Terms and Conditions (v2.7 May 2025)

Terms of Business for Supply of Services

 

1. AGREED TERMS

1.1 The definitions and rules of interpretation in this clause 1 will apply throughout this Agreement.

Acceptance or Accepted: means the earlier of: (i) when a Service or part of a Service is accepted in writing by Customer as meeting the Acceptance Criteria and (ii) a Service is live and being used by the Customer.

Acceptance Test: means the tests designed to assess whether all or any part of the Services meet the Acceptance Criteria and Acceptance Testing will be construed accordingly.

Acceptance Criteria means the criteria specified in any Service Order or associated Statement of Work.

Agreement: means the terms and conditions of this document, the Schedules and the Service Order(s);

Business Hours: 8am to 6pm on Business Days.

Business Day(s): Monday to Friday, excluding any UK public holidays.

Charges: the fees payable for the Service(s) and set out in the Service Order(s).

Commercially Reasonable Endeavours: means taking such steps and performing in such a manner as a well-managed company would undertake where such company was acting in a professional, prudent and reasonable manner to achieve the particular result for its own benefit.

Confidential Information: any information, however conveyed or presented, that relates to the Business, affairs, operations, customers, systems, processes, budgets, pricing policies, product information, strategies, developments, trade secrets, know-how, personnel and suppliers of the disclosing party, including intellectual property rights and personal data (as defined under the Data Protection Laws) together with all information derived by the receiving party from any such information and any other information clearly designated by a party as being confidential to it (whether or not it is marked “confidential”), or which ought reasonably be considered to be confidential. “Customer’s Confidential Information” and “The Provider’s Confidential Information” shall be interpreted accordingly.

Customer’s Data: any data (including any Customer Personal Data relating to the staff, customers or suppliers of the Customer and Customer’s Confidential Information and Customer’s IPR), documents, text, drawings, diagrams, images or sounds (together with any database made up of any of those), embodied in any medium, that are supplied to The Provider by or on behalf of the Customer, or which The Provider is required to generate, process, store or transmit pursuant to this Agreement.

Customer Personal Data: means any Customer Data relating to an identified or identifiable natural person (data subject).

Customer Technology: means the Customer owned and licensed technology, internet operations design, content, software, hardware, hardware designs, algorithms, user interface designs, architecture, class libraries, documentation, network designs, know-how, trade secrets and any related intellectual property rights throughout the world and including any derivatives, enhancements and extensions of the same.

Data: means all data relating to the provision of the Service(s) and any additional services provided by the Provider including, without limitation, information, data supplied, stored, collected, collated, accessed, or processed by or for the benefit of the Customer, such as Customer Data, Customer’s customer data, transactional data, system and process data.

Data Controller: means the person, public authority, agency or other body that, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. For purposes of this Agreement, it would be the Customer.

Data Processor: means the person, public authority, agency or other body which processes Personal Data on behalf of the Controller. For the purposes of this Agreement, it would be the Provider.

Data Subject: means the individual to whom Personal Data relates.

Default: means any non-material failing by either party to comply with the terms of this Agreement, including the provision of the Service(s).

Default Notice: means a notice of a Default served by either party on the other setting out in detail the nature of the Default.

Effective Date: means the earlier of the date that: (i) this Agreement is executed by both parties; or (ii) the receipt by the Provider of a Service Order or Purchase Order from the Customer.

Equipment: means any hardware or software that the Provider supplies to Customer and/or supports as specified on a Service Order or other form of order.

European Economic Area: means the member states of the European Union and Iceland, Liechtenstein and Norway.

Excluded Event: means any event that adversely impacts a Service that is caused directly by (i) the acts or omissions of Customer, its employees, customers, contractors or agents; (ii) a Force Majeure Event; (iii) a DOS or DDOS attack to Customer (unless DDoS mitigation forms part of the Services); (iv) scheduled maintenance notified to the Customer at least 24 hours in advance; (v) a change requested by the Customer which has been correctly performed by the Provider that results in the degradation of a Service; and, (vi) a suspension of Services by the Provider pursuant to clause 5.7 due to late payments.

Force Majeure Event: means any event, circumstance or cause beyond a party's reasonable control, including but not limited to acts of God, fire, flood, war, acts of terrorism, riot, civil commotion, governmental actions, labour disputes (save where such disputes involve the personnel of the non-performing party), epidemics, pandemics, any changes in law or regulations arising from any of the foregoing, and any similar events beyond the control of the non-performing party.

Initial Term: unless specified otherwise on the Service Order the initial term of each Service shall be for three years from the Service Commencement Date of each Service.

IPRs: any and all intellectual property rights of any nature anywhere in the world whether unregistered, registered, registerable or otherwise, including patents, utility models, trademarks, registered designs and domain names, applications for any of the foregoing, trade or Business names, goodwill, copyright and rights in the nature of copyright, design rights, rights in databases, moral rights, know-how and any other intellectual property rights which subsist in computer software, computer programs, websites, documents, information, techniques, Business methods, drawings, logos, instruction manuals, lists and procedures and particulars of customers, marketing methods and procedures and advertising literature, including the “look and feel” of any websites and/or interfaces. “Customer’s IPRs” and “The Provider’s IPRs” shall be interpreted accordingly.

Licences: means any licences that the Provider supplies to Customer as specified on a Service Order or other form of order.

Non-Recurring Services: means any consulting, one-off or set-up Services.

Personal Data Breach: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

Provider: means the Provider, and/or its contractors/subcontractors and employees.

Provider Technology: means Provider owned and licensed technology, Internet operations design, content, software, hardware designs, algorithms, user interface designs, architecture, class libraries, documentation, network designs, know-how, trade secrets and any related intellectual property rights throughout the world and including any derivatives, enhancements and extensions of the same.

Processing (Process): means in relation to Data or Personal Data collecting, recording, organisation, structuring, storage, adaption or alternation, retrieval, consultation, use, disclosure by transmission, dissemination, restriction, erasure or destruction.

Purchase Order: means a purchase order raised by the Customer ordering Services from the Provider.

Renewal Term: means further periods of 12 months following the end of the Initial Term or subsequent Renewal Terms.

Service(s): means the services set out in Service Order(s) which form part of this Agreement. Services shall not include the sale or provision to Customer of any Equipment or Licences.

Service Commencement Date: means for Non-Recurring Services when work on the Non-Recurring Service has commenced and in respect of other ongoing support Services shall be the earlier of: (i) when the Customer begins to use the Service; or (ii) following Acceptance of a Service by the Customer.

Service Credits: are as defined in clause 2 and the relevant Service Levels in Schedule 3.

Service Levels: the service levels to which the Service(s) are to be provided and set out in Schedule 3 of the Schedules.

Service Manager(s): the person identified as such, or any replacement person appointed by the relevant party pursuant to clause 8 being the person responsible for managing the Service(s) on behalf of each party and “The Provider Services Manager” and “Customer Services Manager” shall be interpreted accordingly.

