VIRTUSA CORP - FORM 10-K - EX-10.43

Attached files

file	filename
EX-32.2 - EX-32.2 - VIRTUSA CORP	a2224790zex-32_2.htm
EX-23.1 - EX-23.1 - VIRTUSA CORP	a2224790zex-23_1.htm
EX-21.1 - EX-21.1 - VIRTUSA CORP	a2224790zex-21_1.htm
EX-32.1 - EX-32.1 - VIRTUSA CORP	a2224790zex-32_1.htm
EXCEL - IDEA: XBRL DOCUMENT - VIRTUSA CORP	Financial_Report.xls
10-K - 10-K - VIRTUSA CORP	a2224790z10-k.htm
EX-31.1 - EX-31.1 - VIRTUSA CORP	a2224790zex-31_1.htm
EX-31.2 - EX-31.2 - VIRTUSA CORP	a2224790zex-31_2.htm
EX-10.44 - EX-10.44 - VIRTUSA CORP	a2224790zex-10_44.htm
EX-10.40 - EX-10.40 - VIRTUSA CORP	a2224790zex-10_40.htm

Exhibit 10.43

PORTIONS OF THIS EXHIBIT WERE OMITTED AND HAVE BEEN FILED SEPARATELY WITH THE SECRETARY OF THE COMMISSION PURSUANT TO AN APPLICATION FOR CONFIDENTIAL TREATMENT UNDER RULE 24B-2 OF THE SECURITIES EXCHANGE ACT; [***] DENOTES OMISSIONS

AIG PROCUREMENT SERVICES, INC.

MASTER PROFESSIONAL SERVICES AGREEMENT FOR APPLICATION DEVELOPMENT AND MAINTENANCE SERVICES

Table of Contents

1.	Engagement of Services		4
1.1.		Statement (s) of Work	4
1.2.		Performance of Services	5
1.3.		Performance	10
1.4.		Service Fees and Other Charges	11
1.5.		Changes in Scope	14
1.6.		Invoicing	15
2.	Independent Contractor		18
3.	Acceptance		18
4.	Disaster Recovery; Business Continuity		19
5.	Third Party Software		19
6.	Intellectual Property Rights		20
6.1.		Ownership	20
6.2.		Work Product	20
6.3.		Vendor License to Use Work Product	22
6.4.		Customer Data	22
6.5.		Vendor Proprietary Information	22
7.	Audit		23
7.1.		Books and Records	23
7.2.		Notice, Timing and Conduct of Audits	24
7.3.		Performance Audits	24
7.4.		Financial Audits	24
7.5.		SSAE 16 Type II Reports	25
7.6.		Vendor Reports	25
7.7.		Cost of Audit	26
7.8.		Compliance	26
7.9.		Federal Regulatory Audits	26
8.	Representations and Warranties; Disclaimer		26
8.1.		Vendor Representations and Warranties	26
8.2.		Customer Representations and Warranties	30
8.3.		Disclaimer	30
8.4.		Foreign Corrupt Practices Act	30
9.	Term/Termination		31
9.1.		Term	31
9.2.		Termination	31
9.3.		Effect of Expiration or Termination	32
9.4.		Extension of Termination Effective Date	33
9.5.		Survival	33
9.6.		Termination Assistance	33
10.	Non-Solicitation		35
11.	Limitation of Liability		35
12.	Indemnity		35

13.	Confidentiality		37
13.1.		Confidential Information	37
13.2.		Exclusions	38
13.3.		Restrictions on Use and Disclosure	38
13.4.		Vendor Personnel	39
13.5.		No Implied Rights	39
13.6.		Survival	39
14.	Client Data		39
14.1.		Generally	39
14.2.		Vendor Covenants With Respect to Client Data	40
14.3.		Safeguards	40
14.4.		Injunctive Relief for Unauthorized Access to, Use or Disclosure of Client Data	41
14.5.		Cross Border Transfer of Client Data	41
15.	Insurance		42
15.1.		Coverage	42
15.2.		Insurance Companies	43
15.3.		Non-Limitation of Insurance	44
15.4.		Contravention of Insurance	44
15.5.		Evidence of Insurance	44
16.	Excusable Delay (Force Majeure)		44
17.	Vendor Subcontractors and Access Consultants		45
17.1.		Subcontracting	45
17.2.		Access Consultants	46
18.	Publicity		46
19.	Assignment and Divestiture		46
19.1.		Assignment	46
19.2.		Divestitures; Separation; or Acquisitions	47
20.	Notices		48
21.	Governing Law; Venue		48
22.	Informal Dispute Resolution		48
23.	Severability		49
24.	Legal Fees		49
25.	Equitable Relief		49
26.	Waiver		51
27.	Construction		51
28.	Counterparts		51
29.	Nature of Rights		51
30.	Other Agreements		52
31.	Entire Agreement; Amendment		52

MASTER PROFESSIONAL SERVICES AGREEMENT

This Master Professional Services Agreement for Application Development and Maintenance Services (“Agreement”) is dated as of April 1, 2015 (the “Effective Date”) by and between AIG Procurement Services, Inc., having an office at 80 Pine Street, New York, New York, 10005 (“AIGPS”) (on behalf of itself and its Affiliates (as defined below), with AIGPS and each Affiliate purchasing Services hereunder being deemed, a “Customer”) and Virtusa Corporation, a company incorporated under the laws of Delaware, having its registered office at 2000 West Park Drive, Westborough, MA 01581 (“Vendor” or “Service Provider”). Customer and Vendor shall be referred to herein individually as a “Party” and collectively as the “Parties.” For purposes of this Agreement, “Affiliates(s)” shall mean any entity directly or indirectly controlling, controlled by, or under common control with either American International Group, Inc. or AIGPS. This Agreement shall supersede the Professional Services Agreement dated as of April 25, 2008 between AIG Global Services, Inc. and Virtusa Corporation (“2008 Agreement”) which shall be deemed terminated as of the Effective Date, provided that any pending Statements of Work governed by the 2008 Agreement shall continue to be governed by the 2008 Agreement until such Statements of Work expire.

1. Engagement of Services.

1.1. Statement (s) of Work.

From time to time during the Term (as defined below), AIGPS and the Affiliates, whether jointly or separately, may agree with Vendor on specific Services, resources, and Deliverables (as defined below) to be provided hereunder including staff augmentation resources to perform Services for Customer and/or its Affiliates (“Staff Augmentation Services”). Details with respect to the foregoing shall be described in written statements of work and for Staff Augmentation Services, written work orders (including statements of work or work orders processed through the Requisition Invoice System (as defined below)) to this Agreement which, once executed by the Parties, shall be incorporated into and form a part of this Agreement (each such executed statement of work or work order shall be referenced herein as, a “Statement of Work” or “SOW,” and collectively, the “Statements or Work” or “SOWs”) and shall be deemed proprietary and confidential to Customer and Vendor. Notwithstanding anything to the contrary contained herein, no Affiliate shall be liable for the breach by any of Affiliate of the Agreement and/or any SOW. Both time and materials (“T&M”) and fixed price (“Fixed Price”) SOWs may be executed pursuant to this Agreement (including by electronic signature through the Requisition Invoice System). Services (as defined below) that are by their nature non-recurring and highly variable may be set forth in a T&M SOW. Services that are by their nature non-recurring and predicable for a specific period of time (“Periodic Payment SOW”), that are tied to well-defined work products and/or Deliverables (as defined below) (“Deliverable-Based SOW”), and/or are performed in a series of discrete time dependant phases or milestones (“Milestone-Based SOW”) will be set forth in Fixed Price SOW(s).

Each SOW shall be in a format substantially similar to that of the Sample Statement of Work attached hereto as Exhibit A (Sample Statement of Work). If there is a conflict between this Agreement and any SOW, then (i) unless such SOW otherwise expressly provides that it is intended to modify the terms of this Agreement for such SOW only; or (ii) except as otherwise set forth herein, the terms of this Agreement will control. Each SOW will include a full and complete description of the Services (as defined below) to be performed (including the desired outcome(s) of the Services), all Deliverables, documentation or other materials to be created, produced or provided to Customer, the schedule for delivery and completion of each of the foregoing (which shall adhere

to Customer’s solution delivery framework policy), the Service Levels for these Services; the Vendor Personnel (as defined in Section 1.2.5 herein that shall be performing the Services, which Vendor Personnel shall be supervised and managed by Vendor; location of the performance of Services; the Charges (including all Service Fees and pass-through charges and the payments (if any) due on Customer’s acceptance of Deliverables in accordance with the terms of this Agreement or the SOW); any Acceptance Criteria; a list of all of the equipment and/or software to be used by Vendor in performing the Services under the SOW; and such additional information as the Parties agree upon. In addition, for a T&M SOW, Vendor shall provide a detailed calculation of Service Fees, and expected hours of Vendor Personnel (including all names of such Vendor personnel, job titles, hourly rates. For Fixed price SOWs, Vendor shall identify, where applicable, the volume to be measured periodically which shall serve as a proxy for the work effort required (e.g., tickets per full time equivalent); establish a baseline volume to be used by Vendor to price the work effort; a resource model (including the number of resources by Vendor Personnel role, the start and end dates for each Vendor Personnel role, the monthly pricing by Vendor Personnel role for each Vendor Personnel, Vendor Personnel locations; detailed calculations of Service Fees for each Deliverable or milestone.

Vendor shall negotiate in good faith regarding any new SOW that is requested by Customer hereunder. For purposes of this Agreement, “Deliverables” shall mean, collectively: (a) any material(s) that are described as “Deliverables” herein or in any SOW, or that are otherwise delivered or to be delivered to Customer by Vendor hereunder; and (b) any other material(s) prepared by or on behalf of Vendor in the course of performing the Services. The Deliverables shall include any Work Product (as defined below) and Vendor Proprietary Information contained within and/or comprising such Deliverables.

1.2. Performance of Services.

1.2.1. Generally. Vendor shall, to the best of its ability, render the Services set forth in the SOW(s) (the “Services”) by the completion dates set forth therein and in accordance with this Agreement and any terms set forth in the applicable SOW(s). Services will be defined in the applicable SOW, and may consist of the following and can be supplemented, enhanced, modified, replaced, or evolved to the extent set forth in the SOW (each a “Service”):

(a) the Development Services described in Exhibit C hereto, as further described in an SOW, which may include the production and delivery of Deliverables;

(b) the Universal Services described in Exhibit D hereto;

(d) the Migration Services described in Exhibit F hereto and Section 1.2.2 herein;

(e) the Termination Assistance Services described in Section 9.6.3 herein;

(f) the Governance Services described in Exhibit I hereto;

(g) training to Customer’s and its Affiliates’ employees and contractors, as may be reasonably required to use the Services and with respect to the interfaces and tools connecting any Customer systems to Vendor systems; and

(h) any services, functions, tasks or responsibilities necessary to comply with Customer’s policies, procedures, and standards, as provided by Customer and/or described herein.

If any services, functions or responsibilities not specifically described in this Agreement or an SOW are required, inherent, necessary and customary in the market for like services for the proper performance and provision of the Services, they shall be deemed to be implied by and included within the scope of the Services, as applicable, to the same extent and in the same manner as if specifically described in this Agreement, unless this Agreement or the applicable SOW(s) expressly states that such services, function, or responsibilities are retained by Customer or otherwise out of scope. Further, the Parties shall cooperate in good faith to agree upon and implement such further Services and Deliverables as may be requested by Customer relating to any project described in an SOW.

Customer, in its sole discretion and upon reasonable prior written notice but not less than thirty (30) days or such other period as agreed in the SOW shall have the right to reduce the amount of Services to be provided by Vendor pursuant to this Agreement or any applicable SOW. In all such cases, the agreed upon fees and other amounts to be paid under this Agreement and the applicable SOW will be equitably reduced in accordance with the Services Fees and Charges set forth herein.

Customer shall not be precluded from performing Services itself, or obtaining services from any other provider, that may be similar or identical to the Services. Customer shall be under no obligation to acquire additional or future services from Vendor. By entering into this Agreement, Customer does not commit that Vendor shall be the exclusive Vendor of the Services described herein. In addition, nothing herein shall be construed as restricting Customer from purchasing any services or products from Parties other than Vendor.

The Parties acknowledge that the Services are currently being provided by Customer or its third party service providers, and Vendor shall undertake commercially reasonable efforts in the performance of the Services under this Agreement to ensure that there shall be no greater than the minimum disruption of the Customer’s operations following the achievement of steady state for any Statement of Work (including, without limitation, performance metrics, automation, features, compliance levels and cycle times relating to the Services) caused by Vendor’s acts or omissions in the provision of Services under such Statement of Work.

1.2.2. Migration Services. Any time the Vendor is required to perform any functions, tasks and responsibilities which are currently being provided by Customer or its third party service provider, Customer will determine, in its sole discretion, whether Vendor will need to perform Migration services as part of the Services. Migration Services shall be set in Exhibit F, Migration Services, attached hereto, and may be modified as set forth in an SOW agreed by the parties. If any functions, tasks and responsibilities not specifically described as part of the Migration Services are an inherent, necessary and customary in the market for like services and are required for proper performance of the Services in accordance with this Agreement, such functions, tasks and responsibilities shall be deemed to be included within the scope of the Migration Services as if such functions, tasks and responsibilities were specifically described in Exhibit F hereto. During the Migration period, Customer will perform those functions, tasks and responsibilities which are designated to be Customer’s responsibility in the Migration plan defined and more fully described in Exhibit F, Migration Services, and any functions, tasks and responsibilities which are an inherent,

necessary and customary in the market for like services as part of such tasks (collectively, the “Migration Plan”).

Unless otherwise agreed in writing by the parties in the applicable SOW, including terms regarding payment of transition related fees or termination for convenience fees for Migration Services, the Vendor shall pay or otherwise be responsible for all costs in connection with providing Migration Services to transition any Service or Services, including all costs associated with transitioning Service(s) from Customer to Vendor or from another third party provider (previously engaged on Customer’s behalf) to Vendor. For the avoidance of doubt, unless otherwise stated in the SOW, costs in connection with providing such Migration Services include but are not limited to: costs associated with ramping up and ramping down of Vendor Personnel, hardware costs, training and on-boarding of resources, travel and expense costs, licenses (e.g., software licenses), costs associated with providing system access, and costs associated with knowledge transfer. Unless otherwise agreed in the SOW, Customer shall not incur any charges, fees or expenses payable to Vendor or any third party in connection with the Migration Services, other than those charges incurred by Customer in connection with its performance of tasks designated in the Migration Plan as Customer’s responsibility.

1.2.3. Language. All Services shall be provided in the English language, unless otherwise specified by Customer, in its sole discretion, in any applicable SOW. In locations where English is not the native language, Vendors shall provide a number of onshore and off-shore resources, to be mutually agreed upon, who are fluent (i.e., speak, read and write) in English and the local language used at the onsite location and the offshore location where the Services are to be performed. For the avoidance of doubt, the following example has been included: If a Vendor resource is onsite in Japan and the offshore location associated with the support is in China, Customer requires that there are a mutually agreed upon number of onsite Vendor resources able to speak English, Japanese and Chinese with proficiency.

1.2.4. Vendor Responsibilities. In performing the Services, Vendor shall provide its own personnel (such personnel, including, but not limited to, the key employees set forth in the applicable SOW (“Key Personnel”), and other employees, consultants and subcontractors, collectively “Vendor Personnel”), equipment, tools and other materials, and facilities at its own expense unless otherwise agreed in the SOW. Vendor shall supervise and manage all Vendor Personnel performing services under this Agreement and each of the SOWs. In addition, Vendor shall cooperate with any third parties engaged either by or for Customer in connection with the Services, and subject to the terms and conditions of this Agreement, shall be responsible for all expenses incurred in performing the Services, except as otherwise set forth in an SOW, including but not limited to connectivity, network, bandwidth and laptop charges.

Subject to Section 5, Vendor shall obtain and maintain, at its own expense, any licenses or consents necessary for Vendor to provide the Services. Failure to obtain any such license or consent shall not relieve Vendor of its obligations hereunder, and Vendor shall be responsible for any additional costs incurred by either Party as a result of such failure.

1.2.5. Vendor Personnel.

1.2.5.1 Key Personnel.

(a) Vendor Key Personnel (as agreed in the SOW)shall include the Vendor Project Manager identified in the applicable SOW, the account manager and the engagement

manager, and any other individuals as mutually agreed and set forth in an SOW. All Vendor Key Personnel shall have sufficient knowledge and authority within Vendor’s organization to enable Vendor to be responsive to Customer’s reasonable requests.

(b) Before assigning an individual to a Key Personnel position, whether as an initial assignment or as a replacement, Customer shall have the right to interview and participate in the selection of such Key Personnel. Vendor shall not hire, assign, or designate any new person to fill the position or perform the duties provided by any Key Personnel without Customer’s prior written consent, which consent may be withheld in accordance with subsection (c) below. All Key Personnel shall have sufficient training, education, and knowledge about Customer’s business processes, compliance requirements, and project needs. Vendor shall ensure that all Key Personnel have at least one designated individual as his or her backup.

(c) Except where such Key Personnel ceases performance of the Services due to (i) voluntary resignation from employment with Vendor or any Vendor subcontractor, as the case may be, (ii) dismissal from employment with Vendor or any Vendor subcontractor, as the case may be, for misconduct (e.g., fraud, drug abuse or theft), (iii) removal of such Key Personnel following his or her material failure to perform obligations pursuant to this Agreement, or (iv) death or disability of such Key Personnel, the prior written consent of Customer referenced in subsection(b) above with respect to such Key Personnel may be withheld by Customer in its sole and absolute discretion if such requested reassignment or replacement would occur during the first twelve (12) months of such Key Personnel’s engagement in the applicable SOW, but such consent with respect to such Key Personnel shall not be unreasonably withheld thereafter during the remaining term of the SOW.

1.2.5.2. Background Checks. Subject to applicable law, throughout the term of this Agreement, Vendor, at its sole cost and expense, shall perform background checks on any Vendor Personnel performing Services for Customer, including Vendor Key Personnel. The background checks shall be performed in accordance with the Customer’s Vendor Certification Program, details of which can be found at http://www.aigscreen.com/kiosk. All background checks of Vendor Personnel shall be completed prior to the start of such Vendor Personnel’s assignment hereunder. If Customer determines that the results of any background check do not meet its requirements, Vendor may not assign such Vendor Personnel to perform Services hereunder. Vendor represents, warrants, and covenants that Vendor has and will secure the prior written consent of each of its Vendor Personnel to disclose information regarding each such Vendor Personnel to Customer’s designated background check provider.

1.2.5.3. Replacement of Vendor Personnel.

(a) Vendor shall use commercially reasonable efforts to ensure the continuity of all Vendor Personnel assigned to perform the Services. In the event that any Vendor Personnel performing Services hereunder is found to be unacceptable to Customer for any reason (including demonstration that he or she is not qualified to perform or has provided false information on his or her resume), Customer shall notify Vendor (without waiving any other rights or remedies it may have hereunder). Vendor shall promptly remove such Vendor Personnel from performing Services under the applicable SOW and, Vendor shall provide a replacement with similar experience, suitable ability and suitable qualifications and who is acceptable to Customer, at no additional cost to Customer. In the event that any actual delays in meeting Customer’s deadlines or scheduled completion dates for Services being performed under an SOW are caused by the unacceptable performance of such Vendor Personnel, Vendor shall provide additional temporary

Vendor Personnel, as requested by Customer or Vendor shall have Vendor Personnel work additional hours and at no additional cost to Customer, in order to complete the applicable Services in a timely manner in accordance with the SOW. For any Services performed on a T&M basis, Vendor will provide immediate written notice to Customer when any Vendor Personnel leaves his or her assignment and will not reinstate such Vendor Personnel in such assignment without Customer’s prior written consent.

b) Vendor shall not terminate, transfer, reassign, or otherwise redeploy any Vendor Key Personnel from performance of Vendor’s duties under this Agreement or an SOW hereto before the completion of twelve (12) months of service with Customer, or as expressly agreed by the Parties in writing, except in the case of a voluntary termination, a for-cause termination, or as approved or requested by Customer, any approvals not to be reasonably withheld.

(c) In addition to the foregoing, during the term of an SOW and for a period of six (6) months after the expiry or termination of such SOW, Vendor shall not assign any Key Personnel to any competitor of Customer. For the purposes of this section, “Competitor” is defined as a non-governmental entity, providing substantially similar products and services on competing products/services in the geographic market(s) served by the specific business unit(s) of Customer being supported by Vendor under the applicable SOW.

1.2.5.3. Qualifications of Vendor Personnel.

(a) Vendor Key Personnel and all other personnel assigned by Vendor or its subcontractors to perform Vendor’s obligations under this Agreement shall have the experience, training, licenses, registrations, and expertise sufficient to perform Services and Vendor’s obligations hereunder. As part of the Services and at no additional cost to Customer, Vendor shall provide, and cause its subcontractors to provide, all such training to the employees of Vendor and its subcontractors as may be necessary for them to perform all of Vendor’s duties hereunder (including training regarding Customer-specific policies).

(b) Vendor shall maintain records relating to all Vendor Personnel who will provide Services pursuant to this Agreement, which records shall include, at a minimum, verification of qualifications, licenses, certifications, and references, verifying that such Vendor Personnel are qualified in light of applicable laws, industry standards, and any standards set forth in this Agreement or an SOW hereto, to perform the Services. Customer shall have the right upon reasonable notice to inspect and audit such records, subject to the confidentiality provisions of this Agreement.

1.2.6. Policies, Procedures and Standards. Vendor and all Vendor Personnel shall observe and comply with all Customer security procedures, rules, regulations, policies, working hours and holiday schedules, including those set forth in Exhibit J, Network Security Requirements, and will not disrupt Customer’s normal business operations. Vendor and all Vendor Personnel shall comply with all Customer information security policies, standards and guidelines while using Customer’s systems, networks and applications, and when communicating with Customer via email and/or over the Internet in the course of performing Services and shall notify Customer of any situation that will or is reasonably likely to put Customer systems, networks or applications at risk.

1.3. Performance.

1.3.1. Service Levels. Vendor shall comply with the terms of Exhibit G, Service Level Requirements, and perform all Services in such a manner as to meet or exceed the service levels set forth in Exhibit G, Service Level Requirements, and in any SOW (collectively, the “Service Levels” and individually a “Service Level”). With respect to those Services for which a Service Level is not specified, Vendor shall at all times perform such Service or obligation with a level of accuracy and quality at least equal to Customer’s historical, documented performance or otherwise in accordance with Section 8.1(a). In any event, such Services shall be consistent with reasonable commercial practices for similar services in the applicable industry. In addition, Vendor shall develop a plan to document the applicable Service Level(s), which Customer shall review and approve, and then, upon Customer’s approval of such new Service Level, Vendor shall meet or exceed such Service Level(s).

1.3.2. Service Level Credits. In the event that Vendor fails to meet any of the Service Levels set forth in Exhibit G, Service Level Requirements, hereto or in any applicable SOW, under the terms therein, Customer shall be entitled to a Service Level Credit (as defined in Exhibit G) in accordance with the formula and terms of Exhibit G hereto.

1.3.3. Service Level Measurement and Reports. Vendor shall provide to Customer a detailed, comprehensive report of its performance against the Service Levels during the applicable reporting period (“Service Level Reports”). Vendor shall meet with Customer on a monthly basis, or more frequently if requested by Customer, to review Vendor’s actual performance against the Service Levels and shall recommend remedial actions to resolve any performance deficiencies. In addition, on a quarterly basis, the Parties shall conduct a comprehensive review of Vendor’s performance against the Service Level, and based on such review, the Parties shall agree on specific targets and a methodology for implementing Service Level and non-Service Level performance improvements.

1.3.4. Benchmarking. Customer shall have the right to benchmark the Services and Vendor’s performance of the Services. Vendor shall, at no cost or expense to Customer, assist with Customer’s benchmarking efforts. Benchmarking shall be conducted by an independent industry recognized third party benchmarking service provider designated by Customer (“Benchmarker”). In the event that the Benchmarker concludes that Vendor’s performance of the Services is below the industry standards for Comparable Services, Vendor shall, within thirty (30) days after the Benchmarker’s decision, develop, for Customer’s review and approval, a plan to bring Vendor’s performance up to mutually agreed upon industry standards as soon as practically possible and in all events within ninety (90) days after Customer’s approval of such plan. The Service Levels will be adjusted accordingly and effective ninety (90) days after Customer approves the plan. Vendor will bear the costs of the implementation of such plan and the maintenance of any changes required to meet such Service Levels. As used herein, “Comparable Services” mean services of a similar nature with comparable characteristics and measurement factors, including, but not limited to, volume of business, duration of contracts, geographic service areas, technologies, service levels, and any performance incentives or penalties which may affect the cost of services.

The Benchmarker will also review Vendor’s pricing, comparing Vendor’s charges for such Services to those charges charged by substantially similar service providers performing substantially similar services for similarly situated clients, including taking into account, volume of business, duration of contracts, geographic service areas, technologies, service levels, and any performance incentives or penalties which may affect the cost of services (the “Charges Target”). If a benchmarking reveals that Vendor’s prices for Services are in excess of the Charges Target, Customer and Vendor will (i) review the Benchmarker’s findings, and (ii) agree on the validity of

Benchmarking findings and any changes to Vendor’s pricing recommended by the Benchmarker. Any changes in charges will be effective only upon amendment to the SOW and effective prospectively only (and not impacting any prior work). The cost for conducting the benchmarking will be borne by Customer.

1.3.5. Cooperation. Vendor shall cooperate fully with Customer and any third party designated by Customer that performs services for or provides products to Customer and shall disclose such information to Customer and third parties related to Vendor, and provide such cooperative assistance and access to systems and facilities, as reasonably requested by Customer at no additional cost to Customer. All such disclosures shall be subject to the confidentiality provisions substantially consistent with those of this Agreement.

1.3.6. Assets and Third-Party Contracts; Consents. Vendor shall obtain all consents necessary for it to perform the Services, excluding any consents from Customer’s third party providers. Customer shall reasonably cooperate, as necessary, with Vendor in order for Vendor to obtain the necessary consents. Vendor shall pay all costs of obtaining such consents, unless otherwise agreed in an SOW. Such consents shall include, but are not limited to, conveyance or assignment of all licenses and leases used exclusively to support the Services.

1.3.7. Customer Facilities. During the term of an applicable SOW, Customer, upon Vendor’s request, shall make reasonably necessary office space, furnishings, and storage space (the “Customer Facilities”) available to Vendor’s on-site personnel performing Services at Customer locations specified in the applicable SOW. Office space, furnishings, storage space, and assets installed or operated on Customer premises and supplies allocated are provided “AS IS, WHERE IS.”

Except as expressly provided in this Agreement, Vendor shall use Customer Facilities for the sole and exclusive purpose of providing the Services to Customer. Use of such facilities by Vendor does not constitute a leasehold interest or any other rights in favor of Vendor. Vendor shall comply (at Vendor’s own cost and expense), and shall cause Vendor Personnel to comply, with all applicable laws and regulations, including all of Customer’s standard policies and procedures that are posted at Customer Facilities or are otherwise provided to Vendor, from time to time, in writing regarding access to and use of Customer Facilities, including procedures for the physical security of Customer Facilities. Vendor shall not make any improvements or modifications to the Customer Facilities without the prior written consent or Customer. Any such improvements will be owned by Customer.

1.4. Service Fees and Other Charges.

1.4.1. Generally. All fees payable and that Vendor may charge under this Agreement for any Services, Deliverables, and any licenses or other rights hereunder, including any applicable Fixed Price and/or T&M fees for Services, in each case, under the terms of Section 1.6.1 (the “Service Fees”), are set forth herein and the applicable SOW(s) hereto. All Service Fees will remain in effect for the earlier of the duration of this Agreement and the applicable SOW(s) hereto, unless otherwise stated in the SOW. Service Fees and all other charges payable under the applicable SOW(s) including Pass-Through-Charges (as defined below) are referred to collectively herein as “Charges”. In the event that any SOW contains an estimate of the Charges payable thereunder, the total Charges payable under such SOW shall in no event exceed such estimate, unless otherwise agreed to in writing by the Parties. Except as otherwise expressly stated herein or an SOW,

Customer shall not be obligated to pay Vendor any additional fees, assessments, reimbursements, Pass-Through Charges for the Services and other obligations of Vendor under this Agreement.

1.4.1.1. T&M SOWs. For a T&M SOW where Customer is to be billed on an hourly basis, the formula for calculating the T&M Service Fees payable by Customer for a particular Vendor Personnel (also referred to in this Agreement as a “Resource”) shall be A x B = C where A is the resource rate for the applicable Vendor Personnel set forth in Exhibit K, Maximum Rate Card, attached hereto or another lower rate as agreed by the Parties in an SOW (the “Resource Rate”), except as otherwise set forth in the SOW; except as set forth in the SOW, B is the total time (in hours not to exceed *** billable hours onsite or *** hours offshore unless previously approved by Customer) in the applicable period for which the applicable Vendor Personnel provided Services to Customer under the applicable approved SOW, and C is the total allowable T&M Service Fees for such individual Vendor Personnel. The total Charges for a T&M SOW shall equal the Total Resource Rates and all Pass-Through-Charges (as defined below), except as otherwise set forth in the SOW. “Total Resource Rates” for a particular T&M SOW shall mean the sum of all allowable T&M Service Fees for all Vendor Personnel performing Services as explicitly described in such SOW, and as calculated in accordance with the foregoing. Any T&M Services billed on an hourly basis and performed on Saturdays, Sundays or holidays and/or after business hours shall be billed at the Resource Rate for Services performed during non-business hours.

For any T&M SOWs where the Parties have agreed to a daily rate, unless the Parties agree otherwise in an SOW, the daily rate will calculated based on the Resource Rate and a ************ billable day for the Vendor Personnel . The Parties may also agree in an SOW to a daily rate which is calculated based on a rate less than the Maximum Rate as defined in the Maximum Rate Card. If the Vendor Personnel works less than a ********** billable day due to personal reasons or reasons outside of Customer’s control and Customer is being billed at a daily rate, then such daily rate shall be pro-rated based on a ********** work day,. By way of example and for clarification purposes only, if the Vendor Personnel works ********** and leaves early due to a doctor’s appointment, Customer shall only be billed for the ********* worked and the daily rate shall be reduced by half. If the Vendor Personnel worked ********* and then left because Vendor’s offices closed early, then the daily rate will be reduced by one fourth (1/4).

Vendor shall not include in Charges any fee associated with or cost or expense incurred by Vendor in preparing a bid to perform Services under this Agreement.

1.4.1.2 Fixed Price SOWs. Fixed Price SOWs shall be classified for payment term purposes either as a Periodic Payment SOW or a Milestone/Deliverable Based SOW.

(a) For a Periodic Payment SOW, the formula for calculating the applicable fixed price Service Fee (referred to as the Total Periodic Payment Charge) shall be: F x G = H, where F is the total fixed price Service Fees payable monthly or at some other scheduled interval of time (e.g., quarterly or annual) agreed to by the Parties for the Services and set forth in the applicable SOW; G is the total number of months or other agreed upon units of time that Vendor will perform the Services under the applicable SOW, and H = Total Periodic Payment Charge. For Periodic Payment SOWs, Vendor shall reasonably estimate the applicable Pass-Through Charges (as defined below) and identify same in the applicable SOW. The total Charges for a Periodic Payment SOW shall be the Total Periodic Payment Charge and the applicable Pass-Through Charges.

(b) For a Milestone/Deliverable-Based SOW, the formula for calculating the Charges shall be as follows: The SOW shall list all milestones and Deliverables for

which Vendor is responsible along with the corresponding Service Fees for each such milestone and/or Deliverable. The total Charges for a Milestone/Deliverable-Based SOW shall be the sum of the Service Fees for all milestones and/or Deliverables covered by the SOW plus the applicable Pass-Through Charges.

