1
PRO-FORMA CONTRACT
(1) [insert customer name] and
(2) ARKIVUM LIMITED
PRO FORMA SERVICES CONTRACT
2
THIS CONTRACT is dated
BETWEEN:
(1) [INSERT NAME OF CUSTOMER] (Company Number [ ]) whose [registered office]
[principal place of business] is at [insert address]("the Customer"); and
(2) ARKIVUM LIMITED (Company Number 7530353) whose registered office is at 24
Cornhill, London, EC3V 3ND ("the Contractor").
1. DEFINITIONS
1.1 In this Contract, the following words will have the following meanings:
"Bribery Legislation"
means the Bribery Act 2010 and any subordinate
legislation made under that Act from time to time
together with any guidance or codes of practice
issued by the relevant government department
concerning the Bribery Legislation;
"Business Day"
means any day excluding Saturdays, Sundays and
any national holidays throughout the United
Kingdom;
"Commercially Sensitive
Information"
means the subset of Confidential Information
listed in Schedule 3 that constitutes a trade secret;
"Confidential
Information"
means all information (in whatever format)
designated as such by the disclosing Party together
with such information which relates to the
business, affairs, networks, customers, products,
developments, trade secrets, know-how and
personnel of the disclosing Party or which may
reasonably be regarded as the confidential
information of the disclosing Party and, in the case
of information disclosed by the Contractor,
includes the Commercially Sensitive Information;
"Contract"
means this contract including the Schedules;
"Data"
means all data and information of the Customer
which is hosted or stored on the Contractor's
infrastructure and any other data and information
belonging to the Customer which may be
3
delivered to, or generated by, or otherwise come
into the possession or control of, the Contractor
including any associated set of data (such as log
files and statistics) that are derived from the
systems of the Customer or the systems and
infrastructure of the Contractor;
"Data Controller",
"Data Processor", "Data
Subject", "Personal
Data", "Process" and
"processing"
have the respective meanings given to them in the
DPA;
"Data Management Plan"
means a plan agreed by the Parties detailing the
tasks to be performed by the Contractor on the
Data from time to time as part of the Services;
"DPA"
means the Data Protection Act 1998 and the rules
and regulations made or having effect under it;
"Effective Date"
means [the date of this Contract];
"Environmental
Information Regulations"
means the Environmental Information Regulations
2004;
"Fix"
means a permanent resolution of an Incident;
"FOIA"
means the Freedom of Information Act 2000 or
the Freedom of Information (Scotland) Act 2002
(as applicable) and any subordinate legislation
made under these Acts from time to time
together with any guidance and/or codes of
practice issued by the Information Commissioner
in relation to such legislation;
"Force Majeure Event"
means any cause beyond a Party's reasonable
control affecting the performance of its obligations
under this Contract, including war, acts of
terrorism, governmental requirements, acts of
local or central Government or other competent
authorities, Acts of God and industrial disputes
(other than industrial disputes by the relevant
Party's employees). For the avoidance of doubt,
the failure or delay of any obligations of any
4
subcontractor will not be deemed to be beyond
the reasonable control of a Party unless the delay
or failure is a result of an event beyond the
reasonable control of the subcontractor;
"Framework Agreement"
means the framework agreement between (1) Jisc
Collections and Janet Limited; and (2) the
Contractor dated [INSERT];
"Good Industry Practice"
means in relation to any undertaking and any
circumstances, the exercise of that degree of
professionalism, skill, diligence, prudence and
foresight which would reasonably and ordinarily be
expected from a skilled and experienced person or
an internationally recognised company engaged in
the same type of activity under the same or similar
circumstances;
"Group"
means, in relation to a Party, the Party, its
subsidiaries, its holding companies and any
subsidiaries of such holding companies, "subsidiary"
and "holding company" having the meanings given
to them in section 1159 of the Companies Act
2006;
"Hardware"
means the hardware to be provided pursuant to
the terms of this Contract;
"Implementation Date"
means the date on or by which the Contractor
must have provided access to the Services, as
detailed in Schedule 1;
"Incident"
means any event that is not part of the standard
operation of the hardware or software used to
provide the Services and that causes, an
interruption to, or a reduction in the functionality
of such hardware or software or degradation in
resilience of such hardware or software;
"Information"
means information recorded in any form;
"Information Security
Plan"
means the information security plan prepared by
the Contractor pursuant to Clause 10.7;
"Intellectual Property
means all present or future intellectual property
rights, patents, patent applications, copyright,
5
Rights"
mask works, trade secrets and industrial property
rights in respect of any designs, formulas, technical
information and software, and any trademark,
trademark applications, service marks and trade
names, and other similar rights and obligations
whether they are registerable or not;
"Jisc"
means Jisc (co. number 05747339) (or any
successor body thereto);
["Payment Plan"
means the plan for the call off by the Contractor
of Prices paid by the Customer in advance and
held by the Contractor in escrow as set out at
Schedule 1;] [Drafting Note: delete if not
applicable]
"Prices"
means the prices or fees payable by the Customer
to the Contractor in consideration for the
performance of the Services, as set out in Schedule
1, as may be revised from time to time in
accordance with the terms of this Contract;
"Requests
for
Information"
shall have the meaning set out in FOIA or any
apparent request for information under the FOIA
or the Environmental Information Regulations;
"Resolution"
means either a Fix or a Workaround that has been
applied;
"Response"
means confirmation by the Contractor that it has
recorded (i) the date and time of the call which
notifies the Incident; (ii) the nature and location of
the Incident; and (iii) the severity level assigned to
the Incident;
"Secure Access Control
Measures"
means the measures employed by the Contractor
to ensure that Data is only accessed by those who
are entitled to access that Data as set out in
Schedule 4;
"Services"
means the services described in Schedule 1,
including the Storage Services and the Support
Services (in each case as defined in Schedule 1),
which are to be provided to the Customer by the
Contractor;
"Service Credits"
means the credits (if any) which become payable to
the Customer where the Service Levels are not
6
achieved as set out in Schedule 1;
"Service Levels"
means the service levels set out in Appendix 3 of
Schedule 1;
"Seventh Data
Protection Principle"
means the seventh data protection principle set
out in Schedule 1 of the DPA;
"Software"
means any standalone software supplied pursuant
to the terms of this Contract;
"Specifications"
means the specifications for the Software and
Hardware to be supplied by the Contractor as set
out in Schedule 1;
"Term"
means the term of this Contract as set out in
Clause 14;
"Workaround"
means a temporary fix which restores the
resilience and functionality of the Hardware or
Software until a Fix is available.
