Attached files
| file | filename |
|---|---|
| 8-K - 8-K - SERVICEMASTER CO, LLC | a12-12284_18k.htm |
Exhibit 10
Subject to a request for confidential treatment, certain portions of this agreement have been intentionally omitted. The omitted portions subject to the confidential treatment request are designated by three asterisks ([***]). A complete version of this agreement has been separately filed with the Securities and Exchange Commission.
Project Work Order
|
Project: |
|
Project Genesis AMS |
|
Service Req #: |
|
SVM 12-GBS AMS |
|
Innotas #: |
|
|
|
Client: |
|
ServiceMaster |
|
Business Unit: |
|
|
SERVICEMASTER/IBM CONFIDENTIAL
FINAL
For more information:
|
[***] |
|
[***] |
|
[***] |
|
[***] |
Revision History:
|
Version |
|
Date |
|
Author |
|
Change Description |
|
0.1 |
|
April 10, 2012 |
|
Hunton & Williams, LLP |
|
Document created from PCR No. 12 |
Approvals:
This document requires the following approvals in order to authorize project:
|
Name |
|
Title |
|
Signature |
|
|
|
ServiceMaster Governance |
|
|
Distribution:
1. This document has been distributed to:
|
Name |
|
Title |
|
|
|
ServiceMaster COE Project Manager |
|
|
|
IBM Project Manager |
This document will be stored in Rational Portfolio Manager.
Table of Contents
|
1 |
Services |
4 | ||
|
|
1.1 |
Introduction |
4 | |
|
|
1.2 |
Relationship to TD No. 2 |
4 | |
|
|
1.3 |
Attachments to this Project Work Order |
4 | |
|
|
1.4 |
Charges |
4 | |
|
|
1.5 |
Statement of Work |
4 | |
|
|
1.5.1 |
Transition |
5 | |
|
|
1.5.2 |
Support Levels |
5 | |
|
|
1.5.3 |
Performance Requirements |
6 | |
|
|
1.5.4 |
Deliverables |
6 | |
|
|
1.6 |
Service Levels |
7 | |
|
|
1.7 |
Key Personnel |
7 | |
|
|
1.7.1 |
Delivery Project Executive |
8 | |
|
|
1.7.2 |
Key Service Provider Positions |
8 | |
|
|
1.8 |
Period of Performance |
9 | |
|
|
1.9 |
AUTHORIZED SIGNATURE |
9 | |
|
Attachment 1: Charges |
11 | |||
|
Attachment 2: SOW |
16 | |||
|
Attachment 3: Customer Business Applications |
32 | |||
|
Attachment 4: TD No. 1 Schedules that Apply to this Project Work Order |
33 | |||
|
Attachment 5: Service Levels |
34 | |||
1 Services
1.1 Introduction
This is Project Work Order No. SVM 12-GBM AMS to that certain First Amended and Restated Master Services Agreement and its First Amended and Restated Transaction Document No. 1 (“TD No. 1”), dated as of November 1, 2010 and as subsequently amended, between ServiceMaster Consumer Services Limited Partnership and International Business Machines Corporation. Unless otherwise defined herein, capitalized terms have the meanings set forth in the Master Agreement, the “Definitions” Exhibit to the Master Agreement or the “Definitions” Schedule to TD No. 1.
The Master Agreement and its Exhibits and TD No. 1 and its Schedules apply to and govern the terms of this Project Work Order, unless this Project Work Order expressly and specifically references the provisions of such documents that do not apply or are to be superseded or amended.
1.2 Relationship to TD No. 2
This Project Work Order does not waive, limit, or supersede Service Provider’s obligations regarding Project Genesis, including “Hyper-Care,” pursuant to (a) Transaction Document No. 2, dated as of December 9, 2010 between ServiceMaster Consumer Services Limited Partnership and International Business Machines Corporation, and the Project Change Requests thereto (“TD No. 2”) or (b) the Genesis RFS Letter Agreement 12-0001 to TD No. 1 dated as of March 19, 2012 regarding Amendment to Schedule B-2.
1.3 Attachments to this Project Work Order
The following Attachments are incorporated in and made part of this Project Work Order:
Attachment 1: Charges
Attachment 2: SOW
Attachment 3: Customer Business Applications
Attachment 4: TD No. 1 Schedules that Apply
Attachment 5: Service Levels
1.4 Charges
The Charges and the Charge Mechanics applicable to this Project Work Order are set forth in Attachment 1: Charges. TD No. 1 Schedules E and E-1 through E-10 do not apply to this Project Work Order. Section 4 of the Master Agreement, excluding Sections 4.5 and 4.9, does apply to this Project Work Order. For the purposes of Section 4.4(b) of the Master Agreement, the Charges under this Project Work Order shall be considered “Variable Charges.” [***]
1.5 Statement of Work
Service Provider shall perform the activities set forth in the Responsibility Matrix set forth in Attachment 2: SOW as part of the Services under this Project Work Order. TD No. 1 Schedule B-1 does apply to this Project Work Order, excluding its Section 2.0, Responsibility Matrix, which matrix is superseded and replaced by Attachment 2: SOW for the purposes of this Project Work Order.
Service Provider shall perform application management services as specified in this Project Work Order (“AMS”) for the software listed in Attachment 3: Customer Business Applications. TD No. 1 Schedule B-2 does not apply to this Project Work Order, which is superseded and replaced by Attachment 3: Customer Business Applications for the purposes of this Project Work Order.
Section 3 of the Master Agreement does apply to this Project Work Order, excluding Section 3.5, which is superseded and replaced by the following for the purposes of this Project Work Order:
“Service Provider shall maintain a commercially reasonable disaster recovery and business continuity plan relating to the Key Service Provider Positions (i.e., Service Provider resources used to perform the Services) and the continuity of the AMS Services (the “Disaster Recovery Plan”) and shall implement such plan in accordance with its terms (the “Disaster Recovery Services”).”
All times stated in this Project Work Order are Central Time (CT), unless otherwise noted.
TD No. 1 Schedules M, M-1 through M-11, M-12-a, M-12-b, O, R, and T do not apply to this Project Work Order. Attachment 4 hereto sets forth a summary of the TD No. 1 Schedules that apply to this Project Work Order.
1.5.1 Transition
TD No. 1 Schedules F, F-1 through F-5, and F-5-1 through F-5-8 do not apply to this Project Work Order.
1.5.2 Support Levels
As used in this Project Work Order:
a. “level 2” support includes “troubleshoot and resolve” for Incidents that do not have a code change;
b. “level 3” support includes “troubleshoot and resolve” for Incidents that have a code change. Level 3 support includes the diagnosis and resolution of complex problems which may require in depth investigation, research, the assistance of specialists, or the involvement of the software vendor. Service Provider will enlist the services across a broad range of resources including intellectual capital, knowledge networks, research and development and the software vendor’s technical support; and
c. “troubleshoot and resolve” means the process for diagnosing and resolving problems caused by application breaks in functional configuration and/or custom development provided by Service Provider. It does not address underlying software bugs or defects for Third Party software.
Under this Project Work Order, Projects (if any) will be addressed through the Change Control Procedures. Service Provider shall provide progress updates to Customer regarding ticket or Incident resolution in the manner and frequency set forth in the table below. Service Provider
shall provide such updates to such Customer personnel or Third Party as the Customer Contract Manager may designate.
|
Incident |
|
Progress Update Frequency |
|
Method of Update |
|
[***] |
|
[***] |
|
[***] |
|
[***] |
|
[***] |
|
[***] |
|
[***] |
|
[***] |
|
[***] |
1.5.3 Performance Requirements
Service Provider shall perform the Services in accordance with the Procedure Manuals. Service Provider will implement and maintain security controls and measures necessary to protect Client’s Sensitive Data from unauthorized access, loss, destruction, disclosure or use. In all events, Service Provider will comply with Client’s then-current information security (“InfoSec”) compliance requirements, as may be updated and revised by Client from time to time (“InfoSec Compliance Requirements”), which are available at http://www.servicemaster.com/suppliers, or such successor URL as Client may provide to Service Provider via notice (“InfoSec Compliance Requirements WebSite”). Client may update such InfoSec Compliance Requirements, from time to time, and it is the responsibility of Service Provider to check, regularly, the InfoSec Compliance Requirements WebSite to ensure that Service Provider is aware of, and compliant with, the then-current InfoSec Compliance Requirements. Without limiting any other right or remedy that Client may have under this Agreement, Service Provider will pay Client promptly for all expenses or claims associated with an Event, including assessments, fines, losses, costs, penalties, and expenses assessed, incurred, charged, imposed or collected by a Card Organization or a Card issuers. Terms used in this provision and not otherwise defined in the Agreement have the meaning set forth on the InfoSec Compliance Requirements Website.
1.5.4 Deliverables
Service Provider shall prepare and complete the Deliverable below within 90 days of Service Provider’s commencement of the AMS Services in accordance with this Project Work Order.
Application Information Document (AID)
Purpose: Single document for summary, containing one (1) document for each Customer Business Application.
Content: The Deliverable will consist of the following, as appropriate:
a. Document terminology and acronyms;
b. Summary of application overview including management and other information;
c. Description and drawing of application platform including development and execution information;
d. Description and drawing of application structure including functional flow, data flow, application and shared modules; and
e. Description and drawing of databases including internal and external files, external system interfaces and user interfaces.
Delivery: Service Provider will deliver this document in electronic format.
1.6 Service Levels
TD No. 1 Schedule D-2 does apply to this Project Work Order, except for the Service Level table, which is superseded and replaced by Attachment 5: Service Levels for the purposes of this Project Work Order. For the purposes of this Project Work Order, “At Risk Amount” shall mean, for any month during the term of this Project Work Order, [***]. The Service Level Commencement Date for each of the Service Levels under this Project Work Order shall be [***].