The total Charges shall not change unless previously approved in writing by Customer either through a Change Order or an amendment to the applicable SOW.

1.4.1.3 “Pass-Through Charges” are any charges, including Expenses (as defined in Section 1.4.3 below), for which the Vendor will retain administrative and managerial control but Customer retains financial control. All Pass-Through Charges will be invoiced without mark-up. Vendor will use commercially reasonable efforts to minimize the amount of Pass-Through Charges. With respect to services or materials paid for on a pass-through basis, Customer reserves the right to obtain materials or services directly from a third party; designate the third party source for such materials or services; or designate the particular materials or services (e.g., equipment type) Vendor will obtain. At the close of the applicable invoice period, and subject to the applicable “not to exceed amount” set forth in the applicable SOW, as well as Customer policies related to Pass-Through Charges, Vendor shall invoice Customer for its actual commercially reasonable time and actual reasonable expenses incurred in such period.

1.4.2. Taxes. Vendor shall be responsible (a) for any personal property taxes on property it owns or leases, for franchise and privilege taxes on its business, and for taxes based on revenue, including, but not limited to, net income and gross receipts, and (b) any sales, use, excise, value-added, services, consumption, and other taxes and duties (collectively, “Taxes”) payable by Vendor on any goods or services, that are used or consumed by Vendor in providing the Services and the amount of tax is measured by Vendor’s costs in acquiring such goods or services (including taxes and duties for telecommunication network access and/or services). Any local tax requirements inconsistent with this Agreement shall be addressed in the applicable SOW. The Parties agree to cooperate with each other to enable each to more accurately determine their respective tax liabilities and to minimize such liabilities to the extent legally permissible. Vendor shall correctly bill taxes on invoices. All errors in the calculation of taxes and billing of taxes are the sole responsibility of the Vendor. All applicable taxes shall be invoiced to and paid by Customer. Vendor’s invoices shall separately state the amounts of any taxes Vendor is collecting from Customer.

Unless Customer provides Vendor with a valid and applicable exemption certificate within a commercially reasonable time, Customer will pay or reimburse Vendor for Taxes that the Vendor is permitted or required to collect from Customer and which are assessed on the purchase, license and/or supply of Services and for which Vendor invoices Customer before the expiration of the later of the applicable Customer’s or Vendor’s statutory period for assessment of the relevant Taxes. Customer will not be responsible for any penalties or surcharges related to the tax obligations of Vendor unless and to the extent such penalties accrue based on the actions or inactions of Customer. Vendor agrees to provide Customer reasonable notice as to any actions or inactions of Customer of which Vendor is aware that could reasonably result in penalties or surcharges. Vendor will be responsible for remitting applicable taxes. If Customer pays any tax to Vendor and if it is later held that that tax was not due, Vendor will refund the amount paid to Customer, together with all related interest paid by the applicable taxing authority. Any additional sales/use taxes assessed on Vendor’s provision of Services or Deliverables resulting from Vendor’s change in location from the location originally contemplated pursuant to the applicable SOW on which results from the relocation or redirection of the delivery, including temporary storage, of such

Services or Deliverables, either of which is made for the Vendor’s convenience, will be paid by Vendor.

1.4.3. Expenses. If expressly agreed to by the Parties in a given SOW, Customer shall pay for reasonable out-of-pocket expenses required and actually incurred by Vendor while performing Services (including air transportation (coach-economy only) and hotel/overnight accommodations, as applicable), provided that: (a) such expenses are in accordance with Customer’s expense policies, as may be modified from time to time; (b) Customer has approved such expenses in advance in writing; (c) Vendor has described such expenses in writing in detail to Customer, and has submitted supporting documentation satisfactory to Customer; and (d) such expenses do not exceed ************* of the total fees payable under the SOW, except as otherwise agreed in the SOW. Notwithstanding the foregoing, the Parties agree that (a) Customer shall not reimburse Vendor for normal commutation expenses or for travel and living expenses incurred by Vendor in performing Services at a Customer facility located in the same metropolitan area as that of Vendor’s address; and (b) any entertainment by or on behalf of Vendor shall be at no cost to Customer.

1.4.4. Rebates and Discounts.

Rebates and Discounts will be provided pursuant to Exhibit K (“Rebates & Discount”) attached hereto.

1.5. Changes in Scope.

Either Party may, upon written notice to the other Party, request additions, reductions, or other changes to the scope of any or all Services (including, but not limited to, changes to the schedule, milestones, Deliverables) to be provided pursuant hereto or under a particular SOW, including the addition of new services to supplement such Services (such request, a “Change Request”).

If a Party should issue a Change Request, Vendor shall, within three (3) business days of Vendor’s receipt of a Change Request, provide Customer with a written response (a “Change Order”) detailing the tasks to be performed to accomplish the proposed changes in scope and/or services set forth in such Change Request, as well as any changes in the Charges that may arise therefrom in accordance with the following:

· For a T&M SOW, submit the total revised Charges reflecting any increase in the Resource Rates along with the corresponding increase to the “not to exceed amount” set forth in the applicable SOW, and/or the addition of any new role.

· For a Fixed Price SOW, submit both the total revised Charges reflecting any change to the fixed amount of Charges chargeable and, where applicable, a revised resource model of Vendor Personnel reflecting any change to the baseline volume set out in the applicable SOW.

If Customer elected to establish a baseline volume in the applicable SOW and if the actual, measured volume is more than *** of the baseline volume, in each of the three consecutive periods, then Vendor will provide details to Customer and the Parties may agree to execute a

Change Request. From time to time, Customer reserves the right to review the offshore ratio with the Vendor to determine an optimal mix. Should a change be agreed upon in writing, Customer and Vendor will agree on a Change Request to adjust the charges.

Further, Charges shall never be increased due to the inaccuracy of a Vendor estimate if and as set forth in a signed Change Order. Each Change Order shall be in a format substantially similar to that of the Sample Change Order attached hereto as Exhibit B (Sample Change Order.

Customer, in its reasonable and good faith discretion, reserves the right to accept, modify, or reject any or all Change Orders received from Vendor. No Change Order shall bind either Party unless and until Customer has accepted the terms and conditions of such Change Order in writing, in which event the terms and conditions of such Change Order shall be deemed an amendment to the applicable SOW.

1.6. Invoicing.

1.6.1. Generally. Unless otherwise expressly set forth in an SOW, Vendor shall invoice each individual Customer Affiliate for Charges as follows: (a) for any Fixed Price SOWs, Vendor shall invoice Customer for such Charges upon completion of such Services and on Customer’s written acceptance of any Deliverables, products or work performed and if milestone based, per the milestone schedule in the SOW; or (b) for any T&M SOWs, and for out-of-pocket expenses, Vendor shall invoice Customer monthly in arrears. All invoices submitted for payment will be accompanied by substantiating documentation, or copies thereof, including, for Services performed on a time and materials basis, name and hourly rate (consistent with the Maximum Rate Card set forth in Exhibit K hereto) or daily rate, if agreed to by the Parties, of Vendor Personnel performing Services, time sheets and other documentation indicating hours worked and work performed, identification of all activities supported and completed for the billing period, and other records to allow Customer to determine the accuracy of invoices. Vendor will not invoice, and Customer will have no obligation to pay, any amount not entitled to be invoiced under this Agreement or the applicable SOW or any amount that is not invoiced in the manner required by this Agreement or the applicable SOW. All invoices, excluding amounts that are disputed by Customer (provided Customer must notify Vendor of any dispute in writing within 45 days of receipt of invoice), shall be payable within forty-five (45) days of Customer’s receipt thereof. Vendor shall accommodate the diverse timesheet authorization processes and invoicing procedures of AIGPS and each Affiliate(s). In addition, Customer and Customer Affiliates shall be entitled, in their sole discretion, to be pay any and all invoices through the Automated Clearing House (ACH) Network or some other form of electronic funds transfer system, and Vendor shall complete the ACH/EFT form set forth in Exhibit L hereto in order for Customer and its Affiliates to use such method of payment.

Notwithstanding the foregoing or any other provision of this Agreement, Customer shall not be required to pay any Charges (including Fixed Price and T&M Service Fees): (a) for Fixed Price SOWs only, with respect to any milestone Deliverable payment related to any Deliverable associated with such milestone that have not been previously accepted by Customer in accordance with this Agreement; and/or (b) set forth on any invoice received by Customer more than ninety (90) days after such Charges were incurred. In addition, Customer may withhold payment of any Vendor invoice (or part thereof) that Customer in good faith disputes as due or owing provided Customer has notified Vendor in writing of such dispute within 45 days of receipt of such invoice. In such cases, Customer shall pay any undisputed amounts and provide to Vendor a written explanation of the basis for the dispute as to the disputed amounts. The failure of Customer to pay a disputed invoice, or to

pay the disputed part of an invoice, shall not constitute a breach or default by Customer. The Parties shall attempt to resolve the dispute in accordance with Section 22 of this Agreement (Informal Dispute Resolution). All of Vendor’s obligations under this Agreement and all SOWs shall continue in force during the problem resolution process, and Vendor shall have no right to suspend or discontinue its performance.

1.6.2 Requisition Invoice System. Customer may use a web-enabled system to automate the requisition and invoicing procedures in connection with the Services (the “Requisition Invoice System”). As of the Effective Date, the Requisition Invoice System is known as “Fieldglass InSite”. Vendor hereby agrees that any expenses incurred by Vendor in connection with Vendor’s access and use of the Requisition Invoice System shall be borne by Vendor.

1.6.3 Currency; Foreign Exchange. All invoices and payments shall be primarily in US dollars, but may also be in the Euro, Japanese Yen, Chinese Yuan, Philippine Peso, as well as any other local currency as the Parties mutually agree upon in writing. Rate cards for countries in which Services may be performed which provide rates in the local currency for all services Vendor provides for the benefit of Customer in the United States and Customer’s foreign Affiliates in each such location are attached hereto as Exhibit K (the “Rate Cards”). With respect to Services delivered to Customer’s Indian Affiliate(s) for the exclusive benefit of such Indian Affiliate(s), the rates in the Rate Cards in Exhibit K will be provided in the Indian Rupee. In the event that Customer would like Vendor to invoice Customer for services provided for the benefit of Customer in a location outside of the United States in US Dollars, Vendor will determine the amount to be invoiced for such services in US Dollars by converting the amount in the local currency based on the agreed upon Rate Cards for the applicable country into US Dollars using the spot currency exchange rate in effect on the last day of the month in which the Services are invoiced to Customer.

Twelve months after the Effective Date and every twelve months thereafter, the Parties will evaluate the exchange rate (the “Exchange Rate”) and the exchange rate on the Effective Date and successive date(s) every twelve months thereafter, as applicable, (the “Prior Exchange Rate”) for each of the currencies listed above or other agreed local currency versus the local currency of the offshore country from which services are being provided (e.g., the Indian Rupee if services are provided from India).

If the Exchange Rate should vary beyond *********** or more from the Prior Exchange Rate, then the parties shall re-assess the rates in the Rate Cards for offshore resources (the “Rates”) for the coming year through mutual discussion and the terms below. If the Exchange Rate for the applicable twelve month period varied by less than ************ from the Prior Exchange Rate, then there would be no adjustment in Rates. However, if the Exchange Rate for the applicable twelve month period varied by ************ or more from the Prior Exchange Rate, then, the parties will discuss on an annual basis whether any adjustment of ********** or more from the Prior Exchange Rate should trigger a change in the Rates.

Exchange Rate will be calculated as the thirty (30) day simple average of the applicable exchange rate on the last calendar date, or such earlier date for which applicable exchange rates are available, during the relevant period.

For purposes of the previous paragraphs, the applicable exchange rates shall be those rates published on the website of the Federal Reserve, currently located at http://www.federalreserve.gov/releases/h10/. If the applicable exchange rates are not published on

the website of the Federal Reserve, then the exchange rates will be determined utilizing the closing rates as published in the Market data Center section of The Wall Street Journal (New York).

1.6.4 Price Adjustments. The Charges, including the Resource Rates, identified herein as of the Effective Date shall be fixed for a period of ********** (the “Rate Term”). In the event that after the Rate Term Vendor wants to increase the Resource Rates, the Parties shall discuss such increases provided that Vendor has (i) previously notified Customer in writing of its desire to increase the Resource Rates, and (ii) identified all new Resource Rates. No Resource Rates shall be increased without the express written agreement of Customer and any increase shall be capped at the ***** of: (a) *********** or (b) with respect to Vendor’s U.S. based workers and onsite rate cards, the then current U.S. City Average Consumer Price Index for All Urban Wage Earners and Clerical Workers (CPI-W), or with respect to Vendor’s Indian based workers and offshore rate cards, the Urban Workers Consumer Price Index published by Indian Government bodies. Notwithstanding any terms contained within this Section 1.6.4. any pricing term or rate adjustments agreed upon by the parties shall not apply retroactively.

1.6.5 Early Pay Discount. Vendor will provide Customer with the following early pay discounts: Each invoice that Customer pays within ********* calendar days of receiving such invoice, Vendor shall provide a discount to Customer equal to ********** of the total amount due under such invoice; provided that Vendor has the right to load the invoice for a month in the first day of the month following such month. For each invoice in which Customer has satisfied the early payment criteria as set forth above, Customer shall deduct the applicable early pay discount from its payment for the applicable invoice.

2. Independent Contractor.

Vendor’s relationship with Customer shall be that of an independent contractor and nothing in this Agreement should be construed to create a partnership, joint venture, agency or employer-employee relationship between the Parties. Vendor is not the agent of Customer and is not authorized and shall not have any authority to make any representation, contract or commitment on behalf of Customer, or otherwise bind Customer in any respect whatsoever. Further, it is not the intention of this Agreement or of the Parties hereto to confer a third party beneficiary right of action upon any third party or entity whatsoever, and nothing in this Agreement shall be construed to confer upon any third party other than the Parties hereto a right of action under this Agreement or in any manner whatsoever. Neither Vendor, Vendor Personnel nor any Vendor agent shall be entitled to any of the benefits Customer may make available to its employees, such as group insurance, profit-sharing or retirement benefits. Vendor shall be solely responsible for all tax returns (and all costs related thereto) required to be filed with or made to any federal, state or local tax authority with respect to Vendor’s performance of services and receipt of fees under this Agreement. Customer may regularly report amounts paid to Vendor with the Internal Revenue Service as required by law. Because Vendor is an independent contractor, Customer shall not withhold or make payments for social security, make unemployment insurance or disability insurance contributions, or obtain worker’s compensation insurance on Vendor’s, Vendor Personnel’s and/or Vendor agents’ behalf. Vendor shall comply with, and shall accept exclusive liability for non-compliance with, all applicable federal, state and local laws, rules and regulations, including obligations such as payment of all taxes, social security, disability and other contributions based on fees paid to Vendor, its agents or employees under this Agreement.

3. Acceptance.

Promptly after delivery to Customer by Vendor of any Deliverable, Customer shall have up to thirty (30) days or such other period as agreed in the SOW (the “Acceptance Testing Period”) to review, test, and evaluate such Deliverable to determine whether the Deliverable meets, to Customer’s reasonable satisfaction, the Acceptance Criteria, and if no Acceptance Criteria is listed, the specifications or other requirements as agreed to in writing for such Deliverable. Acceptance will be implied: (i) if Vendor gives Customer notice after the Acceptance Testing Period requesting Customer provide formal notice of Acceptance and Customer fails to respond within ten (10) business days; or (ii) if Customer puts the Deliverable into full production for five (5) Business Days. Acceptance will not be implied from any other event. If, within the Acceptance Testing Period, Customer does not accept the Deliverable by providing Vendor with notice of such non-acceptance in writing within such Acceptance Testing Period, and Acceptance is not implied, the Deliverable shall be deemed rejected by Customer. Customer may provide Vendor with a description of the inadequacies, defects, deficiencies, or other problems in any rejected Deliverable, and in such event, Vendor shall have fifteen (15) days following receipt of such list or description to correct such problems and to deliver a corrected Deliverable to Customer for Customer’s review and acceptance as set forth above. In the event Customer does not accept such corrected Deliverable after two resubmissions , Customer may, in its sole discretion and in addition to any other remedies available to it under this Agreement or otherwise, whether at law, in equity, or otherwise: (a) retain such Deliverable (including any applicable documentation) and pay to Vendor the related outstanding fees; (b) grant Vendor an additional period of time in which to correct problems in such Deliverable; or (c) deem Vendor’s failure to provide Customer with an acceptable Deliverable to be a material breach of this Agreement and/or the applicable SOW. The “Acceptance Criteria” will be set forth in the applicable SOW.

4. Disaster Recovery; Business Continuity.

Vendor shall comply with the terms of Exhibit H, Disaster Recovery Requirements, including developing disaster recovery and business continuity plans with respect to the Services to be provided, subject to final approval by Customer, which approval shall not to be unreasonably withheld. Such plans shall coordinate with and shall be consistent with Customer’s and its Affiliates’ disaster recovery and business continuity plans and policies. Vendor shall provide Customer with reasonable prior written notice and obtain approval of Customer of any plan to modify Vendor’s disaster recovery and business continuity plans which may affect the Services. Vendor shall not modify these plans in any way that will impede the ability of Customer or the relevant Customer Affiliates to implement their respective disaster recovery and business continuity plans and policies within the time frames specified therein. As part of the Services, Vendor shall implement disaster recovery and business continuity plans for, at a minimum, the continuation of Services, including replacement of Vendor personnel, recovery of Customer data, and Vendor’s system and telecommunications infrastructure as necessary to provide the Services with no or minimal interruption of Services or material degradation of Service quality. Customer shall have the right to observe and participate in Vendor’s testing of its disaster recovery and business continuity plans related to the Services and, in the event that Customer requires reasonable changes to Vendor’s disaster recovery and business continuity plans, Vendor, at its own costs and expense shall implement all such reasonable changes within thirty (30) days, unless the Parties otherwise agree in writing or unless such changes would be of material cost or material change to the existing plan (i.e., required to set up a cold site in another location) in which case the parties shall agree upon a reasonable time to implement such change. Vendor shall ensure that its disaster recovery and business continuity plans are consistent with all applicable laws and industry standards relating to the Services.

5. Third Party Software.

5.1 Vendor shall install and, operate third party software as Customer shall designate from time to time during the Term (the “Third Party Software”) in and if, and to the extent set forth in an applicable SOW. Vendor shall, if applicable, also continue to operate existing third party software that was previously installed and operated by Vendor at Vendor’s facilities and on its systems (“Existing Third Party Software””). Unless otherwise agreed by the Parties in writing in an SOW or otherwise, Vendor shall pay such fees (including license fees or maintenance fees) as may be required to use the Existing Third Party Software and any applicable sales, use or other transaction based taxes properly payable thereon.

5.1.1. Vendor shall not introduce any Third Party Software in providing the Services without Customer’s prior written approval, which approval Customer may withhold in its discretion. In the event that Vendor has obtained Customer’s prior written approval to acquire new Third Party Software, as necessary or appropriate to provide the Services, and if and to the extent agreed in a SOW, (i) Vendor shall acquire, in Vendor’s name, and (ii) Vendor shall be financially responsible for, such Third Party Software and shall:

5.1.2. use reasonable efforts in these agreements for such Third Party Software, to obtain at no additional cost to Customer unless provided otherwise in the applicable SOW, the right to grant, to Customer, a, non-exclusive, assignable and transferable right and license to use such Third Party Software at the expiration or termination of this Agreement or the applicable SOW

under the terms of the license agreement for such Third Party Software (provided that upon assignment, Customer shall be liable for all obligations in connection therewith); or

5.1.3. in Vendor is unable to obtain the foregoing right, notify Customer in writing of its inability to obtain and grant Customer such a license and of the cost and viability of any other Software that can perform the requisite functions and with respect to which Vendor has the ability to grant such a license. Such notice shall contain the proposed third party’s then current terms and conditions, if any, for making the Software available to Customer after expiration or termination of this Agreement or the applicable SOW.

5.2. Licenses for Existing Third Party Software, if any, shall remain in the name of Vendor, as applicable, except as the Parties otherwise mutually agree, and the terms of any such agreement shall be as set forth in a SOW. Vendor shall secure necessary consents and licenses for Customer to use Existing Third Party Software in order to receive and use the Services and Deliverables under the applicable SOW. With respect to the Existing Third Party Software, if any, licensed by Customer, subject to the Parties having obtained any required consents for such Existing Third Party Software in the manner provided herein and the payment of any applicable license fees (including any incremental license fees) by Vendor, Customer shall grant to Vendor solely to the extent necessary for performing the Services, the right to use Existing Third Party Software, if applicable, that Customer has as of the Effective Date or later obtains with respect to such Existing Third Party Software. Vendor shall comply with the duties and compliance standards set by Customer, including use restrictions and those of nondisclosure, imposed on Customer by the licenses for such Third Party Software and/or Existing Software and by the Customer Policies, and Vendor shall not seek to modify or otherwise revoke such terms. Except as otherwise requested, and approved by Customer or in order to comply with its Termination Assistance obligations, Vendor shall cease all use of such Third Party Software and Existing Software upon expiration or termination of this Agreement or applicable SOW.

5.3. To the extent Vendor has financial responsibility for licenses for Existing Third Party Software and/or Third Party Software licensed in the name of Customer, Customer shall exercise termination or extension rights thereunder as Vendor, after consultation with such Customer, reasonably directs with respect to such Existing Third Party Software and/or Third Party Software; provided that Vendor shall be responsible for the costs, charges and fees associated with the exercise of such rights.

6. Intellectual Property Rights.

6.1. Ownership.

Each Party will own its pre-existing intellectual property and improvements thereto unless the improvements are developed as Work Product (defined below) under this Agreement or an SOW hereto. Vendor shall grant to Customer a limited license to use such pre-existing intellectual property and improvements to the extent required in connection with provision or receipt of the Services.

6.2. Work Product.

With respect to all work product (including, without limitation, the Deliverables) which is created pursuant to any Service or SOW under this Agreement (whether as individual items and/or a combination of components and whether or not the applicable Services are completed) (the foregoing,

collectively, “Work Product”), Customer shall be the sole and exclusive owner of all Work Product, and of all proprietary and intellectual property rights in and to the Work Product (including all patent, copyright, trademark, trade secret and other proprietary rights therein and thereto). Ownership of the Work Product shall inure to the benefit of Customer from the date of conception, creation or fixation of the Work Product in a tangible medium of expression (whichever occurs first). Each copyrightable aspect of the Work Product shall be considered a “work-made-for-hire” within the meaning of the Copyright Act of 1976, as amended. If the Work Product is not considered to be a “work-made-for-hire,” Vendor hereby irrevocably assigns transfers and conveys to Customer all exclusive right, title and interest in and to the Work Product, and all copies thereof, without further consideration in perpetuity (whether currently existing or conceived, created or otherwise developed later), including all copyrights, trademarks, trade secrets, patents, industrial rights and all other intellectual and proprietary rights related thereto (the “Proprietary Rights”), effective immediately upon the inception, conception, creation or development thereof and for no further consideration (“Assignment”). The Proprietary Rights shall include all rights, whether existing now or in the future, whether statutory or common law, in any jurisdiction in the world, related to the Work Products, together with all national, foreign and state registrations, applications for registration and all renewals and extensions thereof (including any continuations, continuations-in-part, divisionals, reissues, substitutions and reexaminations); all goodwill associated therewith; and all benefits, privileges, causes of action and remedies relating to any of the foregoing, whether before or hereafter accrued (including the exclusive rights to apply for and maintain all such registrations, renewals and extensions; to sue for all past, present and future infringements or other violations of any rights relating thereto; and to settle and retain proceeds from any such actions). Except as may be set forth in the applicable SOW or otherwise agreed to in writing by the Parties, Vendor retains no rights to use the Work Products and agrees not to challenge the validity of Customer’s ownership in the Work Product. The Assignment shall not lapse under any circumstances, including any failure of Customer to exercise any of its rights under the Assignment for any period, which includes Customer not making use of the Deliverables for any period. Vendor shall obtain similar written undertakings from all Vendor Personnel who are or will perform any Services, so as to ensure Customer’s ownership of the Work Product as provided herein and enable Customer to perfect, preserve, register and/or record its rights in any Work Product. To the extent, if any, that any Work Products or Proprietary Rights are not assignable or that Vendor retains any right, title or interest in and to any Work Product or any Proprietary Rights, Vendor (a) unconditionally and irrevocably waives the enforcement of such rights, and all claims and causes of action of any kind against Customer with respect to such rights; (b) agrees, at Customer’s request and expense, to consent to and join in any action to enforce such rights; and (c) hereby grants to Customer a perpetual, irrevocable, fully paid-up, royalty-free, transferable, sublicensable (through multiple levels of sublicenses), exclusive, worldwide right and license to use, reproduce, distribute, display and perform (whether publicly or otherwise), prepare derivative works of and otherwise modify, make, have made, sell, offer to sell, import and otherwise use and exploit (and have others exercise such rights on behalf of Customer) all or any portion of such Work Product in any form or media (now known or later developed). The foregoing license includes the right to make any modifications to such Work Product regardless of the effect of such modifications on the integrity of such Work Product, and to identify Vendor, or not to identify Vendor, as one or more authors of or contributors to such Work Product or any portion thereof, whether or not such Work Product or any portion thereof have been modified. Vendor further irrevocably waives any “moral rights” or other rights with respect to attribution of authorship or integrity of such Deliverables that Vendor may have under any applicable law under any legal theory. Vendor hereby waives and quitclaims to Customer any and all claims, of any nature whatsoever, which Vendor now or may hereafter have for infringement of any Work Product or Proprietary Rights assigned and/or licensed hereunder to Customer.

Vendor acknowledges that the Parties do not intend Vendor to be a joint author of the Work Product and that Vendor shall in no event be deemed the joint author of any Work Product. The Parties will cooperate with each other and execute such other documents as may be necessary and appropriate to achieve the objectives in this Section, this Agreement and any applicable SOW hereto. Without limiting the foregoing, prior to any Vendor Personnel providing any Services hereunder, Vendor shall require each such Vendor Personnel to execute an assignment agreement with Vendor. Work Product shall not include and the assignment obligations in this Section shall not apply to: (a) any creations that were conceived, created or reduced to practice by or for Vendor (alone or with others) independently without reference to any work created for or provided by Customer and/or prior to commencement of this Agreement (collectively, “Background Technology”); or (b) any software, materials or other technology which is owned or controlled by a third party, including any open source code (“Third Party Technology”). Vendor shall, immediately upon Customer’s request or upon the termination, cancellation or expiration of any SOW or this Agreement, turn over to Customer all Work Product (including all Deliverables and other materials and information) prepared or developed pursuant to such SOW or this Agreement (as applicable), whether completed or in progress, and any Customer Confidential Information (as defined below), documents or other materials held by or on behalf of Vendor, together with all copies thereof.

6.3. Vendor License to Use Work Product.

Customer hereby grants to Vendor, during the term of the applicable SOW(s) and, as necessary the Term of this Agreement, a non-transferable, non-exclusive, royalty-free, fully paid-up limited license to use the Work Product solely as necessary to provide the Services to Customer and/or its Affiliates. Neither Vendor (including Vendor Personnel) nor any subcontractor shall have the right to use the Work Product, including in connection with the provision of services to its other Customer Affiliate, without the prior written consent of Customer, which consent may be withheld, delayed, given or conditioned in Customer’s sole discretion.

6.4. Customer Data.

Vendor acknowledges and agrees that, except as expressly set forth in this Agreement, Customer owns, and shall at all times retain ownership of, all right, title and interest in and to the Customer data (including Confidential Information, Client Data and all other software, materials, and other intellectual property that Customer provides to Vendor) and to any modification, compilation or derivative works therefrom (collectively, “Customer Data”). Customer shall permit Vendor to have access to Customer Data solely to the extent Vendor requires access to such Customer Data to provide the Services in accordance with the terms of this Agreement and the applicable SOW hereto and in any event only to the extent permitted under any applicable third party agreements. Vendor may only use the Customer Data to perform the Services for Customer and may not otherwise use, disclose, or modify Customer Data, merge it with other data, commercially exploit it, or engage in any other practice or activity that may in any manner adversely affect the integrity, security, or confidentiality of such Customer Data, other than as specifically permitted herein or as directed by Customer in writing.

6.5. Vendor Proprietary Information.

To the extent that the provision of the Services, or the use or exploitation of any Work Product, requires the use or incorporation of any Background Technology, Third Party Technology

(such information and materials, collectively, “Vendor Proprietary Information”), Vendor shall (a) notify Customer in advance of any potential use or incorporation thereof; (b) obtain the prior written authorization of Customer for such use or incorporation; (c) at Customer’s request, provide Customer with copies of any such Vendor Proprietary Information; and (d) list any Vendor Proprietary Information to be used in the applicable SOW. All such Vendor Proprietary Information shall be marked by Vendor as “confidential” or “proprietary,” or, if disclosed orally or in other intangible form, shall be summarized by Vendor in writing within fifteen (15) days after such disclosure. If Vendor fails to obtain such authorization or give such notice, Vendor agrees that it shall make no claim against Customer with respect to any such Vendor Proprietary Information. Except to the extent otherwise expressly set forth in an SOW or otherwise agreed by the Parties in writing, in the event that any Vendor Proprietary Information is incorporated into or otherwise included in, or is necessary to operate any Deliverable or other Work Product, Vendor hereby grants to Customer an irrevocable, perpetual, fully paid-up, non-exclusive, royalty-free, transferable, sublicensable (through multiple levels of sublicensees), worldwide right and license to reproduce, distribute, display and perform (whether publicly or otherwise), prepare derivative works of and otherwise modify, make, have made, sell, offer to sell, import and otherwise use and exploit (and have others exercise such rights on behalf of Customer) all or any portion of such Vendor Proprietary Information in connection with developing, enhancing, marketing, distributing or providing, maintaining or supporting, or otherwise using or exploiting, Customer products and services, in any form or media (now known or later developed), without consideration and without any obligation to account to Vendor or any third party.

7. Audit.

7.1. Books and Records.

Vendor shall maintain (i) complete and accurate records and books of account with respect to this Agreement, the Services and all SOWs hereunder, including, where practical, electronic copies of all such records and books, consistently applied and complying in all respects with all applicable laws and regulations including transaction-level documentation, such as supporting invoices, purchase orders, tax returns, exemption certificates, and other relevant documents, to substantiate all of the Service Fees and Charges hereunder, and (ii) records and information sufficient to show its compliance with the terms of this Agreement and any SOWs, including the terms of this Section. Such records shall include Vendor’s books, work, documents, papers, materials, payrolls, records, accounts, and any and all data relevant to this Agreement. Such records and books of account of Vendor’s business shall be maintained by Vendor at its principal business office; Customer (or its designees) shall have the right to inspect, examine, and make extracts of information; to copy any part thereof at any reasonable time during normal business hours; and to audit and verify statements, invoices or bills submitted by Vendor pursuant to this Agreement. Upon Customer’s prior notice to Vendor, any such records (including records that Vendor may store off-site) will be made available to Customer (or its designees) promptly and in no event later than any time period requested or specified by a regulator. Vendor shall retain and maintain accurate records and documents relating to performance of Services and the Service Fees and Charges paid or payable under this Agreement until the latest of (a) the time periods to be set forth in this Agreement and/or the applicable SOW (but not less than three (3) years from the date of the final payment under this Agreement; (b) following the final resolution of all audits or the conclusion of any litigation or other dispute resolution with respect to this Agreement; (c) Customer’s record retention policy; (d) Vendor’s record retention policy; or (e) such longer time period as may be required by applicable federal, state, local and/or international laws or regulations, including tax laws and statutory accounting and recordkeeping requirements, or the hold

requirements of any litigation, investigation, or other legal proceeding. Vendor will cooperate upon Customer’s written request for preservation and production requirements related to any investigation or other legal proceeding.