1.2 References in this Contract to any statute or statutory provision include, unless the
context otherwise requires, references to that statute or provision as from time to time
amended, extended or re-enacted.
1.3 References in this Contract to a "Party" or the "Parties" mean a party or the parties to
this Contract.
1.4 Reference to words importing the singular only also includes the plural and vice versa
where the context requires.
1.5 The headings in this Contract are for reference only and shall not be taken into account
in the construction or interpretation of this Contract.
1.6 Unless otherwise stated, references in this Contract to Clauses, Schedules, Parts and
Appendices are references to the clauses or schedules of, or appendices or parts to a
schedule of, this Contract or the Framework Agreement as applicable.
1.7 any words introduced by the terms "including", "include", "in particular" or any
similar expression shall be construed as illustrative and the words following any of those
terms will not limit the sense of the words preceding those terms
1.8 The terms of the Framework Agreement are hereby incorporated into the terms of this
Contract provided that the following order of precedence shall apply in relation to any
7
conflict, inconsistency or contradiction between the various documents referred to in this
Contract:
1.8.1 the terms and conditions in the main body of this Contract;
1.8.2 the Schedules and Appendices to this Contract;
1.8.3 the Framework Agreement; and
1.8.4 the Schedules to the Framework Agreement.
2. THE SERVICES
2.1 In consideration for the payment of the Prices, the Contractor shall provide the Services
in accordance with the terms of this Contract, including the Service Levels and the
timescales for performance set out in Schedule 1 and the Secure Access Control
Measures.
2.2 Where Service Credits are specified in Schedule 1 to be payable, Service Credits shall be
due by the Contractor and recoverable by the Customer in accordance with the
provisions of Schedule 1 and without prejudice to any other rights and remedies available
to the Customer under this Contract or otherwise.
2.3 The Parties each acknowledge and agree that any Service Credits payable under Schedule
1 are a price adjustment to reflect the reduced level of Service and are not an estimate of
the loss or damage that may be suffered by the Customer as a result of a failure to meet
the relevant Service Level. Payment of a Service Credit by the Contractor or the fact that
a Service Credit is due by the Contractor, is without prejudice to, and will not limit, any
right the Customer may have to damages or non-monetary remedies at law or in equity
resulting from, or otherwise arising in respect of, a failure to achieve a Service Level
(including any rights of termination).
2.4 In performing its obligations under this Contract, the Contractor will at all times exercise
reasonable skill and care and will ensure that the Services are performed by staff that are
competent and skilled and experienced in the relevant subject areas.
2.5 The Parties may at any time during the Term agree a Data Management Plan which will
apply to the Contractor's performance of the Services.
3. INTELLECTUAL PROPERTY RIGHTS
3.1 The Contractor shall ensure that, for the duration of this Contract, it will maintain all
licences and consents necessary to enable it to provide the Services and in particular shall
ensure that its provision of the Services does not infringe the Intellectual Property Rights
of any third party and, where necessary, it grants and/or shall procure for the benefit of
the Customer within the United Kingdom any licences necessary to enable the Customer
to receive the Services without infringing the Intellectual Property Rights of any third
party.
3.2 The Contractor shall indemnify and keep indemnified the Customer against any direct
losses, liabilities, costs, claims, damages, awards and expenses arising out of any claims
8
that the Services (or any part of the Services, including the use of a deliverable) infringe
the Intellectual Property Rights of whatever nature of a third party.
3.3 The Customer shall notify the Contractor promptly if the Customer becomes aware of
any claim being made or action being threatened or brought against the Customer, which
is likely to result in an indemnity claim against the Contractor pursuant to Clause 3.2.
3.4 The Customer shall:
3.4.1 not make any admissions or settlement of any claim of the kind referred to in
Clause 3.2 without the Contractor's prior written consent (such consent not to
be unreasonably withhold and/or delayed);
3.4.2 give the Contractor all such reasonable assistance and information as it may
reasonably require in order to respond to any claim of the kind described in
Clause 3.2; and
3.4.3 at the Contractor's cost and expense, allow the Contractor complete control
over the defence and/or settlement of any action or claim of the kind described
in Clause 3.2.
3.5 The Contractor shall give the Customer the earliest possible notice in writing of any
actual claims against the Contractor that the Services (or any part of them) infringe the
Intellectual Property Rights of whatever nature of a third party.
