Attached files

file filename
EXCEL - IDEA: XBRL DOCUMENT - TRX INC/GAFinancial_Report.xls
10-Q - 10-Q - TRX INC/GAd10q.htm
EX-10.1 - AGREEMENT TO MODIFY CREDIT, SECURITY AND APPLICATION & REIMBURSEMENT AGREEMENTS - TRX INC/GAdex101.htm
EX-10.4 - AMENDMENT #3 TO SERVICES AGREEMENT - TRX INC/GAdex104.htm
EX-32.1 - SECTION 906 CERTIFICATIONS - TRX INC/GAdex321.htm
EX-31.2 - SECTION 302 CERTIFICATION OF CHIEF FINANCIAL OFFICER - TRX INC/GAdex312.htm
EX-10.3 - SECOND AMENDMENT TO CORREX SERVICES AGREEMENT - TRX INC/GAdex103.htm
EX-31.1 - SECTION 302 CERTIFICATION OF CHIEF EXECUTIVE OFFICER - TRX INC/GAdex311.htm

EXHIBIT 10.2

STATEMENT OF WORK No. 8

Vendor: TRX, Inc., a Georgia corporation, located at 2970 Clairmont Road, Suite 300, Atlanta, GA 30329 (“TRX”)

Statement of Work (“SOW”) No.: 8, CW227592

Master Agreement No. (“Agreement”): CW143537

The Effective Date of this SOW is January 1, 2011.

This SOW is issued pursuant to the above-referenced Agreement entered into with the above-named Vendor. Any term not otherwise defined herein, shall have the meaning specified in the Agreement.

TRX provides an interactive agent productivity tracking and queue management solution in an application service provider format. AXP wishes to utilize the Queue Manager Services in its and its Affiliates’ business under the terms and conditions set forth herein.

SERVICES: Attached hereto as Exhibit A.

SERVICE LEVEL AGREEMENT: Attached hereto as Exhibit B.

VENDOR KEY PERSONNEL AND PROJECT MANAGERS: Attached hereto as Exhibit C.

FEES: Attached hereto as Exhibit D.

VENDOR THIRD PARTY PROVIDERS: Attached hereto as Exhibit E.

ACCEPTANCE AND TESTING PROCEDURES: Attached hereto as Exhibit F.

APPLICABILITY OF BUSINESS CONTINUATION REQUIREMENTS AND DISASTER RECOVERY PROVISIONS: (Section 13). Provision is applicable for this SOW No.8.

APPLICABILITY OF MASTER AGREEMENT ESCROW PROVISION: *.

ADDITIONAL PROVISIONS AND CONDITIONS: AXP is engaging TRX to provide the Queue Manager Services. This SOW to the Agreement provides the terms and conditions under which AXP shall have access to and use of the Queue Manager Services.

1. DEFINITIONS

a. “Queue Manager” means the service provided by TRX that provides access, use and support of software to and for AXP over the Internet, as described in Exhibit A.

* CONFIDENTIAL TREATMENT REQUESTED

 

1


2. GRANT OF RIGHTS

2.1 AXP Rights. On the Effective Date, TRX grants to AXP, and AXP accepts, a nonassignable, nontransferable, nonexclusive, limited right for AXP to access and use Queue Manager solely for AXP’s and its Affiliates’ internal use during the term of this Attachment, subject to the provisions of this Agreement. This right is personal to AXP.

2.2 Proprietary Notices. AXP agrees not to remove, alter or conceal any product identification, copyright notices, or other notices or proprietary restrictions from the documentation provided to AXP by TRX, and to reproduce any and all such notices on any copies of such materials.

2.3 Installation. TRX has no responsibility for providing AXP with any end-user computer hardware or other equipment. AXP shall be solely responsible for providing a proper end-user environment to utilize Queue Manager, for which TRX will provide specifications to AXP.

