Ltd, Autotask (UK) Ltd, Inbay Ltd