Service Order(s): a quotation from the Provider sent to the Customer ordering a Service which has been accepted by the Customer or a Purchase Order sent to the Provider by the Customer ordering a Service which has been accepted by the Provider.

Schedules: The collective supplementary schedules documented separately and referenced in this agreement, including some or all of the following:

  • Schedule 1: Data Protection
  • Schedule 2: Acceptance Testing

Security Incident: A breach of the Customer’s IT security and/or Customer’s IT systems which requires investigation by Provider.

Statement of Work: means the schedule of work to be performed by Provider in order to deliver the Non-Recurring Services on a Service Order. Where required this document is produced by the Provider after receiving a Service Order.

Ticket Closure: is when the Ticket is deemed closed, when a Service alert or fault has been rectified or assessed as requiring no further action.

Ticket Open: means the logging of a Ticket by the Provider or the Customer.

Ticket: means a ticket generated by the Customer or the Provider in response to either: (i) Customer reporting a fault to the Provider; or (ii) the Provider detecting an alert or a service issue as part of its monitoring activity and/or a Service provision; or (iii) as a result of a Security Incident.

Term: the period of the Initial Term and any further Renewal Terms for which the Agreement or any individual Service continues before it is terminated in accordance with this Agreement.

UK GDPR: has the meaning given in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.

1.2 Words in the singular include the plural, and in the plural include the singular.

1.3 Unless the context otherwise requires, a reference to one gender shall include a reference to the other genders.

1.4 Clause and Schedule headings shall not affect the interpretation of this Agreement.

1.5 References to clauses and Schedules are, unless otherwise provided, references to the clauses of and Schedules to this Agreement.

1.6 A reference to a statute or statutory provision is a reference to it as it is in force for the time being, taking account of any amendment, extension or re-enactment and includes any subordinate legislation for the time being in force made under it.

1.7 Unless a right or remedy of a party is expressed to be an exclusive right or remedy, the exercise of it by a party is without prejudice to that party’s other rights and remedies.

1.8 A reference to this Agreement includes a reference to the Schedules, annexes and appendices to this Agreement.

1.9 A person includes a corporate or unincorporated body (whether or not having separate legal personality).

1.10 Any phrase introduced by the words “including”, “includes”, “in particular” or “for example” or similar shall be construed as illustrative and shall not limit the generality of the related general words.

1.11 Writing or written includes receipted email unless specified otherwise.

1.12 In the event of any conflict between these terms and conditions, Service Orders and the Schedules to this Agreement, the order of precedence is as follows: (1) the Service Order (2) these terms and conditions and (3) the Schedules.

2. SERVICES AND SERVICE CREDITS

2.1 The Customer appoints The Provider to provide the Service(s) pursuant to this Agreement in consideration for payment of the Charges.

2.2 The Non-Recurring Services may be delivered in a number of phases. The delivery timeframes shall be agreed between the Provider and the Customer and specified on a Statement of Work. Any such dates shall be estimates only and time shall not be of the essence for performance of the Non-Recurring Services. The Statement of Work and estimated timelines given within it may be updated as the project progresses.

2.3 The Customer may request additional Services from the Provider from time to time. The Provider is not obligated to deliver any additional Services unless agreed on a Service Order.

2.4 The relevant Charges for the any additional Services shall be specified on Service Orders.

2.5 Any agreement to change the Services shall be agreed in writing between the parties. For avoidance of doubt changes to operational documentation, including, inter alia: Service Managers; contact details; Statements of Work; project plans; agreed escalation and other service delivery processes shall not constitute a change to the Services or the Agreement.

2.6 Subject to clause 2.7 the Provider shall deliver each Service in accordance with the relevant Service Levels contained in Schedule 3 and, where it fails to deliver each Service in accordance with the Service Level, shall pay any associated Service Credits.

2.7 Service Credits:

    1. Will not be given where any Service Failure is caused by an Excluded Event;
    2. May only be claimed by Customer for the affected Service;
    3. May only be claimed by Customer for a Service failure affecting its systems, and Customer is not entitled to claim Service Credits on behalf of its users for consequential interruption or failure of Customer’s services;
    4. May not be paid to Customer if, at the date of the Service failure, Customer is in arrears of payment to the Provider or is otherwise in breach of the Agreement; and,
    5. Will not exceed in aggregate in any calendar month the monthly amount paid by Customer for the affected Service, save where the contrary is expressly stated in the relevant Schedule or Service Level.

2.8 Service Credits due will be calculated by the Provider within 10 Business days of the end of each month. These will be credited by the Provider in the month following the month in which the failure to achieve the Service Level occurs or as otherwise stated for that Service in Schedule 3.

2.9 Where the Customer has booked time for scheduled or unscheduled work, and then subsequently cancels or delays that work, whether temporarily or indefinitely, and whether the work is to be performed remotely or onsite then the Provider may, at its sole discretion, recover Charges in respect of this work as follows (“Cancellation Charges”): (i) 2 Business Days or less notice given to Provider – Cancellation Charges equivalent to 100% of Charges for work; (ii) 7 Business Days or less notice given to Provider – Cancellation Charges equivalent to 50% of Charges for work; and (iii) greater than 7 Business Days notice given to Provider – no Cancellation Charge. This is not a penalty but recognises the costs incurred by the Provider when work is cancelled close to the agreed delivery date.

2.10  Where Supplier’s implementation of any of the Non-Recurring Services are delayed beyond the dates which have been agreed with Customer on a Statement of Work due to the Customer failing to comply with their obligations under clause 4.2 the Provider reserves the right to either (i) re-quote for the Non-Recurring Service and/or (ii) charge the Customer for any additional project management time incurred based on its standard rate card. This is not a penalty but recognises the additional costs incurred by the Provider when work is delayed by the Customer beyond agreed dates

2.11 Where the Customer has taken penetration testing services as part of the Services then additional terms and conditions shall apply in connection with the penetration testing Service only. These are detailed in the Provider terms and conditions titled “Penetration Testing: Rules of Engagement” which will be sent to Customer.

2.12 Where Provider supplies Equipment of Licences to Customer:

    1. Customer acknowledges that it has selected the Equipment and has not relied upon any statements of representations from the Provider in making its selection. Furthermore the Provider has not made nor does make any other warranties of any kind, expressed or implied, including without limitation any warranty of fitness for a particular purpose, merchantability, or of nonfringement of third party rights and Customer purchases the equipment “as is”; and,
    2. Customer shall acquire title to the Equipment or right to use Licences upon full payment of the purchase price to the Provider. Prior to full payment being received title shall remain with the Provider.

2.13 The Provider does not and cannot control the flow of data to or from the Provider Technology and other portions of the Internet. Such flow depends in large part on the performance of Internet services provided or controlled by third parties. At times, actions or inactions of such third parties can impair or disrupt Customer’s connections to the Internet (or portions thereof). Although the Provider will use Commercially Reasonable Endeavours to take all actions which would reasonably be deemed appropriate to remedy and avoid such events, the Provider cannot guarantee that such events will not occur and disclaims all liability resulting from or related to such events provided that it has acted in accordance with this Agreement.