3.6 Without prejudice to the provisions of Clause 3.2, if a third party brings a claim that the
Services (or any part of them) infringes any Intellectual Property Rights of that third party,
of if the Contractor reasonably considers that such a claim may be made, the Contractor
may (at its own option and expense):
3.6.1 modify or replace the infringing element of the Services so as to avoid the
infringement provided that such modification or replacement shall not materially
affect the delivery of the Services, with the Contractor making good to the
Customer any direct losses suffered by the Customer during or as a result of the
modification or replacement; or
3.6.2 procure for the Customer the right to retain and continue to use the affected
article.
3.7 If the Contractor modifies or replaces the infringing element, the modified/replacement
item must comply with the terms of this Contract, including any warranties and any
specifications.
3.8 The Contractor shall have no liability to indemnify the Customer other against any claim
of the kind referred to in Clause 3.2 to the extent that any such claim is in respect of: (i)
any use in combination with the Services of any item not supplied by the Contractor
(except where such combination, connection, operation or use is recommended,
specified or approved by the Contractor) where such combined use directly gives rise to
the claim; or (ii) the Customer's unreasonable refusal to use modified Services provided
pursuant to Clause 3.6.1.
9
4. CHANGE PROCESS
4.1 Except as set out in this Clause 4, all changes to this Contract will be agreed in writing
between the Parties and set out in the Contractor's service order form ("Order Form").
The Services will be provided by the Contractor to the Customer on the terms of this
Contract. An example of the Order Form is attached at Schedule 2.
4.2 If there is any conflict between the terms of the Order Form and the terms of this
Contract, the terms of this Contract shall prevail unless the parties expressly state to the
contrary within the Order Form.
4.3 If a minor change to the Services is proposed by one of the Parties, the change will come
into effect if both Parties agree to that change in writing.
5. PRICES
5.1 The Prices to be paid by the Customer for the Services and the payment profile that will
apply are set out in Schedule 1.
5.2 [All invoices validly issued by the Contractor shall be payable by the Customer within 30
days of the date of a valid invoice.] [Drafting Note: to be updated, if required, following
agreement of charging structure with Contractor.]
5.3 [Any of the Prices which are paid by the Customer in advance shall be held by the
Contractor in a suitable escrow account and called off in accordance with the Payment
Plan.] [Drafting Note: to be updated, if required, following agreement of charging
structure with Contractor.]
5.4 All sums payable under this Contract are exclusive of VAT, which shall be charged in
accordance with the relevant regulations in force at the time of making the relevant
taxable supply and will be payable by the Customer.
6. PROGRESS MEETINGS
6.1 The Parties agree to meet as often as is reasonably necessary to facilitate the operation of
this Contract and the proper and timely delivery of the Services, such meetings to be the
forum for discussion between the Parties in connection with such operation and delivery.
6.2 The Parties will arrange for certain of its employees, agents or subcontractors to attend
from time to time as may be appropriate.
6.3 Progress meetings to discuss progress reports and other relevant issues will be held at
intervals which, in the Customer's reasonable opinion, are necessary to ensure the
proper and timely delivery of the Services.
6.4 The Contractor will prepare in advance of each such meeting a written progress report,
the contents of which shall be as the Customer may reasonably require.
6.5 The meetings will be held at the Customer's offices, or at any other location agreed
between the Parties.
10
7. WARRANTIES
7.1 The Contractor warrants that:
7.1.1 it will at all times have adequate levels of resource to allow the performance of
the Services in accordance with the terms of this Contract, including the
timescales for performance;
7.1.2 it has and will for the duration of this Contract have all necessary licences,
consents and authorisations or rights as may be provided for under any relevant
legislation, regulations or administrative orders to provide the Services to the
Customer;
7.1.3 the Services will (where relevant) meet or exceed the Service Levels set out in
Schedule 1 and any applicable industry standards (including ISO 27001 or its
replacement from time to time);
7.1.4 it will provide the Services in a timely, reliable and professional manner and will
carry out its obligations in this Contract in accordance with all applicable
telecommunications, data protection and other laws, licences and regulations in
force from time to time;
7.1.5 the Hardware and Software comply with the Specifications;
7.1.6 it has the full right, power and authority to enter into and perform this Contract
in accordance with its terms, and such entry and performance does not and will
not violate or infringe the Intellectual Property Rights or other rights of any
other persons; and
7.1.7 it is not knowingly engaged in, and will not knowingly during the Term engage in,
any business, relationship, contract or other activity which damages or tarnishes,
or is likely to damage or tarnish, the reputation of the Customer;
7.1.8 in relation to this Contract and/or its subject matter, neither the Contractor nor
any of its employees, sub-contractors or agents or others performing services on
behalf of the Contractor has done (or agreed to do) or will do (or agree to do)
anything which constitutes a breach by the Parties of any Bribery Legislation;
7.1.9 it has in place, and will at all times during the Term continue to have in place,
adequate procedures designed to prevent any person associated with the
Contractor from committing an offence under the Bribery Legislation and as a
minimum such procedures comply, and will at all times during the Term comply,
with the most recent guidance issued from time to time by the Secretary of State
pursuant to the Bribery Act 2010; and
7.1.10 it will throughout the Term comply with, monitor and enforce the procedures
referred to in Clause 7.1.8.
7.2 The Customer warrants that:
7.2.1 it has and will for the duration of this Contract have all necessary licences,
consents and authorisations or rights as may be provided for under any relevant
11
legislation, regulations or administrative orders required to perform its
obligations under this Contract; and
7.2.2 it has the full right, power and authority to enter into and perform this Contract
in accordance with its terms, and such entry and performance does not and will
not violate or infringe the Intellectual Property Rights or other rights of any
other persons.