7.2. Notice, Timing and Conduct of Audits.

Other than in the case of security audits, or audits triggered by a good faith suspicion of fraud or breach of Vendor’s confidentiality obligations under this Agreement, Customer shall provide Vendor commercially reasonable notice before conducting audits. Customer shall use commercially reasonable efforts to conduct audits, or cause audits to be conducted, during normal business hours and in a manner that does not unreasonably interfere with Vendor’s normal course of business. Any audit conducted under this Agreement shall be subject to the following limitations: (i) use of any third party that is or acts for a competitor of Vendor shall be subject to Vendor’s prior written approval, such approval not to be unreasonably withheld or delayed, and (ii) Customer or any auditor conducting such audit on its behalf shall at all times comply with any and all reasonable security and confidentiality guidelines and other policies of Vendor with respect to the audit, which have been previously provided, unless such guidelines are in conflict with the subject matter and requirements of the audit.

7.3. Performance Audits.

On an annual basis, Customer and/or its designated representative may conduct a performance audit on Vendor’s premises or the site of the Services to ensure Vendor’s compliance with the terms of this Agreement or any applicable SOWs, applicable laws and regulations, or Customer’s internal policies, which have been provided to Vendor, to evaluate Vendor’s performance under this Agreement and as otherwise required for regulatory and reporting purposes (such inspection and review, a “Performance Audit”). Vendor will provide to Customer and/or its designated representatives all necessary access to information, Vendor Personnel and Vendor’s subcontractors’ employees and agent’s facilities and infrastructure to the extent each of the foregoing relates to the Services, and all support reasonably necessary in connection with the Performance Audit at no charge to Customer. Any Performance Audit shall be conducted during Vendor’s normal business hours in such a manner as not to interfere with Vendor’s normal business activities. Vendor shall require its subcontractors providing Services under this Agreement to allow Customer and/or its designated representatives to exercise the same rights as imposed on Vendor.

If, as a result of any Performance Audit or at any other time it is determined by Customer that Vendor has not complied with the terms of this Agreement or has failed to perform in accordance with the requirements thereof (each, a “Performance Failure”), Vendor shall promptly prepare a plan reasonably acceptable to Customer to correct the applicable Performance Failure(s) and upon Customer’s acceptance of such plan shall correct all Performance Failures identified in the Performance Audit (if within scope of the SOW). If such Performance Failure is not remedied in accordance with the foregoing provision promptly and in no event later than time period specified for the applicable level of severity in Exhibit G hereto after receipt of Customer’s notice of such noncompliance, such failure shall be deemed a material breach, subject to applicable cure periods.

7.4. Financial Audits.

Upon Customer’s request, Vendor shall allow Customer and/or any independent third party selected by Customer to fully audit Vendor’s respective Affiliates’ books and records to the extent necessary to verify any amounts paid or payable hereunder (provided that Vendor shall not be

obligated to share its internal cost or profit data). Such auditors shall be provided with full access to such information, books, and records as may be necessary to confirm the accuracy of Vendor’s invoices, documents, and other information supporting such invoices and any pricing adjustment computations. If any such audit reveals that Vendor has overcharged Customer or that Customer has overpaid for any of the Services during the period to which the audit relates (as determined prior to the commencement of the audit), then Vendor shall, no later than thirty (30) days after the audit is concluded and Vendor has been advised of the results, provided that Vendor does not dispute such results based on contrary findings from an alternative auditor, refund any overpayment, including any taxes collected from Customer thereon plus interest at the prevailing interest rate from the date of payment of the overcharge through the date the overcharge is refunded by Vendor. If any such audit reveals that the overcharge or overpayment by Customer is five percent (5%) or more of the total amount actually owed to Vendor under the applicable invoice(s), Vendor shall also reimburse Customer for the reasonable costs of the audit. Vendor shall in no event dispose of, destroy, alter or mutilate said books, work, documents, papers, materials, payrolls, records, accounts, and/or data in any manner whatsoever for three (3) years after the final payment under this Agreement, or until all pending matters are closed, whichever is later.

7.5. SSAE 16 Type II Reports.

To the extent that Vendor does not routinely perform SSAE 16 Type II audits, at Customer’s expense Vendor will cause a reputable, nationally recognized independent auditor, to provide SSAE 16 “Type II” audit reports (“Type II Report”) on internal controls over financial reporting placed in operation and tests of operating effectiveness of those controls for Vendor, Vendor’s Affiliates, and any subcontractors with respect to the Services performed under this Agreement. To the extent that Vendor does perform an annual SSAE 16 Type II audit, Vendor shall provide a copy of the final Type II Reports to Customer. In either instance, Vendor shall provide such Type II Reports at a time specified by Customer to meet its and its Affiliates’ compliance program, audit requirements, and other contractual and legal obligations. The methodology and scope of such SSAE 16 audits will be at least as comprehensive as those provided as of the effective date, provided that Vendor will take all reasonable steps to accommodate additional requests of Customer to meet the requirements summarized above. Vendor shall provide Customer and its relevant Affiliates, at Vendor’s sole cost and expense with an appropriate certification, with respect to a period specified by Customer, following the last day of coverage of any such Type II Report, which shall (a) certify that the conclusions stated in the Type II Report remain applicable through to the end of such period and (b) identify and describe any change in internal controls or other circumstances that may impact such conclusions. Vendor shall comply with the Type II Report and Customer security standards set forth in Exhibit M (Information Security Schedule) hereto.

7.6. Vendor Reports.

Vendor shall make available to Customer the findings of any review or audit conducted by Vendor, its Affiliates, or their contractors, subcontractors, agents, or representatives (including internal and external auditors), to the extent such findings reflect conditions and events which have a material impact on this Agreement, any SOW thereto, and/or the Services. On an annual basis, Vendor shall provide a written certification to Customer that all invoices provided during the previous calendar year are accurate, complete, and comply with this Agreement.

7.7. Cost of Audit.

Except as expressly set forth in this Agreement, each Party will bear its own costs and expenses, including auditor fees that it may incur in performing its obligations under this Section.

7.8. Compliance.

Failure of Vendor to comply with any of the requirements set forth in these Audit provisions shall be deemed a material breach of this Agreement.

7.9. Federal Regulatory Audits.

Vendor acknowledges that under the Bank Service Corporation Act (12 U.S.C. §1861 et seq.) and other Laws applicable to Customer, in performing the Services contemplated under this Agreement, Vendor may be subject to examination by Governmental Authorities including United States Federal supervisory agencies. Vendor shall submit to, and cooperate fully with, any such examination. Subject to Customer’s prior approval, Vendor shall promptly address and implement all recommendations for improvements resulting from such examinations.

8. Representations and Warranties; Disclaimer.

8.1. Vendor Representations and Warranties.

Vendor represents and warrants:

(a) Vendor shall provide the Services in a manner that meets or exceeds the performance standards set forth in this Agreement or the applicable SOW, or , if not stated in the applicable SOW, at or above the levels achieved by Customer (in the case of Services performed by Customer) and required to be achieved by Customer’s Vendors (in the case of services performed by third party Vendors) during the twelve (12) months prior to the Effective Date, if applicable and available, except where Customer has agreed to specific quantitative Service Levels in this Agreement and/or an SOW hereto.

(b) The Services shall be performed with promptness and diligence and executed in a workmanlike manner, in accordance with the practices and professional standards used in well-managed operations performing services similar to the Services;

(c) Vendor shall use an adequate number of qualified individuals with suitable training, education, experience, and skill to perform the Services and be sufficiently familiar with the technology, processes and procedures used to provide such Services;

(d) Vendor is either the owner of, or has sufficient and valid rights and authorizations to use, the Existing Third Party Software or Background Technology, and all intellectual property rights therein, which Vendor provides or that is to be utilized by Vendor or approved subcontractors in the provision of the Services.

(e) Subject to 12.3, below, the Services, including any products materials and Deliverables used to provide the Services, Work Product and Deliverables do not and will not misappropriate, infringe or violate the intellectual property rights of any third party, including any patent, copyright, trademark, trade secret, publicity, privacy or other intellectual property or other rights of any third party, and are not and shall not be defamatory or obscene. The Work Product shall be an original work of Vendor, and each Vendor Personnel or other person involved in the

development of Work Product has executed (or prior to any such involvement, shall have executed) a written agreement with Vendor in which such person and/or subcontractor (i) assigns to Vendor all right, title and interest in and to the Work Product in order that Vendor may fully grant the rights and assignments to Customer as provided herein and (ii) agrees to be bound by confidentiality and non-disclosure obligations no less restrictive than those set forth in this Agreement;

(f) The Services, Work Product and/or Deliverables shall substantially conform to the technical and functional specifications in a SOW (“Specifications”) for such Services, Work Product and/or Deliverables such that Services, Work Product and/or Deliverables are free from Material Defects as agreed and defined by the Parties or set forth in the applicable SOW for the Warranty Period. As part of the Services, during the applicable Warranty Period, Vendor will promptly correct any Material Defects which prevent any Services, Work Product or Deliverable(s) from conforming to the Acceptance Criteria or Specifications specified in this Agreement or SOW. “Warranty Period” shall mean, with respect to a Deliverable or Service, a period of sixty (60) days following the Acceptance of the Work Product or a Deliverable, or the performance of a Service, or such other time period as my be set forth in the applicable SOW. Notwithstanding the forgoing, Vendor’s obligations under this Section 8.1(f) shall not apply to the extent such non-conformance with the Specifications or Acceptance Criteria is caused by (i) Customer’s hardware malfunction, but only to the extent such hardware malfunction caused the non-conformance (ii) third party software not licensed through Vendor but only to the extent that such third party software caused the non-conformance, (iii) the installation of the Deliverable in a hardware or operating environment expressly prohibited in the applicable specifications in the SOW; and (iv) modifications or customization, of the Deliverables which are not created, authorized in writing, or directed in writing by Vendor, but only to the extent that such modifications, customization caused the non-conformance.

(g) Vendor shall, as part of the Services, for securing all authorizations, permits, licenses, consents, approvals, and/or waivers, whether U.S. or foreign, and including all applicable import/export control approvals, which are required for Vendor to provide the Services and any Work Product or Deliverable to Customer or its Affiliates (collectively, “Authorizations”). Vendor will take all lawful steps necessary to obtain such Authorizations no later than the time specified in the implementation and transition milestones, or as otherwise required by Customer, and to maintain such Authorizations in full force and effect during the remainder of the Term;

(h) Vendor is not, and covenants that it shall not be, in violation of any laws, ordinances, statutes, rules, regulations or orders of governmental or regulatory authorities to which it or the provision of the Services are subject (including applicable statutory accounting standards), including the Privacy Laws (collectively, the “Laws”), and has not failed, and shall not fail, to obtain any licenses, permits, franchises, or other governmental authorizations necessary for the ownership of its properties or the conduct of its business, which violation or failure, either individually or in the aggregate, might adversely affect its business, properties or financial condition, or performance of the Services. Without limiting the foregoing, and notwithstanding any other provision of this Agreement, Vendor shall be solely responsible for, and for all costs associated with:

(1) Confirming, with applicable PRC Governmental Authorities (as defined in Section 8.4 below), whether the technology (a) to be provided under this Agreement to Vendor in PRC and (b) to be provided by Vendor from PRC to Customer, is deemed

“unrestricted,” “restricted,” or “prohibited,” and promptly notifying Customer in writing of such classification(s);

(2) Promptly procuring, completing and filing, as applicable, any documents, approvals, authorizations, filings, and registrations necessary under PRC law for the terms and conditions of this Agreement and for the performance of the obligations and activities contemplated hereunder (including by filing this Agreement with the PRC Ministry of Commerce (“MOFCOM”) and, if required by applicable law, rule, or regulation, by obtaining any approvals for this Agreement from the relevant PRC Governmental Authorities);

(3) Promptly securing any necessary approvals to ensure that this Agreement and the relationship between all Parties hereto as contemplated hereunder complies with all laws, rules and regulations of the PRC and of any applicable PRC and of any applicable PRC Governmental Authorities;

(4) Promptly providing Customer with copies of all correspondence and documentation arising from or related to Vendor performance of its obligations in foregoing subsections;

(5) Immediately notifying Customer in the event that any documents, approvals, authorizations, filings, or registrations required pursuant to foregoing subsections cannot be made or obtained, which notice shall include a detailed description of the reasons therefore;

(6) Confirming, with applicable PRC Governmental Authorities, the classifications as “unrestricted”, “restricted” or “prohibited” under the PRC, Foreign Trade Law of any software improvements created, developed or reduced to proactive by Vendor in PRC in its performance of Services hereunder;

(7) Providing Customer in advance with copies of the form of any employment agreement(s) that Vendor in PRC intends to use in relation to this Agreement, which employment agreements(s) shall be subject to Customer’s review and written approval, and following such approval, ensuring that such employment agreement(s) are filed in a timely manner with any applicable local PRC labor bureau(s) or other PRC Governmental Authorities;

(8) Reasonably cooperating with Customer, at Customer’s expense, in Customer’s registration in the PRC of any copyrights, trademarks, and other intellectual property rights in Customer marks and materials to be used in connection with this Agreement; and

(9) Promptly providing Customer with written notice of any material changes to PRC laws, rules or regulations of which Vendor becomes aware, which could materially affect Vendor’s performance of this Agreement;

(i) Vendor shall implement and use industry best practices to identify, screen, and prevent, and warrants that Vendor shall use the latest available, most comprehensive virus detection scanning and remediation program(s) and shall notify Customer immediately if it suspects, reasonably believes or becomes aware of the existence of any viruses in or affecting the Services and

if it identifies any elements thereof that would make any of them susceptible to known viruses or viruses the Vendor comes to know of and shall not knowingly introduce, any virus or disabling device in the Services, including any hardware, software, or other resources utilized by Vendor, a Vendor affiliate, subcontractor, or Customer or Customer Affiliate in connection with the Services;

(j) As part of the Services, Vendor shall use all reasonable efforts to reduce and/or eliminate the effects of any viruses, malicious or harmful code, or disabling devices introduced in any Deliverable or Service as delivered by Vendor or its subcontractors, including, without limitation, by restoring and/or bearing the cost to recreate any lost data which was hosted on Vendor’s servers or at Vendor’s facilities -operational efficiencies, and/or software programming. If a Work Product or Deliverable will contain any open source code, Vendor will identify such open source code in the applicable SOW or Change Order and will attach a copy of the license to such open source code of the SOW or Change Order; as the case may be;

(k) Vendor is a Delaware corporation, and is qualified and registered to transact business in all locations where the performance of its obligations hereunder would require such qualification and has all necessary rights, powers, and authority to enter into and perform this Agreement and to bind its organization with respect to the same, and the execution, delivery, and performance of this Agreement by Vendor have been duly authorized by all necessary corporate action. Vendor’s execution of and performance under this Agreement shall not breach any oral or written agreement with any third party or any obligation owed by Vendor to any third party to keep any information or materials in confidence or in trust;

(l) The execution and performance of this Agreement by Vendor shall not violate any law, statute, or regulation and shall not breach any agreement, covenant, court order, judgment or decree to which Vendor is a party or by which it is bound;

(m) Vendor owns, free and clear of all liens and encumbrances, all right, title, and interest in and to the tangible property and Background Technology and in and to the Existing Third Party Software related proprietary and intellectual property rights, or has received appropriate licenses, leases, or other rights from third parties to permit such use;

(n) This Agreement shall constitute a valid, binding, and enforceable obligation of Vendor;

(o) There is no action, suit, or proceeding pending or threatened against or affecting Vendor before or by any court, administrative agency, or other governmental authority which in any way will impair Vendor’s ability to perform all of its obligations under, or which otherwise brings into question the enforceability or validity of the transactions contemplated by this Agreement, any SOW hereto, or the accuracy of Vendor’s representations, warranties, and covenants under this Agreement;

(p) Reserved;

(q) Vendor shall comply with Section 14 (Client Data) below and the terms of the Vendor Data Security Schedule attached as Exhibit M; and

(r) Unless otherwise provided for in a SOW Vendor shall, at no additional cost to Customer, maintain compliance with the Software Engineering Institute (SEI) Capability Maturity Model Integration (CMMi) Level 5 requirements for all Vendor facilities where Vendor is

performing work for Customer. Vendor’s SEI CMMi Level 5 compliance shall be subject to periodic assessment and verification by an independent third party auditor approved in advance by Customer. The expense of such independent assessment and verification shall be borne by Vendor, and the results of such assessment and verification shall be promptly provided to Customer in writing. Vendor shall promptly notify Customer in writing of any changes or reassessments with respect to Vendor’s CMM, ISO, PCMM and other industry certifications, without any additional cost to Customer. To the extent any such reassessment involves an audit of Vendor, a copy of all such audit findings shall promptly be provided to Customer.

8.2. Customer Representations and Warranties.

Customer represents and warrants that (a) it is duly organized and validly existing and in good standing under the laws of the state of its incorporation or formation and (b) Customer’s performance of this Agreement shall not violate or conflict with any agreement to which Customer is a party.

8.3. Disclaimer.

EXCEPT AS SET FORTH IN THIS SECTION 8 OR AS OTHERWISE EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER PARTY MAKES, AND EACH PARTY HEREBY DISCLAIMS, ANY OTHER REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED (EITHER IN FACT OR BY OPERATION OF LAW), OR STATUTORY, WITH RESPECT TO THE SUBJECT MATTER OF THIS AGREEMENT, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

8.4. Foreign Corrupt Practices Act.

8.4.1. In its performance under this Agreement, Vendor and its officers, directors, employees and agents shall comply with Foreign Corrupt Practices Act of 1977, as amended (“FCPA”). Vendor acknowledges that the FCPA prohibits employees, agents, consultants or any other person acting on behalf of any United States company or any of its domestic or foreign subsidiaries from making (directly or indirectly) payments (whether made in the United States or elsewhere) to a Government Official for the purpose of influencing official acts or decisions of any Governmental Agency. For purposes of this Agreement, “Government Official” shall mean any: (a) officer or employee of a Governmental Agency, including an immediate family member thereof, (b) person acting in an official capacity for a Governmental Agency, or (c) official of a political party or candidate for political office or candidate for office in a political party; and “Governmental Agency” shall mean: (a) the central government of India, People’s Republic of China (“PRC”), or any other country in which the Services are being performed or any department or regulatory authority thereof, (b) the government of any political subdivision of India, PRC, or any other country in which the Services are being performed or any department or regulatory authority thereof, (c) a semi-governmental or judicial person or entity in India, PRC or any other country in which the Services are being performed, or (d) a person or entity (whether autonomous or not) who is charged with the administration of any rule, regulation or law.

8.4.1.1. Vendor hereby represents warrants and covenants to Customer that in connection with its performance under this Agreement:

8.4.1.2 Vendor has not made, and will not, make, directly or indirectly, any payment, loan or gift (or any offer, promise or authorization of any such payment, loan or gift) of money or anything of value to or for the use of: (i) any Government Official; or (ii) any officer, director, employee, or owner of any actual or potential customer of the Customer; or (iii) any other person under circumstances in which Vendor knows that all or any portion of such money or thing of value will be offered, given or promised, directly or indirectly, to any person named in subsection (i) or (ii) above, for the purpose of inducing the aforementioned person to do any act or make any decision in his official capacity (including a decision to fail to perform his official function) or use his influence with a Governmental Agency in order to obtain or retain any business or perform its obligations hereunder (other than certain facilitating payments specified in the FCPA that are permitted). For purposes of this Agreement, “Governmental Authority” shall mean any applicable (a) federation, country, nation, state, sovereign, or government; (b) federal, supranational, regional, state, local, or municipal political subdivision; (c) governmental or administrative body, instrumentality, department, or agency; (d) court, administrative hearing body, arbitrator, commission, or other similar dispute resolving panel or body; or (e) any other entity exercising executive, legislative, judicial, regulatory, taxing, or administrative functions of a government with jurisdiction over the applicable matter;

8.4.1.3. No payment has been or shall be approved or made by Vendor with the intention or understanding that any part of such payment is to be used for any purpose other than that described by the documents supporting such payment; and

8.4.1.4 Should Vendor learn of any payment, offer or agreement to make a payment to the Government Official for the purpose of maintaining or securing business, Vendor will as soon as practicable advise Customer thereof.

8.4.2. Notwithstanding anything to the contrary, if Vendor takes any action that could constitute a violation of this Section or the FCPA, Customer may, at its sole option, immediately (without further opportunity to cure) terminate this Agreement and/or any SOW executed hereunder.

9. Term/Termination.

9.1. Term.

This Agreement shall commence on the Effective Date and remain in full force and effect, unless and until terminated earlier in accordance with this Section 9 (the “Term”).

9.2. Termination.

9.2.1. Termination for Convenience. Customer may immediately terminate this Agreement or any SOW, unless otherwise set forth in an applicable SOW, in whole or in part, upon thirty (30) days prior written notice (specifying the effective date of termination) to Vendor.

9.2.2. Termination for Cause.

9.2.2.1. AIGPS may terminate this Agreement in whole or in part for cause for any of the reasons set forth below in this Section 9.2.2 (each a “Cause”). AIGPS or Customer may likewise terminate in whole or in part an SOW into which it has entered for any Cause applicable to such SOW and Vendor’s performance thereunder:

(a) If Vendor, directly or indirectly through Vender Personnel and/or Vendor’s subcontractors or agents, commits a material breach of its obligations under this Agreement (and, if such material breach is capable of being cured within thirty (30) days or other applicable cure period specified in this Agreement or the applicable SOW and Vendor fails to cure such material breach in all material respects within such cure period);

(b) Immediately upon notice, if Vendor, directly or indirectly through Vendor Personnel and/or Vendor’s subcontractors or agents, commits a breach of its confidentiality and data security obligations under Sections 13 and 14 of this Agreement;

(c) Immediately upon notice, if Vendor, directly or indirectly through Vender Personnel and/or Vendor’s subcontractors or agents, misuses or infringes Customer’s or its Affiliates’ intellectual property, including Customer’s or its Affiliates’ trademarks or service marks;

(d) Customer otherwise has reasonable cause to believe that Vendor is not in a financial position to perform its obligations under this Agreement consistently and in a sustained manner

(e) If Vendor through Vendor Personnel and/or Vendor’s subcontractors or agents, fails to satisfy any critical Service Level in any consecutive three (3) month period during the Term, provided that Customer grants Vendor a 30 day cure period.

(f) A change in control of Vendor, or of an entity which is directly or indirectly controlled by Vendor and which provides a substantial portion of the Services (a “Vendor Subsidiary”) on 10 business days prior written notice within 90 days of the change of control;

(g) A sale of all or substantially all of the assets of a division or other unincorporated business unit of Vendor or a Vendor Subsidiary which provides a substantial portion of the Services, in a single transaction or a series of related transactions, to an entity which is not directly or indirectly controlled by Vendor on 10 business days prior written notice of the change of control; or

(h) Upon the occurrence of a Force Majeure Event, as provided in Section 30, Force Majeure.

9.2.2.2. Vendor may only terminate an SOW upon thirty (30) days prior written notice to Customer in the event that Customer materially breaches this Agreement or any SOW: provided that Customer shall have the right to cure such breach within thirty (30) days of Customer’s receipt of such notice,and prior to any final termination Vendor has tried to resolve this matter in accordance with Section 22, Informal Dispute Resolution, herein.

9.3. Effect of Expiration or Termination.

9.3.1. 9.3.1 Upon the effective date of any expiration or termination of this Agreement, and/or SOW, Vendor shall: (a) immediately cease performing any Services hereunder; (b) immediately return to Customer or destroy, at Customer’s option, any and all Customer Confidential Information and other materials of Customer (including any copies thereof) ), and provide Customer with a certification by an officer of Vendor verifying such return or destruction; (c) return to Customer all Customer-issued identity cards and Customer-issued or Customer-

provided equipment in Vendor’s or its subcontractor’s possession; and (d) promptly deliver to Customer all Work Product or Deliverables then in progress (whether completed or incomplete) , and all Vendor Proprietary Information, included in such Work Product or otherwise, required to be provided hereunder or under any applicable SOW. Customer shall pay Vendor those Charges corresponding to the Services actually rendered by Vendor and the Deliverables and Work Product, as applicable, under the terms and condition of this Agreement or SOW and such amounts shall be in full satisfaction of any obligation or liability of Customer to Vendor for any Charges or other payments due to Vendor under this Agreement or applicable SOW(s).

9.3.2. Termination of this Agreement or an SOW by either Party shall not act as a waiver of any breach of this Agreement and shall not act as a release of either Party from any liability for breach of such Party’s obligations under this Agreement and the SOW(s).

9.3.3. Termination of one SOW shall not be construed to mean that this Agreement or any other SOW is terminated, unless otherwise agreed by the Parties in writing.

9.3.4. Termination of this Agreement by a Party shall be without prejudice to any other right or remedy of such Party under this Agreement, applicable law or in equity.

9.4. Extension of Termination Effective Date.

Customer may extend the effective date of termination one or more times, in its sole discretion, upon thirty (30) days prior written notice to Vendor; provided, however, the total of all such extensions shall not exceed twelve (12) months.

9.5. Survival.

This section 9.5 (Survival) and Sections 1.2 (Performance of Services), 1.4 (Service Fees and Other Charges), 1.6 (Invoicing), 2 (Independent Contractor), 6 (Intellectual Property Rights), 7 (Audit), 8 (Representations and Warranties; Disclaimer), 9.3 (Effect of Expiration or Termination), 9.6 (Termination Assistance), 10 (Non-Solicitation), 11 (Limitation of Liability), 12 (Indemnity), 13 (Confidentiality), and 14 through 33 inclusive, shall service the expiration or termination of this Agreement.

9.6. Termination Assistance.

As part of the Services, Vendor shall provide Termination Assistance (as defined below) to Customer, in accordance with the following terms and conditions:

9.6.1. Generally. Upon Customer’s request, during the Termination Assistance Period, Vendor shall provide Customer and its designee(s) (including any third party services provider that Customer is migrating services that Vendor is performing hereunder) with reasonable termination assistance requested by Customer to allow the services provided pursuant to this Agreement (including the Services) to continue without interruption or adverse effect on the business operations of Customer or any Affiliate following any expiration or termination of this Agreement, and to facilitate the orderly transfer of such services (and any Deliverables/Work Product being created in connection with such services) to Customer or its designee(s) including any new third party service providers (even these replacing Vendor) (collectively, “Termination Assistance”) at the rates in effect at the time of termination. Vendor shall provide such Termination

Assistance in accordance with this Section, even in the event Vendor has terminated this Agreement for cause, provided that Customer is or becomes current with respect to any outstanding, undisputed payments otherwise due hereunder. “Termination Assistance Period” shall mean that period of time commencing upon the earlier of (a) notice by a Party of termination of this Agreement (in whole or in part), (b) notice by Customer of its need for Termination Assistance, or (c) ninety (90) days prior to the expiration of this Agreement, and ending at such time as Customer is satisfied that the Services have been transferred.

9.6.2. Charges. All Termination Assistance shall be provided by Vendor at the rates in effect at time of termination. or as mutually agreed upon in the SOW.

9.6.3. Termination Assistance Services.

(a) All Termination Assistance shall be provided in accordance with the terms and conditions generally governing Vendor’s provision of the Services hereunder. Vendor shall perform all Termination Assistance with at least the same degree of performance, timeliness, accuracy, quality, completeness, responsiveness, and resource efficiency with which Vendor provided and was required to provide the Services, and shall ensure that the quality and level of the Services is not degraded during any Termination Assistance Period. After the expiration of the Termination Assistance Period for 90 days following such expiration, Vendor use reasonable efforts to answer questions from and reasonably cooperate with Customer or its designee(s) regarding the Services on an “as needed” basis at the rates set forth herein Exhibit K.

(b) Within fifteen (15) days after the commencement of the Termination Assistance Period, Vendor shall provide Customer with (a) a detailed written description of all Services provided pursuant to this Agreement, including: (1) a description of staffing levels and Vendor’s structure/organization used to provide such Services; (2) a detailed list of all support and development software and tools used in performing such Services; and (3) a complete plan for know-how and knowledge transfer that enables a smooth transition of the functions performed by Vendor, including development of Work Product, including Deliverables, and all other Services hereunder, to Customer and/or its designee(s) (such plan, the “Turnover Plan”). The Turnover Plan shall be deemed Customer’s Confidential Information and sole property. Upon Customer’s approval of the Turnover Plan, Vendor shall provide all further Termination Assistance in accordance with such Turnover Plan. No provision of Termination Assistance shall be deemed complete hereunder until the Customer Project Manager confirms in writing that all tasks and Work Product, including Deliverables, set forth in the applicable Turnover Plan have been completed and delivered.

(c) Vendor shall provide sufficient Vendor Personnel with current knowledge of the Work Product, including Deliverables, the Services, and this Agreement, to work with the appropriate staff of Customer and, if applicable, its designee(s), including any new third party service providers, to provide any Termination Assistance and to define the specifications for turnover in a manner consistent with the applicable Turnover Plan. Vendor shall cooperate with Customer and its designees, including any new third party service providers, in transitioning any functions or services performed by Vendor or any Vendor Subcontractor under this Agreement to another third party who will assume performing any of the Services.

(d) Vendor shall promptly cooperate with Customer and its designees, and provide Customer and its designees, including any new third party service providers, with any information necessary to effectuate a smooth transfer of the functions performed under this Agreement.

(e) Vendor shall use commercially reasonable efforts to obtain any rights necessary to make available to Customer and its designees, including any new third party service providers, and shall make available to Customer and its designees, including any new third party service providers, pursuant to reasonable terms and conditions, any third party materials or services then being used by Vendor.

10. Non-Solicitation.

Each party acknowledges that the other party’s employees and contractors are valuable business assets, and agrees not to knowingly (for itself or for any third party) offer employment to or otherwise hire, engage the services of, solicit or induce the termination of employment or services of, any employee or contractor of the other party (or any Affiliate or subsidiary thereof) engaged in providing services under this Agreement; and such obligations shall apply during the Term or for a period of one (1) year after such employee terminates his or her employment or service relationship with the other party, whichever occurs earlier, unless the other party gives its express consent thereto in writing. Nothing in this Section 10 shall or shall be construed to prohibit either party from: (a) hiring an employee of the other party or an affiliate of such other party who has responded to a general solicitation of employment not specifically directed at that employee, or (b) responding to unsolicited inquiries about employment or contract opportunities or possibilities from recruiters; provided that there was no violation of this Section with respect to such employee prior to first contact with such responding employee.

11. Limitation of Liability.

EXCEPT WITH RESPECT TO VENDOR’S INDEMNIFICATION OBLIGATIONS, A PARTY’S GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, VENDOR’S BREACH OF THE INFORMATION SECURITY REQUIREMENTS SET FORTH IN EXHIBIT M HERETO, OR VENDOR’S BREACH OF ITS OBLIGATIONS UNDER ARTICLES 13 (CONFIDENTIALITY) OR 14 (CLIENT DATA): (A) IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL DAMAGES, WHETHER IN CONTRACT, WARRANTY OR TORT, INCLUDING WITHOUT LIMITATION, LOST PROFITS, LOST REVENUE, LOST CLIENTS OR LOSS OF REPUTATION, IN CONNECTION WITH OR ARISING OUT OF THIS AGREEMENT, WHETHER OR NOT THE POSSIBILITY OF SUCH DAMAGES HAS BEEN DISCLOSED TO SUCH PARTY IN ADVANCE OR COULD HAVE BEEN REASONABLY FORESEEN BY SUCH PARTY; AND (B) NEITHER PARTY’S LIABILITY ON ANY CLAIM, LOSS OR LIABILITY ARISING OUT OF OR CONNECTED WITH THIS AGREEMENT FOR DIRECT DAMAGES SHALL EXCEED THE GREATER OF (1) **************** THE AGGREGATE CHARGES PAID OR PAYABLE BY CUSTOMER TO VENDOR FOR THE SERVICES UNDER THE STATEMENT OF WORK GIVING RISE TO THE CLAIM OR (2) **********.