3. TERM

3.1 This Agreement shall begin on the Effective Date and shall continue until cancelled by either party in accordance with the provisions of this Agreement.

3.2 Each Service shall be provided for the Initial Term and thereafter shall continue for successive Renewal Terms until cancelled by either party in accordance with the provisions of clause 17.

3.3 Customer may, as a part of its internal processes, choose to raise Purchase Orders during the Term of this Agreement. Once a Service has commenced these are not required by the Provider and are only for internal administration purposes of the Customer and do not form part of the contractual terms between the parties. For avoidance of doubt should the Customer not decide to raise a Purchase Order for any Service during its Term then this shall not constitute giving notice to terminate or not to renew the Service.

3.4 Customer recognises Provider’s pricing takes into account many factors including but not limited to provisioning of staff to provide the Services, external software costs, initial costs of learning Customer systems, technical pre-sales and implementation costs which are not fully re-charged to Customer, technical staffing, staff training and insurance arrangements. Strict commitments to Initial and Renewal Terms and notice periods are therefore of the essence.

4. OBLIGATIONS OF EACH PARTY

4.1 The Provider shall use Commercially Reasonable Endeavours to:

    1. Discharge its obligations under this Agreement using personnel of required number, skill, experience and qualifications and with due skill, care and diligence in accordance with the best industry standards and practice;
    2. Ensure that all of its staff who will be involved with the Services will be trained to a competency and appropriate level, as reasonably expected to perform the Services with Commercially Reasonable Endeavours;
    3. Obtain and maintain all consents and regulatory approvals necessary to provide the Service(s);
    4. Obtain and maintain all necessary rights to the Provider’s Technology and The Provider's IPRs, or any other equipment and materials used by The Provider and/or made available by The Provider to the Customer which are used to perform the Service(s).

4.2 The Customer shall use Commercially Reasonable Endeavours to:

    1. Provide the Provider with access to the appropriate members of the Customer's staff as reasonably requested by Provider, in order for Provider to discharge its obligations under this Agreement;
    2. Respond to and provide such documentation, data and other information as Provider reasonably requests in order for Provider to perform its obligations under this Agreement;
    3. Provides access to the Customer Technology and Customer Data as reasonably required by the Provider in order for it to provide the Services;
    4. Ensure that any software which forms part of the Customer Technology is fully and correctly licenced;
    5. Maintain the Customer’s Technology in accordance with any manufacturer’s manual or user guide;
    6. In respect of devices or software managed by the Provider as part of the Services, allow the Provider to update or patch the devices or software as the Provider and/or the manufacturer recommends;
    7. Ensure that all of its staff who will be involved with the Services will be trained to a competency and appropriate level, as reasonably expected by the Provider, to enable them to receive the Services;
    8. Provide such assistance as Provider reasonably requests to facilitate successful migration/connection of the Customer's Technology with Provider's Technology and obtain any consents, licences or permissions required to enable this;
    9. Not, nor attempt or authorise, to access, use, maintain, or otherwise tamper with the any of Provider’s monitoring applications or Provider’s Technology used in the delivery of the Services.

4.3 The Customer warrants that: (i) any Customer Technology which the Provider is managing as part of the Services is running software which has been updated and patched to the latest versions within six (6) months prior to the Service commencing, (ii) any Customer Technology which is used by the Provider but the Provider is not managing will be updated during the course of the Agreement such that it will always run software which is updated and patched to versions not more than six (6) months old, and (iii) will provide reasonable notice to Provider of any upgrades or changes to the Customer’s Technology.

4.4 The Provider may supply quotations for the annual support of Equipment and annual costs for Licences to Customer in advance of their expiry date. These shall only be renewed on receipt of an order for their renewal from the Customer.

4.5 Where the Provider has sold Microsoft licences, provided Microsoft licences as part of the Services or provided Services related to Microsoft products the Customer consents to using Commercially Reasonable Endeavours to endorse a Microsoft Proof of Execution claim using the Microsoft Claiming Partner of Record (CPOR) platform showing the Microsoft licences and/or services provided by the Provider to the Customer.
 
4.6 Customer will, using Commercially Reasonable Endeavours and guidance from the Provider, claim, or enable the Provider to claim, any eligible and applicable funding available under the Microsoft Commerce Incentive (MCI) program in relation to the Services provided to the Customer under this Agreement. In the event that such funding is successfully obtained, Customer agrees to pass through the benefit of the funding to the Provider.
 

4.7 Except as otherwise provided, the parties shall each bear their own costs and expenses incurred in respect of compliance with their obligations under this Agreement.

5. CHARGING AND INVOICING

5.1 The Customer shall pay the Charges to the Provider in accordance with this clause 5.

5.2 The Provider shall invoice the Customer and the Customer shall make payment of the Charges to the Provider on the following terms:

    1. Payment of Charges for any Non-Recurring Services is due 50% on acceptance of the Service Order by the Provider and 50% on Acceptance of the Service, or the part of a Service Accepted, by the Customer.
    2. On-going Services are payable annually in advance.
    3. Equipment and Licences shall be invoiced on receipt of order and payable on delivery.
    4. Any other Services are payable 30 days after the date of the relevant invoice.

5.3 The Charges given on Service Orders are exclusive of Value-Added Tax or other applicable taxes, which will be added to the Charges the Customer is responsible for paying. These will be specified on each invoice.

5.4 All payments will be made in the United Kingdom in Pounds Sterling or in the currency which any non-UK Services are stated on the Service Order.

5.5 If payment terms different to those detailed in clause 5 are agreed on a Service Order, those terms shall apply to that Service Order only and not Services provided under different Service Orders.

5.6 Interest shall be payable in respect of the late payment of any Charges properly invoiced under this Agreement at a rate of 4% above the Bank of England base rate from time to time.

5.7 If Customer is late in its payments and it has not served a Default Notice, the Provider may suspend some or all of the Services provided to the Customer on the following basis:

    1. Provider shall issue a written notice to Customer detailing the amounts outstanding, requesting payment of them and stating that it has the right to suspend some or all of the Services in the event that payment is not received within ten (10) Business Days of Customer receipt of the written notice.
    2. The Customer shall remain liable to continue paying for the Service during the period of suspension.
    3. In the event that payment is not received within ten (10) Business Days of Customer receipt of the written notice Provider may suspend any Service or part or portion of any Service until the outstanding payments are settled in full including amounts owed in interest and for the period during which the Service was suspended.

6. PRICE INCREASES

6.1 During the Initial Term on each anniversary of the Service Commencement Date and at the start of each Renewal Term the Provider may increase Charges for each Service (including the prices contained in the Rate Card contained in Schedule 4) by an amount of the higher of (i) 4% or (ii) the percentage increase from the preceding 12 months in the official RPI index or, if this index ceases to be published, any other retail price index published in substitution. The Provider is entitled to charge these increased prices with retrospective effect within 1 year from the date on which the increased prices were eligible to have been charged on the basis of this clause.