7.3 Specific warranties regarding any Services to be provided by the Contractor (including in
relation to any software) are set out in the relevant Appendix of Parts 1 to 5 in Schedule
1.
8. CONFIDENTIALITY
8.1 Subject to the following provisions of this Clause, each Party shall treat as confidential the
Confidential Information of the other Party.
8.2 Subject to Clauses 8.3, 8.4 and 8.5, each Party will:
8.2.1 only use Confidential Information for the purposes of this Contract or the
Framework Agreement;
8.2.2 only disclose Confidential Information to a third party with the prior written
consent of the other Party (except that each Party may disclose Confidential
Information to companies in its Group or to its professional advisors or auditors
to the extent necessary to exercise its rights or fulfil its obligations under this
Contract); and
8.2.3 ensure that any third party to whom Confidential Information is disclosed is
subject to a confidentiality undertaking in terms no less onerous than those of
this Clause.
8.3 The provisions of Clause 8.1 will not apply to any Confidential Information which:
8.3.1 is in or comes into the public domain other than by breach of this Clause 8; or
8.3.2 a Party can show (i) has been independently generated by the recipient Party's
employees who have neither had any involvement in the performance of the
recipient Party's obligations under this Contract nor access to such Confidential
Information or (ii) was in the possession of the recipient Party prior to the date
of the disclosure, free from any obligations of confidentiality.
8.4 The Customer may disclose the Confidential Information of the Contractor to the
relevant Funding Councils and the Jisc and in relation to any examination pursuant to
Section 6(1) of the National Audit Act 1983 of the economy, efficiency and effectiveness
with which the Customer has used its resources.
8.5 Each Party may disclose the Confidential Information of the other Party pursuant to a
statutory, legal or parliamentary obligation, an order of a court of competent jurisdiction
or the requirement of a competent regulatory body, including any requirements for
disclosure under the FOIA or the Environmental Information Regulations. Without
prejudice to Clauses 8.7 to 8.11, each Party will notify (where it is legally able to do so)
12
the other Party of the disclosure (or proposed disclosure) as soon as is reasonably
possible and will use its reasonable endeavours to ensure that any such disclosure is made
in a manner which ensures the confidentiality of the Confidential Information.
8.6 Subject to the above provisions of this Clause 8, each Party receiving Confidential
Information will take the same precautions and exercise the same degree of care to
protect Confidential Information as it takes and exercises in relation to its own
confidential information. In any event, the receiving Party will take all reasonable care to
protect said Confidential Information.
8.7 The Contractor acknowledges that where the Customer is subject to the requirements
of the FOIA and the Environmental Information Regulations it shall assist and cooperate
with the Customer (at the Contractor's expense) to enable the Customer to comply with
the Information disclosure requirements set out in Clauses 8.8 to 8.14 below.
8.8 The Contractor shall:
8.8.1 notify the Customer and transfer the Request for Information to the Customer
as soon as practicable after receipt and in any event within 2 Business Days of
receiving a Request for Information;
8.8.2 provide the Customer with a copy of all Information in its possession or power
in the form that the Customer requires within 5 Business Days (or such other
period as the Customer may specify) of the Customer requesting that
Information; and
8.8.3 provide all necessary assistance as reasonably requested by the Customer to
enable the Customer to respond to a Request for Information within the time
for compliance set out in section 10 of the FOIA or regulation 5 of the
Environmental Information Regulations.
8.9 The Customer shall be responsible for determining at its absolute discretion whether the
Commercially Sensitive Information and/or any other Information:
8.9.1 is to be disclosed in response to a Request for Information, and
8.9.2 in no event shall the Contractor respond directly to a Request for Information
unless expressly authorised to do so by the Customer.
8.10 The Contractor acknowledges that notwithstanding Clause 8.4 the Customer may, acting
in accordance with the Department for Constitutional Affairs' Code of Practice on the
Discharge of Functions of Public Authorities under Part I of the Freedom of Information
Act 2000, be obliged under the FOIA, or the Environmental Information Regulations to
disclose Information:
8.10.1 without consulting with the Contractor, or
8.10.2 following consultation with the Contractor and having taken its views into
account.
8.11 Without prejudice to Clause 8.9, in the event that the Customer receives a request
under the FOIA or Environmental Information Regulations which encompasses any
13
Information held by the Customer which was provided to the Customer by the
Contractor in connection with this Contract, the Customer will notify the Contractor of
the request and allow the Contractor to make timely representations in relation to the
impact any such disclosure may, in the Contractor's opinion, have on the confidentiality
obligations under the Contract and any other representation it may have in relation to
the disclosure of that Information.
8.12 The Contractor shall ensure that all information produced in the course of the Contract
or relating to the Contract is retained for disclosure and shall permit the Customer to
inspect such records as requested from time to time.
8.13 The Contractor acknowledges that any lists or schedules provided by it outlining
Confidential Information are of indicative value only and that the Customer may
nevertheless be obliged to disclose Confidential Information in accordance with Clause
8.4 or Clause 8.5.
8.14 At all times the Customer shall ensure that its disclosure of any information which has
been provided to the Customer by the Contractor is limited to the minimum extent
necessary for the Customer to comply with its obligations under this Clause 8.