12. Indemnity.

12.1. Scope of Indemnity

Vendor shall at its own expense indemnify and hold harmless, and at Customer’s request defend, Customer and its Affiliates, subsidiaries, successors and assigns (and its and their officers, directors, employees, and agents) (collectively “Customer Indemnitees”) from and against any and all claims, losses, liabilities, damages, settlements, expenses and costs (including attorneys’ fees and

court costs) (the foregoing, collectively, “Losses”) which arise directly or indirectly out of or relate to any third party allegations or third party claims against Customer arising out of any of the following (a) any breach (or claim or threat thereof that, if true, would be a breach) of Sections 8.1(d) (intellectual property rights), 8.1(e) (infringement), 8.1(g) (authorizations), 8.1(h) (compliance with laws), 8.1(k) (corporate), 8.1(l) (no violations), 8.1(m) (liens) 8.1(n) (enforceable), 8.1(o) (litigation) and 8.1(q) (data security) of this Agreement by Vendor, Vendor’s security obligations set forth in Exhibit M of this Agreement, Vendor’s confidentiality obligations set forth in Sections 13 or 14, or failure to comply with applicable Laws; (b) the gross negligence or willful misconduct of any Vendor Personnel or Vendor agent; (c) employment-related claims by any Vendor Personnel or Vendor agent other than claims arising to the extent of Customer’s alleged breach of law; (d) personal/bodily injury or death ; (e) tangible property damage that arise from the acts or omissions constituting negligence, willful misconduct or violations of law by Vendor Personnel or Vendor agents or subcontractors; (f) any third party claim or threat thereof that the Services, Work Product and/or Vendor Proprietary Information (and/or the exercise of any rights granted herein with respect thereto) infringe, misappropriate or violate any patent, copyright, trademark, trade secret, publicity, privacy or other proprietary or other rights of any third party, or are defamatory or obscene; or (g) any claim, suit or proceeding brought by any third party against any of the Customer Indemnitees as a result of Vendor’s failure to pay applicable taxes for which it is responsible hereunder, including, without limitation, payroll and other employment-related taxes, social security, disability and other contributions based on fees paid to Vendor, its agents or employees under this Agreement.

12.2. Indemnification Process

Customer shall notify Vendor promptly of any third party claim for which indemnification is sought; provided, however, that the failure to give such notice shall not relieve Vendor of Vendor’s obligations hereunder except to the extent that Vendor was actually and materially prejudiced by such failure. Vendor shall have sole control and defense of any such claim hereunder but Customer may, at its option and expense, participate with Vendor in the defense of any third party claim that is conducted by Vendor as set forth herein. Customer shall cooperate, upon request of Vendor, with Vendor in the defense and settlement of any such claim. Vendor may not settle any Losses without the prior written approval of Customer, which approval shall not be unreasonably withheld or delayed.

Notwithstanding anything to the contrary herein, Vendor will pay any and Losses with respect to any claim or allegation covered under this Section finally awarded against the indemnified party to such third party by a court of competent jurisdiction after all appeals have been exhausted or at the time of a final settlement of such claims or final award, if applicable.

12.3. Infringement.

If any Services, Work Product and/or Vendor Proprietary Information becomes, or in Vendor’s reasonable opinion is likely to become, the subject of any claim or action for infringement, then Vendor shall have the right at its discretion and expense either to: (a) procure for Customer the right to continue to use and exploit such Services, Work Product and/or Vendor Proprietary Information in the manner as contemplated in this Agreement; or (b) modify such Services, Work Product and/or Vendor Proprietary Information to render them non-infringing, provided that such modification does not adversely affect Customer’s use or exploitation thereof, or any other Customer rights as contemplated hereunder. If neither of these remedies are reasonably available to Vendor, Vendor may require Customer to cease using the infringing Services, Work Product and/or Vendor

Proprietary Information and Vendor will issue Customer a pro-rated refund based on a 5 year amortization schedule for the infringing Services, Work Product and/or Vendor Proprietary Information. Vendor shall have no liability for any infringement claim based upon: (i) any alteration or modification of any Services, Work Product and/or Vendor Proprietary Information not provided by Vendor, if the infringement would not have occurred but for the unauthorized alteration or modification by Customer provided any authorization must be expressly provided in writing by Vendor; (ii) unauthorized use by Customer of the Services, Work Product and/or Vendor Proprietary Information in combination with other programs or data not intended by Vendor to be used with the Services, Work Product and/or Vendor Proprietary Information(s), as the case may be, if the infringement would not have occurred but for such unauthorized use in combination with such programs or data; provided any authorization must be expressly provided in writing by Vendor; (iii) Vendor’s compliance with Customer’s designs, specifications or instructions; or (iv) any Customer provided intellectual property if the infringement would not have occurred but for the Customer intellectual property.

13. Confidentiality.

13.1. Confidential Information.

Each Party, in performing its obligations under this Agreement, may have access to or be exposed to, directly or indirectly, confidential and/or proprietary materials of the other Party (“Confidential Information”). In the case of Customer, Confidential Information shall include all Work Product (excluding Vendor Proprietary Information); all information concerning the operations, affairs, products, marketing, systems, technology, customers, end-users, and businesses, including financial affairs, of Customer and/or any Affiliate, and their respective relations with their customers, employees, agents, and service providers (including customer lists, customer data, transaction information, completed insurance forms, supplier data, know-how, third party software and/or products provided by Customer to Vendor for use by Vendor and information regarding consumer markets); all Client Data (as defined below); and any other proprietary and trade secret information of Customer and/or any Affiliate, whether in oral, graphic, written, electronic or machine-readable form. In the case of Vendor, Confidential Information shall include the Vendor Proprietary Information, information concerning the operations, affairs, products, marketing, systems, technology, customers, end-users, and businesses, including financial affairs, of Vendor, Vendor’s fees, rates, proposals, and other Vendor information designated in writing by Vendor as Confidential Information. For purposes of this Agreement, “Client Data” shall mean (a) any information from which an individual can be identified; (b) any information concerning an individual that would be considered “nonpublic personal information” within the meaning of Title V of the Gramm-Leach Bliley Act of 1999 (Public Law 106-102, 113 Stat. 1338) and its implementing regulations, as the same may be amended from time to time; (c) any information regarding Customer’s (and/or its Affiliates’) clients or prospective clients received by Vendor in connection with the performance of its obligations under the Agreement, including, but not limited to, (i) an individual’s name, address, e-mail address, IP address, telephone number and/or social security number, (ii) the fact that an individual has a relationship with Customer and/or its parent, affiliated or subsidiary companies, (iii) an individual’s account information; (iv) any information regarding an individual’s medical history or treatment; and (v) any other information of or relating to an individual that is protected from disclosure by applicable Privacy Laws. For purposes of this Agreement, “Privacy Laws” shall mean any national, federal, state or local laws, rules or regulations of any jurisdiction relating to the personal information or collection, use, storage,

disclosure or transfer of personal information, including the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, Data Protection Act 1998, Directive 95/46/EC of the European Parliament and any legislation and/or regulation implementing same, the Japanese Law Concerning the Protection of Personal Information and the applicable implementing Ministry Guidelines and any legislation and/or regulation implementing them, the Hong Kong Personal Data (Privacy) Ordinance, the Canadian Personal Information Protection and Electronic Documents Act, and the Argentinean Personal Data Protection Regulation, as each may be amended from time to time. To the extent that there is a conflict between this Section 13 and Section 14 regarding the scope of Vendor’s confidentiality obligations and/or any applicable confidentiality exclusions with respect to Client Data, the terms and conditions of Section 14 shall govern.

13.2. Exclusions.

Except with respect to Client Data, Confidential Information shall not include information which can be demonstrated: (a) to have been rightfully in the possession of the receiving Party from a source other than the disclosing Party prior to the time of disclosure of said information to the receiving Party hereunder (“Time of Receipt”); (b) to have been in the public domain prior to the Time of Receipt; (c) to have become part of the public domain after the Time of Receipt by a publication or by any other means except an unauthorized act or omission by, or breach of this Agreement on the part of, the receiving Party or its employees or agents; (d) to have been supplied to the receiving Party after the Time of Receipt without restriction by a third party who is under no obligation to the disclosing Party to maintain such information in confidence; or (e) is independently developed by the receiving party without the use of Confidential Information of the disclosing party, or its affiliates, clients or suppliers. In addition, if the receiving Party receives a subpoena or other validly issued administrative or judicial notice requesting the disclosure of the disclosing Party’s Confidential Information, the receiving Party (i) shall promptly notify the disclosing Party in writing to allow the disclosing Party a reasonable opportunity to resist such disclosure and/or seek a protective order before the required time for disclosure, and (ii) if requested, shall provide reasonable assistance, at the disclosing Party’s expense, to the disclosing Party in resisting the disclosure and/or seeking a protective order to govern the disclosure. Subject to its obligations stated in the preceding sentence, the receiving Party shall be entitled to comply with any binding subpoena or other process to the extent required by law, but shall in doing so make every effort to secure confidential treatment of any Confidential Information it is compelled to disclose and shall not disclose any more Confidential Information than is necessary to comply with the subpoena or other process. For avoidance of doubt, any Confidential Information disclosed by the receiving Party under these circumstances shall remain subject to the terms and obligations of this Agreement both before and after such required disclosure for the term of this Agreement.

13.3. Restrictions on Use and Disclosure.

Each Party agrees to hold all Confidential Information of the other Party in strict confidence and, except as otherwise set forth in this Agreement, shall not, without the express prior written permission of a member of the disclosing Party authorized by the disclosing Party to make such decisions, (a) disclose such Confidential Information to third parties other than a regulatory authority having jurisdiction over the receiving Party; or (b) use such Confidential Information for any purposes whatsoever, other than the exercise of its rights or performance of its obligations hereunder. Each Party shall have the right to disclose the other Party’s Confidential Information to those of its employees and agents who have a need to know such Confidential Information in order to exercise such receiving Party’s rights or perform such receiving Party’s obligations pursuant to this Agreement. Customer shall have the right to disclose Vendor’s Confidential Information to any

regulatory authority having jurisdiction over Customer or Customer’s business. In the event that Vendor is obligated to disclose Customer’s Confidential Information to a regulatory authority having jurisdiction over Vendor or Vendor’s business, Vendor shall not disclose any of Customer’s Confidential Information without Customer’s written consent and shall promptly notify Customer in writing to allow Customer a reasonable opportunity to resist such disclosure and/or seek a protective order before the required time for disclosure. Each Party shall use reasonable efforts to assist the other Party in identifying and preventing any unauthorized use or disclosure of any Confidential Information. Without limiting the foregoing, each Party shall immediately advise the other Party in the event that it learns or has reason to believe that any person who has had access to the Confidential Information of such Party has violated or intends to violate the terms of this Agreement, and shall cooperate in seeking injunctive relief against any such person.

13.4. Vendor Personnel.

Vendor shall ensure that any Vendor Personnel performing Services hereunder or Vendor agents comply with the provisions of this Section 13 and Section 14 below. Without limiting the foregoing, Vendor shall cause any Vendor Personnel performing Services hereunder or Vendor agents to enter into a written agreement binding such Vendor Personnel and Vendor agents to the provisions of this Section 13 and Section 14 below. Further, Vendor shall ensure that Vender Personnel and Vendor agents receive appropriate training relating to the handling of Client Data.

13.5. No Implied Rights.

Nothing contained in this Section 13 shall be construed as obligating either Party to disclose its Confidential Information to the other Party, or as granting to or conferring on either Party, whether expressly or by implication, any ownership interest in or any right or license to any Confidential Information of the other party.

13.6. Survival.

This Section 13 shall survive termination or expiration of this Agreement for any reason for a period of three (3) years, except with respect to Client Data and trade secrets, as to which the obligations set forth in this Section 13 shall survive indefinitely.

14. Client Data.

Without limitation of the terms and conditions set forth in Section 13, the following terms and conditions shall apply with respect to all Client Data:

14.1. Generally.

The Parties acknowledge that the Privacy Laws govern disclosures of personal information. Vendor acknowledges that pursuant to the Privacy Laws, Customer is required to obtain certain undertakings from Vendor with regard to the collection, use, storage, disclosure, transfer and protection of Client Data. Vendor shall protect and keep strictly confidential all Client Data. At any time, during the term or after the term of this Agreement, upon Customer’s request, Vendor shall return to Customer all Client Data in its possession. Customer shall be under no obligation to take any action that, within Customer’s judgment, would constitute a violation of the Privacy Laws or its internal privacy policies.

14.2. Vendor Covenants With Respect to Client Data.

Notwithstanding any other provision of this Agreement, Vendor covenants that, with respect to any Client Data, Vendor shall: (a) comply with all applicable laws, regulations and best practices regarding data security and privacy in performing the Services and its other obligations hereunder; (b) inform itself regarding, and comply with, Customer’s privacy policies and all applicable privacy laws, including the Privacy Laws and the Vendor Data Security Schedule attached as Exhibit M; (c) keep all Client Data strictly confidential, and not disclose any Client Data to third parties other than a regulatory authority having jurisdiction over the receiving Party or use any Client Data except to the extent necessary to perform the Services and in accordance with Customer’s privacy policies and all applicable privacy laws, including the Privacy Laws; (d) not use Client Data for any purpose other than to perform Services under this Agreement; (e) not disclose any Client Data to any other entity (including Vendor’s third party service providers), other than a regulatory authority having jurisdiction over the receiving Party, without the prior written consent of Customer and an agreement in writing from such other entity to use or disclose such Client Data only to the extent necessary to carry out Vendor’s obligations under this Agreement and for no other purposes; (f) maintain (and require entities approved in accordance with foregoing subsection (e) to maintain) adequate administrative, technical, and physical safeguards to ensure the security and confidentiality of Client Data, protect against any anticipated threats or hazards to the security or integrity of Client Data, and protect against unauthorized access to or use of or disclosure of Client Data; (g) not make any changes to its security measures that would increase the risk of an unauthorized access to, use of or disclosure of Client Data; (h) notify Customer immediately in writing when Vendor becomes aware of any material breach of its security safeguards or has reason to believe that Client Data may have been subject to unauthorized disclosure, access, or use (“Security Incident”), which notification shall include the following information: (1) the nature of the unauthorized disclosure or use; (2) the Client Data accessed, disclosed or used; (3) the identity of the person(s) or entity(ies) who received the unauthorized disclosure or made the unauthorized access or use; (4) what corrective action Vendor took or will take to prevent further unauthorized disclosures or uses; (5) what Vendor did or will do to mitigate any deleterious effect of such unauthorized disclosure or use; and (6) such other information as Customer may reasonably request; and (i) take all reasonable and appropriate steps to protect Client Data in the event of a failure of Vendor’s security safeguards or unauthorized access to Client Data from or through Vendor; (j) if requested, , provide notice to affected individuals and regulatory authorities, and provided that Vendor does not dispute that Vendor material breached its obligations under this Agreement and such material breach was the proximate cause of the Security Incident, indemnify Customer for all reasonable costs associates with responding to a Security Incident (including, but not limited to, setting up a call center, providing credit monitoring).

14.3. Safeguards.

Vendor represents and warrants to Customer that as of the Effective Date and throughout the Term, it has and will continue to have industry best practice administrative, technical, and physical safeguards in place to ensure the security and confidentiality and protect against the unauthorized or accidental destruction, loss, alteration, use or disclosure of Client Data and other records and information of Customer’s customers or employees, to protect against anticipated threats or hazards to the integrity of such information and records.

14.4. Injunctive Relief for Unauthorized Access to, Use or Disclosure of Client Data.

Vendor acknowledges and agrees that any unauthorized access to, use or disclosure of Client Data would cause immediate and irreparable harm to Customer for which money damages would not constitute an adequate remedy and that in the event of any unauthorized use or disclosure of Client Data, Customer will be entitled to immediate injunctive relief. Notwithstanding any other terms or conditions of this Agreement, in the event that Vendor breaches any of its representations, warranties, or obligations under this Section 14, Customer shall be entitled to make a claim against Vendor to recover money damages. . Any breach of this Section 14 shall be deemed a material breach of this Agreement.

14.5. Cross Border Transfer of Client Data.

Vendor shall execute all documents specified by Customer, including the version selected by Customer of the standard contractual clauses for the transfer of personal data from the European Community to third countries for transfer from Data Controllers to Data Controllers or Data Processors, as applicable, in the form as published by the European Commission from time to time, without any modification (available at http://ec.europa.eu/justice_home/fsj/privacy/modelcontracts/index_en.htm), or a delegation agreement as provided under the Japanese Personal Information Law, and any other equivalent data transfer agreement developed by Customer for transfers of personal data from any other country to Vendor or any Vendor agent and from Vendor or any Vendor agent to Customer or Customer’s Affiliates.

15. Insurance.

15.1. Coverage.

Vendor shall, throughout the Term and at their own expense, have and maintain in force at least the following insurance coverage:

(a) Automobile Liability

Form — Comprehensive Automobile Liability, including all owned, non-owned and hired autos for, among other things, bodily injury, property damage, uninsured motorist and underinsured motorist liability.

Limit - $1,000,000 USD Combined Single Limit, or the equivalent thereof in local currency, per accident.

(b) General Liability

Form - Comprehensive Commercial Liability, including, but not limited to: Premises and Operations, Independent Contractors, C.G.L. Broad Form endorsement, Personal Injury, Contractual Liability, Products/Completed Operations.

Limit - $1,000,000 USD or equivalent thereof in local currency per occurrence Combined Single Limit for bodily injury and property damage liability and a minimum combined single aggregate limit of $2,000,000 USD, or equivalent thereof in local currency

Form — Providing coverage to all employees in all locations where operations will be performed.

Limit - As mandated under the Worker’s Compensation (or foreign equivalent) laws of the state, Federal body or country having jurisdiction over the location of the project or operation.

(d) Employer’s Liability — including coverage for occupational injury, illness, and disease, other similar social insurance with minimum limits per employee and per event of $500,000 USD or equivalent thereof in local currency and a minimum aggregate limit of $500,000 USD or equivalent thereof in local currency - or the minimum limits required by Law, whichever limits are greater.

(e) Professional Liability - $5,000,000 USD or equivalent thereof in local currency per occurrence and in the aggregate covering all services provided by vendor, including Technology E&O for claims for damage arising out of or alleging programming errors,

software performance, or the failure of your work to perform as promised in your contract.

(f) Cyber Risk - $5,000,000 USD or equivalent thereof in local currency per claim and in the aggregate, including, without limitation, first party and third party liability coverage for unauthorized computer access or use, internet liability, failure to protect privacy, virus transmission and denial of service.

(g) Electronic Data Processing Insurance - providing coverage for all risks of loss or damage to Vendor’s and any Vendor subcontractor’s equipment, data, media, and valuable papers, including the cost of corrections, with a minimum limit adequate to cover such risks on a replacement cost or upgrade basis, whichever is greater of $1,000,000 USD or equivalent thereof in local currency,; such insurance shall include extra expense and business income coverage for Vendor with a separate minimum limit equal of $1,000,000 USD or equivalent thereof in local currency.

(h) Property Insurance - Vendor shall be responsible for any and all damage to Vendor’s tangible personal or real property (whether owned or leased), and shall look only to its own insuring arrangements (if any) with respect to such damages and shall waive any rights of recovery from Customer for damage to the property, unless caused by Customer’s negligence. Such insurance shall include extra expense and business income coverage for Vendor with a separate minimum limit equal to $1,000,000 for extra expense and at least six (6) months for business income.

(i) Reserved

(j) Fidelity Bond Liability Insurance - Coverage for loss or damage due to any Vendor employee or Vendor subcontractor’s dishonest acts on premises or in transit, forgery or alteration, with a minimum limit per event of $5,000,000 USD or equivalent thereof in local currency and with an aggregate limit of $10,000,000, USD or equivalent thereof in local currency to include Customer as a loss payee for all losses to Customer resulting from dishonesty on the part of the Vendor, or its employees, agents, or subcontractor

(k) Umbrella Liability Insurance — minimum limit of $30,000,000USD or equivalent thereof in local currency per occurrence/ $30,000,000 USD or equivalent thereof in local currency in the aggregate in excess of the insurance coverage described in clauses (a), (b) and (d) above.

15.2. Insurance Companies.

All insurance required shall be carried with responsible insurance companies of recognized standing, and licensed or authorized to do business in the subject state or jurisdiction where the services are performed, and having a rating of at least A in Best’s Key Rating Guide and a Financial Strength of at least VII, or the equivalent in the

jurisdiction where the services are performed, and replacement coverage shall be sought if the insurer’s rating goes below A-.

15.3. Non-Limitation of Insurance.

It is understood that the above may not be all the types of insurance normally carried by service providers similar in operation or size for their commercial activities. Therefore, compliance with any of the types and limits of insurance stipulated in this Section 15 will not in itself be construed to limit any liability of Vendor, any Vendor Personnel or any Vendor subcontractors or agents. All insurance required of the Vendor will be primary, and not excess over or contributing with any insurance maintained by Customer. The insurance coverage under Section 15.1 (a), (b), (f) and (g) shall be endorsed to name Customer as an additional insured. To the extent any insurance coverage is written on a claims-made basis, it shall allow for reporting of claims under the later of one (1) year after the Term or the expiration period of the applicable limitations of actions, whichever is later. Vendor’s obligation to maintain the insurance coverage stipulated in this Section 15 shall be in addition to, and not in lieu of, Vendor’s other obligations hereunder, and Vendor’s liability to Customer shall not be limited to the amount of coverage required hereunder. All required insurance shall be in compliance with local laws and regulations of the jurisdictions in which the services are provided Vendor shall ensure that all of its subcontractors either maintain the required insurance coverage or are included under the vendor’s insurance programs. Vendor shall be responsible for payment of any and all deductibles from insured claims under its policies of insurance.

15.4. Contravention of Insurance.

Vendor will not intentionally do on or about Customer’s or Customer’s clients’ premises that will affect, impair or contravene any policies of insurance that may be carried by Customer or Customer’s clients, or any part thereof, or the use thereof, against loss, damage or destruction by fire, casualty, public liability, or otherwise.

15.5. Evidence of Insurance.

Vendor shall deliver to Customer certificates of insurance at the inception of this contract and at each insurance program renewal thereafter, as evidence of the insurance and limits stipulated above. Vendor will provide not less than thirty (30) days prior written notice to Customer in the event of material alteration or cancellation of such insurance.

16. Excusable Delay (Force Majeure).

Neither Party shall be liable for any default or delay in the performance of its obligations under this Agreement if and to the extent such default or delay is caused, directly or indirectly, by fire, flood,

earthquake, elements of nature or acts of God, riots, civil disorders, rebellions or revolutions in any country, strikes, lockouts, or labor difficulties, the acts or omissions of a third party that is not an agent or subcontractor, or any other cause beyond the reasonable control of such Party; provided the non- performing Party is without fault in causing such default or delay, and such default or delay could not have been prevented by reasonable precautions and cannot reasonably be circumvented by the non- performing Party through the use of alternate sources, workaround plans or other means. In such event the non-performing Party shall be excused from further performance or observance of the obligation(s) so affected for as long as such circumstances prevail and such Party continues to use its best efforts to recommence performance or observance whenever and to whatever extent possible without delay. Any Party so delayed in its performance shall immediately notify the Party to whom performance is due, which notification may be by telephone (to be confirmed in writing within two (2) days of the inception of such delay), and describe at a reasonable level of detail the circumstances causing such delay. In the event of any such delay, Customer’s obligation to make any payments in connection with the affected Services shall be suspended until said time as performance hereunder is resumed. Notwithstanding the foregoing, to the extent that Vendor is unable to perform the Services due to a Force Majeure event for a period greater than thirty (30) days, then Customer shall have the right to immediately terminate the applicable SOW and obtain the Services from another third party provider or to perform the Services itself and shall have no further obligation to Vendor, including paying any termination fees, other than payment for Services actually rendered through the effective date of termination.

17. Vendor Subcontractors and Access Consultants.

17.1. Subcontracting. Vendor shall not perform or provide the Services through its Affiliates or subcontractors without the prior written consent of the Customer Project Manager or other appropriate Customer project executive as to the selection of the subcontract, which consent may be withheld, delayed, conditioned, or granted by Customer in its sole discretion. Any such consent shall be contingent on the execution by such subcontractor(s) of a confidentiality agreement with Customer before providing any Services to Vendor or Customer. Vendor shall ensure that each such subcontractor has obtained and maintains all licenses, consents and other authorizations required in connection with the Services for which such subcontractor is responsible.

Any subcontractor agreement will contain materially the same terms and conditions as this Agreement, to the extent such terms and conditions are relevant to the Services to be provided by the subcontractor (including, without limitation, a restriction on the subcontractor’s right to further subcontract its obligations without Customer’s prior written consent) Prior to amending, modifying, or otherwise supplementing any subcontract relating to the Services that requires Customer’s approval (including without limitation any subcontractors that have access to Customer information) and that affects Customer, Vendor must notify Customer of the proposed amendment, modification or supplement and must obtain Customer’s approval.

In no event shall Vendor be relieved of its obligations under this Agreement as a result of its use of any subcontractors. Vendor shall supervise the activities and performance of each subcontractor and shall liable hereunder for any act or failure to act by such subcontractor as if performed by Vendor under this Agreement. Upon receipt of a written request by Customer, Vendor shall take all necessary actions to remedy the performance or conduct of such subcontractor(s) or replace such subcontractor(s) by another third party or by Vendor Personnel, as reasonably requested by Customer. Vendor shall be responsible for, and pay, all amounts due to or owed to its subcontractors.

Upon expiration or termination of a third party supplier who licenses products or technology (but not people or services) to Vendor for any reason, , Customer shall have the right to enter into direct agreements with any such entity utilized by Vendor. Vendor represents, warrants, and covenants to Customer that its arrangements with such entity shall not prohibit or restrict such entity from entering into direct agreements with Customer. For the avoidance of doubt, this section does not affect the parties’ non-solicitation obligations with respect to individual personnel.

17.2. Access Consultants. Customer’s affiliate, AIG Asset Management (U.S.) LLC (“AMG”), is required pursuant to regulatory requirements to review the brokerage accounts and trading activity of those of its employees and consultants who have or may have access to information about portfolio positions of AMG and/or its affiliates. Vendor must ensure that Access Consultants (as defined below): (i) disclose all brokerage accounts that they beneficially own or control as defined in the AMG policy and all security holdings, (ii) consent to AMG receiving from their broker(s) duplicate copies of all trade confirmations and brokerage account statements relating to those brokerage account(s); (iii) consent to the monitoring of their personal trading activity by AMG Compliance; (iv) pre-clear securities transactions through the Personal Trading Assistant system via the AMG intranet; and (v) submit quarterly and annual certifications relating to brokerage accounts, trading activity, outside business activities and compliance with AMG policies. As used herein, “Access Consultants” shall mean any consultants who have or may have access to information about portfolio transactions of AMG’s clients. Which consultants constitute Access Consultants shall be determined by AMG, in its sole discretion, and identified in a writing executed by an authorized representative of AMG Compliance or AMG Senior Management. Vendor will obtain the afore-mentioned written consent of the Access Consultants using a consent form that Customer and/or AMG provides to Vendor in writing.

18. Publicity.

Vendor shall not use the name, logos or trademarks of Customer and/or its Affiliates in promotional and marketing material or publicity releases, without the prior written consent of Customer’s Vice President, Global Sourcing and Procurement Services. In the event that Customer provides such written consent, all media releases, public announcements and public disclosures by Vendor or any Vendor Personnel relating to this Agreement, the subject matter hereof or the Services rendered hereunder, including promotional or marketing material (but not including any announcement intended solely for internal distribution at Vendor, as the case may be) shall be coordinated with and approved by Customer prior to the release thereof.

19. Assignment and Divestiture.

19.1. Assignment

Except for subcontracting permitted under the terms of this Agreement, neither Party may assign, transfer, or delegate, in whole or in part, whether by operation of law or otherwise, without the prior written consent of the other Party, which shall not be unreasonably withheld, any of its obligations set forth in this Agreement or any SOW; provided, however, that Customer may assign, transfer, or delegate its rights or duties under this Agreement (or SOW), in whole or in part, to an Affiliate of Customer or to any person or entity who succeeds (by purchase, merger, operation of Law, or otherwise) to all or substantially all of the capital stock, assets, or business of Customer or any of its Affiliates, if such person or entity agrees in writing to assume and be bound by all of the obligations of such Party under this Agreement. Any assignment, transfer or delegation in

contravention of this Section 19 (e.g., without the consent of the other Party, if required) shall be null and void ab initio; provided, however, that if Vendor assigns this Agreement in contravention of this Section 19 by operation of Law, such assignment shall be voidable at the option of Customer. Without limiting the generality of the foregoing, “assign by operation of Law” shall include a change of control. Subject to all of the other provisions herein contained, this Agreement shall be binding upon and shall inure to the benefit of the Parties and their respective successors and permitted assigns. Notwithstanding the foregoing, the assigned Party shall remain liable for the performance of the assigned or delegated obligations hereunder.

19.2. Divestitures; Separation; or Acquisitions.

19.2.1 If an Affiliate that receives Services under this Agreement becomes a Divested Entity, upon notification to Vendor and for no additional fees, Vendor will, at Customer’s election (in Customer’s sole discretion), allow Divested Entity;

(a) for a period not to exceed twenty four (24) months from the date an entity becomes a Divested Entity to continue to obtain the Services, or a portion of the Services specified by the Divested Entity, subject to and in accordance with the terms and conditions of the Agreement and the applicable Statement of Work; and/or

(b) grant the Divested Entity the right to obtain the Services under a separate agreement, on the same terms as (i) any agreement Vendor may have already separately entered into with such Divested Entity; or (ii) any agreement Vendor may have already entered into with the acquirer of such Divested Entity, in each case commencing on the date an entity becomes a Divested Entity; or

(c) allow the Divested Entity to terminate the Statement of Work (notwithstanding anything to the contrary set forth in the Agreement and/or in the Statement of Work) without penalty as of a date specified by Customer and, at Customer’s option, request Termination Assistance Services pursuant to Section 9.6.3 for such Divested Entity.

As used herein, “Divested Entity” shall mean any Affiliate of Customer which is divested, spun-off or otherwise ceases to meet the definition of Affiliate as a result of a disposition or sale.

19.2.2 Upon the written request of AIGPS or an Affiliate, without charging any additional fees (except to the extent permitted under this Agreement), Vendor will enter into separate agreements with Affiliates of AIGPS, substantially in the form of this Agreement (each, an “Affiliate Agreement”). The Services provided by Vendor to AIGPS and/or an Affiliate under an Affiliate Agreement shall be provided uninterrupted and at no additional cost to AIGPS and/or its Affiliates. Any fees paid and/or payable pursuant to each Affiliate Agreement shall be aggregated with the fees paid and/or payable by AIGPS under the Agreement and any Services provided under such Affiliate Agreements shall be included in the calculation of Service volumes, if any, for purposes of computing any discounts or credits available to AIGPS and its Affiliates under this Agreement. Upon the execution of an Affiliate Agreement, AIGPS shall have no further liability or obligations in connection with the Services transferred to the Affiliate under such Affiliate Agreement, including, without limitation, any payment obligations. Services provided under such separate agreement shall be included in the calculation of Service volumes, if any, under this Agreement, but shall be excluded when determining any termination charges that may be payable

under this Agreement as a result of termination for convenience of the applicable Statement of Work.