Service Provider shall resolve or complete at least 160 tickets per month, with such tickets distributed roughly as follows:
Application
[***]
[***]
[***]
[***]
[***]
Type
[***]
[***]
[***]
Customer shall establish the Severity Levels of Incidents and Customer shall establish the priority in which Service Provider shall “troubleshoot and resolve” Incidents and perform Enhancements. Service Provider shall be excused from the Service Levels to the extent that Service Provider complies with Section 2(c)(v) of Schedule D-1 to TD No. 1.
Service Provider shall report and calculate the Service Levels applicable to this Project Work Order separately from those applicable under TD No. 1. For purposes of this Project Work Order, Service Provider will acknowledge, respond, and commence resolution for Incidents as specified in the table below.
|
Incident |
|
Commence Resolution |
|
[***] |
|
[***] |
|
[***] |
|
[***] |
|
[***] |
|
[***] |
|
[***] |
|
[***] |
1.7 Key Personnel
TD No. 1 Schedules C, C-1, C-1-1, and C-2 do not apply to this Project Work Order. The next two Sections set forth the Key Personnel under this Project Work Order:
1.7.1 Delivery Project Executive
The Service Provider-designated Delivery Project Executive (DPE) will manage the Services, the quality of the Customer relationships with Service Provider, the Key Service Provider Positions, and Service Provider staffing requirements, and will provide ongoing project management under this Project Work Order. The purpose of the project management activity is to provide technical direction and control of the personnel holding Key Service Provider Positions and to provide project planning, communications, reporting, and procedural and contractual activity. The DPE will have overall responsibility for the following tasks:
a. Serve as the Service Provider Contract Manager for purposes of this Project Work Order;
b. Coordinate the Services;
c. Review project tasks, schedules, and resources and make changes or additions, as appropriate and approved in accordance with the Change Control Procedures;
d. Measure and evaluate progress against the Service Levels;
e. Establish documentation and Deliverables consistent with the Agreement;
f. Monitor resolution of Incidents;
g. Perform problem management, and escalate to Customer as appropriate;
h. Track Incidents, Service Requests, and Enhancements for analysis and reporting;
i. Maintain communications with Customer through the Customer Contract Manager;
j. Conduct regular monthly status meetings with the Customer Contract Manager or as requested by Customer;
k. Create and deliver monthly status reports;
l. Resolve issues under this Project Work Order with the Customer Contract Manager; and
m. Coordinate and manage the technical activities of personnel holding Key Service Provider Positions.
1.7.2 Key Service Provider Positions
The Key Service Provider Positions under this Project Work Order are designated in Table 1: Project Rates in Attachment A under the # column as 1-18, 20, 21-25, and 31-37. The personnel holding such positions are responsible for providing the Services, including resolving Incidents, performing Enhancements, and providing technical and development support. Such personnel will perform the following tasks:
a. Communicate appropriately with Customer to determine nature and Severity Level of Incidents and the priority of Service Requests and Enhancements;
b. Appropriately analyze Incidents to obtain resolution or work-around;
c. Effectively communicate Incident resolutions to Customer;
d. Resolve the Incident and complete Service Requests and Enhancements;
e. Document the Incident work-around and/or resolution;
f. Provide technical support related to the maintenance and administration of the Customer Business Applications;
g. Provide development support for Enhancements;
h. Provide Subject Matter Advisor (SMA) support for application direction setting and advice, architecture assistance, performance tuning, specific troubleshoot and resolve, enhancement advice and enhancement assistance; and
i. Perform other tasks as specified in this Project Work Order.
1.8 Period of Performance
The term of this Project Work Order shall be 60 months commencing upon the Go-Live date for TD No. 2 Release No. 5 and the completion of the Hyper-Care period. Notwithstanding Section 2.2 of the Master Agreement, the Termination Assistance Period for this Project Work Order shall be 90 days and shall commence upon at least five Business Days advance notice.
1.9 Termination for Convenience
Notwithstanding Section 12.2 of the Master Agreement, in the event of Customer’s termination of this Project Work Order for convenience, Customer shall specify a termination date no less than 90 days after the date of such notice of termination.
1.10 AUTHORIZED SIGNATURE
THE PARTIES ACKNOWLEDGE THAT THEY HAVE READ THIS PROJECT WORK ORDER UNDERSTAND IT, AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS. FURTHER, THE PARTIES AGREE THAT THE COMPLETE AND EXCLUSIVE STATEMENT OF THE AGREEMENT BETWEEN THE PARTIES RELATING TO THE SERVICES DESCRIBED HEREIN CONSISTS OF 1) THIS PROJECT WORK ORDER, 2) ITS ATTACHMENT(S), 3) ANY CHANGE ORDER(S), AND 4) ANY AGREEMENTS REFERENCED HEREIN. THIS STATEMENT OF THE AGREEMENT SUPERSEDES ALL PROPOSALS OR OTHER PRIOR AGREEMENTS, ORAL OR WRITTEN, AND ALL OTHER COMMUNICATIONS BETWEEN THE PARTIES RELATING TO THIS SUBJECT.
[Signatures are on the next page.]
Executed by the Parties on the dates indicated below:
|
ServiceMaster Consumer Services Limited Partnership |
|
International Business Machines Corporation | ||
|
|
|
| ||
|
|
|
| ||
|
By: |
/s/ Linda Goodspeed |
|
By: |
/s/ John A. Toms, II |
|
Authorized signature |
|
Authorized signature | ||
|
Name: Linda Goodspeed |
|
Name: John A. Toms, II | ||
|
Title: SVP-CIO |
|
Title: Partner | ||
|
Date: May 11, 2012 |
|
Date: May 11, 2012 | ||
Attachment 1: Charges
1. The Charges described in Project Work Order and its attachments fully compensate Service Provider for providing the Services (as a whole) and for all of the resources and materials used to provide the Services. If the Services are changed pursuant to the Change Control Procedures, the Charges herein will be adjusted only to the extent specifically stated in a signed Change Order agreed upon pursuant to the Change Control Procedures. Customer shall not be responsible for the payment (whether to Service Provider or any other service provider) of any Charges, fees or other amounts not expressly described or referenced in Project Work Order and its attachments, or in any Change Order executed in accordance with the Change Control Procedures, in connection with the Services. In determining the Charges, Service Provider has taken into account all of its capital, operational, one-time start-up and all other incidental costs of providing all of the Services and the Charges represent Service Provider’s sole method of recovering such costs. Service Provider shall not invoice Customer, and Customer will not be obligated to pay, any Charges that are not properly invoiced within [***] after the end of the month to which such Charges correspond.
2. The Charges are calculated or governed by specific Charge Mechanics. The Charge Mechanics are set forth in this Project Work Order. If no Charge Mechanic is provided for a Service, except any New Services or Additional Services, then such Service is provided in consideration of the applicable Project Rates. The charges will be calculated using the Project Rates [***] as set forth in Table 1: Project Rates below.
3. [***]
4. [***]
5. [***]
6. With each Service Provider invoice containing Pass-Through Charges, Service Provider shall provide to Customer accurate copies of all such Third Party invoices for Pass-Through Charges. Service Provider will use commercially reasonable diligent efforts to (i) identify and obtain invoices for Pass-Through Charges, if any, that a Third Party Provider does not provide to Service Provider in a timely manner, and (ii) include all Pass-Through Charges incurred in the month corresponding to the applicable invoice(s). Service Provider shall report each month to Customer on the status of late Third Party Provider invoices and Service Provider’s efforts to obtain them.
7. Service Provider shall transfer to Customer all rebates, credits, and other monetary benefits arising out of the Pass-Through Charges. If any such rebates, credits, or other monetary benefits are attributable to similar expenses incurred by Service Provider for multiple customers, then the portion of such rebates, credits, or other monetary benefits payable to Customer shall be pro-rated to reflect the volume of applicable Pass-Through Charges attributable to Customer relative to the volumes of such similar expenses attributable to other Service Provider customers.
8. Service Provider must promptly advise Customer of any incorrect calculation in Service Provider’s favor (e.g., any hours which were incorrectly included in its calculation of the Charges) and provide Customer with a credit reversing the effect of the error, promptly, regardless of when it is discovered. Equally, if Customer discovers any such errors, upon
receipt of appropriate documentation of such error, Service Provider must provide a credit to reverse the effect of the error.
9. Customer may require from time to time support and information from Service Provider regarding accrual of liabilities in respect of the Services, including in connection with unbilled Charges for Services provided by Service Provider. Service Provider agrees to promptly provide Customer with such accrual support and information.
10. Customer’s payment of any Service Provider invoice may be made by wire transfer to an account designated by Service Provider.