9. DATA PROTECTION
9.1 If and to the extent that the Contractor (for the purpose of this Clause 9, the "Data
Processor") Processes any Personal Data on behalf of the Customer (for the purpose of
this Clause 9, the "Data Controller"), the Data Processor undertakes to the Data
Controller that the Data Processor shall:
9.1.1 comply with the obligations imposed on the Data Controller by the Seventh
Data Protection Principle, namely:
(a) to maintain technical and organisational security measures sufficient to
comply at least with the obligations imposed on the Data Controller by
the Seventh Data Protection Principle; and
(b) to take reasonable steps to ensure the reliability of any employees of
the Data Processor who have access to Personal Data;
(c) ensure all employees of the Data Processor who have access to
Personal Data have undertaken appropriate data protection and
information security training; and
(d) only to Process Personal Data for and on behalf of the Data Controller
for the purpose of performing and in accordance with this Contract
(and only on instructions from the Data Controller, including those in
this Contract, to ensure compliance with the DPA); and
(e) to allow representatives of the Data Controller (or a regulator where
applicable) to audit the Data Processor's compliance with the
requirements of this Clause 9 on reasonable notice, including:
(i) if requested, before any Services commence; and/or
14
(ii) no more than once during any subsequent year of the
Contract; and/or
(iii) at any time if any regulator of the Customer requests or
requires an audit of the Customer and/or any of its service
providers;
(f) at the option of the Data Controller, on request, to provide the Data
Controller with evidence of the Data Controller's compliance with the
Data Processor's obligations under this Clause 9;
9.1.2 only store Data within the European Economic Area and not transfer any
Personal Data outside the European Economic Area without the prior written
consent of the Customer, and in granting consent to the transfer, the Customer
may impose such terms on the Processing of the Personal Data and on the
Contractor and/or any overseas processor of the data as the Customer requires
to ensure that the Personal Data is adequately protected (as required by the
eighth data protection principle set out in Schedule 1 of the DPA); and
9.1.3 assist the Data Controller to comply with any obligations imposed on the Data
Controller by the DPA in relation to any Personal Data Processed by the Data
Processor including:
(a) providing the Data Controller with reasonable assistance in complying
with any subject access request served on the Data Controller under
the DPA;
(b) as soon as possible (and in any event within 24 hours) notifying the Data
Controller of any unauthorised access to, or any loss or destruction of,
or damage to, any Personal Data;
(c) promptly informing the Data Controller about the receipt of any subject
access request received by the Data Processor in relation to Personal
Data Processed pursuant to this Contract; and
(d) not disclosing any Personal Data in response to a subject access request
without first consulting with and obtaining the consent of the Data
Controller.
9.2 In the following circumstances, the Contractor shall cease immediately to use or Process
any such Personal Data received from, or on behalf of, the Customer under this Contract
and shall return to the Customer on demand (or at the request of the Customer destroy
or permanently erase) all Personal Data and copies of those Personal Data in its
possession or control:
9.2.1 on termination of this Contract (or upon expiry of any termination assistance
period); or
9.2.2 upon written request at any time.
9.3 The Contractor shall give the Customer a certificate signed by one of its senior managers
confirming that it has fully complied with Clause 9.2.
15
9.4 The Contractor acknowledges and agrees that the Customer owns the Intellectual
Property Rights in the Personal Data and such data remains the property of the
Customer. To the extent strictly necessary, the Customer hereby grants the Contractor
a non-exclusive, royalty-free license to use the Intellectual Property Rights in the Personal
Data solely for the purposes of this Contract.
9.5 The Contractor will promptly notify the Customer about any matter which may cause the
Customer to become non-compliant with the any relevant legislation applicable to the
Processing in respect of the Personal Data and provide such information about
remediation as the Customer shall reasonably require. The Customer may require the
Contractor to suspend the Processing until the breach is remedied to the satisfaction of
the Customer.
9.6 If the Contractor appoints subcontractors, as may be approved by the Customer from
time to time, as further Data Processors on behalf of the Customer, such further Data
Processors shall be engaged on terms providing equivalent protections in relation to the
Personal Data to those set out in this Contract and provide equivalent rights to the
Customer against the further Data Processors.
9.7 The Contractor shall indemnify the Customer against any loss or damage suffered by the
Customer, including any fines imposed on the Customer by the Information
Commissioner or other regulator of the Customer, in relation to any breach by the
Contractor of its obligations under this Clause 9.
10. INFORMATION SECURITY
10.1 The Contractor undertakes to comply with industry best IT security practice in providing
the Services, which shall include compliance with ISO 27001 or its replacement from time
to time.
10.2 The Contractor will ensure that it implements and maintains appropriate security
controls to ensure the confidentiality and integrity of all Data, including any security
measures set out in Schedule 1 and the Secure Access Control Measures. The
Contractor shall not downgrade the security configuration of any system processing any
Data without the prior written consent of the Customer.
10.3 Without prejudice to the generality of Clauses 10.1 and 10.2, the Contractor shall ensure
that all Data is protected at all times, in such manner as is consistent with the data
security classification agreed between the parties as applicable to such data, from
corruption, and from unauthorised access and interference, both while such Data is
within the possession and control of the Contractor and while (if transmission is
consistent with the classification of such Data and is strictly required for the purpose of
performing the Services) it is in transit across a network (whether public or private).
10.4 Unless instructed otherwise by the Customer, the Contractor shall not:
10.4.1 disclose, use, modify, store, copy or adapt the Data, unless specifically and
expressly required for the purposes of complying with its obligations under this
Contract;
10.4.2 merge or combine the Data with other data; or
16
10.4.3 remove any proprietary or copyright notices contained within or relating to the
Data, except as may be necessary for the performance by the Contractor of its
obligations under this Agreement or as otherwise expressly authorised by the
Customer.