19.2.3 In the event that Customer acquires a new affiliate, unit, or business, Vendor shall provide Services to such acquired entities for the remainder of the Term, as requested by Customer.

20. Notices.

All notices shall be in writing and, except as otherwise expressly set forth herein or in any SOW, delivered personally, properly mailed via first class mail, or sent by nationally-recognized, private industry express courier service, to the addresses of the Parties set forth at the beginning of this Agreement, and in the case of Customer, directed to the attention of the Global Sourcing and Procurement Services, 101 Hudson Street, 28th Floor, Jersey City, New Jersey 07302, Attention VP Professional Services, with a copy to AIG Global Services, Inc., 80 Pine Street, 2nd Floor, New York, NY 10005, Attention: AIG O&S Law Department, and in the case of Vendor, directed to the attention of the General Counsel, 2000 West Park Dr., Westborough MA 01581. Any notice shall be deemed to be properly given: (a) when delivered personally; (b) when sent by facsimile, with written confirmation of receipt by the sending facsimile machine; (c) ten (10) business days after having been sent by registered or certified mail, return receipt requested, postage prepaid; or (d) five (5) business days after deposit with a private industry express courier, with written confirmation of receipt.

21. Governing Law; Venue.

This Agreement in all respects shall be interpreted under, and governed by, the laws of the State of New York (as permitted by section 5-401 of the New York General Obligations Law (or any similar successor provision)), without giving effect to any choice of law rule that would cause the application of the laws of any jurisdiction other than the internal laws of the State of New York to the rights and duties of the Parties. Except as otherwise provided herein, any legal action, suit or proceeding brought by a Party in any way arising out of or relating to this Agreement shall be brought solely and exclusively in the state or federal courts located in New York County, New York, and each Party hereto irrevocably submits to the sole and exclusive personal jurisdiction and venue of such courts in personam, generally and unconditionally with respect to any action, suit or proceeding brought by or against it by the other Party. Except as hereafter provided in this Section 21, neither Party shall bring any legal action, suit, or proceeding in any way arising out of or relating to this Agreement in any other court or in any other jurisdiction and shall not assert any claim, whether as an original action or as a counterclaim or otherwise, against the other in any other court or jurisdiction.

22. Informal Dispute Resolution.

In the event of a dispute between the Parties under or concerning this Agreement (a “Dispute”), either Party may provide notice of such Dispute to the other Party, and on receipt of such notice the parties will engage in the following informal dispute resolution procedure: (a) during the five (5) day period following receipt of such a notice by either Party, the Project Managers of both Parties, as set forth in the applicable SOW(s), will discuss and diligently endeavor to resolve the Dispute in good faith; (b) if the Project Managers of both Parties are unable to resolve the Dispute to both Parties’ satisfaction within such five (5) day period, the Dispute shall be referred immediately to the divisional Chief Information Officer or Chief Operation Officer of the Customer

or the Customer Affiliate receiving the Services, as the case may be and, in the case of Vendor, the executive at a vice president level or higher responsible for Customer’s account (the Customer Chief Information Officer/Chief Operation Officer and the Vendor executive, collectively, the “Senior Executives”), for resolution, and during the immediately subsequent three (3) day period, the Senior Executives of both Parties will discuss and diligently endeavor to resolve the Dispute in good faith; and (c) if the Senior Executives of both Parties are unable to resolve the Dispute to both Parties’ satisfaction within such three (3) day period, the Dispute may be litigated in accordance with to Section 21 (Governing Law; Venue) of this Agreement. Notwithstanding any other provision of this Section 22 (Informal Dispute Resolution), at any time Customer or Vendor may file suit in accordance with Section 21 (Governing Law, Venue) to have the Dispute adjudicated in a court of competent jurisdiction.

23. Severability.

If the application of any provision of this Agreement to any particular facts or circumstances shall for any reason be held to be invalid, illegal or unenforceable by a court, arbitration panel or other tribunal of competent jurisdiction, then (a) the validity, legality and enforceability of such provision as applied to any other particular facts or circumstances, and the other provisions of this Agreement, shall not in any way be affected or impaired thereby, and (b) such provision shall be enforced to the maximum extent possible so as to effect the intent of the Parties. In addition, if any provision contained in this Agreement shall for any reason be held to be excessively broad as to duration, geographical scope, activity or subject, it shall be construed by limiting and reducing it, so as to be enforceable to the extent compatible with applicable law.

24. Legal Fees.

If any legal action, including an action for arbitration or injunctive relief, is brought relating to this Agreement or the breach hereof, the prevailing Party in any final judgment or arbitration award, or the non-dismissing Party in the event of a voluntary dismissal by the Party instituting the action, shall be entitled to the full amount of all reasonable expenses, including all court costs, arbitration fees and actual attorney fees paid or incurred in good faith.

25. Equitable Relief.

Vendor recognizes that the covenants contained in Sections 4 (Intellectual Property Rights), 8.1(m), 13 (Confidentiality), 14 (Client Data), and the Information Security Requirements set forth in Exhibit M hereto are reasonable and necessary to protect the legitimate interests of Customer, that Customer would not have entered into this Agreement in the absence of such covenants, and that Vendor’s breach or threatened breach of such covenants shall cause Customer irreparable harm and significant injury, the amount of which shall be extremely difficult to estimate and ascertain, thus, making any remedy at law or in damages inadequate. Customer recognizes that the covenants contained in Section 13 (Confidentiality) are reasonable and necessary to protect the legitimate interests of Vendor, that Vendor would not have entered into this Agreement in the absence of such covenants, and that Customer’s breach or threatened breach of such covenants may cause Vendor irreparable harm and significant injury, the amount of which shall be extremely difficult to estimate and ascertain, thus, making any remedy at law or damages inadequate. Notwithstanding anything to the contrary herein, and without limiting Section 21, the Parties agree that the other Party shall be entitled, without the necessity of posting of any bond or security, to the issuance of injunctive relief by any court of competent jurisdiction enjoining any breach or threatened breach of such covenants

and for any other relief such court deems appropriate. This right shall be in addition to any other remedy available to Customer hereunder or otherwise, whether at law or in equity.

26. Waiver.

The waiver by either Party of a breach of or a default under any provision of this Agreement shall not be effective unless in writing and shall not be construed as a waiver of any subsequent breach of or default under the same or any other provision of this Agreement, nor shall any delay or omission on the part of either Party to exercise or avail itself of any right or remedy that it has or may have hereunder operate as a waiver of any right or remedy.

27. Construction.

This Agreement has been negotiated by the Parties and shall be interpreted fairly in accordance with its terms and without any construction in favor of or against either Party. As used in this Agreement, “include,” “includes,” “including,” and “e.g.” shall mean “including, without limitation.” The captions and section and paragraph headings used in this Agreement are inserted for convenience only and shall not affect the meaning or interpretation of this Agreement.

28. Counterparts.

This Agreement may be executed (including by facsimile signature) in one or more counterparts, with the same effect as if the Parties had signed the same document. Each counterpart so executed shall be deemed to be an original, and all such counterparts shall be construed together and shall constitute one Agreement.

29. Nature of Rights.

All rights and licenses granted under or pursuant to this Agreement by Vendor to Customer are, and shall otherwise be deemed to be, for purposes of Section 365(n) of the United States Bankruptcy Code (the “Code”), licenses to rights to “intellectual property” as defined under the Code. Customer shall have the rights set forth herein with respect to the Work Product when and as developed or created. Vendor acknowledges that if it, as a debtor in possession or a trustee in bankruptcy in a case under the Code, rejects this Agreement, then Customer may elect to retain its rights under this Agreement as provided in Section 365(n) of the Code. The Parties further agree that, in the event of the commencement of any bankruptcy proceeding by or against Vendor under the Code, Customer shall be entitled to retain all of its rights under this Agreement. Vendor agrees and acknowledges that enforcement by Customer of any rights under Section 365(n) of the Code in connection with this Agreement shall not violate the automatic stay of Section 362 of the Code and waives any right to object on such basis. Upon rejection of this Agreement by Vendor or the bankruptcy trustee in a bankruptcy case under the Code and written request of Customer to Vendor or the bankruptcy trustee pursuant to Section 365(n) of the Code, Vendor or such bankruptcy trustee shall: (a) provide Customer the Work Product and other materials that are the subject of the rights and licenses described in this Section (including any Vendor Proprietary Information or any other intellectual property necessary or desirable for Customer to use or exploit any Work Product or to exercise its rights hereunder), and any intellectual property otherwise required to be provided to Customer under this Agreement that is held by Vendor or such bankruptcy trustee; and (b) not interfere with the rights of Customer provided in this Agreement or any other agreement supplementary to this Agreement, to the materials that are the subject of the rights and licenses described in this Section, or any intellectual property provided under such agreements, including any right to obtain the materials that are the subject of the rights and licenses described in this Section and any such intellectual property from another entity. In addition to the foregoing, Vendor

shall take all steps reasonably requested by Customer to perfect, exercise and enforce its rights hereunder, including filings in the U.S. Copyright Office and U.S. Patent and Trademark Office, and under the Uniform Commercial Code.

30. Entire Agreement; Amendment.

This Agreement (including any SOWs and exhibits attached hereto, which are incorporated herein by reference) is the final, complete and exclusive agreement of the Parties with respect to the subject matter hereof and supersedes and merges all prior or contemporaneous representations, discussions, proposals, negotiations, conditions, communications and agreements, whether written or oral, between the Parties relating to the subject matter hereof and all past courses of dealing or industry custom. No modification of or amendment to this Agreement shall be effective unless in writing and signed by each of the Parties.

31. Electronic Signatures.

The parties agree and acknowledge that this Agreement, SOWs and Changes Orders may be signed by means of an electronic signature, provided that such signature and any related signing process comply fully with all applicable laws (including without limitation the U.S. federal ESIGN Act and any applicable state laws). Facsimiles and PDFs of a party’s authorized representative’s signature shall be deemed to be binding upon such party.

IN WITNESS WHEREOF, the Parties hereto have executed this Agreement by their officers thereunto duly authorized as of the Effective Date.

AIG PROCUREMENT SERVICES, INC.		VIRTUSA CORPORATION

By:	/s/ Lori Meola	By:	/s/ Paul D. Tutun

Name:	Lori Meola	Name:	Paul D. Tutun

Title:	Vice President, AIG Procurement Services	Title:	Senior Vice President and General Counsel

Date:	5/15/2015	Date:	5/15/2015

EXHIBIT A

SAMPLE STATEMENT OF WORK

This Statement of Work (“SOW”), effective as of , 201 by and between (“Vendor”) and (for purposes of this SOW, the “Customer”), is executed pursuant to and as part of that certain Master Professional Services Agreement for Application Development and Maintenance by and between AIG Global Services, Inc. and Vendor, dated as of , 201 (the “Agreement”).

The parties have entered into the Agreement for the provision of certain rights, Services, resources, and Deliverables to Customer by Vendor. The Agreement contemplates that the parties may enter into specific SOWs describing detailed terms and conditions applicable to specific Services, resources, and Deliverables to be provided.

NOW, THEREFORE, for and in consideration of the foregoing premises, and the agreements of the parties set forth below, Customer and Vendor agree as follows:

1. Project Name, Description & Objectives.

The Project Name is .

Project Description: [e.g. AIG [INSERT AIG ENTITY OR DIVISION FOR WHICH SERVICES WILL BE PERFORMED] presently uses to , In order to it is necessary for . Accordingly, as part of this SOW, Vendor will .

Project Objectives: This project will accomplish the following objectives:

2. Services.

The Services, for clarity but without limitation, including the Work Product and other Deliverables, shall include: [INSERT DESCRIPTION OF SERVICES TO BE PROVIDED, INCLUDING PROJECT MANAGEMENT, DESIGN, DEVELOPMENT, IMPLEMENTATION, INTEGRATION, CONVERSION, TESTING, INSTALLATION, TRAINING, TRANSITION SERVICES, ETC.]

3. Term.

The Services shall start on the SOW Effective Date and will end on [or be fully completed no later than] .

4. Service Location.

The Services will provided [to/from/for/at] the following location(s): [INSERT NAME OF APPLICABLE AIG ENTITY OR DIVISION AND PHYSICAL LOCATION WHERE SERVICES ARE TO BE PROVIDED]

5. Deliverables; Vendor Proprietary Information; Open Source.

[INSERT DESCRIPTION OF ANY DELIVERABLES TO BE PROVIDED. ALSO: (1) SPECIFICALLY DESCRIBE ANY BACKGROUND TECHNOLOGY AND/OR THIRD PARTY TECHNOLOGY (SUCH AS THIRD SOFTWARE OR REUSABLE TOOLS VENDOR IS PROVIDING) TO BE USED BY VENDOR (IF ANY), OR, IF DELIVERABLES WILL NOT INCORPORATE ANY VENDOR PROPRIETARY INFORMATION, STATE “No Vendor Proprietary Information”; and (2) IDENTIFY ANY OPEN SOURCE CODE TO BE INCORORATED INTO THE DELIVERABLES (IF ANY) AND ATTACH THE APPLICABLE OPEN SOURCE LICENSE(S) TO THIS SOW, OR, IF DELIVERABLES WILL NOT INCORPORATE ANY OPEN SOURCE CODE, STATE “No Open Source Code”.]

6. Vendor Personnel. Vendor shall be responsible for and shall supervise and manage each of the Vendor Personnel listed below.

[INSERT NAME AND JOB TITLE OF SPECIFIC RESOURCES (INCLUDING SUBCONTRACTED RESOURCES) TO BE ENGAGED (IF ANY), OR STATE “Not Applicable”]

NAME		JOB TITLE/ROLE

7. Key Personnel. Vendor shall be responsible for and shall supervise and manage each of the Key Personnel listed below.

[INSERT NAME AND JOB TITLE OF SPECIFIC KEY PERSONNEL (INCLUDING SUBCONTRACTED RESOURCES) TO BE ENGAGED (IF ANY), OR STATE “Not Applicable”]

NAME		JOB TITLE/ROLE

8. Schedule and Milestones (If Any).

[INSERT TIMETABLE FOR COMPLETING SERVICES, MEETING MILESTONES AND/OR SUPPLYING DELIVERABLES, IF APPLICABLE]

9. Charges.

[FOR TIME AND MATERIALS PROJECTS:]

This is a Time and Materials SOW. The Rate for each Vendor Personnel member is indicated in the following Charges table; however, the total aggregate amount payable pursuant to this SOW, including all out of Pocket Expenses, shall not exceed .

Personnel Name

Sub-
Contractor
[Y/N]

Title/
Position/
Role

(Hourly
or Daily
Rate)

# of Hours or
Days

Total
Charges

Estimated
Expenses

TOTAL

[FOR FIXED PRICE PROJECTS:]

This SOW is based upon a Fixed Price. The total aggregate amount payable pursuant to this SOW, including all Out-of-Pocket Expenses, shall not exceed the Fixed Price amount of $ . The Fixed Price amount will be invoiced as follows:

Milestone/Deliverable	Payment Amount	Completion Date

[IDENTIFY ANY APPLICABLE DISCOUNTS OR PERFORMANCE-RELATED INCENTIVES OR PENALTIES.]

Vendor shall send all invoices under this SOW to the following address:

[INSERT: CUSTOMER ADDRESS AND CONTACT INFORMATION FOR RECEIPT OF INVOICE]

[INSERT CUSTOMER CONTRACTING ENTITY]

[INSERT NAME OF PERSON TO RECEIVE INVOICES]

[INSERT EMAIL ADDRESS]

[INSERT PHONE NUMBER]

[INSERT MAILING ADDRESS]

10. Project Managers.

For Customer:		For Vendor:
Name:		Name:
Phone:		Phone:
Email:		Email:

11. Testing and Acceptance Procedures.

[INSERT DESCRIPTION OF ANY NECESSARY TESTING AND ACCEPTANCE PROCEDURES, OR STATE “As per the Agreement”]

[IF THE ACCEPTANCE TESTING PERIOD OR CORRECTION PERIOD IS OTHER THAN AS SET FORTH IN THE AGREEMENT, SPECIFY THE NUMBER OF DAYS. IF NO TESTING /ACCEPTANCE NO TESTING/ACCEPTANCE PROCEDURES ARE SET FORTH IN THIS SECTION, THE TESTING AND ACCEPTANCE PROCEDURES SET FORTH IN THE AGREEMENT SHALL GOVERN.)

12. Individualized Reports; Status Meetings.

[INSERT DESCRIPTION OF ANY INDIVIDUALIZED/ SPECIAL REPORTS OR STATUS MEETINGS RELATED TO THIS PROJECT, OR STATE “As per the Agreement”]

13. Software and/or Equipment.

[INSERT A LIST OF ALL OF THE EQUIPMENT/SOFTWARE TO BE USED IN PERFORMING THE SERVICES]

14. Subcontractors.

Subject to the provisions of Section x.x of the Agreement, Customer approves Vendors’s use of the following Subcontractor(s) but only to provide the following Services pursuant to this SOW only:

Subcontractor Name		Services to be Provided/Role

Vendor shall be responsible for and shall supervise and manage each of the Subcontractors listed above.

15. Transition Services.

Subject to the provisions of Section x.x.x of the Agreement, Vendor will provide Customer with Transition Services as follows: .

16. Flow-Down Provisions for Subcontractors.

[INSERT ANY PROVISIONS THAT SHOULD FLOW DOWN FROM THE AGREEMENT TO VENDOR’S AGREEMENTS WITH ITS SUBCONTRACTORS RELATED TO WORK TO BE PERFORMED UNDER THIS SOW.]

17. Other Specifications.

[INSERT ANY OTHER SPECIFICATIONS APPLICABLE TO WORK TO BE PERFORMED UNDER THIS STATEMENT OF WORK, FOR EXAMPLE, SPECIFICATIONS FOR DELIVERABLES OR OTHER WORK PRODUCT TO BE PROVIDED HEREUNDER]

Except to the extent otherwise expressly set forth in this SOW, this SOW is governed by the terms and conditions of the Agreement. Any defined terms not otherwise defined herein shall have the meanings set forth in the Agreement. This SOW may be modified or amended only by a writing signed by both parties. The parties hereto acknowledge having read this SOW and agree to be bound by its terms.

IN WITNESS WHEREOF, the parties have each caused this SOW to be signed and delivered by their duly authorized officers, all as of the date first set forth above.

[INSERT CUSTOMER LEGAL ENTITY NAME]			[INSERT VENDOR LEGAL ENTITY NAME]

By:			By:

Name:			Name:

Title:			Title:

Date:			Date:

EXHIBIT B

SAMPLE CHANGE ORDER

This Change Order No. (“Change Order”), effective as of , 201 , is made pursuant to and a part of that certain Master Services Professional Services Agreement for Application Development and Maintenance, dated as of , 2010, by and between AIG Global Services, Inc. and (the “Agreement”), and Statement of Work thereto, by and between and dated as of (the “SOW”).

This Change Order is governed by the terms and conditions of the Agreement. Any defined terms not otherwise defined herein shall have the meanings set forth in the Agreement. Except to the extent otherwise expressly set forth in this Change Order, the terms of the SOW shall remain in full force and effect. The parties hereto acknowledge having read this Change Order and agree to be bound by its terms.

The modification(s) set forth below will impact the following terms of the SOW (please check all that apply):

o	Services	o	Deliverables	o	Estimated completion date
o	Fees	o	Schedule	o	Other: (please specify)

Please provide a detailed description of the proposed modification(s) and their impact on the SOW:

[ADD DESCRIPTION OF CHANGES]

IN WITNESS WHEREOF, the parties hereto have each caused this Change Order to be signed and delivered by their duly authorized officers, all as of the date first set forth above.



By:			By:

Name:			Name:

Title:			Title:

EXHIBIT C

DEVELOPMENT SERVICES

Vendor, if agreed in a SOW with the Customer, shall agree to provide services for application development projects, which may include the following (as finally determined in a SOW):

1. Assessment.

1.1 Complete needs assessment

2. Project Initiation.

2.1 Draft proposal (scope and high level plan/approach)

2.2 Perform analysis (build or buy)

2.3 Review high level technical architecture

2.4 Review high level application architecture, and

2.5 Develop or support Customer with business case (justification).

3. Project Management.

3.1 Project planning

3.2 Tracking and monitoring progress

3.3 Status reporting

3.4 Issue and risk management

3.5 Resource management

3.6 Prioritization

3.7 Develop/review quality assurance process and procedures

3.8 Perform quality control, including:

3.8.1 Train and develop Vendor Personnel

3.8.2 Document all project, maintenance and support activities, and

3.8.3 Manage project scope, cost and effort against baselines

4. Requirements/Specification.

4.1 Review Customer environment

4.2 Understand current business security environment

4.3 Understand current IT technical security environment

4.4 Define business requirements

4.5 Review business requirements

4.6 Analyze security data

4.7 Define security parameters

4.8 Assess business impact, and

4.9 Develop preliminary plan

5. Design.

5.1 Detail technical design

5.2 Detail application design

5.3 Develop business process activities and checkpoints

5.4 Finalize Statement of Work

5.5 Refine requirements

5.6 Design user interface

5.7 Design architecture model

5.8 Develop operational model

5.9 Develop initial security design

5.10 Perform sizing and estimation

5.11 Build development environment

5.12 Refine architecture model

5.13 Detail user interface

5.14 Define training and user support, and

5.15 Develop detailed plan

6. Construction.

6.1 Perform coding or integration

6.2 Perform code inspection

6.3 Initiate build cycle, and

6.4 Develop support materials

7. Solution Delivery.

7.1 Develop business process activities and checkpoints

7.2 Monitor progress, status and project health

7.3 Anticipate deliveries and follow up until acceptance

7.4 Confirm next technical phase plans

7.5 Respond to project unplanned events, and

7.6 Perform solution deliverable readiness review

8. Testing/Certification.

8.1 Prepare for testing

8.2 Perform programming cycle

8.3 Perform unit testing

8.4 Perform string/integration testing

8.5 Perform volume testing

8.6 Perform quality control testing

8.7 Perform or support Customer user acceptance testing (UAT)

8.8 Perform production stress testing

8.9 Perform pre-production rework

8.10 Plan deployment, and

8.11 Review build cycle Deliverables

9. Implementation.

9.1 Prepare user documentation

9.2 Prepare user training materials

9.3 Approve implementation “go/no-go” decisions as required

9.4 Implement all application-level changes across all environments

9.5 Resolve functional application migration issues

9.6 Resolve technical application migration issues

9.7 Support Customer in the cut-over to production

9.8 Support Customer post deployment user acceptance

9.9 Prepare estimates for all change requests (size and effort)

9.10 Monitor and report on release status

9.11 Review and approve release status reports, and

9.12 Perform post-production rework

10 Post Implementation.

10.1 Finalize service level reports

10.2 Provide support during the warranty period

10.3 Conduct project review (within 30 days of implementation), and

10.4 Conduct project review (within 90 days of implementation).

EXHIBIT D

UNIVERSAL SERVICES

Vendor if, and to the extent agreed with Customer in a SOW, may provide the following services for all types of work and projects Vendor would be engaged to perform, including, but not limited to, development, maintenance, and support and constitutes part of the Services (as defined in the Agreement).

1. Communications Support.

1.1 Vendor shall provide the following communications support for all Customer environments:

1.1.1 In accordance with Customer’s applicable policies, provide notice to Customer of all installations and upgrades of Software and Equipment that are planned to occur.

1.1.2 Communicate and escalate all incidents, problems or other issues as they may occur on a day-to-day basis according to agreed upon problem management processes.

1.1.3 Proactively communicate potential risks or operational events, to the extent Vendor Personnel have knowledge of such risks or events, to the Customer Project Manager identified on the applicable SOW to ensure that Customer is aware of any potential disruptions to the Services.

2. Reporting Support.

2.1 Vendor shall provide to Customer all reports required for the Services.

2.1.1 Types of reports that shall be provided include but are not limited to, service levels, administrative, problem management, ad hoc, etc.

2.1.2 Reports shall be provided at the frequency and format as specified by Customer.

2.1.3 Reports shall include all data elements as specified by Customer.

2.1.4 All reports shall be formatted and summarized pursuant to instructions provided by Customer.

2.1.5 Executive summaries of data and information required in such reports shall be provided at the frequency specified by Customer.

2.1.5.1 Only data from data sources approved by Customer shall be utilized to populate statistics, trends, or raw data for reports.

2.2 Customer shall be provided the opportunity to modify, expand, or remove reports at Customer’s sole discretion upon notice to Vendor.

2.2.1 Vendor shall provide such modified or revised reports in the period immediately following the date of Customer’s notification, subject to the data being available for the modified or revised reports.

2.3 All reports provided for in this Exhibit, or elsewhere in the Agreement, and all data used to compile such reports shall be deemed to be Customer Data, owned by Customer, and returned to Customer.

3 Documentation Support.

3.1 Vendor shall create, document, maintain and publish in a centralized location, easily accessible to Customer:

3.1.1 All documentation (including the current version and all previous versions) related to Customer’s environments.

3.1.2 Equipment and Software versions and defect levels, e.g., level of patch.

3.1.3 Configuration guidelines and standards.

3.1.4 Equipment, Software, hosted applications and database structures, and

3.1.5 All Systems and procedures documentation.

3.2 Unless specified otherwise in an SOW, Vendor shall create, document, maintain, and publish project documentation (including the current version and all previous versions) in a centralized location, easily accessible to Customer and in accordance with the Customer’s policies and procedures.

3.2.1 Such project documentation shall include but is not limited to:

3.2.1.1 Project Charter

3.2.1.2 Requirements Report

3.2.1.3 Design Report

3.2.1.4 Test Report

3.2.1.5 Post-Implementation Report

3.2.1.6 Disaster Recovery update

3.2.1.7 Support Manual update, and

3.2.1.8 System Documentation Manual

4 Project Support.

4.1 As requested by Customer, Vendor shall provide the following project support for all SOWs:

4.1.1 Participate in and being thoroughly prepared for all meetings.

4.1.2 Ensure all Vendor Personnel are properly certified according to Customer’s specifications specified in an SOW and meets the qualifications described by Customer in the applicable SOW.

4.1.3 Support the initiation and evaluation of potential Customer projects, including product recommendations, Equipment and Software evaluations and specialized support scenarios.

4.1.4 In addition to the reports required by Customer, provide status reports across multiple environments and Statements of Work, utilizing Customer-approved tools and processes. Such status reports shall contain the following information:

4.1.4.1 Current status of activities (with an explanatory narrative when appropriate),

4.1.4.2 Resources (personnel and otherwise) used since last report with accumulated total to date,

4.1.4.3 Any impact to scope, budget or timeliness, reason for impact and a detailed plan to resolve or mitigate risks, and

4.1.4.4 Identification of any problems and actions being resolved or outstanding.

4.1.5 Comply with the format, frequency, and method of reporting, and participating in related status meetings as Customer may require in its sole discretion.

4.1.6 Provide a project coordinator/manager, as requested by Customer, as a single point of contact to work with any required persons, including Customer’s support groups, Customer’s Affiliates, and end users, to ensure that projects are planned and executed in a high quality manner.

4.1.7 Adhere to Customer’s required software development standards and methodologies unless otherwise agreed to by the parties.

4.1.8 Assist Customer developing and maintaining a Systems architecture strategy in order to accommodate the evolution of the Customer’s environment.

5 Advisory Support

5.1 Vendor shall routinely and proactively advise and make recommendations concerning how Vendor can best perform Services under this Agreement. Such advice shall include:

5.1.1 Preparing and/or supporting cost-benefit analyses as requested by Customer.

5.1.2 As requested by Customer, preparing and presenting updates on new technologies, processes, program management innovations, and other industry standard best practices that may have a benefit for Customer’s environments.

5.1.3 Advising Customer if any action or change contemplated by Customer may contribute to or cause performance degradation or other unintended effects.

EXHIBIT E

MAINTENANCE SERVICES

Vendor in consultation with the Customer, and only to the extent agreed in a SOW, shall agree to provide services for application maintenance and support projects, which may include the following:

1. Production Support.

1.1. Production support is defined as any effort to support the IT environment within the context of the following requirements and within the service levels defined in Exhibit G (Service Level Requirements).

1.2. Vendor shall adhere to Customer’s IT General Control environment as it relates to Change Management, Software Development and Implementation, Infrastructure, and Operations.

1.3. Vendor shall be responsible for support requirements encompassing both production and non-production environments which environments are set forth in the SOW, and shall include:

1.3.1. Respond to Level 2 and Level 3 help desk support questions as defined in Exhibit G.

1.3.1.1 If agreed in a SOW, to the extent a helpdesk does not exist, Vendor shall also handle Level 1 support.

1.3.2. Diagnose incident, perform root cause analysis.

1.3.3. Document steps taken to effectively identify and resolve business application incidents.

1.3.4. Coordinate efforts to ensure reduced business impact of incidents by timely resolution.

1.3.5. Coordinate production change control activities with Customer.

1.3.6. Coordinate production scheduling with Customer.

1.3.7. .

1.3.8. Develop incident resolution plan.

1.3.9. Execute test plans, test scripts, generate, load and refresh data, perform unit testing, system testing, integration testing, regression testing, performance testing, load testing, stress testing, and support user acceptance testing.

1.3.10. Update and maintain current version of application documentation and procedural support manuals.

1.3.11. Support identification of product patches, security fixes or bug fixes that should be proactively applied to any of the application environments.

1.3.12. Work with affected IT owners and business users to identify outage windows and schedule the application of recommended fixes.

1.3.13. Perform proactive health monitoring of applications.

1.3.14. Initiate and maintain applications logging.

1.3.15. Perform periodic failover testing.

1.4. Vendor shall follow all current Customer software standards notified to Vendor.

1.4.1. Upon installation, as determined by Customer, Vendor will support the software release or version installed at Customer, provided such release or version is the most current generally available release or version or one of the two most recent prior releases or versions.

1.4.1.1. For the avoidance of doubt, Customer shall retain the right, in its sole discretion, to determine whether and when to advance from a release or version in use in the Customer IT environment to a new release, or version, and when to implement an enhancement or upgrade.

1.4.1.2. Vendor shall be responsible for the costs of any engineering, deployment and support efforts associated with the advancement from a specific release or version to a new or subsequent release or version, or for the implementation of an upgrade or enhancement, subject to impact analysis and effort estimation by Vendor following which Vendor will evaluate the possible options to support the upgrades. If Vendor cannot accommodate the upgrades within the support effort available then Vendor will reprioritize the existing tasks or raise a request for a new SOW or Change Order to handle the upgrades.

2. Break Fix Services.

2.1. Break Fix Services will consist of responding to problems and creating modifications or configuration changes to an application, related job control language (“JCL”), script, interface, or other related application artifacts to fix problems with such application.

2.1.1. Vendor shall be responsible for obtaining any additional information necessary to resolve the problem.

2.1.2. Vendor shall provide Break Fix Services in accordance with Exhibit G (Service Level Requirements).

3. Maintenance Services.

3.1. Maintenance Services will include, without limitation, periodic and/or scheduled activities required to ensure that an application continues to perform in accordance with the specifications for such application and such application does not incur any problems.

3.1.1. Vendor shall be responsible for maintenance services including, but not limited to:

3.1.1.1. Production job monitoring

3.1.1.2. Help desk script creation

3.1.1.3. Reference data and table changes required to support organizational changes and/or support new users

3.1.1.4. Testing support for operating system, software package or server upgrades

3.1.1.5. Release support including change management support

3.1.1.6. Performance tuning

3.1.1.7. Log file maintenance

3.1.1.8. Performing configuration changes

3.1.1.9. Performing version upgrades

3.1.1.10. Activities required to sunset or decommission applications as necessary, excluding Enhancements, and

3.1.1.11. Testing support for changes to interfaces resulting from maintenance activities carried out in other applications.