2.4 Reservation of Rights. TRX reserves the right, in its sole discretion and with a * prior written notice to AXP, to modify, discontinue, add, adapt, or otherwise change any design or specification of Queue Manager and/or TRX’s policies, procedures, and requirements specified in or related hereto.

2.5 Rights to Updates. AXP shall be entitled to use Queue Manager under this Agreement as it is later updated or modified, provided such updates or modifications are made generally available to all customers of Queue Manager.

2.6 Rights to New Functionality. From time to time TRX may introduce new functionality into Queue Manager. Provided such new functionality is offered to all customers for an additional fee, such new functionality shall be available to AXP for an agreed upon fee specified by TRX. AXP shall be under no obligation to acquire such new functionality and if they choose not use the new functionality, AXP can continue to use the then existing functionality and the original terms and conditions.

2.7 *. The procedures and criteria for * Queue Manager are set forth in Exhibit F (* Procedures).

2.8 Support Services

a. Services Provided. During the term of this SOW TRX will provide in connection with the Queue Manager Services the following support services to AXP’s Operational Representatives, who will provide first level support to AXP’s personnel:

 

  (i) Electronic Support: TRX will provide reasonable consultation and support over the Internet regarding the operation of Queue Manager, including both technical and AXP issues.

 

  (ii) Telephone Support: In the event AXP encounters a problem that its Operational Representatives (as described below) are unable to resolve via the escalation process utilizing CRM, such Representatives shall have access to telephone support.

* CONFIDENTIAL TREATMENT REQUESTED

 

2


  (iii) Error Correction: In the event AXP encounters an error, bug or malfunction in Queue Manager, Operational Representatives shall use the online problem tracking tool provided by TRX to describe the problem and indicate AXP’s assessment of the severity of same. TRX shall use reasonable efforts to verify the cause of the problem, and if the error is due to any act or omission of TRX, TRX’s sole obligation shall be to use its reasonable efforts to correct the reported problem.

b. Training. TRX shall conduct training sessions at a location to be specified by TRX, for * AXP personnel upon a mutually agreed upon schedule to be finalized after TRX’s receipt of the first invoiced payment for each new location implementation. AXP shall be responsible for its own travel, living and other expenses associated with such training. Specific training requirements and costs (including but not limited to training, connectivity, hardware and travel and related expense) for each new location implementation will be detailed in a separate Task Order as provided in this Statement of Work.

c. Responsibilities of AXP. Throughout the term of this SOW, and as a condition of TRX’s obligation to provide Queue Manager under this SOW, AXP agrees that it will:

 

  (i) Provide all information reasonably requested by TRX to assist in identifying and solving reported errors.

 

  (ii) Designate * Operational Representatives (the initial Representatives being named on Exhibit C who will be the contact persons through which all support and/or problem communications will be made. AXP may, from time to time, change * of the designated Operational Representatives, which change shall be effective only upon TRX’s receipt of written notice thereof. At no time shall there be more than * Operational Representatives. AXP shall ensure that any appointed Operational Representative is knowledgeable in the operation and use of Queue Manager, any operating system(s) and hardware installed at the AXP’s site used to access Queue Manager.

3. TERM AND TERMINATION.

The term of this SOW #8 shall be from the Effective Date through December 31, 2014. AXP shall have * this SOW #8 * with a *. The parties agree that the Statement of Work #3 dated 1 January 2011 between TRX, Inc. and American Express Travel Related Services Company, Inc. is hereby terminated as of the Effective Date of this SOW #8.

4. ADDITIONAL PROVISION FOR *.

At any time during the term of the SOW, AXP may provide TRX with a written request to * to the Queue Manager Services for an * to TRX. In this event, the parties shall * in the Agreement.

* CONFIDENTIAL TREATMENT REQUESTED

 

3


AMERICAN EXPRESS TRAVEL

RELATED SERVICES COMPANY, INC.

      TRX, INC.