10.5 In the event that the Data is corrupted or lost or sufficiently degraded as to be unusable,
the Contractor shall:
10.5.1 immediately notify the Customer of the occurrence of the loss or corruption of
the Data;
10.5.2 restore, or procure the restoration of, the Data to the extent required by, and
in accordance with, the Contractor's Information Security Plan;
10.5.3 provide the Customer with a full refund in respect of any charges levied by the
Contractor in respect of the collection, processing, storage and/or transmission
of the proportion of the Data which has been corrupted, lost or become
unusable; and
10.5.4 indemnify the Customer against all losses, costs and expenses incurred by the
Customer as a result of such corruption to or loss of Data.
10.6 The Contractor shall ensure:
10.6.1 the logical segregation of the Data from any data of any third party;
10.6.2 it has in place appropriate measures to protect against any virus or malicious
attack (including denial of service attacks) which may impact on the Data;
10.6.3 it has in place appropriate physical and technical access control measures,
including physical access restrictions to its data centres to ensure that only those
persons who require access to the Data for the purposes of this Contract are
able to access the Data; and
10.6.4 it implements, and complies at all times with, the Secure Access Control
Measures.
10.7 Within 1 month after the Effective Date, the Contractor shall develop an Information
Security Plan that will ensure the confidentiality and security of the Customer's
Confidential Information and shall submit the plan to the Customer for review and
approval. The Customer may require that amendments are made to the Information
Security Plan before it can be approved by the Customer. Once the Information Security
Plan has been approved by the Customer, the Contractor shall implement the
Information Security Plan in accordance with its terms.
10.8 The Contractor shall ensure that it has in place a facility for off-line back up with a
reputable data and software escrow provider which has either been chosen or approved
by the Customer. The Contractor shall ensure that:
10.8.1 its agreement with the escrow provider ensures the release of the Data to the
Customer on termination or expiry of this Contract for any reason;
17
10.8.2 its arrangements with the escrow provider enable the Contractor to provide
fully the exit services described in Schedule 1;
10.8.3 the performance by the Contractor of the exit services described in Schedule 1
shall enable the Customer to access and gain control, and take possession, of all
Data.
11. DISASTER RECOVERY AND BUSINESS CONTINUITY
11.1 As a minimum and to ensure the resilience of the Services, the Contractor shall ensure
that the Services are provided from two synchronised data centres (in addition to the
back up facility provided in accordance with Clause 10.8).
11.2 The Contractor shall deliver to the Customer a copy of its disaster recovery and business
continuity plan on request. The Contractor shall maintain and test its disaster recovery
and business continuity plan on a regular basis (no less than once in every 12 month
period). Any changes the Contractor makes to its disaster recovery and business
continuity plan will provide at least the same level of disaster recovery and business
continuity as the then current disaster recovery and business continuity plan. The
Contractor will notify the Customer when any material changes are made to its disaster
recovery and business continuity plan and shall, on request, provide a copy of such
updated plan to the Customer.
11.3 Each Party shall notify the other Party as soon as reasonably possible if it believes that
there has been, or is likely to be, a material disruption to business continuity that requires
the implementation of the Contractor's disaster recovery and business continuity plan. In
the event of any such material disruption the Contractor shall promptly implement its
disaster recovery and business continuity plan in accordance with its terms and using
Good Industry Practice.
11.4 The Contractor will ensure that any system on which the Contractor holds Data,
including backup data, is a secure system that ensures complete data integrity in
accordance with Good Industry Practice.
12. LIABILITY
12.1 Nothing in this Contract will limit or exclude the liability of either Party for death or
personal injury arising out of its negligence, or for its fraud or for any other loss which
cannot by law be excluded or limited.
12.2 Subject to Clause 12.1:
12.2.1 in no circumstances will either Party be liable to the other Party for any loss of
business, revenue, profits, anticipated savings or goodwill (whether direct or
indirect) or for any indirect, special or consequential loss arising out of or in
connection with this Contract;
12.2.2 each Party's maximum aggregate liability under or in connection this Contract or
its subject matter will not exceed £[ ]. [To be negotiated between the
Contractor and the Customer on a contract by contract basis.]
12.3 The exclusions and limitations in Clause 12.2 shall not apply to:
18
12.3.1 any liability of the Contractor in respect of:
(a) the indemnities in Clauses 9.7 and 10.5.4; or
(b) breach of its obligations in Clause 10 (Information Security);
12.3.2 any liability of either Party for breach of that Party's obligations in Clause 8
(Confidentiality).
12.4 The exclusions and limitations in Clause 12.2.2 shall not apply to any liability of the
Contractor in respect of the indemnity in Clause 3.2.
13. INSURANCE
13.1 The Contractor undertakes that for the duration of this Contract, it will be covered
against employee misfeasance, accident, third party injury, defective products, fire and
other risks normally covered by insurance by persons supplying services which are the
same or similar to the Services, with the minimum levels of insurance as set out below:
13.1.1 [insert]
13.2 The Contractor will produce to the Customer, at its reasonable request, satisfactory
evidence of the insurance arrangements described in Clause 13.1.
14. TERM, TERMINATION AND EXIT
14.1 Unless terminated by either Party in accordance with the terms and conditions of this
Contract, this Contract will commence on the Effective Date and will continue for the
term set out in Schedule 1 ("the Initial Term"). This Contract shall continue after the
Initial Term unless and until terminated by either Party giving not less than 3 months prior
written notice to the other, such notice to expire at the end of the Initial Term or at any
point thereafter ("the Extended Term").