4. Preventive Maintenance. Vendor shall be responsible for Preventative Maintenance including application tuning, code restructuring, and other effort usually taken to improve the efficiency and reliability of programs and to minimize ongoing maintenance requirements.

5. Minor Enhancements.

5.1. Unless otherwise agreed in the SOW, Minor Enhancements are classified as any modifications or changes that require a level of effort of 160 person hours, or less, per change, and complete and regulatory and compliance changes that require a level of effort of 800 person hos, per change, to complete.

5.2. Minor enhancements include:

5.2.1. Updating interfaces.

5.2.2. Improvements in functionality.

5.3. Where applicable, Vendor shall be responsible for the analysis, design, development, testing and deployment and support for minor application enhancements, which may include (as set forth in the SOW): :

5.3.1. Translate business requirements into technical requirements

5.3.2. Receive and analyze project service/change requests

5.3.3. Identify integration requirements with other applications

5.3.4. Perform requirements management and feasibility analysis

5.3.5. Define data requirements

5.3.6. Ensure architecture adheres to Customer standards

5.3.7. Create high level solutions design

5.3.8. Ensure design is compliant with defined Security policies and maintaining system data integrity and confidentiality

5.3.9. Where applicable, design physical and logical database and data structures

5.3.10. Propose design alternatives

5.3.11. Obtain approval on design and architectural decisions and components prior to development

5.3.12. Prepare development environment

5.3.13. Ensure code, configuration, and designed solutions are compliant with defined Security policies and maintaining system data integrity and confidentiality

5.3.14. Complete any necessary documentation needed

5.3.15. Perform quality assurance including peer reviews and code walkthroughs as requested by Customer

5.3.16. Construct application and system code consistent with design requirements

5.3.17. Where applicable, develop physical and logical databases

5.3.18. Develop data interfaces

5.3.19. Perform code reviews

5.3.20. Develop testing approach

5.3.21. Verify compliance with testing specifications and requirements

5.3.22. Develop and maintain design documents and test plans

5.3.23. Prepare test environment

5.3.24. Monitor and review defects

5.3.25. Conduct unit test

5.3.26. Conduct system test

5.3.27. Conduct integration test

5.3.28. Conduct regression test

5.3.29. Support user acceptance test

5.3.30. Coordinate change control activities with Customer

5.3.31. Coordinate implementation with Customer, including scheduling, communication

5.3.32. Coordinate production scheduling with Customer

5.3.33. Coordinate release management with Customer

5.3.34. Create implementation notes, and

5.3.35. Provide post deployment support

6. Other Support Activities.

6.1. Investigation Support

6.1.1. Vendor shall be responsible for providing Investigation Support including, but not limited to:

6.1.1.1. Requests for analysis,

6.1.1.2. Requests for estimation, and

6.1.1.3. Requests for troubleshooting.

6.2. Training Support

6.2.1. Vendor shall be responsible for providing Training Support, including providing information, analysis, or other inputs to assist in the creation of training materials and classes.

6.3. Audit Services

6.3.1. Vendor shall be responsible for providing technical assistance in performing IT audit, including:

6.3.1.1. Review audit objectives,

6.3.1.2. Research and resolve findings, and

6.3.1.3. Provide documentation supporting closure of findings.

6.4. Third Party Management

6.4.1. Where applicable, Vendor shall manage third party relationships and activities, including:

6.4.1.1. Own relationships with appropriate software vendor(s),

6.4.1.2. Ensure third party/vendor software release is managed and integrated, and

6.4.1.3. Coordinate and implement third party upgrades and vendor support issues, including vendor relationships.

6.5. Capacity Management

6.5.1. Vendor shall work in conjunction with Customer in the creation of an annual application software capacity plan that documents expected increases in application software seat licenses, concurrent user licenses or pay by use licensing.

6.5.2. Vendor shall be responsible for supporting the creation of an annual IT infrastructure capacity plan for all Vendor supported applications.

6.6. Availability Management

6.6.1. Vendor shall be responsible for proactively analyzing, measuring and attempting to improve the availability of applications under their control.

6.6.2. Vendor shall be responsible for creating an annual availability plan that includes suggested enhancements that if implemented, will have a positive effect on application availability.

6.7. Configuration Management

6.7.1. Vendor shall be responsible for maintaining information about configuration items required for delivering an application, including their relationships.

6.7.2. Vendor shall maintain a database used to store configuration records throughout their lifecycle.

6.8. Demand Management

6.8.1. Vendor shall proactively work with Customer to determine the most efficient way to meet overall Customer demand for application maintenance and support on a vendor owned application. Customer has the right utilize a different approach based on their discretion.

EXHIBIT F

MIGRATION SERVICES

The provisions of this Exhibit shall apply when services previously performed by Customer or another vendor (the “Migration-from-vendor”) are to be performed by Vendor. For purposes of clarity, the Migration Services shall be set forth in an SOW and agreed by the parties. These Services relate to Migration only.

1. Migration Team.

1.1 Vendor will assign a Migration team headed by a Migration manager who will be a member of the program team through steady-state.

1.2 The Migration team will perform the following activities as they relate to the Migration:

1.2.1 Build the initial support team and train the team members

1.2.2 Program administration and management for all Migration activities

1.2.3 Establishing and documenting change management, escalation, and problem management procedures

1.2.4 Developing a Migration Plan

1.2.5 Executing the Migration Plan, and

1.2.6 Managing the Migration Plan through successful Migration of the services, including reporting to Customer on status, issues, and risks.

2. Migration Planning.

2.1 The Vendor will provide a detailed Migration Plan for all in scope services and locations. The Migration Plan shall incorporate the following areas at a minimum:

2.1.1 Expected durations for key phases, stages, tasks and milestones,

2.1.2 The interface and processing boundaries of the applications being Migrated,

2.1.3 The maintenance/development methodologies that are currently being used and will be used in the future,

2.1.4 The level of documentation that is available,

2.1.5 A knowledge transfer plan incorporating onshore and offshore resource management,

2.1.6 The tools, processes, and enablers that are currently used and the ones that will be utilized,

2.1.7 The security, regulatory and compliance requirements for the application,

2.1.8 In-flight maintenance and enhancements,

2.1.9 System administration requirements,

2.1.10 Identification of the shortage between current state and the proposed state, and

2.1.11 Acceptance criteria that must be met prior to steady state.

2.2 To generate the Migration Plan, Vendor, Customer and, if required, transfer-from-vendor(s) shall work jointly to review and analyze the following at a minimum:

2.2.1 Identify error-prone areas based on maintenance history.

2.2.2 Identify areas of deficiency and shortages, including:

2.2.2.1 Level of comments in programs,

2.2.2.2 Completeness and detail of program specifications,

2.2.2.3 Detail of chronological fix history,

2.2.2.4 Test plans level of detail, test scripts and test tools,

2.2.2.5 Availability of maintenance manuals/run books,

2.2.2.6 Service level attainment history, and

2.2.2.7 Availability of general documentation.

2.2.3 Validate the estimated effort, turn-around time and other maintenance requirements.

2.3 Unless otherwise agreed in a SOW, the Vendor shall be responsible for all functions, tasks, including:

2.3.1 Working with the transfer-from-vendor(s) personnel as and/or Customer as necessary to ensure the smooth migration of such Services from such transfer-from-vendor(s) and/or Customer to Vendor with no material impact to the Services, and, as necessary.

2.3.2 Entering into confidentiality agreements or similar agreements that the applicable transfer-from-vendor(s) may reasonably require in connection with the transfer of the Services from the Customer Contractor(s) to Vendor.

2.3.3 Identifying and obtaining required consents from transfer-from-vendor(s).

2.3.4 Assisting Customer in identifying and obtaining third party contracts to be assigned to Vendor from Customer, as applicable. Where necessary Customer will intervene to assign third party contracts to Vendor.

2.3.5 Assisting Customer in identifying and obtaining owned existing equipment or leased existing equipment that will be required to perform the Services or any new equipment to be purchased by the Vendor.

2.3.6 Assisting Customer in identifying and obtaining Third Party Software.

2.3.7 Identifying inter-relationships and dependencies between tasks.

2.3.8 Planning Deliverables applicable to the Services, including:

2.3.8.1 Knowledge transfer documentation,

2.3.8.2 System documentation and run books,

2.3.8.3 Production support procedures,

2.3.8.4 Data schemas,

2.3.8.5 Technical architecture documentation,

2.3.8.6 Entity relationship diagrams,

2.3.8.7 System input/output documentation,

2.3.8.8 Batch processing documentation, and

2.3.8.9 System interface diagrams/descriptions.

2.4 The Migration Plan shall be in a Customer approved format, utilizing any applicable Customer tools and methodologies.

2.5 The Vendor shall submit the Migration Plan to Customer for written approval.

2.6 The Vendor shall manage the migration of services from the Migration-from-vendor and/or Customer.

2.6.1 To the extent agreed in the SOW, the failure of any migration-from-vendor responsibilities shall in no way relieve the Vendor of any obligation to complete each task in the Migration Services.

2.7 The Vendor will execute all migration activities except where Customer personnel are required, and in such cases the Vendor will inform Customer and include in the Migration Plan the nature and scope of activities required to be performed by Customer, including activities, Deliverables and estimated headcount of required Customer personnel.

2.8 The Vendor will provide a detailed timeline for the migration and will explain in detail the estimated time needed for the Migration.

2.9 The Vendor will use all reasonable efforts to manage issues and risks during the Migration and will escalate any issues and risks to Customer as appropriate.

2.10 Vendor shall provide Customer with a “no cost” migration period, unless otherwise agreed in an SOW.

2.10.1 Vendor shall obtain information regarding the amount of termination assistance and wind-down fees that the transfer-from the terminated vendor(s) may charge in connection with the transfer of the Services from such Customer Contractor(s) to transfer to Vendor.

2.10.2 Vendor shall negotiate and pay termination charges, termination assistance fees and wind-down fees that the migration-from-the terminated vendor(s) may charge in connection with the transfer of the Services from such Customer Contractor(s) to Vendor.

3. Migration Risk Mitigation.

3.1 Prior to undertaking any Migration Services, Vendor shall discuss with Customer specific material risks. This discussion will take the form of a Migration Risk Mitigation Plan that will include major migration risks and mitigation strategies that can be employed to reduce overall migration risk.

3.1.1 Vendor shall not proceed with such activity until Customer approves and authorizes Vendor to proceed

3.1.2 Vendor shall use all reasonable efforts to identify, resolve (but only if under Vendor control), and escalate any material problems or failure of

dependencies that would materially impede or materially delay the timely completion of each task in the Migration Plan

4. Migration Execution.

4.1 Upon receiving Customer’s written approval, Vendor shall perform all Migration Services pursuant to the Migration Plan, including:

4.1.1 Using all reasonable effort to meeting the critical milestones described in the Migration Plan and leveraging all Customer contractor personnel and Customer personnel as necessary to meet milestones.

4.1.2 Regularly updating the Migration Plan to demonstrate achievement to task dates.

4.1.3 Meeting as directed by Customer to review the Migration Plan, provide updates, review issues, review risks, and document resolutions.

4.1.4 Providing all Deliverables subject to acceptance by Customer, as further described in the Agreement.

4.1.5 On-boarding all Vendor Personnel and conducting knowledge-transfer, shadow support, and primary support activities as required to perform the Services prior to assuming full responsibility for Services under Statements of Work.

4.2 Subsequent to the knowledge acquisition, Vendor will obtain hands-on experience on the application maintenance and support by working along with the existing migration-from vendor(s) support teams. This period will be referred to as the “shadow period.”

4.3 After the shadow period, Vendor will step up as the primary support with the migration-from vendor(s) lending the secondary support. .

4.4 Upon sign-off by Customer of the migration Acceptance Criteria, the Migration phase will be considered complete and steady state will begin.

4.5 The duration of the Migration phase will be as agreed by the parties in writing.

4.6 By the end of the Migration phase, Vendor shall possess:

4.6.1 Complete knowledge of the Applications, Environment and Database(s).

4.6.2 Resources for providing support to the various Applications.

5. Failure to Meet Migration Milestones.

5.1 If Vendor fails to meet a critical Migration Milestone, the parties will set forth terms and conditions of any such failure in a SOW.

5.2 Customer shall decide, in its reasonable and good faith discretion, whether a Migration Plan milestone has been met based on the acceptance criteria as agreed upon by the parties in the SOW.

Exhibit G

SERVICE LEVEL REQUIREMENTS

The purpose of this Exhibit is to clearly define the initial levels of service to be provided by the Vendor to Customer and to describe a process to adjust these throughout the term of the Agreement. This Exhibit sets forth Service Levels that Vendor is required to achieve in performing the Services and describes the methodology for calculating Service Level Credits that shall become due and payable (or credited) to Customer by Vendor if Vendor fails to achieve any Service Level targets. For purposes of clarity the Service Level Attachment, enclosed herein, shall be applicable, unless otherwise agreed in the SOW.

1. Service Levels.

1.1. Vendor will have Program Service Levels (as set forth on the Service Level Attachment) that are mandatory and shall apply to all Services.

1.2. In addition to the Program Service Levels, Application Service Levels will apply to Services for application maintenance and/or development. As used herein, “Application Service Levels” shall mean the Application Maintenance Statement of Work Service Levels and Application Development Statement of Work Service Levels set forth on the Service Level Attachment.

1.3. As used in the Service Level Attachment, the following terms shall have the meanings described below, such that each Service Level is comprised of the Service Level Components (as defined below).

1.4. Service Level Components.

1.4.1. Each Service Level includes the following Service Level components (the “Service Level Components”):

1.4.1.1. “Expected Service Level” means the performance metric the Vendor is required to meet to prevent a Service Level Default (as defined below). The Expected Service Levels are set forth in the Expected Service Level column of the Service Level Attachment.

1.4.1.2. “Minimum Service Level” means the performance metric set forth in the Minimum Service Level column of the Service Level Attachment and is the lowest expected service the Vendor is required to meet.

1.4.1.3 “Weighting Factor” means a percentage of the At Risk Amount (as defined below) assigned by Customer to each Service Level identified in the Service Level Attachment, which shall not exceed *** for any one Service Level, or **** in the aggregate for all Service Levels.

1.4.1.4 “At Risk Amount” means, the maximum amount of Service Level Credits that may be due to Customer for a particular invoicing period. The At Risk Amount shall be a percentage of the fees for Services, as follows:

1.4.1.4.1 For maintenance projects the At Risk Amount is equal to ********** of the fees for the application for which the Service Level Default has occurred for the invoicing period, which is monthly unless otherwise agreed in the SOW.

1.4.1.4.2 For development projects the At Risk Amount shall be agreed to by the Parties in writing.

1.4.1.5 “Service Level Credit” means the amount due to Customer if Vendor fails to meet any expected Service Level for the measurement period. Service Level Credits are liquidated damages and represent the parties’ good faith estimate of Customer’s damages in the event of a Service Level Default, which damages are difficult to forecast.

1.4.1.6 “Service Level Tier” means the applicable criticality level associated with an application or applications.

1.4.1.6.1 Applications have been assigned different tier levels based on their impact to Customer’s business. The application shall have the tier assigned to it in the applicable SOW.

2. Service Level Measuring and Reporting.

2.1. Vendor shall measure its performance of the Services against the Service Levels specified in the Service Level Attachment, and report on such performance according to the reporting requirements identified in Exhibit D (Universal Service Requirements).

2.2. Vendor shall provide, implement, maintain and support tools required or appropriate to measure and report on its performance of the Services against the Service Levels.

2.3. Vendor shall use a data source approved by Customer for reporting against Service Levels specified in the Service Level Attachment.

2.4. Vendor shall provide detailed supporting information for each report as requested by Customer.

2.5. The raw data and detailed supporting information related to each Service Level Report shall be deemed Customer Confidential Information.

2.6. Regardless of data source, Vendor is solely responsible for the underlying collection, measurement and analysis of data pertaining to the Service Levels as reflected in each Service Level Report.

2.7. Failure to submit Service Level Reports when due or to properly report performance with respect to any particular Service Level for any monitoring interval shall be a Service Level Default with its Weighting Factor set forth on the Service Level Attachment; provided that no breach of this Section 2.7 or Service Level Default shall be deemed to occur if Vendor provides such Service Level Reports within ten (10) business days after the reporting time specified in the applicable SOW or, if not specified in the applicable SOW, within ten (10)

business days after the end of a calendar month.; unless the parties agree otherwise in writing to another time period for providing such Service Level Report.

2.8. For all Severity Level 1 and Severity Level 2 problems, Response and Recovery Times will be measured based on a coverage period ************************************** ************************ per year cycle, and Vendor may not exclude ******************************************************************** ****** or as set forth in the SOW.

3. Service Level Credits.

3.1. The Service Level Credit for each Service Level Default shall be computed according to the following formula:

A = At Risk Amount for the month.

B = Weighting Factor.

A x B = Service Level Credit for an individual Service Level.

3.1.1 For example, if the At Risk Amount for a given month is $100,000, and a Weighting Factor of 5% is assigned to a Service Level for which a Service Level Default occurred the Service Level Credit for such Service Level Default shall be $5,000.

3.1.2 Additionally, if the SOW At Risk Amount for a given month is $4,000, and a Weighting Factor of 4% is assigned to a Service Level for which a Service Level Default occurred, the Service Level Credit for such Service Level Default shall be $160.

3.2. If Vendor fails to meet the Service Level for more than one Service Level within a month, the Vendor shall pay or credit Customer for the sum of the corresponding Service Level Credits up to the At Risk Amount.

3.3. If a single incident causes the Vendor to miss more than one Service Level then Customer will have the right to select one Service Level (but not more than one) for which it will receive the Service Level Credit but no other Service Level Credits or Service Level Defaults for such incident.

3.3.1. For the avoidance of doubt, a single incident is defined as a discrete technical problem which cannot be reasonably subdivided.

3.4. Vendor shall notify Customer in writing if Customer becomes entitled to a Service Level Credit and notice shall be included in the Service Level Report and which shall at a minimum:

3.4.1. Describe each Service Level Default that occurred, and

3.4.2. Specify the date when Vendor shall pay or credit the Service Level Credit to Customer.

3.5. If Customer becomes eligible for a Service Level Credit the amount shall be offset against the monthly charges in the quarter following the month in question or as otherwise agreed to by the parties, subject to Earn-Back as below.

3.6. In the event Vendor misses an Expected Service Level for critical Service Levels ******************************** measurement periods, Customer shall have the right to review the team structure with Vendor and prescribe the required remedial action (a) at no additional cost for Fixed Price SOWs, or (b) at a mutually agreed cost, if applicable for T&M SOWs.

3.6.1. This may include moving Vendor *******************************, until Customer is satisfied that the Service Levels have been stabilized, subject to mutual agreement of the parties.

3.7. For the avoidance of doubt, no Service Level Default shall be deemed to occur if and to the extent any incident is attributable to the following:

3.7.1. Acts or omissions of Customer or its agents or subcontractors (including Customer’s failure to perform its obligations under the Agreement);

3.7.2. Changes made by Customer to Customer’s operating environment outside the scope of Services being provided by Vendor;

3.7.3. Circumstances that constitute a Force Majeure Event.

4. Changes to Service Levels.

4.1. At any point in time Customer may request Vendor to :

4.1.1. Add, delete, or modify Service Levels by sending written notice to the Vendor at least ************** prior to the effective date of the change. If Customer is requesting material changes to the Service Levels, such material changes will be negotiate and introduced by mutual agreement in timeframes agreed to by both parties via a Change Order.

4.1.2. Increase or decrease the Weighting Factor for any Service Level by sending written notice to the Vendor at least ********* days prior to the effective date of the change; provided that no Weighting Factor shall ******** or the aggregate of all Weighting Factors shall *********. If there is a material change to the Weighting Factor, the parties will negotiate and mutually agree to introduce this change via a Change Order.

4.2. Customer expects Vendor to improve its performance capabilities resulting from the use of improved technologies and processes to perform the Services. Annually, at the end of each contract year the Vendor and Customer will meet to discuss the Minimum and Expected Service Levels and make any necessary adjustments as mutually agreed by the parties.

5. Baselining.

5.1. New Service Levels shall be base-lined (if the Parties do not agree on the applicable Expected Service Level) only during a period of stable activity (as determined and mutually agreed by the parties), as follows:

5.1.1. Customer shall identify applicable Service Level Metrics and communicate such targets in writing to the Vendor.

5.1.2. During the ************************ for which a new Service Level can be measured (“Baselining Period”), the Vendor shall measure and collect any data required to assess Vendor’s performance in meeting the Service Level Metrics. No Service Level Credits shall be enforced for Service Level Defaults during the Baselining Period.

5.1.2.1. For the avoidance of doubt, the monitoring interval will be determined by Vendor and Customer.

5.1.3. If the baselined Service Level meets the Service Level Target, the Service Level shall be added and incorporated into this Exhibit in an appropriate Service Level Attachment and shall become effective in the ********** monitoring interval.

5.1.4. If any measured, baselined Service Level does not meet the Service Level Target, Customer and Vendor may:

5.1.4.1. Set a revised Service Level Target,

5.1.4.2. Identify revised Service Levels, or

5.1.4.3. Terminate, in whole or in part, the associated Statement of Work for cause as is further described in the Agreement.

6. Service Level Definitions.

6.1. The following Service Level definitions describe Service Levels which must be met by the Vendor (to the extent agreed in a SOW, and subject to the assumptions set forth in the SOW):

6.1.1 Response Time. Response Time is defined as the elapsed time between the moment the Vendor is notified of a problem and the moment the Vendor contacts Customer and indicates that the individual responsible for resolving the problem has commenced the required problem resolution efforts.

6.1.2 Recovery Time. Recovery Time is defined as the elapsed time between the moment the Vendor is notified of such problem and the moment that the software, data, and services affected by the problem are restored to normal operations in accordance with applicable specifications or a temporary work around acceptable to Customer has been successfully implemented.

6.1.3 Resolution Time. Resolution Time is defined as the elapsed time between the moment the Vendor is notified of such problem and the moment the vendor implements a permanent fix that corrects the root cause of the problem.

6.1.4 Availability of Applications. Availability of Applications is defined as the application is available for use by end user in accordance with its intended functionality.

6.1.5 ABEND. ABEND is defined as an abnormal end, abort, or system crash.

6.1.6. Service Level Default. Service Level Default is defined as Vendor’s failure to meet an Expected Service Level. A Service Level Default will result in the issuance to Customer of the applicable Service Level Credit.

6.2 The following Severity Level definitions define how problems are classified:

6.2.1 Severity 1. A problem impacts the business so that users cannot operate standard business practices, the application is not responding and is unavailable or, overnight production processes have aborted and the on-call support individual was contacted.

6.2.2 Severity 2. An incorrectly functioning application feature is preventing the completion of a critical business process; the required business function cannot be executed because of non-availability or malfunction of a subsystem.

6.2.3 Severity 3. A problem that negatively affects the usability of the system but does not prevent access to the system or completion of standard business processes, an incorrectly functioning application feature is preventing the completion of a non-critical business process.

6.2.4 Severity 4. A problem that negatively affects the experience of using the system but does not prevent the delivery of normal customer service standards. Any problem not considered a Severity 1, 2 or 3.

6.2.5 Maintenance requests may also be defined by Severity Level, the time to complete the request will be the recovery time for the Severity Level.

6.3 The following Defect Level Descriptions define the types of defects during user acceptance testing (UAT):

6.3.1 Level 1 Defect. An issue that affects a central/critical requirement for which there is no work around. It prevents use or testing of the System. Central/critical requirement negatively impacted. No workaround.

6.3.2 Level 2 Defect. An issue that affects a central/critical requirement for which there is a workaround. Use or testing of the System can proceed but in a degraded mode. Central/critical System requirement negatively impacted. Workaround provided.

6.3.3 Level 3 Defect. An issue that affects a non-central / non-critical requirement for which there is no workaround. It prevents use or testing of the System. The feature or capability cannot be used. Non-Central / Non-Critical requirement negatively impacted. No work around.

6.3.4 Level 4 Defect. (Low Defect) An issue that affects a non-central/non-critical requirement for which there is a workaround. Non-central/non-critical requirement negatively impacted. Workaround provided. No major adverse effects to the business environment. Customer shall schedule a re-test upon notification by Vendor when the error has been corrected.

6.3.5. Level 5 Defect. (Cosmetic Defect) Information is correctly shown but the appearance is wrong such as misspelled words, wrong format, wrong fonts, wrong color, recommendations provided by tester, etc. No adverse impact to work flow or functionality. Cosmetic. No negative impact to requirements.

6.4 The following Helpdesk Level support descriptions define the level of help desk support:

6.4.1 “Level 1 Helpdesk Support” means the “first line support” which includes fielding the call or event, performing a quick assessments, following documented processes and procedures, and assigning ticket numbers/tracking information for end user support requests.

6.4.2 “Level 2 Helpdesk Support” means “dedicated support” to respond to and resolve incidents, including addressing break fix type problems typically involving data or table updates outside of structured release methodology.

6.4.3 “Level 3 Helpdesk Support means “advanced level support” to respond to and resolve incidents, including addressing more complex break fix type problems involving code changes and structured release methodology.

7. Earn-Backs

7.1 Vendor shall have the right, pursuant to the SOW, to ************ of the Service Level Credit (“Earn-Back”), for a given Service Level Default when Vendor’s Service Level performance meets or exceeds the Expected Service Level for each month of the

three measurement periods immediately following the measurement period in which the Service Level Default occurred.

7.2 Whenever Vendor is entitled to an Earn-Back, Vendor shall include such Earn-Back as a charge to Customer (indicated as an Earn-Back) on the same invoice that contains charges for the measurement period giving rise to such Earn-Back, and include such information in Vendor’s monthly performance reports.

7.3 Upon termination or expiration of the Agreement, Service Level Credits issued by Vendor are no longer subject to Earn-Back.

Service Level Attachment

Program Service Levels

#	Metric	Definition	Calculation	Expected Service Level	Weighting Factor
1	Accurate Invoicing	Accurate Invoicing shall be a measure of invoices submitted on time and in the correct amount according to Customer’s process for submitting invoices. An accurate invoice shall be defined as being submitted on time and in the correct amount.		****	****
2	Administrative Reports Delivered On-Time	Reports Delivered On-Time shall be the measure of the number of Administrative Reports delivered on or before their scheduled delivery date.		****	****
3	Staff Turnover Rate	Staff Turnover Rate shall be the measure of the percentage of team’s staff replacement during a rolling 12 month period, including staff removed for cause . This measure shall be provided at Customer level and Customer business unit level. Removed for cause includes		****	****

attritioned staff defined as people who leave for any reason (they quit, transferred or were let go) other than transfer to another project for Customer within Customer and within Customer business unit (i.e., CI — UW, CI — Claims, etc.,),, or having spent 36 months on Customer projects within Customer business unit (i.e., CI — UW, CI — Claims, etc.).

Application Maintenance Statement of Work Service Levels

Metric

Definition

Calculation

(Include all Problems
required to be responded
to, recovered or resolved in
current month

Expected
Service
Level

Minimum
Service
Level

Weighting
Factor

Platinum

Gold

Silver

Bronze

Response Time for Severity 1 Problems

Response Time for Severity 1 Problems shall be a measure of Vendor’s performance in responding to Severity 1 problems.

****

Response Time for Severity 2 Problems

Response Time for Severity 2 Problems shall be a measure of Vendor’s performance in responding to Severity 2 problems.

****

Response Time for Severity 3 Problems:

Response Time for Severity 3 Problems shall be a measure of Vendor’s performance in responding to Severity 3 problems.

****

Response Time for Severity 4 Problems:

Response Time for Severity 4 Problems shall be a measure of Vendor’s performance in responding to Severity 4 problems.

****

Recovery of Severity 1 Problems

Recovery Time for Severity 1 Problems shall be a measure of Vendor’s performance in restoring services for Severity 1 problems.

****

Application Maintenance Statement of Work Service Levels

Metric

Definition

Calculation

(Include all Problems
required to be responded
to, recovered or resolved in
current month

Expected
Service
Level

Minimum
Service
Level

Weighting
Factor

Platinum

Gold

Silver

Bronze

Recovery of Severity 2 Problems

Recovery Time for Severity 2 Problems shall be a measure of Vendor’s performance in restoring services for Severity 2 problems.

****

Recovery of Severity 3 Problems

Recovery Time for Severity 3 Problems shall be a measure of Vendor’s performance in restoring services for Severity 3 problems.

****

Recovery of Severity 4 Problems

Recovery Time for Severity 4 Problems shall be a measure of Vendor’s performance in restoring services for Severity 4 problems.

****

Resolution of Severity 1 Problems

Resolution Time for Severity 1 Problems shall be a measure of Vendor’s performance in resolving problems for Severity 1 problems.

****

Resolution of Severity 2 Problems

Resolution Time for Severity 2 Problems shall be a measure of Vendor’s performance in resolving problems for Severity 2 problems.

****

Application Maintenance Statement of Work Service Levels

Metric

Definition

Calculation

(Include all Problems
required to be responded
to, recovered or resolved in
current month

Expected
Service
Level

Minimum
Service
Level

Weighting
Factor

Platinum

Gold

Silver

Bronze

Resolution of Severity 3 Problems

Resolution Time for Severity 3 Problems shall be a measure of Vendor’s performance in resolving problems for Severity 3 problems.

****

Resolution of Severity 4 Problems

Resolution Time for Severity 4 Problems shall be a measure of Vendor’s performance in resolving problems for Severity 4 problems.

****

Availability of Applications

Availability of Applications shall be the measure of the scheduled uptime that an application is expected to have. The scheduled uptime for all applications is 24x7.

The Application Availability metric will apply to those applications where the availability information can be provided and will exclude downtime due to a pre-existing condition of application outside of Vendor’s control.

****

Application Maintenance Statement of Work Service Levels

Metric

Definition

Calculation

(Include all Problems
required to be responded
to, recovered or resolved in
current month

Expected
Service
Level

Minimum
Service
Level

Weighting
Factor

Platinum

Gold

Silver

Bronze

Minor Enhancements and Regulatory/Compliance Changes Delivered On-Time

Minor Enhancements and Regulatory/Compliance Changes Delivered On-Time shall be the number of Minor Enhancements and Regulatory/Compliance Changes delivered and implemented on or before their completion date as approved by Customer.

****

Defect Free Modifications

Defect Free Modifications shall be the number of modifications (i.e., Minor Enhancements or Regulatory and Compliance Changes) that are made without causing any errors to any systems that have been successfully implemented in Customer’s production environment for exactly ninety (90) days that did not cause a Severity Problem during such ninety (90) day period as caused by Vendor.

****

Application Maintenance Statement of Work Service Levels

Metric

Definition

Calculation

(Include all Problems
required to be responded
to, recovered or resolved in
current month

Expected
Service
Level

Minimum
Service
Level

Weighting
Factor

Platinum

Gold

Silver

Bronze

Rework

Rework shall be the number of problems across all severity levels that are resolved incorrectly the first time and required additional work to correct.

Unresolved problems shall be inclusive of Severity Problems which were closed and had to be reopened for the same issue.

****

Transition Milestones Met

Transition Milestones Met shall be the number of Transition Milestones completed on or before their scheduled date.

****

Application Maintenance Statement of Work Service Levels

Metric

Definition

Calculation

(Include all Problems
required to be responded
to, recovered or resolved in
current month

Expected
Service
Level

Minimum
Service
Level

Weighting
Factor

Platinum

Gold

Silver

Bronze

System Performance without ABEND

System Performance without ABENDS for the batch Applications shall be a measure of the number of batch job steps for a month that are completed without ABENDS.