By:

 

/s/ John Fredell

    By:  

/s/ David Cathcart

Name:

 

John Fredell

    Name:  

David Cathcart

 

(Type or print)

     

(Type or print)

Title: Purchasing Manager

    Title: CFO

Date: May 17, 2011

    Date: 19 May 2011

 

 

4


EXHIBIT A

to Statement of Work No. 8 Dated January 1, 2011

Queue Manager Services Description

Queue Manager is an Internet-based task distribution and productivity tracking tool which allocates PNR processing tasks to individual agents based upon availability and skill sets, tracks the task completion time, and provides reports segmented by task category and individual agent.

ADMINISTRATION:

TRX will administer the system on behalf of AXP. System administration includes:

*

MINIMUM SYSTEM REQUIREMENTS:

Supported Operating Systems: See below.

 

Operating System

  

Minimum RAM Required

*    *
*    *
*    *

 

Software

  

Minimum Version

*    *
*    *
*    *
*    *
*    *

GDSs Supported: * as of the Effective Date.

ADDITIONAL REQUIREMENTS:

For traditional GDS connectivity, AXP, at its own expense, must provide TRX with a minimum of *. TRX will not be responsible for any * deadlines.

* CONFIDENTIAL TREATMENT REQUESTED

 

5


For GDS systems that connect via web services, AXP, at its own expense, must provide TRX with a minimum of *. TRX will not be responsible for any * deadlines.

ADDITIONAL SERVICES:

Queue Manager *.

 

  1. AXP may request Queue Manager *, if any, via *.

 

  2. In the event TRX agrees to perform the requested Queue Manager *, TRX shall provide a Task Order with the *.

 

  3. AXP shall signify approval of the * and its agreement to * by signing and returning the Task Order to TRX.

 

  4. The parties will follow the * procedures outlined in Exhibit F.

* IMPLEMENTATIONS:

In the event AXP chooses to implement the Queue Manager Services in a *, TRX and AXP shall reasonably cooperate to mutually agree upon the * implementation plan, including any required customization, and reduce such agreement for additional deliverables or changes to the services to a writing in the form of a Task Order in accordance with Section 4.3 of the Agreement and Exhibit D Pricing for Queue Manager * Implementations.

 

Queue Manager * Implementation

AXP Requirements

  

Description

   Estimated Cost    Comments

*

   *    *    *

*

   *    *    None

*

   *    *    None

*

   *    *    None

* CONFIDENTIAL TREATMENT REQUESTED

 

6


EXHIBIT B

to Statement of Work No. 8 Dated January 1, 2011

SERVICE LEVEL AGREEMENT

This Exhibit B sets forth certain levels of service that TRX is required to meet in performing the

Queue Manager Services during the Term (“Service Levels”).

 

Error Severity Levels

  

Error Response Time Frame

Severity Level 3: Impacts ability to perform business-critical functions for a minimal number of QM users in a single location, or a minimal number of QM users across more than one location. AXP will advise TRX of affected user and location counts where applicable. Examples:

 

•        * users are unable to log into Queue Manager

 

•        * users are able to log into QM but have reported that they are not receiving tasks

 

•        * queues are late in sweeping PNRs (i.e. queue sweep alarming)

   Email acknowledgement of assignment to TRX personnel will be sent within *. TRX personnel will email status report and estimate of resolution of timeframe to AXP-designated contact at least every *. Upgrade to Severity Level 2 may be made, at any time, in the sole discretion of AXP.

Severity Level 2: Impacts ability to perform business-critical functions for an isolated number of QM users in a single location, or an isolated number of QM users across more than one location. AXP will advise TRX of affected user and location counts where applicable. Examples:

 

•        * users are unable to log into Queue Manager

 

•        * users are able to log into QM but have reported that they are not receiving tasks

 

•        * queues are late in sweeping PNRs (i.e. queue sweep alarming)

 

   Email acknowledgement of assignment to TRX personnel will be sent within *. TRX personnel will email status report and estimate of resolution timeframe to AXP-designated contact at least every *. Upgrade to Severity Level 1 may be made, at any time, in the sole discretion of AXP.