[***] [3 pages omitted]
Attachment 2: SOW
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
A |
|
CROSS FUNCTIONAL COMPUTING |
|
|
|
|
|
|
|
Service Provider shall perform the following cross-functional activities for the Services. |
|
|
|
|
|
A.1 |
|
Account Management |
|
|
|
|
|
A.1.1 |
|
Provide account-level interface to Customer in accordance with the “Governance and Change Control” Exhibit |
|
X |
|
|
|
A.1.2 |
|
Provide interface to service delivery teams to ensure Customer’s goals and expectations are met or exceeded |
|
X |
|
|
|
A.1.3 |
|
Provide interface between delivery teams to ensure integrated support and response |
|
X |
|
|
|
A.1.7 |
|
Maintain standards documentation and repository of all technical diagrams, Deliverables, and related information and provide access to Customer |
|
X |
|
|
|
A.1.8 |
|
Create, maintain and regularly update all process interface manuals (PIM) |
|
X |
|
|
|
A.1.9 |
|
As applicable, Service Provider will use the skills, personnel, and roles specified in the Project Work Order to perform the Services |
|
X |
|
|
|
A.2 |
|
Administration and Reporting |
|
|
|
|
|
A.2.1 |
|
Submit Controls Audit as applicable in accordance with Section 9.7(d) of the Master Agreement |
|
X |
|
|
|
A.2.2 |
|
Provide financial and cost accounting data in support of Audits in the format specified by Customer |
|
X |
|
|
|
A.2.3 |
|
Designate a Service Provider single point of contact (Audit Focal resource) responsible for all Audit communications, requests and delivery of Audit data to Customer |
|
X |
|
|
|
A.2.4 |
|
Maintain, update and provide Audit log to Customer on a weekly basis while any Audit requests are outstanding or remediation activities are pending |
|
X |
|
|
|
A.2.5 |
|
Document and maintain in Audit log the following information:
1. The date when the Audit notification was received by Service Provider
2. The date of each Customer request for data from Service Provider
3. The Customer individual who requested data
4. Amount of time spent clarifying the audit data request from Customer
5. The time/date when the data was delivered to Customer by Service Provider
6. The date confirmation was received from Customer that the data delivered by Service Provider fulfills Customer’s request |
|
X |
|
|
|
A.2.6 |
|
Provide accounting data in support of Customer’s capital budget and Operations and Maintenance (O&M) budget in the format specified by Customer |
|
X |
|
|
|
A.2.7 |
|
Respond to data, information, and reporting requests from Customer Auditors and/or inspections in a timely manner (includes discussion of procedures and process walk-throughs as required) in the format specified by Customer |
|
X |
|
|
|
A.2.8 |
|
Respond to data, information, and reporting requests for regulatory and legal purposes in a timely manner as approved by Customer (includes discussion of procedures and process walk-throughs as required) in the format specified by Customer |
|
X |
|
|
|
A.2.9 |
|
Provide data, information and reporting for Customer Audits in a timely manner (includes supporting processes, discussion of procedures and process walk-throughs as required) in the format specified by Customer |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
A.5 |
|
Other Cross Functional Services |
|
|
|
|
|
A.5.1 |
|
Maintain current documentation on all supported processing, and update on a regular basis |
|
X |
|
|
|
A.5.2 |
|
Communicate to, and ensure compliance with Customer policies, procedures and standards of, Service Provider personnel and subcontractors in the delivery of Services to Customer |
|
X |
|
|
|
A.5.3 |
|
Interface with Customer specified processes to ensure integrated support to Customer, including records management, data management, change management, training and other processes as identified |
|
X |
|
|
|
A.5.9 |
|
Develop and maintain the written practices, and procedures for processes and tasks, including documentation standards and acceptance criteria in accordance with the Agreement |
|
X |
|
|
|
A.5.10 |
|
Ensure all Service Provider personnel and subcontractors are trained on the appropriate polices, practices, and procedures related to the activities they are to perform prior to performing the tasks and maintain documentation of such training |
|
X |
|
|
|
A.5.11 |
|
Approve Service Provider developed written practices and procedures, as set forth in the Procedures Manual |
|
|
|
X |
|
|
|
Change and Implementation Management |
|
|
|
|
|
A.9 |
|
Change Management |
|
|
|
|
|
|
|
Service Provider shall perform the following change management activities Services. |
|
|
|
|
|
A.9.1 |
|
Implement and maintain the Change Management Procedures, for introduction of hardware, software or facility changes into the production environment |
|
|
|
X |
|
A.9.2 |
|
Comply with the Change Control Procedures for all Changes |
|
X |
|
|
|
A.9.3 |
|
Comply with the Security Requirements and SOX and PCI requirements |
|
X |
|
|
|
A.9.5 |
|
Ensure that all affected documentation necessary to support the production environment is updated upon the later of Customer’s approval of such change or the implementation of such change |
|
X |
|
|
|
A.9.6 |
|
Implement and maintain the Change Management Procedures for the management of controlled documentation |
|
X |
|
|
|
A.9.7 |
|
Review and approve all appropriate documentation prior to implementation of changes |
|
|
|
X |
|
A.9.8 |
|
Assist in maintaining a segregation of duties between application development resources and the production migration staff |
|
X |
|
|
|
A.9.9 |
|
Recommend prioritization of change requests |
|
X |
|
|
|
A.9.10 |
|
Submit proposed changes in advance to Customer for approval in accordance with the Procedures Manual |
|
X |
|
|
|
A.9.11 |
|
Approve the prioritization and schedule for all changes to the production environment |
|
|
|
X |
|
A.9.14 |
|
Develop and publish change control schedule in accordance with the Procedures Manual |
|
X |
|
|
|
A.9.15 |
|
Conduct scheduled change control meetings with all affected business units to identify impacts and coordinate changes |
|
|
|
X |
|
A.9.18 |
|
Participate in scheduled change control meetings |
|
X |
|
|
|
A.9.19 |
|
For emergency changes, make all reasonable efforts to obtain approval for the change, make temporary changes if approval has not been obtained, document and promptly report to Customer |
|
X |
|
|
|
A.9.20 |
|
Perform changes in accordance with the Procedures Manual |
|
X |
|
|
|
A.9.22 |
|
Rollback changes according to predefined plan if change is unsuccessful |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
A.9.23 |
|
Report status of all changes, (for example: scheduled, emergency) in accordance with the Procedures Manual |
|
X |
|
|
|
A.9.25 |
|
Document and report on every change attempted, including the cause of any problems; measures taken to prevent recurrence; whether or not the change was successful; and any rollbacks implemented, including results |
|
X |
|
|
|
A.9.26 |
|
Provide audit trail of any and all changes to environments in accordance with the Agreement |
|
X |
|
|
|
A.9.28 |
|
Provide reports to Customer as specified in the Agreement, including the “Reports” Schedules, and the “Governance and Change Control” Exhibit and the Procedures Manual |
|
X |
|
|
|
A.13 |
|
Quality Assurance (QA) |
|
|
|
|
|
A.13.1 |
|
Approve Quality Policy, Quality Plan and Control Systems |
|
|
|
X |
|
A.13.2 |
|
Conduct Quality Assurance (QA) testing on production releases on all application packages and standard images before Customer conducts testing |
|
X |
|
|
|
A.13.3 |
|
Support Customer’s quarterly and ad hoc Audits |
|
X |
|
|
|
A.13.9 |
|
Ensure that each functional area develops and maintains (for example: annual review) procedures and work instructions to facilitate tasks performed in a controlled, consistent, and repeatable manner |
|
X |
|
|
|
A.13.10 |
|
Communicate governmental, audit and other regulatory required changes to Service Provider as Compliance Directives |
|
|
|
X |
|
A.13.11 |
|
Establish and maintain a document control system |
|
X |
|
|
|
A.13.12 |
|
Establish and maintain test and inspection procedures |
|
X |
|
|
|
A.13.13 |
|
Ensure modified or added functionality and processes comply with the Agreement |
|
X |
|
|
|
A.13.14 |
|
Prepare and maintain process compliance and work product Audit checklists for all applicable PIM chapters |
|
X |
|
|
|
A.13.15 |
|
Support PPQA Audits for those Projects jointly selected by the Parties |
|
X |
|
|
|
A.13.16 |
|
Support PPQA Audits on all operational processes on a an ongoing basis but not less than once per year per process |
|
X |
|
|
|
A.13.17 |
|
Assist with documenting PPQA Audit results, action items, and issues and assist with developing the report during the next monthly operations oversight committee meeting |
|
X |
|
|
|
A.13.18 |
|
Track action items and issues to resolution and provide tracking report to Customer |
|
X |
|
|
|
A.15 |
|
Business Continuity Planning (BCP) and Disaster Recovery (DR) |
|
|
|
|
|
|
|
Assist Customer with regularly scheduled business continuity plan testing as enhancement work |
|
X |
|
|
|
A.16 |
|
Software Currency, Refresh and Release Control |
|
|
|
|
|
A.16.1 |
|
Implement and maintain processes in accordance with the SDLC |
|
X |
|
|
|
A.16.2 |
|
Approve processes to control the software development to production lifecycle including release management |
|
|
|
X |
|
A.19 |
|
Vendor/Contracts Management |
|
|
|
|
|
A.19.10 |
|
Comply with software development methodology controls approved by Customer |
|
X |
|
|
|
A.23 |
|
Physical Security Control |
|
|
|
|
|
A.23.1 |
|