6.2 In addition to clause 6.1 the Provider may increase Charges by giving the Customer sixty (60) days written notice of any such price increases, which notice may be given during the Initial Term to be effective when it ends, or during any Renewal Term to be effective from the start of the next Renewal Term.

6.3 In the event that Customer does not accept the revised pricing given in accordance with clause 6.2 above, notwithstanding the notice periods referred to in clause 17 of this Agreement and excluding any prices increases under clause 6.1, it can, within thirty (30) days of receipt of the revised pricing, give written notice to the Provider that it will terminate the Service with effect from the date the revised pricing was to be effective. The Provider shall have the option, within thirty (30) days of receipt of such notice, and at its sole discretion to withdraw the price increase advised under clause 6.2 in which case the Customer shall not be able to terminate the Service under clause 6.3.

7. SUB-CONTRACTORS/THIRD PARTIES

7.1 The Provider may use contractors, sub-contractors, or third parties, for the delivery of the Service(s), including, but not exclusively, the supply of personnel or other resources to the Provider and hosting of the Provider’s Software and systems.

7.2 Notwithstanding its right to sub-contract pursuant to this clause 7, The Provider shall remain responsible for all acts and omissions of its contractors and sub-contractors and the acts and omissions of those employed or engaged by the sub-contractors as if they were its own.

8. CONTRACT MEETINGS, DEFAULT AND SERVICE CREDITS

8.1 During the Term the Service Managers of each party shall meet on an agreed basis to discuss the operational delivery of the Services, any potential improvements to the operational delivery of the Services and any recommendations the Provider has in general for the Customer.

8.2 Where a party considers there to be a Default then it shall serve a Default Notice on the other party in writing as soon as practicably possible upon becoming aware of the Default and in any event no later than 7 Business Days after becoming aware of the Default. The Default Notice will set out in detail the nature of the Default, any potential resolution to the Default and if practical an implementation plan to remedy such Default and take such steps as reasonably necessary to prevent the Default occurring again.

8.3 In response to a Default Notice:

    1. The Service Managers shall meet as soon as practicable depending on the urgency of the Default and within 10 Business Days of receipt of the Default Notice;
    2. Within 10 Business Days of such meeting The Provider shall present to the Customer a proposed resolution to the Default and, if relevant, an implementation plan to remedy such Default and to take such steps as reasonably necessary to prevent the Default occurring again (“Remedial Plan”);
    3. The Customer shall provide The Provider with its written acceptance (not to be unreasonably withheld or delayed) of the Remedial Plan or provide a written rejection setting out the grounds for rejection within 10 Business Days;
    4. Once agreed the Provider and, if applicable, the Customer shall begin implementing the Remedial Plan with immediate effect;
    5. Notwithstanding the issue of a Default Notice the Customer will continue to pay the applicable Charges.

8.4 In the event that the Remedial Plan fail to address the Default then the parties shall meet again the process as detailed in clause 8.3 shall be repeated until the Default has been remedied.

8.5 In the event that:
    1. The Provider materially fails to implement the Remedial Plan; or
    2. The Customer or the Provider acting reasonably determines that no further attempts can be made to resolve the Default; or
    3. A Remedial Plan has failed on three occasions to remedy the Default or similar Default within any twelve (12) month period.

then the Customer or Provider may terminate the Service in connection with which the Default Notice was served immediately by written notice.

9. DATA PROTECTION

9.1 For the purposes of this clause 9, the terms controller, data subject, personal data, personal data breach, processor and processing, shall have the meaning given to them in UK GDPR.

9.2 Both parties will comply with all applicable requirements of UK GDPR. This clause 9 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under UK GDPR.

9.3 In connection with Customer Personal Data the Customer is the data controller and the Provider (with its subcontractors) shall process the Customer Personal Data as a processor on behalf of the Customer.

9.4 Should the determination in clause 9.3 change, then each party shall work together in good faith to make any changes which are necessary to this clause 9 or the related schedules.

9.5 In relation to the Customer Personal Data, Schedule 1 sets out the scope, nature and purpose of processing by The Provider, the duration of the processing and the types of personal data and categories of data subject.

9.6 The Provider shall, in relation to Customer Personal Data:

1. Process that Customer Personal Data only on the documented instructions of the Customer, unless the Provider is required by UK GDPR to otherwise process that Customer Personal Data. Where the Provider is required by UK GDPR to process the Customer Processor Data, the Provider shall promptly notify the Customer of this before performing the processing required by UK GDPR unless UK GDPR prohibits the Provider from so notifying the Customer on important grounds of public interest. The Provider shall immediately inform the Customer if, in the opinion of the Provider, the instructions of the Customer infringe UK GDPR;

2. Have in place or implement appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Customer Personal Data and against its accidental loss, damage or destruction, including inter alia as appropriate:

      1. the pseudonymisation and encryption of Customer Personal Data;
      2. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
      3. the ability to restore the availability and access to Customer Personal Data in a timely manner in the event of a physical or technical incident; andHave in place or implement appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Customer Personal Data and against its accidental loss, damage or destruction, including inter alia as appropriate:
      4. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
        In assessing the appropriate level of security, The Provider shall take into account in particular of the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer Personal Data transmitted, stored or otherwise processed.Ensure, and procure, that any personnel engaged and authorised by The Provider to process Customer Personal Data keep the Customer Personal Data confidential;the data subject has enforceable rights and effective legal remedies;

3. Ensure, and procure, that any personnel engaged and authorised by The Provider to process Customer Personal Data keep the Customer Personal Data confidential;

4. With the exception of the data processing agreement in Schedule 1 not to transfer any Customer Personal Data outside of the UK, the Philippines or the European Economic Area unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled:

      1. The Customer or The Provider has provided appropriate safeguards in relation to the transfer;
      2. The data subject has enforceable rights and effective legal remedies;
      3. The Provider complies with its obligations under the Data Protection Laws by providing an adequate level of protection to any Customer Personal Data that is transferred; and
      4. The Provider complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Customer Personal Data;

5. Promptly assist the Customer, in responding to any request from a data subject and in ensuring compliance with the Customer's obligations under Applicable Data Protection Laws with respect to security, breach notifications, impact assessments and consultations with the Commissioner, supervisory authorities or other regulators and, in particular, The Provider shall promptly notify the Customer if it receives any complaint, notice or communication (whether from the Commissioner, any data subject, supervisory authority or other third party) which relates to processing of Customer Personal Data.