For purposes of measuring Vendor’s performance against this Service Level, ABENDS that result from infrastructure problems outside of Vendor’s scope of responsibility or are associated with development, system test, and user acceptance test jobs will not be counted.

****

Application Maintenance Statement of Work Service Levels

Metric

Definition

Calculation

(Include all Problems
required to be responded
to, recovered or resolved in
current month

Expected
Service
Level

Minimum
Service
Level

Weighting
Factor

Platinum

Gold

Silver

Bronze

Key Resource Retention

Key Resource Retention shall be the minimum length of time the number of identified key resources (as agreed to by the parties) are on a team not removed for cause.

Removed for cause includes attritioned staff defined as people who leave for any reason (they quit, transferred or were let go) other than transfer to another project for Customer, or having spent 36 months on Customer projects.

****

Application Maintenance Statement of Work Service Levels

Metric

Definition

Calculation

(Include all Problems
required to be responded
to, recovered or resolved in
current month

Expected
Service
Level

Minimum
Service
Level

Weighting
Factor

Platinum

Gold

Silver

Bronze

Business Support Requests Completed On-Time

Business Support Requests Completed On-Time shall be the number of Business Support Requests completed on or before their completion date as approved by Customer.

This includes Business Support, both ticketed and non-ticketed, items requiring tighter service levels, mutually agreed to, over and above standard SLAs.

****

Application Development Statement of Work Service Levels

Metric

Definition

Calculation

Expected
Service
Level

Minimum
Service
Level

Weighting
Factor

Project Deliverables Delivered On-Time

Project Deliverables Delivered On-Time shall be the number of Project Deliverables delivered and implemented on or before their completion date as approved by Customer.

****

Projects Delivered to Budget

Projects Delivered within Budget shall be the total number of Measured Projects that were completed during the rolling twelve-month period ending in such month with a final cost that is not greater than one hundred and ten percent (110%) of the budgeted cost for such Project as agreed in writing between Customer and Vendor in the applicable Project Plan (as modified to reflect changes agreed to in writing by Customer and amended through the Change Control Process set forth in the Agreements).

****

Application Development Statement of Work Service Levels

Metric

Definition

Calculation

Expected
Service
Level

Minimum
Service
Level

Weighting
Factor

Key Resource Retention

Key Resource Retention shall be the minimum length of time the number of identified key resources (as agreed to by the parties) are on a team not removed for cause.

****

Level 1 UAT defects per measured unit*

Level 1 UAT defects per measured unit is a measure the number of Level 1 Defects experienced during user acceptance testing.

****

Level 2 UAT defects per measured unit*

Level 2 UAT defects per measured unit is a measure the number of Level 2 Defects experienced during user acceptance testing.

****

Application Development Statement of Work Service Levels

Metric

Definition

Calculation

Expected
Service
Level

Minimum
Service
Level

Weighting
Factor

Level 3 UAT defects per measured unit*

Level 3 UAT defects per measured unit is a measure the number of Level 3 Defects experienced during user acceptance testing.

****

Level 4 UAT defects per measured unit*

Level 4 UAT defects per measured unit is a measure the number of Level 4 Defects experienced during user acceptance testing.

****

EXHIBIT H

DISASTER RECOVERY REQUIREMENTS

This Exhibit will apply to all work Vendor is engaged to perform, including but not limited to development, maintenance, and support. During the Term, Vendor shall fully comply with and perform the obligations set forth in the Disaster Recovery Plan.

1. The Disaster Recovery Plan. The Disaster Recovery Plan shall:

1.1 Ensure the continuation of business operations (skills and technical infrastructure) and services of Customer if a disaster or crisis situation occurs.

1.2 Include a documented crisis management plan for all Vendor locations.

1.3 Ensure the proper response if a disaster or crisis situation occurs such that employees, visitor, assets and business operations at the crisis site are protected.

1.4 Include a manual that provides all of the information needed to operate in times of crisis.

1.5 Describe what tasks must be performed, how the tasks must be performed, who is responsible and who is assigned the tasks, which external organizations and people are involved, and how to reach all parties concerned.

1.6 Address how the Vendor will respond to a site outage, city problem, or larger geographic impact.

1.7 Describe the service level degradation that can be expected if a disaster or crisis situation occurs.

1.8 Describe various types of incidents and level that Vendor would declare an emergency.

1.9 Identify key incident recovery staff, client facing staff, and operational project staff along with roles and contact numbers.

1.10 Describe responses to outages of varying durations.

2. Customer Approval. The Disaster Recovery Plan shall be reviewed and approved by Customer.

3. Review. Vendor shall, at least once annually:

3.1 Review, test, and update the Disaster Recovery Plan to ensure the Disaster Recovery Plan addresses changes in Customer’s operating environments, software and hardware enhancements, address any gaps that may be identified through any audit findings, and changes in the scope or nature of the Services; and

3.2 Provide Customer with a written report of such test results and proposed changes to the Disaster Recovery Plan.

4. Changes.

4.1. Material Changes. Any material proposed changes to the Disaster Recovery Plan (the materiality of which shall be determined in Customer’s sole discretion) shall be approved by Customer in writing prior to being instituted by Vendor, and when revised and approved in writing by Customer shall modify the Disaster Recovery Plan.

4.2. Non-Material Changes. Any non-material proposed changes to the Disaster Recovery Plan (the materiality of which shall be determined in Customer’s sole discretion) may be incorporated into the revised Disaster Recovery Plan without Customer’s prior written approval.

5. Vendor Additional Obligations. Vendor hereby agrees to perform the following:

5.1. Create and maintain daily incremental back-up files and weekly off-site storage for all data, software programs and documentation provided hereunder which are hosted and stored by Vendor on Vendor servers (and not on Customer’s).

5.1.1. Any off-site storage provider shall be deemed to be a Vendor Subcontractor.

5.2. Upon such time as the parties to the Agreement agree, Vendor shall maintain a separate disaster recovery services facility (“Secondary Site”) capable of rapidly commencing performance of the Services.

5.2.1. Vendor shall (at a minimum) maintain at each Secondary Site:

5.2.1.1. Capability as necessary to perform the Services;

5.2.1.2. Independent on-site generators or other power supplies capable of supporting the Services for a minimum of five (5) days without external power;

5.2.1.3. Diverse communications lines entering the Secondary Site from multiple carriers;

5.2.1.4. Load-balanced equipment with excess capacity ensuring that isolated equipment failure does not adversely affect the level of Services; and

5.2.1.5. Hot, duplicate equipment on-site with automatic fail-over capability.

5.3. Vendor will run a full disaster recovery test at the Secondary Site at least once a year to validate Vendor’s procedures and demonstrate their ability to recover the development environment within the recovery time(s) specified in the Disaster Recovery Plan.

5.4. Vendor shall:

5.4.1. Identify to Customer each incident affecting any Services promptly upon identification by Vendor and consult with Customer prior to declaration of a disaster;

5.4.2. Notify Customer as soon as possible of any situation that in Vendor’s reasonable judgment may escalate to a Disaster;

5.4.3. Develop and maintain a list of Customer personnel to contact in the event of a Disaster and comply with Customer’s reasonable notification procedures; and

5.4.4. Maintain communications with Customer as to the status of the Disaster and the progress of the implementation of the Disaster Recovery Plan procedures and the Services restoration process.

5.4.5. In the event of an outage affecting the operation of the Vendor’s development environment being used for Services, which outage exceeds six (6) hours and for which recovery time is unknown or expected to exceed twenty-four (24) hours, Vendor shall declare a Disaster.

5.4.5.1. If there is a Disaster, Vendor shall:

5.4.5.1.1 Use best efforts to implement fully the Disaster Recovery Plan and provide Services, without interruption in accordance with the business continuity plan , and

5.4.5.1.2 Provide a plan to Customer with details regarding reestablishing “business as usual.”

6. Customer shall not be responsible for any fees associated with time or Services Personnel were unable to perform as a result of any Disaster.

Exhibit I

GOVERNANCE REQUIREMENTS

1. Introduction.

1.1 This Exhibit describes the structure, processes and procedures for managing the Parties’ obligations under the Agreement, including executive level management, Statement of Work management, escalation and dispute resolution processes, continuous improvement opportunities, agreement change management processes, demand forecasting, and overall Vendor performance management.

1.2 Customer and Vendor shall support the development and implementation of the governance operating model by providing expertise, best practices, templates, tools and personnel resources, and by complying with the obligations in this Exhibit.

1.3 The Parties acknowledge and agree that the items addressed in this Exhibit are dynamic and may change or be supplemented during the term of the Agreement.

1.4 The Vendor shall not charge any costs associated with fulfilling the requirements in this Exhibit.

2. Composition of Governance Organization.

2.1 The Parties shall establish the following teams (collectively, the “Governance Teams”) whose composition and responsibilities are set forth below.

2.2 The Governance Teams are:

2.2.1 “Executive Council”.

2.2.1.1 The Executive Council shall set strategies, examine service level trends, recommend changes to service levels/performance metrics and contract terms, and be the final level of issue resolution prior to invoking the dispute resolution procedures set out in the Section of the Agreement titled “Informal Dispute Resolution”.

2.2.2 “Planning and Management Team”.

2.2.2.1 The Planning and Management Team shall review overall Vendor performance, advise and counsel each of Customer and Vendor Delivery Managers, and be the first level of issue resolution for all Operational Team issues.

2.2.3 “Operational Team”.

2.2.3.1 The Operational Team shall be responsible for management of day-to-day operations.

2.3 In addition to the Governance Teams, each Party shall have a Project Executive, Relationship Manager and Delivery Manager.

2.4 Vendor shall designate a representative in each of the roles described below. Vendor shall not replace any designated representative without prior written approval from Customer.

2.4.1 For the avoidance of doubt, prior written approval is not required in the event designated representative is leaving Vendor’s organization.

2.5 Vendor shall designate a “Vendor Project Executive” who:

2.5.1 Has the authority to represent and bind Vendor in connection with all aspects of the Agreement, and

2.5.2 Shall represent the Vendor on the Executive Council.

2.6 Vendor shall designate a “Vendor Relationship Manager” who:

2.6.1 Has the authority, skill and expertise to manage the addition, modification, removal, and administration of contractual agreements including, but not limited to, PSA, Statements of Work, Amendments, etc.

2.6.2 Shall manage the day-to-day performance and governance oversight of the aggregate Statements of Work, and

2.6.3 Shall represent Vendor on the Planning and Management Team.

2.7 Vendor shall designate a “Vendor Delivery Manager” for each Statement of Work who:

2.7.1 Has the authority, skill and expertise to manage the day-to-day operations of such Statements of Work, and

2.7.2 Shall represent Vendor on the Operational Team.

2.8 Customer shall designate a representative to serve in each of the roles described below. Customer may replace any designated Customer persons below with a person of its choosing at any time during the Term at its sole discretion.

2.9 Customer shall designate an “Customer Project Executive” who:

2.9.1 Has the authority to represent and bind Customer in connection with all aspects of the Agreement, and

2.9.2 Shall represent Customer on the Executive Council.

2.10 Customer shall designate an “Customer Relationship Manager” who:

2.10.1 Shall represent the Service needs of Customer, and

100

2.10.2 Shall represent Customer on the Planning and Management Team.

2.11 Customer shall designate an “Customer Delivery Manager” for each Statement of Work who:

2.11.1 Shall determine the Services required in the applicable Statement of Work,

2.11.2 Shall approve project milestones and developed materials that are required to meet the Acceptance Criteria in the applicable Statement of Work, and

2.11.3 Shall represent Customer on the Operational Team.

2.12 Customer reserves the right to request a change for any person(s) designated in one of the Vendor roles.

3. Executive Council.

3.1 The Executive Council shall manage the overall strategic direction of the relationship such that it remains in line with the broader direction of the business.

3.2 The Executive Council shall include personnel from the Vendor organization involved in setting strategic direction should be of an executive level and possess deep industry and technical expertise.

3.3 The “Executive Council” shall be responsible for:

3.3.1 Setting overall strategy,

3.3.2 Providing executive level oversight,

3.3.3 Conducting performance assessment and review,

3.3.4 Providing value-add business opportunities, and

3.3.5 Being the final level of issue resolution prior to invoking the dispute clause.

3.3.5.1 If any issue or dispute is under consideration by the Executive Council and such issue or dispute is not resolved by the Executive Council within thirty (30) days from the date the issue was first raised to the applicable Governance Team, then notwithstanding any decision by the Executive Council either Party may proceed to invoke arbitration or litigation as provided for in the Agreement; provided that this provision does not preclude a party’s right to seek injunctive relief or other temporary relief to prevent irreparable harm.

3.4 The Executive Council shall meet no less than quarterly, unless otherwise required to satisfy the requirements set forth above, or unless otherwise agreed to by the parties.

3.4.1. Vendor shall prepare a suggested agenda for each meeting.

4. Planning and Management Team.

4.1 The Planning and Management Team shall manage the ongoing planning process and tactical activities associated with the relationship.

101

4.2 The Planning and Management Team shall include Personnel from the Vendor organization involved in the day to day operations of the Services.

4.2.1 Vendor personnel should be at a manager level or above and possess deep industry and technical expertise.

4.3 Other members of the Planning and Management Team may be added subject to the mutual consent of both Parties.

4.4 If an issue or dispute is under consideration by the Planning and Management Team and such issue or dispute is not resolved within five (5) business days, the issue shall be automatically escalated to the Executive Council.

4.5 The Planning and Management Team shall be responsible for:

4.5.1 Planning and Agreement management,

4.5.2 Reviewing aggregated Statement of Work forecasts,

4.5.3 Providing executive level oversight to Statements of Work,

4.5.4 Reviewing performance against Statements of Work and Agreement commitments,

4.5.5 Recommend and implement strategic direction from the Executive Council,

4.5.6 Advising and counseling Delivery Managers, and

4.5.7 Acting as first level of issue resolution for issues escalated by any Operational Team and escalating such issues as necessary.

4.6 The Planning and Management Team shall meet no less than monthly, unless otherwise required to satisfy the requirements set forth above, or unless otherwise agreed to by the Parties.

4.6.1 Vendor shall prepare a suggested agenda for each meeting.

5. Operational Team.

5.1 The Operational Team shall include Personnel from the Vendor organization involved in the day to day operations of the Services.

5.2 Vendor personnel should be at the functional level or above and possess deep industry and technical expertise.

5.3 If a dispute is under consideration by the Vendor Delivery Manager and Customer Delivery Manager and such dispute is not resolved within five (5) business days, the issue shall be automatically escalated to the Planning and Management Team.

5.4 The Operational Team shall be responsible for:

5.4.1 Reviewing applicable Statement of Work forecasts

102

5.4.2 Creating, amending, and tracking the applicable Statement of Work

5.4.3 Reporting and monitoring performance

5.4.4 Coordinating and allocating resources applicable to the relevant Statement of Work

5.4.5 Identifying and managing issues applicable to the relevant Statement of Work

5.4.6 Reporting as is generally applicable to the relevant Statement of Work

5.4.7 Supporting audits

5.4.8 Reviewing and processing invoices applicable to the relevant Statement of Work

5.4.9 Managing risk and developing mitigation strategies

5.4.10 Managing quality applicable to the relevant Statement of Work

5.4.11 Addressing warranty claims applicable to the relevant Statement of Work,

5.4.12 Sharing knowledge and best practices,

5.4.13 Identifying opportunities to optimize services through standardization, and

5.4.14 Resolving or escalating dispute resolution for disputes raised by either Delivery Manager applicable to the relevant Statement of Work.

5.5 The Operational Team shall meet as often as necessary.

6. Vendor Governance Processes and Procedures.

6.1 The Vendor will align itself to Customer’s Vendor Governance Model which will contain a detailed set of processes for effectively managing the outsourcing relationship across all levels. The processes will include but are not limited to:

6.1.1 A process for maintaining open channels of communications across all levels of the governance organization.

6.1.2 A process for escalating and resolving issues that may occur.

6.1.3 A process for meeting all of Customer’s reporting requirements.

6.1.4 A detailed list of roles and responsibilities for members of both the Customer organization and the Vendor organization.

103

Exhibit J

NETWORK SECURITY REQUIREMENTS

1. Introduction.

This Exhibit details the Network Security Provisions that the Vendor must comply with while performing services including, but not limited to development, maintenance, and support.

2. Network Security.

2.1 Employees and contractors working on Customer projects must be physically isolated from other staff not working on Customer projects.

2.2 The network for the dedicated Customer staff must be physically and logically isolated from all other Vendor networks.

2.3 The Customer segment at the Vendor’s location must not have any external connectivity (internet or Extranet); with the exception of the connection to Customer.

2.4 Connectivity between the Vendor’s location and Customer must use a private connection that does not permit split-tunneling.

2.5 The dedicated/private connection between the Vendor’s location and Customer must terminate in an approved Customer extranet; if VPN is used Customer must manage both endpoints.

2.6 Internet browsing, if required, must be through a Customer-approved Internet browsing environment, (e.g., Livingston, Ft. Worth, etc.).

2.7 Domain and email services must be provided by dedicated systems within the isolated Customer’s LAN at the Vendor’s location.

2.8 Vendor is required to ensure all desktops and laptops maintain current patches.

2.9 Anti-virus signatures must be updated automatically.

2.10 Host intrusion detection must be installed on systems deemed critical.

2.11 Vendor will provide a network diagram.

2.11.1 The network diagram must depict how the Customer segment at the Vendor’s location is segregated from the remainder of the Vendor’s network.

2.12 If connectivity between the Customer segment at the Vendor’s location and Customer’s WAN must be approved by ECC.

104

Exhibit K

MAXIMUM RATE CARDS and REBATES & DISCOUNTS

RATE CARDS

*******

REBATES & DISCOUNTS

Without limiting any other discounts or rebates that Customer may be entitled to under this Agreement or an applicable SOW, for each dollar of Spend (as defined below), Vendor shall apply the volume discounts as set forth herein:

Volume Discount Table

*********

Annually, at the end of each calendar year, Vendor will provide an annual rebate to Customer based on invoices paid per the Agreement (excluding disputed amounts, taxes, infrastructure fees, expenses or other pass-through costs) during a calendar year for Services (“Charges”) performed by Vendor pursuant to applicable SOWs (“Annual Rebate”) during the January 1 through December 31 annual period (“Rebate Term”). The Annual Rebate shall be calculated on ************************************************************************************************************

************************************************************************************************************

**************************************************************************. For purposes of illustration only, the Annual Rebate shall be calculated as follows:

*****************

Tier Level

Volume

Start Amount

End Amount

Discount %

Max Amount

Cumulative

****

(* amount paid by Customer pursuant to the above for the Rebate Term was *****)

The Annual Rebate will be payable to Customer care of Chief Procurement Officer or designee. Vendor will provide a calculation of the applicable Annual Rebate, if any, by March 31 following the end of each applicable Rebate Term and will pay the Annual Rebate ****** of each year. Vendor shall provide quarterly status reports of the applicable Annual Rebate calculated for the quarter ************ after the end of the applicable quarter.

105

Exhibit L

Customer

ACH / EFT — Electronic Funds Transfer Request & Authorization

	NOTE:

	You must do the following in order to have EFT activated:			If you have any questions using this form or pertaining to ACH bank instructions, please contact Lisa Duncan at Customer Vendor Verification Unit, 770-753-8218.

	1. Print a copy of this form.

	2. Fill out the “EFT Direct Pay Deposit Authorization” information below.

	3. If individual (or where applicable), attach copy of voided check.

	4. Have Authorized Vendor Approver sign in one of the spaces below.

	5. Submit this form with Customer WAVES Vendor Request to appropriate office.

		*PAYEE / Vendor’s Name:*
Section I		Vendor’s Physical Address:

		City, State, Zip
		Vendor’s Telephone #:
		Vendor’s Email Address:
		Vendor’s Tax ID #:		(If Incorporated; 9 Digits Only)

		Vendor’s Social Security #:		(If Individual)

Section II		Vendor’s Bank Contact:
		Vendor’s Bank Branch Tel #:

Section III		Bank Name:

		Vendor’s Bank Acct #:
		Receiving Bank ABA Transit
		Routing #:

		Bank Acct Name:

Section IV		EMAIL / ACH CONFIRMATION:
			Please type email address where ACH remittance information can be sent.

Section V		NAME:		Tel #:
		EMAIL / ACH CONFIRMATION:
			Please type name & contact telephone corresponding with above email address.

	Customer AUTHORIZED APPROVAL:
Date			Signature	Printed Name

	Customer AUTHORIZED APPROVAL:
Date			Signature	Printed Name

	PREPARER/REQUESTOR:
Date			Printed/Typed Name

		Telephone (w/area code)

Exhibit M

Vendor Data Security Schedule

This Vendor Data Security Schedule (“Schedule”) is made pursuant to and a part of the Master Professional Services Agreement for Application Development and Maintenance Services dated April 1, 2015 (“Agreement”) by and between AIG Procurement Services, Inc. (“AIGPS”) and Virtusa Corporation. “Customer” shall mean AIGGS or any affiliate on whose behalf Services are performed pursuant to an SOW, Work Order, or Change Order.

1. Definitions.

1.1 Customer Systems means any computer, computer network, computer application, imaging device, storage device or media, mobile computing device, or any other information technology hardware or software, owned, licensed or leased by Customer, or operated by a third party on behalf of Customer, which: (a) connects to or otherwise interacts with Service Provider Systems; (b) is enabled or intended to access or interact with Information created, stored, processed or transmitted in connection with the Agreement; or (c) the Service Provider or a third party on behalf of Service Provider otherwise has access to pursuant to this Agreement.

1.2 Industry Standards means industry standards applicable to Service Provider or Customer, and their respective industries, including, without limitation, the Payment Card Industry Data Security Standard, as amended, (“PCI DSS”) and other requirements promulgated by the PCI Security Standards Council, where applicable to the services provided by or on behalf of Service Provider.

1.3 Information means any data or information of Customer or its affiliates, subsidiaries, successors and assigns, or their customers, claimants, clients or Staff, or any other third party, which is created, accessed, stored, processed or transmitted by, or otherwise in the care, custody or control of, Service Provider or a third party on Service Provider’s behalf pursuant to the Agreement, whether in electronic or non-electronic form and including, without limitation, any data or information from which an individual, or other legal person, may be identified, and confidential information however defined in the Agreement.

1.4 Privacy and Security Laws means all international, country-specific, national, federal, state, European Union, and US State and Federal laws and regulations, and all standards, guidelines, rules, policies, regulations, and procedures, and codes of practice issued by any Regulator, as amended or replaced, applicable to Service Provider or Customer, which relate to the security, confidentiality, protection, privacy, or secrecy of the Information, including without limitation, the European Union Data Protection Directive, Directive 95/46/EC and its implementing laws and regulations; the Gramm-Leach-Bliley Act, Pub. Law 106-102, 113 Stat. 1338, and its implementing regulations; the Health Insurance Portability and Accountability Act of 1996, Pub. Law 104-191, 100 Stat. 2548, and its implementing regulations; and all standards, guidelines, policies, rules, regulations, procedures, and codes of practice applicable to Service Provider or Customer pertaining to the security, confidentiality, protection, privacy, or secrecy of Information, issued by industry bodies, including without limitation the Payment Card Industry Data Security Standard as applicable.

107

1.5 Regulator means any competent governmental, statutory, legal, regulatory or enforcement authority, regulator, body, or agency concerned with Privacy and Security Laws, or any activities carried on by Customer or Service Provider pursuant to this Agreement or Schedule, including without limitation, any data protection authority, insurance regulator, financial services regulator, the US Federal Reserve Board, the US Department of Health and Human Services, the US Federal Trade Commission, and any State Attorney General.

1.6 Security means Service Provider’s technological, technical, physical, administrative, organizational and procedural safeguards, including, without limitation, policies, procedures, guidelines, practices, standards, controls, hardware, software, firmware and physical security measures, the function or purpose of which is, in whole or part, to: (a) protect the confidentiality, integrity or availability of Information and Service Provider Systems; (b) prevent the unauthorized use of or unauthorized access to Information and Service Provider Systems; (c) prevent the loss, theft or damage of Information; (d)prevent a breach, damage or malicious infection of Service Provider Systems and Customer Systems; or (e) comply with Privacy and Security Laws.

1.7 Security Breach means any actual or reasonably suspected : (a) unauthorized use of, or unauthorized access to, Service Provider Systems, or Customer Systems used by or on behalf of Service Provider; (b) damage to, or inability to access, Information or Service Provider Systems due to a malicious use, attack or exploit of such Information or Service Provider Systems; (c) unauthorized access to, theft of or loss of Information; (d) unauthorized use of Information for purposes of actual, reasonably suspected or attempted theft, fraud, identity theft or other misuse; (e) unauthorized disclosure of Information; or (f) breach of, or transmission of malicious code to, Customer Systems arising from, in whole or part, an act, error, or omission of Service Provider, or third parties acting on behalf of Service Provider.

1.8 Service Provider Systems means any computer, computer network, computer application, imaging device, storage device or media, mobile computing device, or any other information technology, hardware or software, owned, leased or controlled by Service Provider or operated by a third party for or on behalf of Service Provider that uses, creates, stores, accesses, processes or transmits Information or is connected to or otherwise interacts with Customer Systems.

1.9 Staff means any employee, officer or director, or an individual working as a consultant, independent contractor or agent, and/or temporary worker.

2. Service Provider Obligations

2.1 Security and Compliance. Service Provider represents that the information provided by or on behalf of Service Provider in response to Customer’s Security Assessment Questionnaire, Software Security Assessment and any other information provided with respect to the Service Provider Systems and Security is complete, truthful, and accurate. Service Provider is responsible for the security of Service Provider Systems and any Information. Service Provider agrees that beginning on the earlier of the effective date of the Agreement, when services commence under the Agreement or when Service Provider has access to Information, and continuing as long as Service Provider controls, accesses, possesses, stores, transmits or otherwise processes Information, Service Provider shall employ and maintain reasonable, appropriate and adequate Security to: (a) protect all Information from unauthorized use,

108

alteration, access or disclosure, and loss, theft, and damage, and to protect and ensure the confidentiality, integrity and availability of Information; and (b) prevent a Security Breach. In addition, such Security shall meet or exceed all Industry Standards. Service Provider shall comply with all Privacy and Security Laws. The Security that Service Provider is required to employ and maintain pursuant to this section shall include, but not be limited to, the safeguards and controls listed in Exhibit A attached hereto and incorporated herein by reference. In the event of any conflict between Service Provider’s obligation to employ and maintain reasonable, appropriate and adequate Security set forth herein, its obligation to meet Industry Standards for Security set forth herein, or any other security-related obligation in the Agreement, Service Provider shall comply with the obligation that provides the most protective and rigorous Security. Prior to making any changes that may materially impact Service Provider’s ability to comply with this Schedule, Service Provider shall provide Customer with written notice of such contemplated changes, including a reasonable description of the anticipated impact of such changes, within a reasonable timeframe in advance of implementation.

2.2 Security Coordinator. Service Provider shall assign an individual employed by Service Provider that shall act as the security liaison between Customer and Service Provider, oversee compliance with this Schedule, receive notice of Security Breaches within the Service Provider’s organization, coordinate Security Breach incident response and remedial action in conjunction with representatives of Customer where relevant, provide notices and reporting to Customer as required of Service Provider under this Schedule, and work within Service Provider to undertake and ensure satisfactory completion of all other actions and duties of Service Provider as set forth in this Schedule and otherwise as set out in the Agreement(“Security Coordinator”). Such individual shall be sufficiently trained, qualified and experienced to be able to fulfill the functions set out in this subsection 2.2 and any other functions that might reasonably be expected to be carried out by the individual as a security coordinator.

2.3 Use of Third Parties. Service Provider shall not provide any service provider, cloud computing company (including without limitation, any Software-as-a-Service vendor, Infrastructure-as-a-Service vendor or Platform as-a-Service vendor), subcontractor, vendor, or other third party (“Subcontractor”) with access to Information, or allow any Subcontractor to transmit, store or process Information, unless it has received prior written consent from Customer or such access is specifically allowed under the Agreement. In all events, prior to providing any Subcontractor with such access, or allowing such transmission, storage or processing, Service Provider shall: (a) conduct a reasonable investigation of such Subcontractor to ensure they are capable of providing the services pursuant to the terms of this Schedule (and provide Customer, promptly upon demand, with full documentation of this investigation); (b) conduct a reasonable investigation of such Subcontractor’s information security to ensure that such security is reasonable and consistent with the Security and Service Provider’s obligations under this Schedule; (c) contractually impose upon such Subcontractor the same or substantially similar contractual duties imposed on Service Provider as in this Schedule and in the Agreement with respect to the security, and confidentiality, integrity or availability of Information and Customer Systems; (d) contractually secure rights with respect to such Subcontractor that enable Service Provider’s compliance with this Schedule. Service Provider shall maintain a list of all Subcontractors working on Service Provider’s behalf with access to Information and Customer Systems that have been approved in writing by Customer, and shall provide Customer with a copy of that list on or prior to the effective date of the Agreement, whenever a new

109

Subcontractor is added, and upon Customer’s request. In all events, Service Provider is and shall remain fully responsible for any act, errors or omission of any Subcontractor retained by Service Provider with respect to this Schedule and the Agreement to the same extent, and under the same terms and condition, that Service Provider is liable under this Schedule or the Agreement as if performed by Service Provider.

2.4 Data Ownership and Use Limitations. As between Service Provider and Customer, Customer is the owner of any and all Information, including, without limitation, Information provided by Customer’s clients, customers, Staff, third party business partners or other users, if applicable, and Service Provider shall have no intellectual property or any other ownership rights or interest in the Information. Service Provider shall use, process and handle Information solely for the purpose of providing services under the Agreement and only in accordance with the instructions of Customer, and shall not use the Information for its own purposes or the purposes of any party other than Customer, including, without limitation, any marketing purposes; any transfer, sharing or selling of Information; or any aggregation, analysis or anonymization of the Information for its own purposes.

2.5 Information Processing Location. Service Provider Systems shall be located in the country or countries identified in a specific statement of work, order form, exhibit or equivalent document that is part of the Agreement (“SOW”), if any. With respect to a particular SOW, Service Provider and any Subcontractors with access to Information, shall access, store, process and transmit Information only in the country or countries identified in such SOW. With respect to a particular SOW, in the event Service Provider is aware, discovers or reasonably believes that any Information has been, is being, or will be accessed, stored, processed or transmitted in any other country other than the country or countries identified in such SOW, Service Provider shall provide prompt notice to Customer, and in all events shall provide such notice within forty-eight (48) hours of such awareness, discovery or belief.

2.6 Additional Controls and Requirements. During the term of the Agreement, Service Provider shall implement and maintain additional Security as directed by Customer, provided that the parties will agree in writing on any additional costs incurred, in the event of any material changes to services, technology, systems or Privacy and Security Laws, any Security Breach, or any material vulnerability or weakness, as determined by Customer in its sole and absolute discretion; provided that the failure of Customer to so direct Service Provider shall not impact, eliminate or decrease Service Provider’s obligations under this Schedule. When working onsite at Customer’s facilities, or using Customer Systems, Service Provider and its Staff shall comply with any policies, standards, procedures or guidelines of Customer provided or notified to Service Provider or its Staff.

3. Monitoring and Reporting

3.1 Information Maintenance. Service Provider shall, consistent with Industry Standards, any applicable legal requirement (including without limitation any Privacy and Security Laws), and its security obligations in this Schedule, collect and record information, and maintain logs, planning documents, audit trails, records and reports, concerning its Security, the roles, responsibilities and activities of Service Provider’s Staff, its compliance with this Schedule and with Privacy and Security Laws generally, Security Breaches, its storage, processing and transmission of Information and the accessing and use of Service Provider Systems.