Severity Level 1: Impacts ability to perform business-critical functions for a significant number of users in a single location, a significant number of users across more than one location, or incidents involving a QM priority queue. AXP will advise TRX of affected user and location counts where applicable. Examples:

 

•        * users are unable to log in to Queue Manager

   Email acknowledgement of assignment to TRX personnel will be sent within *. TRX personnel will email status report and estimate of resolution timeframe to AXP-designated contact at least every *. Management representatives will be notified if the error is not identified and resolved within * of problem notification.

 

7


* users are able to log in to QM but have reported that
  they are not receiving tasks

 

* queues are late in sweeping PNRs (i.e. queue sweep

alarming)

 

* Amex priority queue (as defined in the QM database)

is alarming and the TRX action is to disable the queue

 

Connectivity to * GDS is down

 

A GDS is experiencing an outage

 

QM Overall Availability

QM *

 

During the Term of this SOW, TRX will maintain a * of the QM Services with the exception of:

 

1.       Downtime for scheduled maintenance; or

 

2. Factors external to TRX infrastructure, people, and processes.

 

Scheduled maintenance generally occurs *. Maintenance is performed during off-peak hours in conjunction with AXP. TRX will
provide notice of scheduled maintenance a minimum of *.

 

Factors external to TRX include, but are not limited to, GDS availability, AXP network or configuration issues, and GDS
performance.

 

QM Processing *

 

*

* CONFIDENTIAL TREATMENT REQUESTED

 

8


EXHIBIT C

to Statement of Work No. 8 Dated January 1, 2011

VENDOR KEY PERSONNEL AND PROJECT MANAGERS

For the United States:

TRX:

*

AXP:

*

FOR EMEA:

TRX:

*

AXP:

*

* CONFIDENTIAL TREATMENT REQUESTED

 

9


EXHIBIT D

to Statement of Work No. 8 Dated January 1, 2011

FEES

QUEUE MANAGER PRICING AND PAYMENT TERMS.

*

*

AXP will pay TRX * for * and other additional services performed by TRX as requested by AXP, in accordance with the processes outlined in Exhibit F. Examples of additional work include but are not limited to:

*

 

Pricing for Queue Manager * Implementations

AXP Requirements

  

Description

   Estimated Cost    Comments

*

   *    *    *

*

   *    *    None

*

   *    *    None

*

   *    *    None

* CONFIDENTIAL TREATMENT REQUESTED

 

10


EXHIBIT E

to Statement of Work No. 8 Dated January 1, 2011

VENDOR THIRD PARTY PROVIDERS

No Third Party Providers engaged for the Services of this SOW.

 

11


EXHIBIT F

to Statement of Work No. 8 dated January 1, 2011

* PROCEDURES

QUEUE MANAGER

Queue Manager * and other additional services.

*

* CONFIDENTIAL TREATMENT REQUESTED

 

12


EXHIBIT G

to Statement of Work No. 8, Dated January 1, 2011

DISASTER RECOVERY /CRISIS PREPAREDNESS PROGRAM REQUIREMENTS

The following are the minimum requirements of Vendor’s CPP:

Planning

 

1. All Critical Business Functions and data centers supporting AXP are identified, along with the Vendor physical locations/addresses.

 

2. Vendor will protect confidentiality of AXP strategies and ensure AXP confidential information is not shared with other Vendor customers.

 

3. Vendor senior leader(s) responsible for the Crisis Preparedness Program (CPP) or supporting the CPP have approved and agreed to utilize the Plan.

Invocation and Notification

 

4. Authorized Vendor personnel at the appropriate level are identified to invoke the Plan.

 

5. There is a process to notify AXP senior leaders, business partners and staff about any situations that may result in invocation of the Plan.

 

6. The Plan identifies primary and backup contact details for:

 

  1. Vendor’s senior management;

 

  2. BCP and DR team members; and

 

  3. AXP, other key partners and suppliers that are required to support the Plan

 

7. A notification process is in place to contact team members, internal management and external partners/clients, (e.g. call tree).