Develop and provide security processes, controls, facilities, equipment and software to meet Customer physical security policies, standards and procedures at Service Provider Locations in accordance with the Security Requirements |
|
X |
|
|
|
A.23.2 |
|
Comply with Customer’s physical security requirements for facilities under Customer’s control |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
A.23.3 |
|
Perform physical security functions in compliance with Customer’s policies and standards for facilities under the Service Provider’s control in accordance with the Security Requirements |
|
X |
|
|
|
A.23.4 |
|
Approve access to Customer facilities |
|
|
|
X |
|
A.23.5 |
|
Grant and terminate access to approved personnel at Service Provider Locations |
|
X |
|
|
|
A.23.6 |
|
Maintain and update security procedures at Service Provider Locations |
|
X |
|
|
|
A.23.7 |
|
Provide, review and approve Security Requirements |
|
|
|
X |
|
A.23.8 |
|
Comply with Third Party contracts on physical security for facilities, and for all assets within Service Provider control |
|
X |
|
|
|
|
|
Logical Security |
|
|
|
|
|
A.24 |
|
Policy and Practices |
|
|
|
|
|
A.24.6 |
|
Participate in a cross-functional security management forum responsible for establishing clear security direction and coordinate the implementation of information security controls. |
|
X |
|
|
|
A.24.7 |
|
Create and maintain the Information Security Policy document(s) |
|
|
|
X |
|
A.24.8 |
|
Execute Customer approved security policies and practices in accordance with the Security Requirements |
|
X |
|
|
|
A.24.9 |
|
Develop and maintain an IT security awareness and training program with respect to the Customer Security Requirements for Service Provider personnel |
|
X |
|
|
|
A.24.10 |
|
Develop and maintain an IT security awareness and training program with respect to the Customer Security Requirements for Customer personnel |
|
|
|
X |
|
A.24.11 |
|
Comply with Customer requirements for documenting, screening Service Provider personnel and following information security roles and responsibilities |
|
X |
|
|
|
A.24.12 |
|
Document and maintain the operating procedures identified in the Security Requirements Exhibit for Service Provider Systems and personnel |
|
X |
|
|
|
A.24.13 |
|
Establish and maintain procedures for handling and storage of information to protect such information from unauthorized disclosure or misuse in accordance with the Agreement |
|
X |
|
|
|
A.24.14 |
|
Protect system documentation from unauthorized access in accordance with the Agreement |
|
X |
|
|
|
A.24.15 |
|
Define security access termination requirements for employees/subcontractors/Service Provider |
|
|
|
X |
|
A.24.16 |
|
Comply with security access termination requirements for employees/subcontractors/Service Provider |
|
X |
|
|
|
A.24.18 |
|
Define PCI compliance architecture |
|
|
|
X |
|
A.25 |
|
Access Control |
|
|
|
|
|
A.25.1.5 |
|
Authorize access based on the access control policy |
|
|
|
X |
|
A.25.1.7 |
|
Create, maintain and implement a formal process for controlling and managing password allocation in compliance with Customer policies for Service Provider Staff |
|
X |
|
|
|
A.25.1.8 |
|
Create, implement and maintain a secure log-on process for all information systems in compliance with the Customer policies for Service Provider staff |
|
X |
|
|
|
A.25.1.10 |
|
Establish and maintain safeguards against unauthorized access, destruction, loss or alteration of data in compliance with Customer policies for Service Provider staff |
|
X |
|
|
|
A.25.1.11 |
|
Monitor access and respond in a timely and appropriate manner to access violations for Service Provider staff |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
A.25.1.12 |
|
Maintain, implement and report on the formal process at regular intervals to review users, access rights in compliance with Customer policies for Service Provider staff |
|
X |
|
|
|
A.25.1.13 |
|
Create a formal process at regular intervals to review users, access rights |
|
|
|
X |
|
A.25.1.14 |
|
Control and manage Customer access and use of privileges based on the access control policy for Service Provider staff |
|
X |
|
|
|
A.25.1.15 |
|
Provide monthly report to Customer indicating compliance with “no undocumented” production IDs within the application development teams for Service Provider staff |
|
X |
|
|
|
A.25.1.16 |
|
Maintain an auditable process for emergency access to production data for Service Provider staff |
|
X |
|
|
|
A.25.2 |
|
Ensure separation of duties per agreed process for emergency ID check-in and check-out for Service Provider staff |
|
X |
|
|
|
A.25.3 |
|
Establish and maintain procedures to ensure IDs have expiring passwords as required by the Security Requirements for Service Provider staff |
|
X |
|
|
|
A.26 |
|
Audit and Vulnerability Assessment |
|
|
|
|
|
A.26.2 |
|
Review results and recommendations and provide direction |
|
|
|
X |
|
A.26.3 |
|
Respond to all security audit requests |
|
X |
|
|
|
A.26.4 |
|
Cooperate and assist with security tests |
|
X |
|
|
|
A.26.5 |
|
Report security violations |
|
X |
|
|
|
A.26.7 |
|
Perform penetration testing |
|
|
|
X |
|
A.26.8 |
|
Cooperate with penetration testing |
|
X |
|
|
|
A.28 |
|
Electronic Intrusion Protection |
|
|
|
|
|
A.28.11 |
|
Follow the change management process for all changes to the environment |
|
X |
|
|
|
A.28.12 |
|
Isolate and recover infected systems per guidelines approved by Customer |
|
X |
|
|
|
B.1.7 |
|
Assist Customer in creating and implementing policies and guidelines to control the business and security risks associated with electronic office systems |
|
X |
|
|
|
B.1.8 |
|
Enable “time-out” features on end-user systems to lock access and prevent viewing of sensitive information when left unattended |
|
X |
|
|
|
B.1.9 |
|
Create, implement and maintain restricted access to system utilities that might compromise access to confidential information |
|
X |
|
|
|
B.1.10 |
|
Ensure all system clocks are synchronized for accurate recording |
|
|
|
X |
|
B.1.15 |
|
Follow testing requirements for new technology introduced into the production environment as applicable |
|
X |
|
|
|
B.1.16 |
|
Provide requirements for UAT of regulated devices |
|
|
|
X |
|
B.1.17 |
|
Plan for and support application compatibility testing of new technology roll-outs |
|
X |
|
|
|
B.2 |
|
User Support |
|
|
|
|
|
B.2.2 |
|
Provide level 2 and level 3 support for authorized local and remote users of the Customer Business Applications including phone support |
|
X |
|
|
|
B.6 |
|
Help Desk Support |
|
|
|
|
|
B.6.5 |
|
Provide levels 2 and 3 problem resolution for the Customer Business Applications |
|
X |
|
|
|
B.7 |
|
Problem Management for Applications in Schedule C |
|
|
|
|
|
B.7.1 |
|
Manage, resolve and integrate reported levels 2 and 3 problems with the Customer Business Applications across all platforms including crisis problem management (problems may be reported by end-users, consumers or support staff) |
|
X |
|
|
|
B.7.2 |
|
Track, report, resolve and document production problems |
|
X |
|
|
|
B.7.3 |
|
Categorize and document relative importance of each problem according to defined severity levels, associated service, Customer group, location, regulatory compliance and problem type |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
B.7.4 |
|
Regularly publish summaries of problems by category, including response, closure and consumer satisfaction metrics |
|
X |
|
|
|
B.7.9 |
|
Prioritize high-impact applications, software and equipment such that, when outages occur, they are treated with highest priority |
|
|
|
X |
|
B.7.10 |
|
Address problems in accordance with established priorities |
|
X |
|
|
|
B.7.11 |
|
Maintain escalation management plan that specifies when and to whom within Customer notification will be made based on severity of and elapsed time from outage/service degradation |
|
X |
|
|
|
B.7.12 |
|
Communicate service outages and degradations to all relevant parties through the escalation management plan |
|
X |
|
|
|
B.7.13 |
|
Provide prompt notification to Customer of system outages on critical systems and service degradations, service disruption symptoms and causes, estimated time and methods to restore service, estimated time and methods to resolve |
|
X |
|
|
|
B.7.14 |
|
Perform root cause analysis and identify and implement preventative measures as approved by Customer |
|
X |
|
|
|
B.7.15 |
|
Validate closure of incidents with Customer consumers or Customers |
|
X |
|
|
|
B.7.16 |
|
Track and report any backlog of unresolved problems |
|
X |
|
|
|
B.7.17 |
|
Perform regular, documented quality assurance on problem handling process and associated documentation |
|
X |
|
|
|
B.7.18 |
|
For problems that cannot be resolved, communicate nature of problem, reasons why and obtain Customer approval prior to closing problem |
|
X |
|
|
|
B.7.19 |
|
Provide problem exception reports, regular problem status reports including statistics on total numbers of problems, outstanding problems, resolution time, chronic outages, performance and problem trend analysis |
|
X |
|
|
|
B.8 |
|
Software Support for applications in Schedule C |
|
|
|
|
|
B.8.1 |
|
Provide support for the Customer Business Applications |
|
X |
|
|
|
B.8.3 |
|
Correct software as needed to resolve conflicts and performance issues |
|
X |
|
|
|
B.8.4 |
|
Ensure all software changes are approved via the Change Control Procedures prior to implementation |
|
X |
|
|
|
B.8.5 |
|
Ensure appropriate peer and management reviews occur and are documented |
|
X |
|
|
|
B.8.6 |
|
Maintain software documentation in a central, secure, controlled location |