6. Notify the Customer without undue delay (and no later than 72 hours) after becoming aware of a personal data breach;

7. At the written direction of the Customer, delete or return Customer Personal Data and copies thereof to the Customer on termination of the agreement unless required by Applicable Data Processing Law to store the Customer Personal Data;

8. Maintain complete and accurate records and information to demonstrate its compliance with this clause

9. The Provider (Data Processor) has the Customer’s (Data Controller) general authorisation for the engagement of sub-processors subject to the Provider entering into a written contract with any such sub-processor that:

      1. Contains terms substantially the same as those set out in this clause 9, in particular, in relation to requiring appropriate technical and organisational data security measures, and upon the Customer’s written request, the Provider provides the Customer with copies of the relevant excerpts from such contracts;
      2. Provides that the Provider maintains control over all of the Customer Personal Data it entrusts to a sub-processor;
      3. Ensures that that the Provider remains responsible for all acts or omissions of any such sub-processor as if it were its own; and
      4. Terminates automatically on termination of this Agreement for any reason.

10. The Provider shall inform in writing the Customer of any proposed changes concerning the addition or replacement of sub-processors at least one month in advance, allowing the Customer the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s).

10. FAIR USAGE

10.1 The Charges are based on an average volume of expected tickets per user per month (“Events Per User”). The Customer acknowledges and agrees that the initial Charges were based around estimates from The Provider’s initial scoping exercise of the expected Events Per User. The first six months of Service will be used to establish a benchmark Events Per User. Should this benchmark Events Per User differ materially from the expected Events Per User from the initial scoping exercise the parties shall meet to reasonably agree whether this benchmark is expected to continue or whether it is expected to reduce in future periods for any reason, such as due to unusual events in this period or because the Service has not yet been optimised. If this benchmark is expected to continue the parties shall reasonably agree changes to the Charges based on this benchmark Events Per User. In the event that no changes are agreed the Provider, at its sole discretion, may terminate the affected Service immediately via written notice.

10.2 Once the Events Per User benchmark has been established should the Events Per User (reviewed over 3-month periods) be 30% more than the benchmark Events Per User due to actions of the Customer then The Provider may charge a pro-rata increase in its Charges of the affected Service for such 3-month periods of increased Events Per User.

11. NON-SOLICITATION

11.1 Both parties agree that during the term of the Agreement and for a period of eighteen (18) months following termination or expiry, the parties will not, without prior written consent of the other party, directly or indirectly, solicit, employ, retain the Service(s) of, interfere with or attempt to entice away from the other party or Group Company of the other party, any person who was an employee, independent consultant, contractor, or agent of the other party at any time during the term of the Agreement.

11.2 If Provider or the Customer breaches clause 11.1, that party must pay the other party damages equal to the relevant employee’s annual salary or contractors’ annual cost together with any training costs that have been provided to the relevant employee or contractor in the 12 months before the breach occurred.

11.3 The provisions of clauses 1 and 11.2 will not apply if an employee has been dismissed or made redundant by either party.

11.4 Customer acknowledges that employees, consultants, and contractors of the Provider have signed agreements with the Provider which include covenants that such persons shall not accept employment or engagement with any customers of the Provider.

12. INTELLECTUAL PROPERTY RIGHTS

12.1 This Agreement does not transfer from Provider to Customer any Provider Technology, and all rights, title and interest in and to Provider Technology will remain solely with Provider.

12.2 This Agreement does not transfer from Customer to Provider any Customer Technology, and all right, title and interest in and to Customer Technology will remain solely with Customer.

12.3 All intellectual property, including any reports, processes or tooling developed by the Provider during the performance of the Services, shall form part of the Provider Technology.

12.4 Provider and Customer each agrees that it will not reverse engineer, decompile, disassemble or otherwise attempt to derive source code or other trade secrets from the other party.

13. GRANT OF LICENCES

13.1 For the purposes of providing the Services, the Customer hereby grants to The Provider a royalty-free, non-exclusive, non-transferable licence during the Term to use, copy and modify:
    1. The Customer Technology; and
    2. The Customer Data, including the right to grant limited sub-licences to its sub-contractors.

13.2 In the event of the termination or expiry of this Agreement, the licence referred to in clause 1 shall terminate automatically on the date of termination or such date when any replacement service provider is in place in accordance with clause 19.

13.3 Where required to enable the Provider to provide the Services, the Provider hereby grants to the Customer, in consideration of the Customer’s payment of any Charges in accordance with this Agreement, a non-exclusive, non-transferable licence during the Term to use the Provider Technology.

14. CARE OF THE CUSTOMER ESTATE

14.1 The Customer is responsible for arranging insurance to cover any loss or damage to Customer Technology and Customer Data.

14.2 The Provider will have no liability for any loss or damage to the Customer Technology and Customer Data, except as caused directly by the Provider’s fraud or wilful default or that of its employees, agents or subcontractors.

15. CONFIDENTIALITY

15.1 Each party acknowledges that it will have access to certain Confidential Information of the other party during the Term. Each party agrees that it will not use in any way, for its own account or for any third party, except as expressly permitted by, or required to achieve the purposes of, this Agreement, nor disclose to any third party, any of the other party’s Confidential Information and will take reasonable precautions to protect the confidentiality of such information, at least as stringent as the measures it takes to protect its own Confidential Information. Notwithstanding the foregoing, a party (“the Disclosing party”) may disclose the other party’s Confidential Information: (i) to any of its consultants, contractors and professional advisers who have a need to know the Confidential Information and have executed a protective non-disclosure agreement with the Disclosing party, or (ii) as required by law or any government or other regulatory authority.

15.2 Clause 1 shall not apply to the extent that:

    1. Such information was obtained lawfully from a third party without obligation of confidentiality; or
    2. Such information was already in the public domain at the time of disclosure otherwise than through a breach of this Agreement; or
    3. Such information was independently developed without access to the other party's Confidential Information.

15.3 Neither party shall and shall procure that all personnel and employees do not, use any of the other’s Confidential Information received otherwise than for the purpose of delivering the Service(s) under this Agreement.

15.4 This clause 15 shall survive expiry or termination of this Agreement for a period of 5 years.

15.5 Nothing in this clause 15 shall prevent either party from using any techniques, ideas or know-how gained during the performance of this Agreement in the course of its normal Business to the extent that this use does not result in a disclosure of the other party's Confidential Information.

16. LIMITATIONS ON LIABILITY AND INDEMNITIES

16.1 Nothing in this Agreement will exclude or limit any liability, the exclusion or limitation of which is prohibited as a matter of English law, including fraud or fraudulent misrepresentation, death or personal injury caused by negligence, or deliberate default or wilful misconduct.

16.2 In no event will either party be liable or responsible to the other for:

    1. Indirect or consequential damages;
    2. Lost revenue;
    3. Lost or imputed profits or revenues;
    4. Replacement goods;
    5. Loss of technology;
    6. Loss of rights or services;
    7. Loss of data;
    8. Loss of software or firmware;
    9. Interruption or loss of use of service or equipment; or,
    10. Anticipated savings.

16.3 The Provider will not be liable for breach of contract or any losses, damages, service credits or claims however arising, if the Provider is unable to perform the Service(s) due to the Customer’s:

    1. Negligence, actions or inactions;
    2. Failure to provide relevant information to the Provider within reasonable timeframes; or
    3. Failure or refusal to follow the Providers recommendations around patching and upgrading the Customer Technology the Provider is managing.