14.2 Without prejudice to the rights and remedies of the Contractor and any Customer,
either the Customer or the Contractor may terminate this Contract immediately by
giving the other Party written notice:
14.2.1 in the event of a material breach by the other Party which is incapable of
remedy;
14.2.2 in the event of a material breach by the other Party which is capable of remedy
but which the other Party fails to remedy within 20 Business Days of having been
notified of such breach; or
14.2.3 if the other Party has a receiver, administrative receiver, administrator or other
similar officer appointed over it or over any part of its undertaking or assets or
passes a resolution for winding up (other than for the purpose of a bona fide
scheme of solvent amalgamation or reconstruction) or a court of competent
jurisdiction makes an order to that effect or if the other Party becomes subject
to an administration order or enters into any voluntary arrangement with its
creditors or ceases or threatens to cease to carry on business or is unable to
pay its debts or is deemed by section 123 of the Insolvency Act 1986 to be
19
unable to pay its debts, or undergoes or is subject to any analogous acts or
proceedings under any foreign law.
14.3 The Customer may terminate this Contract in accordance with paragraph 1.2 of
Appendix 4 to this Contract.
14.4 Termination of this Contract will be without prejudice to the Parties' accrued rights and
obligations.
14.5 On termination or expiry of this Contract, the Parties shall perform any and all
termination and/or exit obligations set out in Schedule 1. In particular, the Contractor
shall ensure that all Data is returned to the Customer or, at the Customer's election,
securely destroyed in accordance with Good Industry Practice and shall perform the exit
services described in Schedule 1. Unless otherwise stated in Schedule 1, each Party shall
perform its post termination obligations at its own cost and expense.
14.6 Clauses 1 (Definitions), 3 (Intellectual Property Rights), 8 (Confidentiality), 12 (Liability);
13 (Insurance), 14.3 to 14.6 (Termination), 15 (Audit), 16 (Severability), 18 (Third
Party Rights), 19 (Counterparts), 20 (No Partnership), 21 (Assignment), 23 (No
Waiver), 24 (Notices), 25 (Entire Agreement), 26 (Dispute Resolution), 27 (Variation) and
28 (Governing Law) of this Contract will continue notwithstanding termination of this
Contract.
14.7 In addition to any particular exit services identified in Schedule 1, the Contractor shall
develop and prepare a draft high level exit plan (the "Exit Plan") no later than 1 month
following the Effective Date for review and approval by the Customer.
14.8 The Parties shall review the Exit Plan annually throughout the Term. The Contractor
shall, where required, prepare drafts of updates and amendments to the Exit Plan for
approval by the Parties following such reviews.
14.9 Within 10 Business Days of sending or receiving notice of termination in respect of all or
part of this Agreement, the Parties shall meet and use all reasonable endeavours to agree
the contents of revisions to the Exit Plan required at the date of termination. The
Contractor shall implement the Exit Plan at the relevant time.
15. AUDIT
15.1 In addition to the rights contained at Clause 9.1.1(e), the Customer shall have the right
during normal business hours and on reasonable notice to inspect and take copies of all
relevant records and/or information, and/or to authorise agents or representatives
appointed by the Customer to do so, in relation to any matter in connection with the
Services or this Contract including:
15.1.1 to assess the delivery of the Services in accordance with this Contract (including
against the Milestones and the Service Levels);
15.1.2 investigation of any fraudulent or negligent activity;
15.1.3 to verify the calculation of the Prices.
20
15.2 The Customer's right in Clause 15.1 shall continue in force for 1 year after termination or
expiry of this Contract.
15.3 The Customer shall use its reasonable endeavours to ensure that the conduct of an audit
under this Clause 15 does not unreasonably disrupt the Contractor's business.
15.4 The Contractor shall on demand provide the Customer (and/or its agents or
representatives) with all reasonable co-operation and assistance in relation to each audit
including without limitation all information requested by the Customer (and/or its agents
or representatives) within the scope of the audit and access to the Contractor's
personnel and/or the Contractor's systems and/or premises.
15.5 Each Party shall bear its own costs of any audit provided that where audit shows that the
Contractor has over-charged the Customer by more than 4%, the Contractor shall bear
the Customer's costs of the audit and shall promptly reimburse the Customer the
amount of such overpayment.
15.6 If any agent or representative of the Customer is authorised to conduct an audit on
behalf of the Customer, such agent or representative shall undertake in advance to the
Contractor to keep all information obtained strictly confidential and not to use or
disclose any such information except for the purpose of reporting the results of its audit
to the Customer.
16. SEVERABILITY
16.1 If any provision of this Contract, including in particular any limitation, is held by a court or
any governmental agency or authority to be invalid, void, or unenforceable, the remainder
of this Contract will nevertheless remain legal, valid, and enforceable.
17. FORCE MAJEURE
17.1 Notwithstanding anything herein to the contrary but subject to Clause 17.2, neither Party
will be liable for any delay or failure in performance of any of its obligations under this
Contract, to the extent such delay or failure is attributable to a Force Majeure Event.
17.2 Each Party which is prevented from carrying out its obligations as a result of a Force
Majeure Event will promptly notify the other Party and will agree an action plan with the
other Party, at the cost of the Party prevented from carrying out its obligations as a result
of the Force Majeure Event, to mitigate the effects of the Force Majeure Event.
17.3 If performance of the obligations of the Contractor is substantially prevented for a
continuous period of 15 Business Days or more by virtue of any of the aforesaid events
then the Customer may terminate this Contract, without any liability, by giving the
Contractor written notice.
18. THIRD PARTY RIGHTS
18.1 A person who is not a Party to this Contract shall not have any rights under or in
connection with it by virtue of the Contracts (Rights of Third Parties) Act 1999 or
otherwise.