|
X |
|
|
|
B.8.7 |
|
Maintain master copies of software in a central, secure, controlled location |
|
|
|
X |
|
B.8.8 |
|
Provide maintenance and support for the Customer Business Applications |
|
X |
|
|
|
B.8.9 |
|
Develop and maintain software deployment packages where deployment is automated |
|
|
|
X |
|
B.8.10 |
|
Follow Customer approved testing procedures before implementing software updates and maintain evidence of this activity |
|
X |
|
|
|
B.8.19 |
|
Maintain previous application versions in a stand-by location for quick recovery if an application rollback is needed |
|
X |
|
|
|
D |
|
SERVER MANAGEMENT |
|
|
|
|
|
|
|
Perform for Customer servers (including all AS400, Unix, Linux and Wintel devices not used by a single end user) and associated storage devices utilized by the Customer Business Applications as applicable. |
|
|
|
|
|
D.8 |
|
Technical Support (System Administration) |
|
|
|
|
|
D.8.1 |
|
Provide technical advice and support to Customer Business Applications and maintenance staff |
|
X |
|
|
|
D.8.2 |
|
Participate in configuration management |
|
X |
|
|
|
D.8.6 |
|
Provide level 3 support to help desk and other users |
|
X |
|
|
|
D.8.7 |
|
Define application performance requirements based on the Customer project needs |
|
|
|
X |
|
D.8.9 |
|
Proactively monitor systems for error conditions |
|
X |
|
|
|
D.8.10 |
|
Execute error correction, problem tracking and reporting |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
D.8.11 |
|
Create, implement and maintain restricted access to system utilities that might compromise access to confidential information in accordance with the Security Requirements |
|
X |
|
|
|
D.8.12 |
|
Administer subsystems: Enterprise Application Integration (EAI), adapters, scheduling engine, information brokers |
|
X |
|
|
|
D.8.13 |
|
Perform environment maintenance |
|
X |
|
|
|
D.9 |
|
Middleware Support for applications in Schedule C |
|
|
|
|
|
D.9.1 |
|
Configure middleware software used by the Customer Business Applications |
|
X |
|
|
|
D.9.2 |
|
Design and implement application directory |
|
X |
|
|
|
D.9.6 |
|
Install and verify application code |
|
X |
|
|
|
D.9.7 |
|
Resolve or coordinate the resolution of middleware problems |
|
X |
|
|
|
D.9.9 |
|
Provide troubleshooting/problem determination |
|
X |
|
|
|
D.9.10 |
|
Install middleware upgrades/patches/service packs, including identifying new patches |
|
|
|
X |
|
D.9.12 |
|
Make middleware software configuration changes |
|
X |
|
|
|
D.9.13 |
|
Manage logging files, including rotation, pruning and archiving of middleware software |
|
|
|
X |
|
D.9.14 |
|
Perform applicable performance tuning for middleware software |
|
X |
|
|
|
D.9.15 |
|
Interface with middleware software product support |
|
X |
|
|
|
D.9.17 |
|
Perform testing on middleware installations |
|
X |
|
|
|
E |
|
APPLICATION DEVELOPMENT & MAINTENANCE & ENHANCEMENTS |
|
|
|
|
|
|
|
Service Provider shall perform the following Application Development and Maintenance activities for the Customer Business Applications. |
|
|
|
|
|
|
|
Planning, Analysis and Design |
|
|
|
|
|
E.1 |
|
Planning Phase |
|
|
|
|
|
E.1.1 |
|
Provide Customer business requirements to Service Provider |
|
|
|
X |
|
E.1.2 |
|
Analyze business requirements |
|
X |
|
|
|
E.1.3 |
|
Propose high-level business, technical solutions and alternatives |
|
X |
|
|
|
E.1.4 |
|
Develop functional specifications and high-level data requirements |
|
|
|
X |
|
E.1.5 |
|
Facilitate communication between project team and business sponsor regarding requirements |
|
|
|
X |
|
E.1.6 |
|
Review and approve functional specifications and high-level data requirements |
|
|
|
X |
|
E.1.7 |
|
Define system requirements with approval from Customer in each of the sub-tasks: |
|
|
|
|
|
E.1.8 |
|
Develop requirements management plan |
|
X |
|
|
|
E.1.9 |
|
Detail the software requirements |
|
X |
|
|
|
E.1.10 |
|
Detail the number of Third Party software licenses required and associated costs |
|
X |
|
|
|
E.1.11 |
|
Determine regulatory status of system (is it regulated?) |
|
|
|
X |
|
E.1.12 |
|
Develop IT infrastructure requirements |
|
X |
|
|
|
E.1.13 |
|
Detail the hardware required and associated costs |
|
X |
|
|
|
E.1.14 |
|
Detail Premium Resource costs for development and maintenance |
|
X |
|
|
|
E.1.15 |
|
Ensure technology alignment with strategies |
|
X |
|
|
|
E.1.16 |
|
Define initial interfaces requirements |
|
X |
|
|
|
E.1.17 |
|
Define data architectures requirements |
|
X |
|
|
|
E.1.18 |
|
Define data security and control requirements |
|
X |
|
|
|
E.1.19 |
|
Define data distribution requirements |
|
X |
|
|
|
E.1.20 |
|
Define storage requirements (including backup and recovery) |
|
X |
|
|
|
E.1.21 |
|
Define technology architecture requirements |
|
X |
|
|
|
E.1.22 |
|
Define production capacity and performance requirements |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
E.1.23 |
|
Define integration requirements, including legacy environments |
|
X |
|
|
|
E.1.24 |
|
Define baseline performance requirements |
|
X |
|
|
|
E.1.25 |
|
Define production facility requirements |
|
X |
|
|
|
E.1.26 |
|
Define production consumable |
|
X |
|
|
|
E.1.27 |
|
Define Customer resource requirements |
|
X |
|
|
|
E.1.28 |
|
Define security and control requirements |
|
X |
|
|
|
E.1.29 |
|
Define communication network resource requirements |
|
X |
|
|
|
E.1.30 |
|
Define other infrastructure requirements |
|
X |
|
|
|
E.1.31 |
|
Define monitoring requirements |
|
X |
|
|
|
E.1.32 |
|
Define reporting requirements |
|
X |
|
|
|
E.1.33 |
|
Develop requirements traceability matrix |
|
X |
|
|
|
E.1.34 |
|
Review and approve requirements |
|
|
|
X |
|
E.1.35 |
|
Conduct legacy systems impact analysis |
|
X |
|
|
|
E.1.36 |
|
Perform feasibility study; prepare statements of work estimating time, effort and costs for new development |
|
X |
|
|
|
E.1.37 |
|
Develop project plan with return on investment (ROI)/economic value added (EVA); set up project timeline and milestones. |
|
X |
|
|
|
E.1.38 |
|
Review and approve project plans with ROI/EVA |
|
|
|
X |
|
E.1.39 |
|
Identify appropriate mitigations for identified risks and assess residual risk and ensure it is acceptable |
|
X |
|
|
|
E.1.40 |
|
Review and approve risk assessment to date |
|
|
|
X |
|
E.1.41 |
|
Develop training requirements |
|
X |
|
|
|
E.1.42 |
|
Review and approve training requirements |
|
|
|
X |
|
E.1.43 |
|
Prioritize development requests |
|
|
|
X |
|
E.1.44 |
|
Set and approve priorities |
|
|
|
X |
|
E.1.45 |
|
Develop quality plan |
|
X |
|
|
|
E.1.46 |
|
Review and approve quality plan |
|
|
|
X |
|
E.1.47 |
|
Allocate Service Provider resources to perform work |
|
X |
|
|
|
E.2 |
|
Analysis Phase |
|
|
|
|
|
E.2.1.1 |
|
Develop the analysis schedule, describe each session’s objectives and determine participants |
|
X |
|
|
|
E.2.1.2 |
|
Conduct detailed analysis sessions; drill down on solutions and resolve open issues |
|
X |
|
|
|
E.2.1.3 |
|
Develop detailed analysis documents using approved processes |
|
X |
|
|
|
E.2.1.4 |
|
Facilitate final analysis consensus meetings and sign-off with Customer project personnel |
|
X |
|
|
|
E.2.1.5 |
|
Accept Customer business requirements |
|
X |
|
|
|
E.2.1.6 |
|
Update risk assessment |
|
X |
|
|
|
E.2.1.7 |
|
Identify appropriate mitigations for newly identified and modified risks and assess residual risk and ensure mitigation plan is acceptable |
|
X |
|
|
|
E.2.1.8 |
|
Review and approve risk assessment and mitigation plans to date |
|
|
|
X |
|
E.2.1.9 |
|
Update the development of the traceability matrix |
|
X |
|
|
|
E.2.1.10 |
|
Design test cases, prepare test data and create test plan for Customer approval |
|
X |
|
|
|
E.2.1.11 |
|
Create validation plan |
|
X |
|
|
|
E.2.1.12 |
|
Review and approve validation plan |
|
|
|
X |
|
E.3 |
|
Design Phase |
|
|
|
|
|
E.3.1.1 |
|
Develop the design schedule, describe each session’s objectives and determine participants |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
E.3.1.2 |
|
Develop software using approved tools and according to agreed-upon guidelines |
|
X |
|
|
|
E.3.1.3 |
|
Create application designs and propose design alternatives |
|
X |
|
|
|
E.3.1.4 |
|
Provide make/build/reuse analysis |
|
|
|
X |
|
E.3.1.5 |
|
Create technical design |
|
X |
|
|
|
E.3.1.6 |
|
Create the object and data models; develop design documentation using approved tools |
|
X |
|
|
|
E.3.1.7 |
|
Design interfaces and integration points with external applications |
|
X |
|
|
|
E.3.1.8 |
|
Validate data input to application systems to ensure that it is correct and appropriate |
|
X |
|
|
|
E.3.1.9 |
|
Incorporate validation checks into systems to detect any corruption of the data processed |
|
X |
|
|
|
E.3.1.10 |
|
Use message authentication for applications where there is a security requirement to protect the integrity of the message content |
|
X |
|
|
|
E.3.1.11 |
|
Validate data output from an application system to ensure that the processing of stored information is correct and appropriate to the circumstances |
|
X |
|
|
|
E.3.1.12 |
|
Apply encryption to protect the confidentiality of sensitive or critical information, in accordance with the “Customer Security Requirements” Exhibit |
|
X |
|
|
|
E.3.1.13 |
|
Apply digital signatures to protect the authenticity and integrity of electronic information |
|
X |
|
|
|
E.3.1.14 |
|
Create, implement and maintain a management system based on an agreed set of standards, procedures and methods to support the use of cryptographic techniques |
|
X |
|
|
|
E.3.1.15 |
|
Develop system prototypes |
|