16.4 The Provider has given commitments as to compliance of the Services with relevant specifications in clause 4. In view of these commitments, the terms implied by sections 13 to 15 of the Sale of Goods Act 1979 and sections 3 to 5 of the Supply of Goods and Services Act 1982 are, to the fullest extent permitted by law, excluded from this Agreement.

16.5 Each party’s total liability in contract, tort (including without limitation negligence or breach of statutory duty howsoever arising), misrepresentation (whether innocent or negligent), restitution or otherwise, arising in connection with the performance or contemplated performance of the agreement shall be limited to the higher of: (i) 200% of the total net Charges paid by Customer to Provider in the twelve month period immediately preceding the date on which the claim or series of connected claims arises; or (ii) 200% of the total net Charges due by Customer to Provider in the twelve month period immediately following the date on which the claim or series of connected claims.

16.6 The limitations of liability in clause 16.5 shall not apply to:

    1. Any breach by either party of their obligations under clause 13 (Intellectual Property Rights) and clause 15 (Confidentiality); or
    2. Any breach by the Customer of its payment obligations

16.7 During the term of the Agreement, both parties will maintain adequate insurance policies in amounts and covering risks as are necessary, prudent and consistent with industry practice for the conduct of their respective Businesses and the value of their respective properties. The Provider agrees to keep in force during the Term a professional indemnity insurance policy of not less than £5million per occurrence.

16.8 Where the Provider is asked to recommend products and/or service of a third party to the Customer the Provider does not warrant that the purchase of the products/services will satisfy the Customers requirements and the Provider accepts no responsibility if the products/services fail to meet the Customer’s requirements.

17. TERMINATION

17.1 Termination for Convenience:
    1. Each Service may be terminated by either party by giving ninety (90) days written notice to the other party prior to the end of the Initial Term or a Renewal Term. If no such notice is given the Service shall continue for additional Renewal Terms.
    2. The Agreement may be terminated by either party giving ninety (90) days written notice to the other party such notice to be effective once all the Services have been terminated in accordance with this Agreement.

17.2 Termination of a Service for cause. Either party may terminate a Service immediately by written notice in accordance with the provisions of clause 8.5. The Provider may terminate a Service immediately by written notice in accordance with the provisions of clause 10.1.

17.3 Termination of Agreement for cause. Either party may, in its sole discretion, terminate this Agreement and all Services immediately by written notice if:
    1. The other party materially breaches any term or condition of this Agreement, and (if such breach is remediable) fails to remedy that breach within thirty (30) days after receipt of written notice to do so.
    2. The other party becomes the subject of a voluntary petition in bankruptcy or any voluntary proceeding relating to insolvency, receivership, liquidation, or composition for the benefit of creditors.
    3. The other party becomes the subject of an involuntary petition in bankruptcy or any involuntary proceeding relating to insolvency, receivership, liquidation, or composition for the benefit of creditors, if such petition or proceeding is not dismissed within sixty (60) days of filing.
    4. Due to Force Majeure Events under clause 25.

17.4 If the Agreement is terminated by Customer under clause 17.3 or by Provider under clause 17.3.4 no further Charges will be payable after the date of termination. If the Provider terminates the Agreement under clauses 17.3.1, 17.3.2 or 17.2.3 then all Charges payable up until the end of the Initial Term or Renewal Term, if the Agreement has extended beyond the Initial Term, shall be payable on termination.

17.5 The Provider may terminate this Agreement and all Services immediately via written notice if the Customer fails to pay the Charges by the due date for payment and remains in default for not less than fifteen (15) Business Days after being notified in writing to make the payment.

17.6 During the course of any notice period the Provider shall continue to provide the Services and the Customer shall continue to pay the Charges in respect of the Services.

18. EFFECT OF EXPIRY AND TERMINATION

18.1 Without prejudice to the rights in clause 17, and subject to other provisions of this Agreement, on termination of this Agreement for any reason:
    1. The Provider will cease providing the Services to the Customer;
    2. All undisputed payment obligations of Customer under this Agreement for Services provided through to the date of termination will immediately become due;
    3. Within thirty (30) days of such termination, each party will, on request, return or destroy all Confidential Information of the other party in its possession and will not make or retain any copies of such Confidential Information except as required to comply with any applicable legal or accounting record keeping requirement; and,
    4. The Customer shall cease to use any of the Provider’s Technology.

18.2 The following provisions will survive any expiration or termination of the Agreement: clauses 9, 12, 15, 16, 24, 27, 28, 29 and 32.

19. EXIT AND SERVICE TRANSFER

19.1 Where this Agreement expires, or is terminated for whatever cause, The Provider shall provide such reasonable assistance as required to facilitate the appointment and provision of similar services to the Service(s) by a suitable third party. The reasonable costs of assistance and will be charged by the Provider to the Customer on a time and materials basis at its standard rates set out in Schedule 4 unless otherwise agreed between the parties at the time.

20. DISPUTE RESOLUTION

20.1 If a dispute arises out of or in connection with this Agreement, or the performance, validity or enforceability of it (“Dispute”), then the parties shall, before commencing any proceedings, follow the procedure set out in this clause. Notwithstanding the existence of a dispute, each party shall continue to perform its obligations under this Agreement.

20.2 The Customer or the Provider shall give to the other formal written notice of the Dispute, whereupon the relevant Service Managers of each party, acting in good faith, shall attempt to resolve the Dispute.

20.3 If the Dispute has not been resolved within 14 days of receipt by either party of the written notice referred to in clause 20.2, then the dispute shall be referred to the below parties, who shall, acting in good faith, meet in an attempt to resolve the Dispute .

    1. The Chief Operating Officer or the Chief Executive Officer of the Provider (or to any employee or officer of that party nominated and fully authorised by the relevant chief executive officer to resolve such dispute); and
    2. The Chief Information Officer or the Chief Operating Officer of the Customer (or to any employee or officer of that party nominated and fully authorised by the relevant chief operating officer to resolve such dispute).

20.4 If the Dispute has not been resolved by the parties set out in clause 20.3 within a period of 14 Business Days or such other period as is mutually agreed in writing, the dispute may be pursued by any party in such manner as it sees fit.

21. ANTI-BRIBERY

21.1 Both parties agree and undertake that they shall:
    1. Comply with all applicable laws, regulations and financial sanctions relating to anti-bribery, terrorism and anti-corruption, including the Bribery Act 2010 (the "Bribery Regulations”).
    2. Not engage in any activity, practice or conduct which would constitute an offence under sections 1, 2 or 6 of the Bribery Act 2010 if such activity, practice or conduct had been carried out in the United Kingdom.
    3. Have in place adequate procedures designed to prevent any person Business for them or engaged by them from engaging in any activity, practice or conduct which would infringe any Bribery Regulations.

21.2 Each party shall immediately notify the other party as soon as it becomes aware of a breach or possible breach of any of the requirements of the Bribery Regulations.