Strategies

 

8. Plan contains strategies developed for each of the following “Loss Types” and each supports the RTO established by the AXP business owner:

 

  1. Area is inaccessible;

 

  2. Building inaccessible; *

 

  3. Staff is unavailable;

 

  4. Data is inaccessible or unavailable;

 

  5. Telecom is inaccessible or unavailable; and

 

  6. Other channels are impacted (i.e. mail, air, ground delivery, strikes, etc.)

 

9. Plan indicates the number of staff Vendor needs to recover at other locations.

 

10. Plan defines all assumptions and dependencies that may be outside of Vendor control.

 

11. Plan lists specific steps that support AXP/Vendor recovery strategies with predefined BCP teams to carry out tasks with defined roles and responsibilities

Technology & Real Estate Requirements

 

12. Vendor has DRP for each critical technical function supporting AXP in accordance with AXP RTO/RPO requirements

 

13. All technology components of a business process (e.g. AXP vs. non-AXP assets) are cleared defined.

 

14. Redundancy is built into the technology infrastructure: network, the host hardware/software components and the client hardware/software components

 

15. Plan identifies technology and operational process to execute AXP approved strategy, which includes: |- Hardware: desktop, servers, mid-range, mainframe, distributed, Internet, non-Internet and web related systems

 

   

Applications/software

 

   

Application enablers

 

   

Capacity requirements

 

   

Voice systems

 

   

Telephony/call centers

 

   

Network

 

   

Vital Records (input/output files, databases, manuals, recovery scripts, tapes, etc.)

 

16. Alternate sites have the potential to process the average business volume. *

* CONFIDENTIAL TREATMENT REQUESTED

 

13


17. Alternate sites allow the use of the facility until a full recovery of the affected entity’s facilities *

 

18. Alternate sites provide for physical security *

 

19. Work area recovery requirements are defined.

Vital Records

 

20. Plan describes all records and/or tapes which are essential to support Vendor restoring business and systems, and are stored in a secure location outside the primary facility.

Special Equipment

 

21. Plan includes specific manufacturer and model numbers for all specialized equipment needed

 

22. Plan lists critical supplies and equipment that may be limited during scenarios

Alternate Site Information

 

23. Critical Business Functions covered by the BCP, where the strategy includes transferring staff to an alternate work location, provides the details concerning location, address, operating days/hours, and any related contacts as appropriate *

 

Call Center Requirements

 

24. Plan contains procedures for redirecting inbound calls. Interim call handling strategy defined: AXP approved voice response unit message

 

25. Alternate call center is defined (internal or external)

 

26. A plan for the re-establishment of agents is defined- e.g. internal/alternate site, external/Vendor

 

27. Planned and AXP approved scripts are used until access is recovered

Plan Exercising

 

28. An exercise schedule with Vendor’s senior management concurrence will be provided to AXP by the last business *.

 

   

Exercise schedule will identify a description of the dates, exercise type, scope, objectives and participating staff.

 

29. Plan exercising is conducted * and AXP and/or applicable regulatory agencies will be allowed to observe exercises/testing and results as applicable by location.

 

30. Exercise results are documented, reviewed, concurred with by Vendor’s senior management and provided to AXP within * from the date the testing is completed. Test results will identify the following:

 

   

Test definition;

 

   

Exercise participants;

 

   

Preset objectives;

 

   

Exercise observations;

 

   

Gaps identified;

 

   

Action plan with required target dates to close gaps; and

 

   

Proof of gap closure to be provided within *

Supporting Information

 

31. Plan Maintenance—Plan is maintained *, identifies maintenance history and is distributed to AXP in the months of *.

 

32. A current version of the Plan is stored offsite and treated as a Vital Record. Plan is signed by the following indicating concurrence of the Plan and program:

 

   

Vendor’s senior leader(s) responsible for the business and/or technology systems.