X |
|
|
|
E.3.1.16 |
|
Update risk assessment |
|
X |
|
|
|
E.3.1.17 |
|
Identify appropriate mitigations for newly identified and modified risks and assess residual risk and ensure mitigation plan is acceptable |
|
X |
|
|
|
E.3.1.18 |
|
Review and approve risk assessment and mitigation plans to date |
|
|
|
X |
|
E.3.1.19 |
|
Update the development of the traceability matrix |
|
X |
|
|
|
E.3.1.20 |
|
Facilitate design review and consensus sessions with the appropriate business units and project personnel |
|
X |
|
|
|
E.3.1.21 |
|
Review and approve results from design review and consensus sessions |
|
|
|
X |
|
E.4 |
|
Enhancements |
|
|
|
|
|
|
|
Service Provider shall perform the following activities for all Enhancements for the Customer Business Applications and Service Requests. |
|
|
|
|
|
E.4.1 |
|
Create proposals for Service Requests |
|
X |
|
|
|
E.4.2 |
|
Create Service Requests |
|
|
|
X |
|
E.4.3 |
|
Review and approve project proposals for Service Requests |
|
|
|
X |
|
E.4.4 |
|
Monitor, track and report Service Request activity status |
|
X |
|
|
|
E.4.5 |
|
Review and approve Service Request activity status and report deficiencies of service |
|
|
|
X |
|
E.4.6 |
|
Perform post-implementation review and variance analysis and present findings to Customer |
|
X |
|
|
|
E.4.7 |
|
Update risk assessment |
|
X |
|
|
|
E.4.8 |
|
Identify appropriate mitigations for newly identified and modified risks and assess residual risk and ensure mitigation plan is acceptable |
|
X |
|
|
|
E.4.9 |
|
Review and approve risk assessment and mitigation plans to date |
|
|
|
X |
|
E.4.10 |
|
Update the development of the traceability matrix for each Project, Service Request, and Enhancement in accordance with the Procedures Manual |
|
X |
|
|
|
E.4.11 |
|
Create business requirements |
|
|
|
X |
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
E.4.12 |
|
Analyze, design, construct, test and implement approved Enhancements and Projects |
|
X |
|
|
|
E.4.13 |
|
Each proposal estimate must contain any incremental IT costs related to any new or existing Third Party costs related to the Project, but excluding Customer’s internal labor costs |
|
X |
|
|
|
E.4.14 |
|
Participate in post implementation reviews and variance analysis; hold Service Provider accountable for taking corrective action where needed |
|
|
|
X |
|
|
|
Construct and Test |
|
|
|
|
|
E.5 |
|
Construction Phase |
|
|
|
|
|
E.5.1 |
|
Construct application software |
|
X |
|
|
|
E.5.2 |
|
Plan for concurrent development |
|
X |
|
|
|
E.5.3 |
|
Develop user interfaces |
|
X |
|
|
|
E.5.4 |
|
Develop conversion programs |
|
X |
|
|
|
E.5.5 |
|
Develop data interfaces |
|
X |
|
|
|
E.5.6 |
|
Create databases |
|
X |
|
|
|
E.5.7 |
|
Prepare technical documentation |
|
X |
|
|
|
E.5.8 |
|
Perform applications development changes in accordance with the Change Control Procedures |
|
X |
|
|
|
E.5.9 |
|
Review and approve any Service Provider subcontractors in accordance with the Agreement. |
|
|
|
X |
|
E.5.10 |
|
Initiate and execute any subcontracts owned by Service Provider |
|
X |
|
|
|
E.5.11 |
|
Initiate and execute any Third Party vendor agreements |
|
|
|
X |
|
E.5.12 |
|
Provide development support for the build schedules |
|
X |
|
|
|
E.5.13 |
|
Update risk assessment |
|
X |
|
|
|
E.5.14 |
|
Identify appropriate mitigations for newly identified and modified risks and assess residual risk and ensure mitigation plan is acceptable |
|
X |
|
|
|
E.5.15 |
|
Review and approve risk assessment and mitigation plans to date |
|
|
|
X |
|
E.5.16 |
|
Update the development of the traceability matrix |
|
X |
|
|
|
E.5.17 |
|
Perform code/peer reviews |
|
X |
|
|
|
E.5.18 |
|
Create installation qualification and operational qualification plans and scripts |
|
X |
|
|
|
E.5.19 |
|
Execute installation qualification plan |
|
X |
|
|
|
E.5.20 |
|
Log development issues and bugs within a tracking system |
|
X |
|
|
|
E.6 |
|
Development and Test |
|
|
|
|
|
E.6.1 |
|
Provide and implement Customer’s project-specific testing requirements |
|
X |
|
|
|
E.6.2 |
|
Create checklists, test plans and test scripts for each testing phase in accordance with Customer defined requirements |
|
X |
|
|
|
E.6.3 |
|
Identify and set-up appropriate test environments and data (including realistic load simulations) |
|
X |
|
|
|
E.6.4 |
|
Review and approve test plans and test scripts |
|
X |
|
|
|
E.6.5 |
|
Perform unit testing |
|
X |
|
|
|
E.6.6 |
|
Maintain the regression test harness and environment |
|
X |
|
|
|
E.6.7 |
|
Perform functional testing |
|
X |
|
|
|
E.6.8 |
|
Perform integration testing |
|
X |
|
|
|
E.6.9 |
|
Update risk assessment |
|
X |
|
|
|
E.6.10 |
|
Review and approve risk assessment to date |
|
|
|
X |
|
E.6.11 |
|
Update the development of the traceability matrix |
|
X |
|
|
|
E.7 |
|
Testing |
|
|
|
|
|
E.7.1 |
|
Provide and implement Customer’s project-specific testing requirements |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
E.7.2 |
|
Create checklists, test plans and test scripts for each testing phase in accordance with Customer-defined requirements and the Procedures Manual using quality management software tools provided by Service Provider |
|
X |
|
|
|
E.7.3 |
|
Identify and set-up appropriate test environments and data (including realistic load simulations) |
|
X |
|
|
|
E.7.4 |
|
Review and approve test plans and test scripts |
|
|
|
X |
|
E.7.5 |
|
Perform system testing |
|
X |
|
|
|
E.7.6 |
|
Develop, document, and execute testing to mitigate all identified risks and identify and rate residual risks, if any |
|
X |
|
|
|
E.7.7 |
|
Perform security testing when defined as a requirement |
|
X |
|
|
|
E.7.8 |
|
Perform scalability testing when defined as a requirement |
|
X |
|
|
|
E.7.9 |
|
Perform performance testing when defined as a requirement |
|
X |
|
|
|
E.7.10 |
|
Support user acceptance testing |
|
X |
|
|
|
E.7.11 |
|
Perform user acceptance testing |
|
|
|
X |
|
E.7.12 |
|
Develop regression testing script when defined as a requirement |
|
X |
|
|
|
E.7.13 |
|
Perform regression testing when defined as a requirement |
|
X |
|
|
|
E.7.14 |
|
Coordinate and support Customer acceptance testing, including the definition of acceptance criteria for new information systems, upgrades, new versions, and Customer final approval |
|
X |
|
|
|
E.7.15 |
|
For any deviation from the Service Provider-accepted Customer business requirements associated with any change that the Service Provider made, Service Provider will correct defect at no charge to Customer |
|
X |
|
|
|
E.7.16 |
|
Maintain resource accounting (including recording of time) of all rework on Projects, Enhancements, and maintenance |
|
X |
|
|
|
E.7.17 |
|
Provide monthly report to Customer detailing all rework on Projects, Enhancements, and maintenance |
|
X |
|
|
|
E.7.18 |
|
Maintain test facilities and test beds with needed hardware and software versions |
|
|
|
X |
|
E.7.19 |
|
Maintain test scripts, test cases and test data repositories in a protected and controlled environment |
|
X |
|
|
|
E.7.20 |
|
Support process to move from test to production |
|
X |
|
|
|
E.7.21 |
|
Approve changes to production environment through the change management process |
|
X |
|
|
|
E.7.22 |
|
Assist other support groups and Customer in understanding test results |
|
X |
|
|
|
E.7.23 |
|
Provide licenses, systems, and support to deploy and maintain system and application performance testing tools |
|
X |
|
|
|
E.7.24 |
|
Establish separate development and test facilities in order to reduce opportunities for unauthorized modification or misuse of information and services |
|
X |
|
|
|
E.7.25 |
|
Update the traceability matrix |
|
X |
|
|
|
E.7.26 |
|
Create the summary report for all testing activities in accordance with Customer defined requirements and the Procedures Manual |
|
X |
|
|
|
E.7.27 |
|
Review and approve validation plan and summary report |
|
|
|
X |
|
E.8 |
|
Release and Training Support |
|
|
|
|
|
E.8.2 |
|
Support the creation of Customer training material |
|
X |
|
|
|
E.8.6 |
|
Concurrent development — manage sync and merge of branched code |
|
X |
|
|
|
E.8.7 |
|
Resolve conflicts of branched code |
|
X |
|
|
|
E.8.8 |
|
Coordinate release activity, sequence of events with QA and Customer support |
|
X |
|
|
|
E.8.9 |
|
Develop and communicate release deployment plan and roll back plan |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
E.8.10 |
|
Apply data script; migrate report and store procedures; kick-off and monitor batches |
|
X |
|
|
|
E.8.11 |
|
Perform final risk assessment for the release / upgrade and ensure that it is maintained by future releases / upgrades |
|
X |
|
|
|
E.8.12 |
|
Mitigate all identified risks and validate acceptance of any residual risks |
|
X |
|
|
|
E.8.13 |
|
Complete the traceability matrices (functional design x system test, requirements specification x user acceptance test) |
|
X |
|
|
|
E.8.14 |
|
Manage schema; refresh testing data |
|
X |
|
|
|
E.8.15 |
|
Review and acceptance of final residual risk assessment and authorize release |
|
|
|
X |
|
E.9 |
|
Project Management |
|
|
|
|
|
|
|
Service Provider shall perform the following activities for all Enhancements and Projects for the Customer Business Applications. |
|
|
|
|
|
E.9.1 |
|
Manage Enhancements consistent with industry accepted methodology as approved by Customer |
|
X |
|
|
|
E.9.2 |
|
Define initial scope and objectives |
|
|
|
X |
|
E.9.3 |
|
Approve initial scope and objectives |
|
|
|
X |
|
E.9.5 |
|
Propose solution and analyze alternatives |
|
X |
|
|
|
E.9.6 |
|
Conduct and participate in brainstorming session to identify various solution options |