110

3.2 Reporting. Service Provider shall provide the Customer with any reports or information the Customer requests concerning Security, Service Provider’s compliance with this Schedule and with Privacy and Security Laws generally, Security Breaches, Service Provider’s access to, and creation, storage, processing, transmission and destruction of, Information, and the accessing and use of Service Provider Systems and Customer Systems. Such requests shall be reasonable, or as required for the Customer’s compliance with any applicable legal requirement (including without limitation any Privacy and Security Laws) or a request by any Regulator, or at the reasonable request of any customer, client, Staff, or business partner of Customer.

3.3 Security Assessments

(a) Upon the provision of reasonable notice to Service Provider, not more than once per year during the term of the Agreement, any time after a Security Breach, or at the request or direction of a Regulator or a customer, client or business partner of Customer in connection with any legal or regulatory requirement, Customer (or any third party reasonably selected by Customer) may undertake an investigation and assessment of Security, Service Provider’s compliance with this Schedule and/or with Privacy and Security Laws, Service Provider’s storage, processing and transmission of Information, the accessing and use of Service Provider Systems and/or any Security Breach (if applicable). Such investigation and assessment may include external and internal network scans, computing infrastructure configuration and vulnerability scans, application scans and forensic investigation and assessment of Service Provider Systems and Security, policy and relevant document review, interviews with key security personnel, including without limitation Service Provider’s Security Coordinator and other activities and information reasonably requested by Customer. Service Provider shall provide Customer with any documents and information requested by Customer related to the foregoing, including without limitation, any information referenced in Section 3.1 of this Schedule, any security assessments and any security control audit reports performed by Service Provider or an entity on its behalf. Any such investigation or assessment shall be conducted during normal business hours unless otherwise agreed to by the parties, and the parties shall endeavor to conduct the investigation and assessment in a manner intended to limit the non-availability of Service Provider Systems.

(b) A security or privacy investigation, assessment, scan, or forensic investigation of Service Provider may also be conducted by any Regulator, with or without reasonable notice and based on the scope and information needed by such Regulator, if required by any Privacy and Security Laws or any Regulator.

4. Security Breach Response

4.1 Security Breach Response Actions. In the event of a Security Breach, Service Provider shall:

(a) immediately conduct a reasonable investigation of the reasons for and circumstances of such Security Breach;

(b) use reasonable efforts and take all necessary actions to prevent, contain, and mitigate the impact of, such Security Breach, and remediate such Security Breach, without delay. ;

111

(c) provide notice to Customer using the contact information identified in subsection 4.4 immediately and in any event within twelve (12) hours after the Service Provider discovered such Security Breach;

(d) promptly, and in no event more than two (2) business days after the date Service Provider discovered a Security Breach, provide a written report to Customer providing all relevant details concerning such Security Breach;

(e) collect and preserve all evidence concerning the discovery, cause, vulnerability, remedial actions and impact related to such Security Breach, which shall meet reasonable expectations of forensic admissibility;

(f) document the incident response and remedial actions taken in detail, which shall meet reasonable expectations of forensic admissibility;

(g) if requested by Customer, provide notice to individuals or entities whose Information was affected by the Security Breach, or may have reasonably been exposed or put at risk of exposure, Regulators, public authorities and the media, in a manner and format specified by Customer. ; and

(h) keep the fact and details of the Security Breach confidential, to the extent possible, during the investigation and remediation of the Security Breach and limit communications about the Security Breach to those necessary to fulfill the requirements of subsections 4.1 (a) to (g) above.

4.2 Security Breach Notice. Service Provider hereby authorizes Customer, in Customer’s sole and absolute discretion, to provide third parties with notice of, and information and documents concerning, any Security Breach, including, without limitation, individuals or entities that may have been impacted by the Security Breach.

4.3 Service Provider Reporting and Document Production Obligations. Upon request by Customer, Service Provider shall promptly provide Customer with a written report containing information reasonably requested by Customer relating to: (a) any Security Breach; or (b) actual or suspected non-compliance with this Schedule. In addition, Service Provider shall provide Customer with any documents requested by Customer related to the foregoing, including, without limitation, any security, risk or compliance assessment and security control audit reports.

4.4 Security Contacts. The following individuals shall be the primary contacts for purposes of any coordination, communications or notices with respect to this Schedule, or any Security Breach:

(a) Service Provider’s Security Coordinator contact information:

Paul D. Tutun, Senior Vice President (ph: 508-389-7450; email: ptutun@virtusa.com)

(b) Customer’s information security contact:

soc.propertycasualty@aig.com; 632-878-1002

Each party shall promptly notify the other if any of the foregoing contact information changes.

112

5. Information Management

5.1 Collection and Preservation of Information. In accordance with Customer’s instructions and requests, Service Provider shall collect and preserve any information related to the Agreement (including without limitation, Information and metadata) in the care, custody or control of Service Provider (or a third party on Service Provider’s behalf),including without limitation, collection and preservation of information in accordance with any retention schedules and retention obligations that exist as part of Customer’s records management policy, standards and procedures, including, without limitation, as a result of pending or threatened litigation or other legal action or investigation or action by any Regulator. Upon Customer’s request, Service Provider shall provide such preserved information in a format requested by Customer.

5.2 Return and Deletion of Information. Unless specifically prohibited by statute or regulation, when Information is no longer needed by Service Provider to provide the services under the Agreement, following termination or expiration of the Agreement, or if requested by Customer, Service Provider shall return Information to Customer (in a timeframe and format requested by Customer), and/or, as directed by Customer, securely delete, overwrite or destroy Information such that its rendered unusable, unreadable, unreconstructable and un-reidentifiable, including without limitation shredding, permanently erasing and deleting, overwriting, demagnetizing and degaussing, as applicable. Upon Customer’s request, Service Provider shall provide written certification by one of its senior officers that all such Information has been returned and deleted or destroyed consistent with this Agreement. With respect to any Information that Service Provider is prohibited from returning or deleting because of a statute or regulation, Service Provider shall: (a) specifically identify that Information in writing to Customer; and (b) in the event such prohibition expires, Service Provider shall promptly return and/or delete that Information in the manner described above in this Section 5.2.

5.3 Information Requests.

(a) Service Provider shall cooperate with Customer in responding to any party, non-party, Regulator or other government authority request or demand made to Customer for information related to the services under the Agreement (including without limitation, Information or metadata).In the event that such requests are served on Customer, Service Provider shall provide Customer with access to such information in the format in which it is maintained in the ordinary course of business (or, on Customer’s request, in any format necessary to satisfy such request) within twelve (12) hours of receipt of any request received by Service Provider for such access or copies.

(b) In the event a request or demand by any party, non-party, third party, law enforcement or government (in the form of a subpoena, discovery request, preservation request, court order or otherwise) is provided to or served on Service Provider for information related to the Agreement (including without limitation Information and metadata), Service Provider shall, unless specifically prohibited by statute or regulation, notify Customer’s information security contact (as specified in Section 4.4) in writing by electronic mail immediately, and in no event more than twenty-four (24) hours after receiving the request or demand. Such notification must, if permissible, include a copy of the request, subpoena, court order or similar document. Service Provider also shall immediately inform such party, non-party, third party or government in writing that some or all the information covered by the request or demand is confidential and the subject of a non-disclosure agreement. To the fullest extent permitted by law, Service Provider shall cooperate with Customer with respect to any action taken in response to such

113

request, subpoena, court order or similar document, including without limitation in seeking any protection from disclosure of such information that Customer shall deem appropriate. In all events, Service Provider shall reject any non-legally binding or non-legally required requests for Information, unless it has received Customer’s prior written consent authorizing the disclosure of Information in response to the request. If Service Provider is specifically prohibited from notifying Customer by statute or regulation within twenty-four (24) hours after receiving the request or demand, Service Provider shall provide such notice promptly after such prohibition expires.

5.4 Authentication. In the event that Customer is required to authenticate any of the information described in this Section 5, Service Provider shall cooperate with Customer in providing any requested assistance with such authentication, including, without limitation, by testifying (by affidavit, declaration, deposition, in court, or otherwise) as a custodian of records to authenticate the information, establishing chain of custody, and/or providing any other requested information and/or assistance.

6. Rights, Remedies & Indemnification

6.1. Breach of Schedule. Notwithstanding anything to the contrary set forth in the Agreement, the following shall be considered a material breach or default of the Agreement: (a) a Security Breach, to the extent proximately caused by Service Provider, or to the extent occurring on Service Provider Systems or at Service Provider facilities, whether caused by Service Provider or another party (other than Customer); except that, to the extent any such Security Breach is substantially caused in whole or in part by any act or omission of Customer, Service Provider shall not be deemed to have been in breach and/or (b) Service Provider’s failure to comply with the obligations set forth in this Schedule. In the event of such a breach or default, Customer, in its sole and absolute discretion, may terminate the Agreement in accordance with its terms.

6.2. Indemnification. In addition to any indemnification obligations, terms and conditions contained in the Agreement, Service Provider agrees to indemnify, defend and hold harmless, on demand, Customer and its affiliates, subsidiaries, successors and assigns (and the Staff of Customer and its affiliates, subsidiaries, successors and assigns) from and against any and all third party claims losses, liabilities, damages, settlements, expenses and costs (including attorneys’ fees and court costs) against Customer (including by any Regulator) arising from or related to (i) any Security Breach to the extent such Security Breach was proximately caused by Service Provider, or to the extent occurring on Service Provider Systems or at Service Provider facilities, whether caused by Service Provider or another party (other than Customer) but excluding any such Security Breach caused substantially by any act or omission of Customer, or (ii) any breach of this Schedule by Service Provider. Customer may, at its option and expense, participate and appear on an equal footing with Service Provider in the defense of any claim that is conducted by Service Provider as set forth herein. Service Provider may not settle any claim without the prior written approval of Customer. Service Provider’s obligations hereunder are not subject to or limited by any consequential damage or indirect disclaimer provision, limitation of liability section, or other liability exclusions or waivers in this Agreement. Other than as set forth in this Section 6.2: (i) Customer shall notify Service Provider, in writing, of the claim for which indemnification is sought; provided, however, that the failure to give such notice shall not relieve Service Provider of Service

114

Provider’s obligations hereunder except to the extent that Service Provider was actually and materially prejudiced by such failure; (ii) at At Service Provider’s reasonable request and expense, Customer shall provide Service Provider with reasonable assistance for the defense of the claim; and (iii) Service Provider shall have sole and exclusive control of the defense of any such claim and all negotiations for settlement or compromise. Notwithstanding anything to the contrary herein, Service Provider will pay any and all damages, penalties, losses, liabilities, judgments, settlements, awards, costs and expenses and reasonable attorneys’ fees and related costs with respect to such claim finally awarded to such third party by a court of competent jurisdiction after all appeals have been exhausted or at the time of a final settlement of such claims or final award, if applicable.

6.3 Reimbursement Obligations. In addition to any indemnification obligations contained in the Agreement, and without prejudice to Section 6.2, Service Provider agrees to reimburse Customer for the following expenses incurred by Customer with respect to a Security Breach, to the extent such Security Breach was proximately caused by Service Provider, or to the extent occurring on Service Provider Systems or at Service Provider facilities, whether caused by Service Provider or another party (other than Customer), (a) expenses to provide warning or notice of a Security Breach to Customer’s customers, clients and/or Staff, law-enforcement agencies, the media, Regulators, brokers, agents, and business partners, or other third parties; (b) expenses to investigate, assess, or remediate a Security Breach or comply with the any Privacy and Security Laws (including without limitation, attorneys’ and legal fees and costs); (c) expenses to hire any public relations consultants to respond to a Security Breach; (d) expenses to provide identity theft insurance, identity protection services, credit monitoring, and other relevant protective and remediation services to individuals affected by a Security Breach; (e) expenses to retain a call center and other relevant communication facilities to respond to inquiries regarding a Security Breach; and (f) expenses to respond to or address any investigation by government authorities, law-enforcement agencies, Regulators or other third parties. Service Provider’s obligations hereunder are not subject to or limited by any consequential or indirect damage disclaimer provision, limitation of liability section, or other liability exclusions or waivers in this Agreement. To the extent any such Security Breach is caused by any act or omission of Customer, the parties shall mutually agree on the relative fault, obligations, liabilities or contributions of the parties hereto with respect to the Security Breach, and shall use best efforts to agree upon an allocation of the expenses, obligations and/or liabilities as set forth above, and if not agreed, the parties shall resolve such issue through Informal Dispute Resolution (as defined in the Agreement).

7. Miscellaneous

7.1 Cooperation and Coordination. Service Provider agrees to reasonably cooperate and coordinate with Customer concerning: (a) Customer’s investigation, enforcement, monitoring, document preparation, notification requirements and reporting concerning Security Breaches, and Service Provider’s and Customer’s compliance with Privacy and Security Laws, including without limitation investigations by any government authority or Regulator; and (b) any other

115

activities or duties set forth under this Schedule for which cooperation between Customer and Service Provider may be reasonably required by the Customer.

7.2 Service Provider’s Expense. Service Provider’s compliance with this Schedule, and any actions required of Service Provider herein, except as otherwise provided herein, shall be at Service Provider’s sole and exclusive expense and shall be included as part of the price of the services provided by Service Provider for no additional fee to Customer, including without limitation, any Customer requests authorized herein.

7.3 Survival. Service Provider’s obligations and Customer’s rights in this Schedule shall continue as long as Service Provider, or a third party for or on Service Provider’s behalf, controls, possesses, stores, transmits or processes Information or is connected to or otherwise interacts with Customer Systems, including after expiration or termination of the Agreement.

7.4 Additional Agreements. At the request of the Customer, Service Provider and any subsidiaries or affiliates of Service Provider shall, and Service Provider shall require any Subcontractor and any subsidiary or affiliate of Subcontractor to, enter into a data processing and transfer agreement that incorporates the applicable European Commission Standard Contractual Clauses between Controllers and Processors (as amended or replaced from time to time), and any similar provisions relating to other jurisdictions, with Customer and its subsidiaries and affiliates in order to allow Information to be processed and transferred to Service Provider and any subsidiary or affiliate of Service Provider or any Subcontractor, or any subsidiary or affiliate of Subcontractor. Service Provider and Subcontractor shall provide promptly all reasonable assistance and information to enable Customer to make submissions to Regulators in order to provide notifications or obtain approvals from Regulators as required by Privacy and Security Laws, and otherwise comply with Privacy and Security Laws.

7.5 Third Party Beneficiaries. Notwithstanding anything to the contrary in the Agreement, if Service Provider (or a third party on Service Provider’s behalf) stores, processes or transmits Information of Customer’s affiliates, subsidiaries, successors or assigns, or such Information is otherwise in the care, custody or control of Service Provider or a third party on Service Provider’s behalf, the parties agree that such affiliates, subsidiaries, successors and assigns of Customer (and their affiliates, subsidiaries, successors and assigns, etc.) are intended third party beneficiaries of this Schedule, including, without limitation, the privacy and data security provisions of this Schedule and other rights and obligations of this Schedule, and this Schedule is intended to inure to the benefit of those affiliates, subsidiaries, successors and assigns. Such affiliates, subsidiaries, successors and assigns have the right to enforce the terms and obligations of this Schedule as if each was a signatory to this Schedule, relevant SOW or similar document and Agreement, and the Customer may enforce the terms and obligations of this Schedule, relevant SOW or similar document on their behalf.

7.6 Customer Monitoring of Information and Customer Systems. Customer has the right to monitor and track the access and use of Information, Customer Systems and Customer’s facilities. Service Provider’s Staff shall have no right or expectation of privacy with respect to the access or use of Information, Customer Systems or Customer’s facilities, and Service Provider shall inform Service Provider’s Staff that they shall have no such right or expectation of privacy prior to providing such access.

116

7.7 Conflicts with the Agreement. In the event of any conflict or inconsistency between the terms of this Schedule and the Agreement, the terms of this Schedule shall control and take precedence.

7.8 Language translations. In the event of any conflict or inconsistency between versions of this Schedule which have been translated into different languages, the English language version shall control and take precedence.

117

Exhibit A

Specific Security Controls and Additional Safeguards

Security Controls
Written information security program		A comprehensive information security program written in one or more readily accessible parts that: (1) contains technical, physical, organizational, administrative and procedural controls to ensure the security, confidentiality, integrity and availability of Information and Service Provider Systems; (2) protects against anticipated hazards or threats and unauthorized access, use, alteration, loss, theft, or destruction of, or damage to, Information; (3)controls and regularly monitors and assesses identified privacy and information security risks; (4) addresses access, retention, destruction, transfer and transport of Information, (5) provides for disciplinary action in the event of its violation; and (6) for which a member of the Board or the most senior management level of Service Provider is accountable.
Designated security manager or officer		Designate an individual to manage and coordinate Service Provider’s written security program and Security who is sufficiently trained, qualified and experienced to be able to fulfill those functions and any other functions that might reasonably be expected to be carried out by the individual as a security manager or officer.
Access controls		(1) Physical and logical access controls and monitoring, secure user authentication protocols, secure access control methods, and network protection; and (2) Preventing terminated Staff of Service Provider and Staff whose role has changed such that they no longer require access to carry out their role or function from accessing Information, Service Provider Systems and Customer Systems by immediately terminating their physical and electronic access to such Information and systems.
Access controls — Secure User Authentication		With respect to Service Provider Systems and Information: (1) maintain secure control over user IDs, passwords and other authentication identifiers; (2) maintain a secure method for selecting and assigning passwords and using authentication technologies such as biometrics or token devices; (3) restrict access to only active users/accounts; (4) block user access after multiple unsuccessful attempts (no more than 5) to login or otherwise gain access; (5) assign unique user identifications plus passwords, which are not vendor supplied default passwords; (6) require Staff to: change passwords at regular intervals (at a minimum every 90 days and for privileged account at a minimum of every 30 days) and whenever there is any indication of possible system or password compromise; and refrain from re-using or cycling old passwords; and (7) require passwords be at least 8 characters long and be comprised of unique/not easy to guess characters using alphanumeric and special characters.
Risk Assessment and Mitigation		Periodic and regular information security risk assessment and monitoring of Service Provider’s information security program, Security and Service Provider Systems, at least annually and whenever there is a material change

118

Security Controls
		in Service Provider’s business or technology practices that may impact the security, confidentiality, integrity or availability of Information, including: (1) identifying and assessing reasonably foreseeable internal and external threats and risks to the security, confidentiality, integrity and availability of Information; (2) assessing the likelihood of, and potential damage that can be caused by, identified threats and risks; (3) regularly testing, monitoring and evaluating the sufficiency and effectiveness of Security and Security Breach response actions, and documenting same; (4) assessing adequacy of Service Provider’s Staff training concerning, and compliance with, Service Provider’s information security program; (5) designing, implementing, adjusting and upgrading Security in order to limit identified threats and risks, and address material changes in Privacy and Security Laws, technology, business and sensitivity of Information; (6) assessing whether such information security program is operating in a manner reasonably calculated to prevent unauthorized access or use of Information; and (7) detecting, preventing and responding to attacks, intrusions and other system failures. Risk assessments should be conducted by independent third parties or Service Provider personnel independent of those that develop or maintain Service Provider’s information security program.
Personnel Training and Education		Regular and periodic training of Service Provider’s Staff concerning: (1)Security and data privacy, including without limitation applicable Privacy and Security Laws; (2) implementing Service Provider’s information security program; (3) the importance of personal information security; and (4) the risk of financial crime.
Intrusion detection and response policies, standards and procedures		Maintain policies, standards and procedures for detecting, monitoring and responding to actual or reasonably suspected intrusions and Security Breaches, and encouraging reporting actual or reasonably suspected Security Breaches, including: (1) training Service Provider’s personnel with access to Information to recognize actual or potential Security Breaches and to escalate and notify the senior management of the foregoing; (2) mandatory post-incident review of events and actions taken concerning security of Information, and; (3) policies and standards concerning reporting to Regulators and law enforcement agencies.
Off-Premises Security Policies		Policies and standards concerning Security for the storage, access, transportation and destruction of records and media containing Information outside of business premises.
Vendor Management and Oversight		(1) Reasonable steps and due diligence to select and retain third party service providers and Subcontractors that are capable of maintaining security consistent with the Schedule and complying with Privacy and Security Law and other applicable legal requirements; (2) Contractually requiring such service providers and Subcontractors to maintain such security; and (3) Regularly assessing and monitoring third party service providers and Subcontractors to confirm their compliance with the applicable security required in the Schedule and by law, including, without

119

Security Controls
		limitation Privacy and Security Law.
Physical Security		(1) Reasonable restrictions on physical access to Information and Service Provider Systems; and (2) Physical protection against damage from fire, flood, earthquake, explosion, civil unrest, and other forms of natural or man-made disaster should be designed and applied.
Minimum necessary access and use		(1) Identify those Service Provider’s and Subcontractor’s Staff or classes of such Staff who must access and use the Information, Service Provider Systems, Customer Systems or Customer’s premises to fulfill Service Provider’s obligations under the Agreement, and grant access to Information, Service Provider Systems, Customer Systems and Customer’s premises only to those Service Provider’s Staff; (2) Monitor such access and use by those Service Provider’s Staff; (3) Limit Service Provider’s and Subcontractor’s Staff’s access to and use of Information and Customer Systems to only such access and use necessary for each such Staff person to perform the services under this Agreement related specifically to that person; and (4) Maintain a list of those Service Provider’s and Subcontractor’s Staff, the access given to each such member, and the purpose for such access. This list must be provided to the Customer at any time upon request.
Encryption of Information		Strong encryption of Information: (1) stored on laptops, mobile devices, or other portable devices or media (including without limitation back-up tapes); (2) while transmitted across any public network (such as the Internet) or wirelessly; (3) while in transit outside of Service Provider Systems; (4) stored on a data storage devices outside of Service Provider’s physical controls; and (5) stored on Service Provider Systems.
Network Access Controls		Implement and maintain network access controls, including but not limited to up-to-date firewalls between Service Provider Systems, the Internet (including internal networks connected to the Internet) and other public networks, and internal networks operated by Service Provider that are not necessary for providing services to Customer, which are reasonably designed to maintain the security of Information and Service Provider Systems.
Malicious Code Software		(1) Implement and maintain software for Service Provider Systems that detects, prevents, removes and remedies software or computer code designed to perform an unauthorized function on, or permit unauthorized access to, an information system, including without limitation, computer viruses, Trojan horses, worms, spyware, and time or logic bombs (“Malicious Code Software”); (2) Run Malicious Code Software on at least a daily basis; (3) Update Malicious Code Software on at least a daily basis, including without limitation, obtaining and implementing the most currently available malicious code signatures.
Change Controls		Prior to implementing changes to Service Provider Systems assess the potential impact of such changes on Security, and determining whether

120

Security Controls
		such changes are consistent with existing Security. No changes to the Service Provider Systems or Security should be made which increase the risk of a Security Breach or which would cause a breach of the Schedule.
Personnel Background Checks		As permitted by applicable law, conduct reasonable background checks of any Service Provider’s Staff that will have access to Information or Customer Systems and repeat those checks at appropriate and adequate intervals, including without limitation Criminal Record Bureau checks.
Segregation of Duties and Dual Controls		Duties and areas of responsibility of Service Provider’s Staff should be segregated to reduce opportunities for unauthorized or unintentional modification or misuse of Service Provider Systems or Information. Dual controls should be implemented in situations where the risk of empowerment would permit Service Provider’s Staff, acting without collusion, to accidentally or intentionally bypass the security control structure (e.g., lock all UIDs or perform a mass change of all passwords).
ADDITIONAL SPECIFIC CONTROLS, CUSTOMER POLICIES AND STANDARDS		[NOTE: ADD AS APPROPRIATE BASED ON DISCUSSIONS WITH SECURITY AND AS APPLICABLE WITH RESPECT TO SCOPE OF SERVICES RELATED TO SPECIFIC SOWS, ORDER FORMS, PROJECTS OR SERVICES]. The parties shall mutually agree to additional specific controls as appropriate based on security issues and other specific issues and concerns related to the particular scope of services related to specific SOWs, Order Forms, Projects or Services.

ADDITIONAL SAFEGUARDS

Service Provider shall implement the safeguards listed below no later than the applicable Implementation Date:

Safeguards		Implementation Date

Upon implementation of each safeguard set forth in this “Additional Safeguards” section of Exhibit A, Service Provider shall provide a written confirmation to Customer that such implementation has been completed. In the event Provider is unable to, or anticipates that it will be unable to, fully implement a safeguard outlined above by its applicable Implementation Date, Service Provider shall provide written notice to Customer as soon as practicable, and in no event later than two (2) days after the Implementation Date; provided, however, that if Service Provider discovers it is unable to fully implement any such safeguard within ten (10) days of its applicable Implementation Date, Service Provider shall provide prompt notice to Customer prior to the Implementation Date.

121

Exhibit B

Specific Jurisdiction Requirements

[The parties agree that the following provisions shall form part of the Agreement and notwithstanding any contrary or conflicting provision of the Agreement shall be governed and interpreted in accordance with [insert governing law] and shall remain subject to the [non-]exclusive jurisdiction of the courts of [insert relevant court]].

Jurisdiction: [Insert name of relevant jurisdiction]

1. [·]

122

EXHIBIT N

AIG TRAVEL POLICY FOR VENDORS

I. AIR TRAVEL.

Vendor shall reserve the lowest logical airfare, including non-refundable fares, using the following guidelines:

A. Class of Service.

· Economy class is required for all travel within a single country or region (e.g., travel within and between the U.S., Canada, and Mexico).

· Business class, when available, is authorized for all international travel when flight segments exceed 2,500 miles (mi)/4,023 kilometers (km). In the event that business class is unavailable, traveling Vendor Personnel will be confirmed in economy class and waitlisted in business class.

· First class is permissible only if the following is true:

· Aircraft has two (2) cabins (vs. three (3)).

B. Booking of Travel.

· Where available, Customer’s designated on-line travel tool must be utilized for all simple point-to-point airline reservations. If an on-line travel tool is not yet available, then a Customer-approved travel management preferred provider must be utilized.

· Vendor Personnel must choose the lowest logical airfare using Customer’s preferred airlines where a preferred airline operates on the route, including non-refundable and advance purchase airfares.

· The following additional conditions must be followed when applicable:

· Accept flights within two (2) hours before and after the requested departure time (e.g., if the traveling Vendor Personnel requests to leave at 8:00 A.M., the system will search all the lowest fares from 6:00 A.M. to 10:00 A.M.).

· Accept connecting flights where travel time does not increase by more than one (1) hour and the potential savings is more than One Hundred US Dollars ($100.00 USD) over nonstop or direct flights.

· Choose the airport with the lowest fare when the arriving/departing city has multiple airports (e.g., Charles de Gaulle (CDG) or Orly (ORY) airports in Paris, France).

· All airline reservations must be canceled through the Customer-approved travel management preferred provider that made the arrangements. In the event the ticket is non-refundable, a traveling Vendor Personnel will have one (1) year from the date the original ticket was issued to use the applicable credit towards another purchase on that same airline.

II. HOTEL.

A. Moderate/Mid-Category Hotel Utilization.

Utilization of moderate/mid-category hotels of the type that are outlined in Customer’s preferred hotel program. This specifically excludes luxury and resort type hotels. Please adhere to the instructions noted

123

below in Schedule 1 to the AIG Travel Policy for Vendors for making reservations and obtaining the required information to utilize Customer’s travel services preferred providers.

III. GROUND TRANSPORTATION.

Vendor shall utilize the most cost-effective and efficient ground transportation method from the following options:

A. Use of Taxis & Black Car/Town Car Service.

· Taxis shall be the preferred ground transportation method.

· If requested and/or approved by Customer, Vendor may use black car/town car service instead of taxis utilizing Customer’s black car/town car preferred providers.

B. Use of Personal Car.

Where necessary, use of one’s personal car will be reimbursed at the IRS allowed cost/mile rate.

C. Use of a Rental Car.

Vendor traveling to a location where use of a rental car is required shall adhere to the following guidelines:

· Only mid-size or economy cars shall be booked.

· Customer’s car rental preferred providers must be utilized as the first choice. In the U.S., National Car Rental (National) must be utilized as the first preferred choice, with The Hertz Corporation (Hertz) utilized as the second preferred choice.

· In the U.S., both National and Hertz have included Collision Damage Waiver (CDW) and Liability Damage Waiver (LDW) insurance in their rates. Since this insurance coverage is already included in Customer’s rates, this insurance coverage must be declined if offered at the time of the rental so as to not incur duplicative charges.

· Whenever multiple Vendor Personnel are traveling together, every effort to rideshare or carpool must be made.

IV. MEALS.

A. Vendor Personnel who are traveling for Customer-related business purposes may be reimbursed for meals up to the following amounts:

· Breakfast — Up to $30.00 USD.

· Lunch — Up to $50.00 USD.

· Dinner — Up to $75.00 USD.

B. These meal allowance amounts include tax and gratuity. The maximum gratuity shall be fifteen percent (15%), except when a restaurant automatically adds in the gratuity to the bill for large groups in which case the maximum gratuity shall be twenty percent (20%).

C. Vendor Personnel may only claim one (1) of each meal type per day.

124

V. NON-REIMBURSABLE COMMUTING, LOCAL TRAVEL AND OTHER OUT-OF-POCKET EXPENSES.

Except as outlined in this Travel Policy, commuting and other local travel out-of-pocket expenses will not be reimbursed by the Customer. In addition, out-of-pocket travel and living expenses which are not submitted for reimbursement within one (1) year of originally being incurred will not be reimbursed.

125

SCHEDULE 1 TO THE AIG TRAVEL POLICY FOR VENDORS

INSTRUCTIONS FOR MAKING TRAVEL RESERVATIONS

I. VENDOR TRAVEL — U.S.

A. Instructions for Vendor & Customer Internal Stakeholder.

Once it has been determined that Vendor will be using Customer’s travel management preferred provider, an email should be sent to travel.services@aig.com with the following information:

· Name of Vendor.

· Length of the engagement (i.e., start date/end date).

· Vendor Personnel names or, if not available, potential number of Vendor Personnel.

· Customer’s Company Entity/Branch/Department for tracking purposes.

· Customer Internal Stakeholder’s Employee ID.

· All Vendor travel requires a copy of the HRG invoice with all travel listed and any out-of-policy travel clearly noted prior to reimbursement.

· It is recommended that Vendor utilize the Customer’s most cost effective lodging preferred providers (e.g., Club Quarters).

B. Booking Instructions for Individual Vendor Personnel/Travelers.

· To book travel, please call Customer’s travel management preferred provider, Hogg Robinson Group (“HRG”), at (855) 370-6080 and press prompt #1 for domestic reservations or prompt #2 for international reservations.

· Identify yourself as an “AIG outside vendor” and supply your company’s name.

· You will need to supply the following information to the travel counselor when booking travel:

· Full legal name.

· Contact information (e.g., phone numbers/email address).

· TSA information (e.g., date of birth/gender).

· Form of payment.

· HRG will book your travel based on Customer’s policy.

· Itinerary and invoice will be forwarded to Vendor Personnel/traveler and/or arranger via email. Please retain the invoice and submit with in-policy travel expenses. Any out-of-policy travel requires pre-approval by Customer’s authorized representative to ensure full reimbursement.

· At the time of booking, you will be charged a transaction fee to the same form of payment used for travel.

· Any questions or issues, please contact AIG Global Travel at travel.services@aig.com.

126

VIRTUSA CORP - FORM 10-K - EX-10.43 - May 20, 2015

Attached files

VIRTUSA CORP Reports