 

   

Vendor’s senior leader(s) at recovery locations and/or other supporting departments critical to Plan execution.

Disaster Declaration

 

33. If CPP is enacted, Vendor shall notify AXP immediately and provide all relevant information pertaining to the event and status of Plan execution (to include any issues impeding Plan execution).

 

34. Vendor must document all activities, decisions made, expenditures, service level reporting and any issues or gaps inhibiting Plan execution.

 

35. Vendor must provide a Post Incident Report (“PIR”) to AXP within * after a CPP has been invoked. The PIR shall incorporate, at minimum, the following:

 

   

an executive summary of the event;

 

   

a summary of impacts;

 

   

a summary of process improvement recommendations; and

 

   

a timeline of activities

* CONFIDENTIAL TREATMENT REQUESTED

 

14


36. Vendor must create an action plan for closing all significant gaps that inhibited the Vendor’s ability to enact the Plan or recover the business within the established RTO and all such gaps must be closed within * following the invocation of the Plan. Any target dates that need to be extended must be approved in writing by the AXP senior business owner.

 

37. Record Retention

Documents can be retrieved in a timely manner for examination and documents must be retained for * following the year in which they are created:

 

   

Exercise Documentation

 

   

Schedule/Management signatures

 

   

Exercise results

 

   

Crisis Communication plans, contacts/signatures

 

   

Business Continuation Plans/signatures

 

   

Disaster Recovery Plans/signatures

 

   

Post Incident Reports

Definitions:

Business Continuation Planning (“BCP”)BCP includes the policies, standards, processes, organizations and facilities by which Vendor develops, implements, and administers plans for continuation of critical business functions and/or recovery thereof, including disrupted access to AXP’s facilities, customers or information; actual or perceived threat to the health or safety of AXP employees and visitors within AXP’s facilities, and/or any other authorized work environment where the Services are being performed.

Business Interruption—An event that disrupts access to a company’s facilities, customers or information, or threatens the health or safety of employees and visitors of a company. Business continuation plans are not designed to mitigate the effects of routine events that can be resolved through normal problem resolution practices.

Crisis—An event that threatens to overwhelm the existing processes of control. A Crisis can be physical, such as fire, power failure or terrorism, or logical, such as an information security breach or denial of service attack. A Crisis can also be a threat, such as kidnapping and extortion. In any instance, a Crisis can be designated as such by Vendor when events impact life safety, brand image or business operations.

Crisis Preparedness Program (“CPP”)—An ongoing management and governance process supported by Vendor and resourced to ensure that the necessary steps are taken to develop and maintain viable recovery strategies and plans, and ensure continuity of products/services provided to AXP through exercising, testing, training, maintenance and assurance Continuity management requirements for Vendor include three components: Crisis Communication, Business Continuity and Disaster Recovery.

Crisis Communication—The component of continuity management which deals specifically with communication with AXP at all levels during the event; interaction with local and/or international media; providing authorized decision-making and prioritization of the recovery process during the event; and assessing and minimizing the potential impact of an actual or perceived threat, emergency, disruption and/or disaster with respect to the Services.

Critical Business Functions – Any service that is essential to support the survival of the enterprise as identified in the AXP Business Impact Analysis report.

Disaster—An event that causes significant harm or physical damage to a facility, its people or operations.

Disaster Recovery Planning (“DRP”) – The policies, standards, organizations and management processes by which a company creates and maintains plans for recovery of technology and associated systems, including application software, hardware, network connectivity, telecommunications, Internet, non-Internet and web related processes.

PlanA set of documented procedures and action steps to be followed in order to continue business functions following a Disaster. This includes Crisis Communication, BCP and DRP. The Plan contains all the necessary information needed to ensure continuity of Critical Business Functions and business unit recovery.

Plan Maintenance, Scheduled and UnscheduledPlan updates and changes, including, but not limited to, all Crisis preparedness plans: BCPs, DRPs, and Crisis management plans, e.g. contact lists, tasks, equipment, recovery requirements, etc.