|
X |
|
|
|
E.9.7 |
|
Ensure alignment of preferred solution with IT strategic direction |
|
|
|
X |
|
E.9.8 |
|
Identify all impacted business areas |
|
|
|
X |
|
E.9.9 |
|
Develop implementation and transition strategies and plans |
|
X |
|
|
|
E.9.10 |
|
Review and approve transition strategies and plans; insure alignment with Customer strategic direction |
|
|
|
X |
|
E.9.11 |
|
Develop data migration strategies and plans |
|
X |
|
|
|
E.9.12 |
|
Review and approve data migration strategies and plans |
|
|
|
X |
|
E.9.13 |
|
Develop report migration strategies and plans; report plans to Customer for final approval |
|
X |
|
|
|
E.9.14 |
|
Develop contingency plans to include back-out procedures, notification and escalation lists, work around plans, affected resources and risk assessments |
|
X |
|
|
|
E.9.15 |
|
Review and approve contingency plans, notification and escalation lists |
|
|
|
X |
|
E.9.19 |
|
Supply Third Party software developers with interface requirements and application source code, with Customer prior written consent |
|
X |
|
|
|
E.9.20 |
|
Assist Third Party software developers with interface testing |
|
X |
|
|
|
E.9.21 |
|
Review and coordinate implementation of Third Party software used for application development |
|
X |
|
|
|
E.9.22 |
|
Accept Third Party software in accordance with Customer guidelines and Customer standard operating environment |
|
X |
|
|
|
E.9.23 |
|
Develop, maintain, monitor and publish development schedule using project management software tools provided by Service Provider |
|
X |
|
|
|
E.9.24 |
|
Track and report development status using project management software tools provided by Service Provider |
|
X |
|
|
|
E.9.25 |
|
Manage task time reporting - update plan with actuals and report variances using project management software tools provided by Service Provider |
|
X |
|
|
|
E.9.26 |
|
Approve development and implementation schedule |
|
|
|
X |
|
E.9.27 |
|
Review and approve change management process and review change management documents |
|
|
|
X |
|
E.9.28 |
|
Perform deliverable change management |
|
X |
|
|
|
E.9.29 |
|
Assess business and technology risk and recommend modifications to projects accordingly. Report plans to Customer for final approval |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
E.9.30 |
|
Review and approve identified business and technology risk and the modifications to projects |
|
|
|
X |
|
E.9.31 |
|
Maintain system change request process |
|
X |
|
|
|
E.9.36 |
|
Respond to internal and external audit requests from Customer |
|
X |
|
|
|
E.9.37 |
|
Manage day to day project performance |
|
X |
|
|
|
E.9.38 |
|
Monitor overall project performance |
|
|
|
X |
|
E.9.39 |
|
Develop and maintain application documentation |
|
X |
|
|
|
E.9.40 |
|
Develop and maintain requirements documentation |
|
|
|
X |
|
E.9.41 |
|
Establish and conduct status meetings |
|
X |
|
|
|
E.9.42 |
|
Lead development activities |
|
X |
|
|
|
E.9.43 |
|
Prepare, manage and track project budget including variances |
|
X |
|
|
|
E.9.44 |
|
Assist in resolution of project issues |
|
X |
|
|
|
E.9.45 |
|
Report status and issues to management, sponsors and stakeholders |
|
X |
|
|
|
E.9.46 |
|
Ensure a communication plan is developed, maintained, and followed |
|
|
|
X |
|
E.9.47 |
|
Provide solution implementation schedule |
|
X |
|
|
|
E.9.48 |
|
Identify major phases of the proposed solution |
|
X |
|
|
|
E.9.49 |
|
Identify dependencies and timing for each phase |
|
X |
|
|
|
E.9.50 |
|
Report project resource/staffing requirements |
|
X |
|
|
|
E.9.51 |
|
Quantify resources and effort required (internal and external) for all business units |
|
X |
|
|
|
E.9.52 |
|
Estimate total project duration |
|
X |
|
|
|
E.9.53 |
|
Develop a cost description |
|
X |
|
|
|
E.9.54 |
|
Calculate total development and lifecycle costs |
|
X |
|
|
|
E.9.55 |
|
Review project solution costing in costing meeting |
|
X |
|
|
|
E.9.56 |
|
Assess and identify technical risks |
|
X |
|
|
|
E.9.57 |
|
Identify key business risks for doing and not doing projects |
|
|
|
X |
|
E.9.58 |
|
Develop initial mitigation plan for risk identified |
|
X |
|
|
|
E.9.61 |
|
Provide data conversion as necessary |
|
X |
|
|
|
E.9.62 |
|
Coordinate and support Customer user acceptance testing |
|
X |
|
|
|
E.9.63 |
|
Make available users for testing |
|
|
|
X |
|
E.10 |
|
Problem Management for applications in Schedule C |
|
|
|
|
|
E.10.1 |
|
Create, implement and maintain a process for managing application defects/failures and user reported problems to closure |
|
X |
|
|
|
E.10.2 |
|
Perform problem identification and resolution. Develop short—term work-arounds as feasible |
|
X |
|
|
|
E.10.3 |
|
Perform root cause analysis and identify and implement preventative measures for high-impact applications, software and equipment |
|
X |
|
|
|
E.10.4 |
|
Communicate root cause, work around or process improvement plan to business Customers |
|
|
|
X |
|
E.10.5 |
|
Develop, test and deploy application, database, or systems corrections to known or anticipated problems consistent with the problem management activities |
|
X |
|
|
|
E.10.6 |
|
Implement resulting process improvements |
|
X |
|
|
|
E.10.7 |
|
Provide Level 3 support for applications |
|
X |
|
|
|
E.10.8 |
|
Provide Level 3 support to Service Desk and other users |
|
X |
|
|
|
E.10.9 |
|
Support continuous process improvement by documenting problems and lessons learned for future improvement and provide to Customer. Provide continuous improvement recommendations to Customer quarterly. |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
E.10.10 |
|
Complete emergency fix of application failures and user reported problems. Deploy application, database, or systems corrections to emergency problems in a controlled process. Communicate with Customer’s business units regarding same. |
|
X |
|
|
|
E.11 |
|
Application Maintenance and Reporting |
|
|
|
|
|
E.11.1 |
|
Create, implement and maintain a process to manage requests for new requirements to existing applications, databases or systems from Customer business units |
|
|
|
X |
|
E.11.2 |
|
Develop, test and deploy planned releases to application and/or system enhancements in a controlled process |
|
X |
|
|
|
E.11.3 |
|
Develop and apply database, application code or operational modifications to correct problems |
|
X |
|
|
|
E.11.4 |
|
Respond to reported problems and Service Requests providing resolution on problem tickets and completing work in support of Service Requests |
|
X |
|
|
|
E.11.5 |
|
Perform software maintenance in support of break/fix, emergency, preventative, Customer Compliance Directives, “Customer Security Requirements” Exhibit, ad hoc and minor enhancements |
|
X |
|
|
|
E.11.6 |
|
Perform and document root cause analysis and implement corrections not requiring software development or enhancement |
|
X |
|
|
|
E.11.7 |
|
Review and approve root cause analysis and correction plans |
|
|
|
X |
|
E.11.8 |
|
Maintain list of Customer Business Application (including modules) within measurement tool used for Service Level performance measurements to allow for consistent reporting |
|
X |
|
|
|
E.11.9 |
|
Notify Third Party vendors of defects as needed |
|
X |
|
|
|
E.11.10 |
|
Coordinate corrections with other production and development activities |
|
X |
|
|
|
E.11.11 |
|
Perform ad-hoc reporting and manage associated request process |
|
X |
|
|
|
E.11.12 |
|
Review and approve ad-hoc reports and associated requests |
|
|
|
X |
|
E.11.13 |
|
Apply patches and service packs and minor release upgrades for package software, including identifying new patches and obtaining approval for implementation from the Customer. |
|
X |
|
|
|
E.11.14 |
|
Maintain application technical documentation |
|
X |
|
|
|
E.11.15 |
|
Maintain application functional documentation |
|
X |
|
|
|
E.11.16 |
|
For Customer Business Applications, create relationships between applications, servers, databases, assets, and licenses, contracts, and renewals and update the Procedures Manual to reflect any changes |
|
X |
|
|
|
E.11.17 |
|
For Customer Business Applications, as changes are made by Service Provider, update relationships between applications, servers, databases, assets, licenses and, for hardware, the associated contracts and renewals |
|
X |
|
|
|
E.11.18 |
|
Provide assistance and documentation to Third Party vendors as required |
|
X |
|
|
|
E.11.19 |
|
Perform production simulation in production like schemas to proactively identify issues |
|
X |
|
|
|
E.11.20 |
|
Review daily exception reports and interpret results for Customer |
|
X |
|
|
|
E.11.21 |
|
Research and respond to data information reporting requirements for “what if” and ad hoc scenarios for users to understand outcomes of a potential business action or business alternatives |
|
X |
|
|
|
E.11.22 |
|
Develop test suite as a tool for Customers to test new business scenarios |
|
X |
|
|
|
E.11.23 |
|
Post special documents and notices to Customer internal website |
|
X |
|
|
|
E.11.24 |
|
Perform batch and control-message broker support and maintenance |
|
X |
|
|
|
E.11.25 |
|
Provide business units with systems support and perform maintenance activities as defined by the systems’ owner; activities could include configuration management and table updates |
|
X |
|
|
|
|
|
|
|
Responsible Party | ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
E.11.26 |
|
Develop, test and deploy planned releases to the EAI/messaging infrastructure |
|
X |
|
|
|
E.11.27 |
|
Perform, monitor and report system usages and metrics |
|
X |
|
|
|
E.11.28 |
|