22.3 A breach of this clause shall constitute a material breach of the Agreement.22.

22. MODERN SLAVERY

22.1 The Provider warrants that:

    1. Neither The Provider nor any of The Provider Personnel, Sub-contractors or any other member of its supply chain has:
      a) Committed an offence under the Modern Slavery Act 2015 (an Agreement Offence); or
      b) Been notified that it is subject to an investigation relating to an alleged Agreement Offence or prosecution under the Modern Slavery Act 2015; or
      c) Is aware of any circumstances within its supply chain that could give rise to an investigation relating to an alleged Agreement Offence or prosecution under the Modern Slavery Act 2015;
    2. It shall comply with the Modern Slavery Act 2015 and the Modern Slavery Policy;
    3. If applicable, its responses to the Customer’s modern slavery and human trafficking due diligence questionnaire are complete and accurate; and
    4. It shall notify the Customer immediately in writing if it becomes aware or has reason to believe that it, or any of The Provider’s staff, workers, Sub-contractors or any other member of its supply chain has breached or potentially breached any of The Provider’s obligations under this clause. Such notice to set out full details of the circumstances concerning the breach or potential breach of The Provider’s obligations.

23. ASSIGNMENT AND NOVATION

23.1 Neither party shall assign, novate or otherwise dispose of any or all of its rights and obligations under this Agreement without the prior written consent of the other party (such consent shall not be unreasonably withheld or delayed especially if such assignment or novation purely relates to restructuring of the party’s group of companies).

24. WAIVER, SEVERANCE, AND ACCUMULATION OF REMEDIES

24.1 The rights of either party arising out of any provision of this Agreement or any breach of it shall not be waived except in writing. Any waiver by either party of any of its rights under this Agreement or of any breach of this Agreement shall not be construed as a waiver of any other rights or of any other or further breach.

24.2 A failure or delay by a party to exercise any right or remedy provided under this Agreement, by law or otherwise shall not constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict any further exercise of that or any other right or remedy.

24.3 In the event any provision or part-provision of this Agreement is or becomes invalid, illegal or unenforceable, it shall be deemed deleted, but that shall not affect the validity and enforceability of the rest of this Agreement.

25. FORCE MAJEURE

25.1 Neither party will be liable for any failure or delay in performance under the Agreement (other than a failure to comply with payment obligations) due to a Force Majeure Event provided that the party claiming Force Majeure could not have avoided the effect of the Force Majeure Event by taking precautions that, having regard to all matters known to it before the occurrence of the Force Majeure Event, it ought reasonably to have taken but did not take and the party claiming Force Majeure has used Commercially Reasonable Endeavours to mitigate the effect of the Force Majeure Event and to carry out its obligations under this Agreement in any other way that is reasonably practicable.

25.2 If either party is prevented by a Force Majeure Event from wholly or substantially performing its obligations under this Agreement for a continuous period of more than 20 Business Days, the other party shall be entitled to terminate this Agreement immediately via written notice.

26. RELATIONSHIP OF THE PARTIES

26.1 The Provider and Customer are independent contractors and this Agreement will not establish any relationship or partnership, joint venture, employment, franchise or agency between the Provider and the Customer.

27. THIRD PARTY RIGHTS

27.1 A person who is not a party to this Agreement shall not have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any term of this Agreement.

28. NOTICES

28.1 Any notice given to a party under or in connection with this Agreement shall be in writing and shall be: (i) delivered by hand or by pre-paid first-class post or other next Business Day delivery service at its registered office or its principal place of Business (if a company); or (ii) sent by email to any email address that the recipient regularly uses.

28.2 Any notice shall be deemed to have been received:

    1. If delivered by hand, on signature of a delivery receipt; or
    2. If sent by pre-paid first-class post or other next Business day delivery service, at 9.00 am on the second Business Day after posting or at the time recorded by the delivery service; or
    3. If sent by email, once the email has been either: (i) acknowledged by the recipient, or (ii) replied to by an employee of suitable authority of the recipient party (other than by an automated reply); or (iii) its successful delivery can be demonstrated by the sending party.

28.3 This clause does not apply to the service of any proceedings or other documents in any legal action or, where applicable, any arbitration or other method of dispute resolution.

29. TUPE

29.1 The parties do not anticipate that the Transfer of Undertakings (Protection of Employment) Regulations 2006 (“TUPE Regulations”) will apply to this Agreement either on the Effective Date or at the expiry or termination of this agreement. The parties however recognise that a review may be necessary to ascertain whether there is a service provision change as defined by regulation 3(1)(b) of the TUPE Regulations.

30. MARKETING

30.1 Customer agrees that the Provider may publicly refer to Customer as a customer of Provider provided that no details are given. For the avoidance of doubt such a reference shall not be an endorsement of the Provider or imply any association between the Parties other than that of customer and service provider. Any press release or paid for advertising about Customer’s use of the Services requires the prior written consent of Customer.

31. GOVERNING LAW AND JURISDICTION

31.1 This Agreement shall be governed by and construed in accordance with the laws of England and Wales.

31.2 Any dispute, controversy, proceedings or claim between the Customer and the Provider relating to this Agreement shall fall within the exclusive jurisdiction of the courts of England and Wales.

SCHEDULE 1 – DATA PROCESSING

Scope

The Data Processor shall carry out the following processes:

  • Provide Cyber Security services in order to comply with its obligations under the Agreement.

Nature

Processing the data consists of the following: collecting, sorting, saving, transferring, restricting, sharing and deleting data.

Purpose

The data is processed for the following purpose: To provide cyber security services.

Duration

Processing shall begin on the Service Commencement Date and be carried out for an unspecified period until this Agreement or any relevant Service expires or is terminated.

Types of Personal Data

The following data is to be processed: Data entered by the Data Controller's customers’ end-users in the process of using the service, which data may include, but will not necessarily be limited to:

    1. User accounts;
    2. Corporate email addresses;
    3. IP addresses (which may include home IP addresses);
    4. Other unique identifiers that identify individuals on the customers systems;

Categories of Data Subject

The following data subjects are affected by the data being processed: employees and officers of the Data Controller.

Organisational and Technical Data Protection Measures

    1. The data protection measures may be adjusted according to the continued technical and organisational advancement as long as the legally required minimum has been sufficiently met. The Data Processor shall immediately implement the changes required for the purposes of maintaining information security. The Data Controller is to be immediately informed of any changes. Any significant changes are to be agreed upon by the parties.
    2. Should the security measures implemented by the Data Processor not, or no longer, be sufficient, the Data Processor is to inform the Data Controller immediately.
    3. Copies or duplicates are not to be created without the Data Controller's knowledge. Any technically necessary, temporary duplications are exempt, provided any adverse effects to the agreed upon level of data protection can be ruled out.
    4. Should the data be processed in a private residence, the Data Processor is to ensure that a sufficient level of data protection and data security is maintained and that the Data Controller's supervisory rights as determined in this contract can also be exercised without restriction in the private residence.
    5. Dedicated data media, which originate from the Data Controller or which are used for the Data Controller, are to be specifically marked and are subject to ongoing administration. They are to be appropriately stored at all times and must not be accessible to unauthorised persons. Any removals and returns are to be documented.