* CONFIDENTIAL TREATMENT REQUESTED

 

15


Recovery Objective (“RO”)—The level of recovery and the time to resume a process or function based on regulatory requirements and/or an assessment of the financial, operational and/or brand damage resulting from a business interruption.

Vital Records—Any information that is essential for the continuation or restoration of any business process or computer operation that supports AXP. Examples include: BCPs, DRPs, crisis communication plans, tape media, diskettes, CD ROM, microfilm or fiche, any electronic data, hardcopy files, manuals, books, special forms, engineering drawings, facility inventories, Vendor lists, supplier lists, desk reference and procedure manuals.

 

16


SCHEDULE 4.0

AMERICAN EXPRESS

BUSINESS CONTINUATION REQUIREMENTS

INTERACTIVE VENDORSAPPLICATION SERVICE PROVIDERS

VENDOR COMPANY: TRX INC.

VENDOR COMPANY CONTACT NAME: *

TITLE: *

PHONE NUMBER: *

AXP RELATIONSHIP OWNER: *

TITLE: *

PHONE NUMBER: *

VENDOR TIER LEVEL: *

DATED:

 

1) General

Purpose: This document will be used by Third Party vendors to validate that appropriate Business Continuation Planning has been completed for all utilities and software supplied by the vendor which supports American Express business functions. This document will be periodically revised as appropriate modifications are identified. Please contact American Express Global Business Continuity Management to ensure that you are working with the most recent revision.

 

2) Definitions:

Business Continuation Planning (BCP) Program—The policies, standards, organizations, and management processes by which American Express, and/or third party providers, creates and maintains plans for continuation of critical business functions and plans for recovery of work environments. This includes all the requirements and supporting plans (e.g. disaster recovery plans) to ensure continuation of the critical business functions. It also includes work environment requirements (office space requirements, equipment, people, band/level info, etc.) for recovery of all business functions to an alternate site.

Business Interruption—An event that disrupts access to a company’s facilities, customers, or information or threatens the health or safety of employees and visitors of a company. Business continuation plans are not designed to mitigate the effects of routine events that can be resolved through normal problem resolution practices.

Disaster Recovery Planning (DRP)—The policies, standards, organizations, and management processes by which a company creates and maintains plans for recovery of technology, including hardware, network connectivity, telecommunications and system and application software.

* CONFIDENTIAL TREATMENT REQUESTED

 

17


Plan Maintenance Scheduled and Unscheduled—Plan updates and changes including but not limited to business functions, technology, contact lists, tasks, equipment, recovery requirements, etc.

Recovery Objective (RO)—The level of recovery and the time to resume a process or function based on regulatory requirements and/or an assessment of the financial, operational and brand damage resulting from a business interruption. This includes:

Maximum Allowable Outage (MAO)The maximum amount of time a business process can be unavailable before significant impact (financial, customer, regulatory) is felt.

Recovery Point Objective (RPO)—the latency of data that will be recovered. This is equal to the lowest frequency in back-ups (i.e. component 1 is backed up every 4 hrs, component 2 is backed up every 24 hrs, RPO for the entire solution is 24 hrs)

 

*

Recovery Time Objective (RTO)—the amount of time to restore the function. In the simplest terms, this is equal to the sum of time for all components to invoke redundancy or replicate the functionality elsewhere (i.e. component 1 is 1 hr, component 2 is 2 hrs, RTO for the entire solution is 3 hrs).

 

*

Vital Records—Any information that is essential for the continuation or restoration of any business process or computer operation that supports AXP. Examples include: tape media, diskettes, CD ROM, microfilm or fiche, any electronic data, hardcopy files, manuals, books, special forms, engineering drawings, facility inventories, vendor lists, supplier lists, desk reference and procedure manuals

3) Business Continuation/Disaster Recovery Assessment Checklist

The following checklist should be used to assess vendor compliance with American Express interactive vendor business continuation requirements.

 

*

 

*

 

*

 

18