Provide training/certification revisions as needed |
|
X |
|
|
|
E.11.30 |
|
Maintain application portfolio database |
|
|
|
X |
|
E.11.31 |
|
Maintain application and administration roles and responsibilities |
|
X |
|
|
|
E.11.32 |
|
Maintain product stakeholder map |
|
|
|
X |
|
E.11.33 |
|
Notify business partner of potential maintenance/support/enhancement projects |
|
|
|
X |
|
E.11.34 |
|
Maintain log of requested changes for future maintenance release |
|
X |
|
|
|
E.11.35 |
|
Conduct regular product status meetings with Customer |
|
X |
|
|
|
E.12 |
|
Methodologies, Tools and Practices |
|
|
|
|
|
E.12.1 |
|
Install and monitor source code control tools |
|
X |
|
|
|
E.12.2 |
|
Install and monitor project planning tools and methods |
|
X |
|
|
|
E.12.3 |
|
Manage defect and enhancement life cycle; document detailed solutions through problem database |
|
X |
|
|
|
E.12.4 |
|
Create, implement and maintain the software change control process |
|
X |
|
|
|
E.12.5 |
|
Maintain application inventory with cross references to supporting systems, databases and networks |
|
X |
|
|
|
E.12.6 |
|
Review and approve application inventory lists |
|
|
|
X |
|
E.12.7 |
|
Maintain multiple testing environments as defined by the change control process |
|
X |
|
|
|
E.12.8 |
|
Participate in the development of strategic framework built around industry quality management standards (for example: ISO, CMMi, ITIL) |
|
X |
|
|
|
E.13 |
|
Application Source Code Security |
|
|
|
|
|
E.13.1 |
|
Install and maintain source control software in a strictly controlled environment as approved by Customer |
|
X |
|
|
|
E.13.2 |
|
Monitor and restrict access to source code and data |
|
X |
|
|
|
E.13.3 |
|
Perform source code audits |
|
X |
|
|
|
E.13.4 |
|
Review results and action plans from source code audits |
|
|
|
X |
|
E.14 |
|
Logical Database Administration (DBA) Support |
|
|
|
|
|
E.14.1 |
|
Provide logical design and translate into physical designs |
|
|
|
X |
|
E.14.2 |
|
Develop data models |
|
X |
|
|
|
E.14.3 |
|
Maintain data dictionary |
|
X |
|
|
|
E.14.4 |
|
Provide database support |
|
|
|
X |
|
E.15 |
|
Application Disaster Recovery |
|
|
|
|
|
E.15.1 |
|
Implement data retention periods and develop data recovery plan; update as new applications are developed or enhanced. Participate in project management checkpoints through the steady state disaster recovery coordinator. |
|
X |
|
|
|
E.15.2 |
|
Participate in the creation of data retention periods, recovery plans and updates as applications are developed or enhanced. Review and approve final plans for compliance with Customer standards |
|
|
|
X |
|
E.15.3 |
|
Develop and keep current list of mission critical applications in the application portfolio |
|
X |
|
|
|
E.15.4 |
|
Approve the mission critical application list |
|
|
|
X |
|
E.15.5 |
|
Implement and maintain recovery plans and data retention periods as business needs change in accordance with the Agreement |
|
X |
|
|
|
E.15.6 |
|
Review and approve final plans for compliance with business requirements and approval by business leads |
|
|
|
X |
|
|
|
|
|
Responsible Party |
| ||
|
I.D. |
|
Activity/Task |
|
Service |
|
Customer |
|
|
E.15.7 |
|
Perform application recovery testing at agreed intervals |
|
X |
|
|
|
|
E.15.8 |
|
Review and approve application recovery test plans |
|
|
|
X |
|
|
E.15.9 |
|
Create and execute data archiving strategies consistent with system performance, reliability in accordance with the Agreement |
|
X |
|
|
|
|
E.17 |
|
BI Administration |
|
|
|
|
|
|
|
|
Provide technical support for BI Tools (3rd-tier complex application knowledge) |
|
X |
|
|
|
|
|
|
Develop contingency plans to include back-out procedures, notification and escalation lists, work around plans, affected resources and risk assessments |
|
X |
|
|
|
|
E.18 |
|
When requested by Customer, Service Provider will assist the bid out of Application Enhancements or New Features |
|
|
|
|
|
|
E.18.1 |
|
Declare intent to bid-out an application enhancement or new feature and inform Service Provider |
|
|
|
X |
|
|
E.18.2 |
|
Determine business requirements |
|
|
|
X |
|
|
E.18.3 |
|
If requested, Service Provider will provide business requirement input based on existing application architecture and environment |
|
X |
|
|
|
|
E.18.4 |
|
If requested, Service Provider will provide input on detailed requirements, high-level design, low-level design, and test plan |
|
X |
|
|
|
|
E.18.5 |
|
Create a configuration management plan with the bid-out vendor so that the bid-out changes will integrate with the existing application |
|
X |
|
|
|
|
E.18.6 |
|
Develop and execute a project plan to deliver the enhancement or new feature |
|
|
|
X |
|
|
E.18.7 |
|
If requested, maintain development and test environment to enable Customer or bid-out vendor to perform coding and unit testing for the new system in the development environment administered by Service Provider |
|
X |
|
|
|
|
E.18.8 |
|
If requested, Service Provider will assist in the System Integration and Performance tests |
|
X |
|
|
|
|
E.18.9 |
|
Approve the application to move to UAT |
|
|
|
X |
|
|
E.18.10 |
|
Perform the UAT on the new application. Bid-out vendor will fix any defects encountered in the various tests until Customer approval is given |
|
|
|
X |
|
|
E.18.11 |
|
Provide support to Service Provider for KT and other support requirements for the turnover of the developed application to maintenance |
|
|
|
X |
|
|
E.18.12 |
|
Move application to production in accordance with the Change Control Procedures |
|
X |
|
|
|
|
E.18.13 |
|
Ensure that bid-out vendor is available during first 90 days post-production in accordance with the Customer-agreed procedures |
|
|
|
X |
|
|
E.18.14 |
|
The bid-out application will become a Customer Business Application as specified in the Procedures Manual and Service Provider will update the Customer Business Application list as applicable and thereafter Service Provider must perform all Services with respect to such new or enhanced Customer Business Application |
|
X |
|
|
|
Attachment 3: Customer Business Applications
Service Provider shall maintain all of the Customer Business Applications set forth on this Attachment 3 and ensure that the Customer Business Applications are available for use by Customer at all times. Customer may update this Attachment 3 from time to time to reflect changes in the Customer Business Applications portfolio in accordance with the Change Control Procedures. Service Provider shall manage the provision of maintenance under any Third Party Agreements and shall use its commercially reasonable efforts to perform break/fix, patch management and other routine maintenance tasks necessary to maintain the continued functionality and operation of all the Customer Business Applications and their associated interfaces, in accordance with the software’s specifications. The System Availability Requirements for each one of the Customer Business Applications below is “7 × 24” and each one of the Customer Business Applications below is “Tier 1.”
[***]
Attachment 4: TD No. 1 Schedules that Apply to this Project Work Order
|
TD NO. 1 SCHEDULE |
|
APPLIES TO THIS |
|
|
Schedule A: Definitions |
|
YES |
|
|
Schedule B: Services Description |
|
YES |
|
|
Schedule B-1: Statement of Work |
|
YES |
|
|
Schedule B-2: Customer Business Applications |
|
NO |
|
|
Schedule C: Key Personnel Provisions |
|
NO |
|
|
Schedule C-1: Knowledge Worker Provisions |
|
NO |
|
|
Schedule C-1-1: Job Role Skill Set / Service |
|
NO |
|
|
Schedule C-2: List of Key Personnel |
|
NO |
|
|
Schedule D: Service Level Agreement |
|
NO |
|
|
Schedule D-1: Service Level Methodology |
|
YES |
|
|
Schedule D-2: Service Level Matrix |
|
YES |
|
|
Schedule D-3: Critical Services |
|
YES |
|
|
Schedule E: Charges |
|
NO |
|
|
Schedule E-1: Pricing Methodology |
|
NO |
|
|
Schedule E-2: Critical Transition Milestone |
|
NO |
|
|
Schedule E-3: Monthly Base Charges/ARC-RRC |
|
NO |
|
|
Schedule E-4: Reserved |
|
NO |
|
|
Schedule E-5, Reserved |
|
NO |
|
|
Schedule E-6: Project Rates |
|
NO |
|
|
Schedule E-7: Resource Unit Definitions |
|
NO |
|
|
Schedule E-8: Financial Responsibility Matrix |
|
NO |
|
|
Schedule E-9: Termination Fees |
|
NO |
|
|
Schedule E-10: Form of Invoice |
|
NO |
|
|
Schedule F: Transition and Transformation Plan |
|
NO |
|
|
Schedule F-1: Transformation and Transition |
|
NO |
|
|
Schedule F-2: High Level Plan |
|
NO |
|
|
Schedule F-3: Transition Critical Milestones |
|
NO |
|
|
Schedule F-4: Reserved |
|
NO |
|
|
Schedule F-5: Re-Solution Milestones |
|
NO |
|
|
Schedules F-5-1, F-5-2, F-5-3, F-5-4, F-5-5, F-5-6, F-5-7, and F-5-8 |
|
NO |
|
|
Schedule G: Customer Software |
|
YES |
|
|
Schedule H: Service Provider Software |
|
YES |
|
|
Schedule I: Deviations |
|
YES |
|
|
Schedule J: Reports |
|
YES |
|
|
Schedule J-1: Standard Reports |
|
YES |
|
|
Schedule K: List of Approved Benchmarkers |
|
YES |
|
|
Schedule L: Technical Architecture Standards |
|
YES |
|
|
Schedule M: Disaster Recovery Requirements |
|
NO |
|
|
Schedules M-1, M-1-a, M-1-b |
|
NO |
|
|
Schedules M-2-a, M-2-b, M-2-c |
|
NO |
|
|
Schedule M-3 |
|
NO |
|
|
Schedules M-4-a, M-4-b, M-4-c |
|
NO |
|
|
Schedules M-5, M-6, M-7, M-8, M-9, M-10, and M-11 |
|
NO |
|
|
Schedules M-12-a and M-12-b |
|
NO |
|
|
Schedule N: Termination Assistance Services |
|
YES |
|
|
Schedule O: Projects |
|
NO |
|
|
Schedule P: Reserved |
|
NO |
|
|
Schedule Q: Locations |
|
YES |
|
|
Schedule R: Commercially Unavailable Service Provider Tools |
|
NO |
|
|
Schedule S: Customer Facilities |
|
YES |
|
|
Schedule T: Approved Subcontractors |
|
NO |
|