SCHEDULE 2 – ACCEPTANCE PROCESS

The Acceptance criteria shall test that the Deliverables (as defined below) meet the functional requirements, performance criteria and security requirements as agreed between the parties.

Any dispute between the Provider and the Customer regarding Acceptance shall be referred to the dispute resolution procedure set out in clause 20 of the Agreement.

1. Definitions

In this Addendum, the following terms shall have the following meanings and all other defined terms used in this Addendum shall have the meanings set out in each clause or under clause 1.1 Agreed Terms

“Defects” means any defects, errors or omissions in a Deliverable which causes the Deliverable to fail to meet the Acceptance Criteria;

“Deliverable” means any Service, part of a Service or milestone associated with the provisioning of a Service as set out on a Service Order or associated Statement of Work;

2. Acceptance Test Plan

The Provider shall create and develop an Acceptance Test plan for the approval by the Customer as soon as practicable but in any case, no later than five (5) Business Days prior to the start date of the relevant Acceptance Testing. The Customer shall accept or specify amendments to the Acceptance Test plan no later than two (2) Business Days prior to the start date of the relevant Acceptance Testing.

The Acceptance Test plan shall specify the Acceptance Test definition, purpose, the Deliverables to be Acceptance Tested, the Acceptance Criteria, the procedure for the Acceptance Tests and the timetable for the Acceptance Tests, including start and end dates.

3. Acceptance Testing

The Provider shall issue a notification in writing to the Customer when it believes a Deliverable fulfils the Acceptance Criteria and is ready to undergo Acceptance Testing (“Notification”).

The Customer shall, within five (5) Business Days of receipt of the Notification from the Provider (and in respect of a Repeat Notification, within five (5) Business Days of receipt of the relevant Repeat Notification) or any longer period agreed by the Parties in writing, conduct Acceptance Testing in order to determine whether the Deliverable has satisfied the Acceptance Criteria (“Acceptance Testing Period”).

Unless agreed otherwise by both parties, the Provider shall undertake Acceptance Tests in accordance with the Acceptance Test plan in conjunction with the Customer.

The Customer may elect to undertake its own further Acceptance Tests in accordance with the Acceptance Test plan, and the Provider shall assist the Customer in connection with such Acceptance Tests. In the event of the failure of any Deliverable to meet the Acceptance Criteria when the Customer conducts its own Acceptance Tests, the Provider may request that the Customer re-performs the Acceptance Test in conjunction with the Provider so that the Provider may observe the failure and understand the reasons for the failure.

The Customer shall, by 18:00 on the Business Day following the completion of the relevant Acceptance Test (“Acceptance Reporting Period”) notify the Provider in writing, which may be delivered by e-mail, whether the Deliverable:

    1. Has passed Acceptance Testing, in which case the Customer shall confirm this in writing to the Provider (“Acceptance Pass Confirmation”); or
    2. Has not passed Acceptance Testing and is rejected, in which case the Customer shall identify in its notification the reasons for the rejection and provide reasonable details of the Defects identified during Acceptance Testing (“Rejection Notice”).

If the Customer does not either:

    1. Conduct the Acceptance Testing within the Acceptance Testing Period; or,
    2. Issue a Rejection Notice or an Acceptance Pass Confirmation within the Acceptance Reporting Period.

The Provider shall notify the Customer and the Customer’s Service Manager that it has not performed the Acceptance Testing or issued a Rejection Notice or Acceptance Pass Confirmation (“Repeat Notification”) and the Customer shall: (i) within five (5) Business Days of receipt of the Repeat Notification conduct the Acceptance Testing and issue the Rejection Notice or Acceptance Pass Confirmation; or, (ii) within one (1) Business Day issue the Rejection Notice or Acceptance Pass Confirmation, as appropriate.

If the Customer does not issue either a Rejection Notice or an Acceptance Pass Confirmation within five (5) Business Days of receipt of the Repeat Notification the relevant Deliverable will be deemed Accepted by the Customer even in the absence of an Acceptance Pass Confirmation.

4. Correction of Defects for Deliverables and Repeat Acceptance Testing

If the Customer reasonably determines that the Acceptance Criteria have not been met in respect of a Deliverable, the Provider shall correct any Defect, at its own cost, and shall re-issue a Notification to the Customer when the Deliverable is ready for a repeat Acceptance Test (“Repeat Acceptance Testing”).

Both parties shall follow the procedures and timescales detailed in clause 3 of this Schedule for Acceptance Testing in respect of Repeat Acceptance Testing.

Service Level Agreement (SLA)

CONTRACTED HOURS OF COVER PRIORITY DESCRIPTION RESPONSE TIMES

ENHANCED HOURS*
24x7 x 365 Days

1 Critical - i.e. System Outage 30 Minutes
2 High - i.e. System Fault 1 hour

STANDARD HOURS
Monday - Friday
8am - 5:30pm

3 Medium - i.e. Device Fault 2 hours
4 Low - i.e. Single User Fault 4 hours
5 Very Low - i.e. Request For Info, Standard MACD 8 hours

*Support outside of Standard Hours is only available for cases reported via phone

 

INCIDENT/REQUEST PRIORITIES

The priority level of your case will be determined by measuring the impact and urgency and is calculated using this table:

PRIORITY
IMPACT
High Medium Low
URGENCY High 1 2 3
Medium 2 3 4
Low 3 4 5

 

INCIDENT URGENCY LEVELS

CATEGORY DESCRIPTION
HIGH (H) The damage caused by the Incident increases rapidly.
Work that cannot be completed by staff is highly time-sensitive.
A minor Incident can be prevented from becoming a major Incident by acting immediately.
Several users with VIP status are affected.
MEDIUM (M) The damage caused by the Incident increases considerably over time.
A single user with VIP status is affected
LOW (L) The damage caused by the Incident only marginally increases over time.
Work that cannot be completed by staff is not time sensitive.

 

INCIDENT IMPACT LEVELS

CATEGORY DESCRIPTION
HIGH (H) A large number of staff are affected and/or not able to do their job.
A large number of customers are affected and/or acutely disadvantaged in some way.
The damage to the reputation of the business is likely to be high.
Someone has been injured.
MEDIUM (M)
A moderate number of staff are affected and/or unable to do their job properly.
A moderate number of customers are affected and/or inconvenienced in some way.
The financial impact of the Incident is likely to be moderate.
The damage to the reputation of the business is likely to be moderate.
LOW (L)
A minimal number of staff are affected and/or able to deliver an acceptable service, but this requires extra effort.
A minimal number of customers are affected and/or inconvenienced, but not significantly.
The financial impact of the Incident is likely to be minor.
The damage to the reputation of the business is likely to be minimal.