21
19. COUNTERPARTS
19.1 This Contract may be executed in counterparts, each of which will be deemed an original,
but all of which will constitute the same instrument.
20. NO PARTNERSHIP
20.1 Nothing in this Contract and no action taken by the Parties pursuant to this Contract will
constitute or be deemed to constitute between the Parties a partnership, association,
joint venture, or other co-operative entity.
21. ASSIGNMENT
21.1 Subject to Clause 21.2 below, neither Party may assign its rights and/or obligations under
this Contract without the prior written consent of the other Party, such consent not to
be unreasonably withheld or delayed.
21.2 The Contractor may assign any of its rights and/or obligations under this Contract to a
member of its Group. In such cases:
21.2.1 the Contractor shall promptly inform the Customer in writing of the identity of
the assignee;
21.2.2 the Contractor shall remain liable for any acts and/or omissions under this
Contract irrespective of the assignment; and
21.2.3 if the relevant assignee ceases to be a member of the Contractor's Group then
the Contractor shall ensure that this Contract is promptly transferred back to
the Contractor and/or a member of its Group.
22. SUBCONTRACTING
22.1 The Contractor shall be entitled to subcontract parts of the Services to subcontractors
without notice (subject to Clause 9.6) provided that the Contractor shall ensure that its
contracts with such subcontractors contain terms equivalent to Clauses 8
(Confidentiality), 9 (Data Protection) and 10 (Information Security). The Contractor shall
be liable for the acts and omissions of its subcontractors.
23. NO WAIVER
23.1 Failure by either Party to exercise or enforce any right or benefit conferred by this
Contract will not be deemed to be a waiver of any such right or benefit nor operate so as
to bar the exercise or enforcement thereof or of any other right or benefit on any later
occasion.
24. NOTICES
24.1 Any notice required or authorised to be given under this Contract will be delivered by
hand or by post to the relevant address stated at the start of this Contract or to such
other address as notified (in accordance with this Clause 24) by one Party to the other
during the Term.
22
24.2 Any notice will be deemed to have been served:
24.2.1 immediately if delivered by hand; or
24.2.2 48 hours after posting if delivered by post.
24.3 Notices may also be delivered by email to such email address as notified (in accordance
with this Clause 24) by one Party to the other during the Term, provided that the sender
is able to verify that the email reached the recipient's servers without error. Service of a
notice by email will be deemed to have occurred upon reaching the recipient's server
without error.
24.4 Where notices are to be served by email, the email must contain the following wording in
the subject matter field: "Notice served in accordance with the terms of the Contract
between [the Customer's name] and [insert Contractor's name]".
25. ENTIRE AGREEMENT
25.1 This Contract contains the entire agreement and understanding of the Parties and
supersedes all prior agreements, understandings or arrangements (both oral and written)
relating to the subject matter of this Contract, other than as may be set out in the
Framework Agreement. Each of the Parties acknowledges and agrees that it does not
enter into this Contract on the basis of and does not rely, and has not relied upon, and
will have no remedy in respect of, any statement or representation or warranty or other
provision made, given or agreed to by the other Party to this Contract (whether
negligently or innocently made) except those expressly repeated or referred to in this
Contract and/or the Framework Agreement. Nothing in this Clause will operate to limit
or exclude liability for fraud.
26. DISPUTE RESOLUTION
26.1 Without prejudice to Clause 14, in the event of a dispute between the Parties concerning
this Agreement, each of the Parties will, in the first instance, endeavour to reach an
agreement in respect of the dispute by following the escalation process set out in Clauses
26.2 to 26.8 below.
26.2 The aggrieved Party shall provide the other Party with written notice and the problem
will initially be referred to the first level contact given in the table below (the "First
Level").
26.3 If the problem is not resolved at the First Level or a corrective plan of action has not
been mutually agreed upon within 10 Business Days of giving the dispute notice then
either Party shall have the option to escalate the matter to the second level contact given
in the table below (the "Second Level").
26.4 If the problem is not resolved at the Second Level or a corrective plan of action has not
been mutually agreed upon within 5 Business Days of giving the dispute notice then either
Party shall have the option to escalate the matter to the third level contact given in the
table below (the "Third Level").
26.5 If the problem is not resolved at the Third Level or a corrective plan of action has not
been mutually agreed upon within 5 Business Days of giving the dispute notice then either
23
Party shall have the option to escalate the matter to the final level contact given in the
table below (the "Final Level").
26.6 The Final Level representatives agree to use all reasonable efforts to meet within 10
Business Days at a mutually agreeable time and place in order to resolve the dispute.
Escalation Points
Escalation
Level
Contractor Contacts
Customer Contacts
First Level
[ ]
Second Level
None
[ ]
Third Level
[ ]
Final Level
[ ]
26.7 Without prejudice to each Party’s rights to terminate the Agreement, if the Parties are
unable to reach agreement on the disputed matter through the process as specified in
Clauses 26.1 to 26.6, they may agree to settle it by mediation in accordance with the
Centre for Effective Dispute Resolution (CEDR) Model Mediation Procedure. Unless
otherwise agreed between the Parties, the mediator will be nominated by CEDR. To
initiate the mediation the Parties will send a joint notice in writing ("ADR notice") to
CEDR requesting mediation.
26.8 The mediation will start not later than 30 days after the date of the ADR notice, or such
later date as the mediator is available. The commencement of mediation will not prevent
the Parties commencing or continuing court proceedings, unless the parties agree
otherwise.
27. VARIATION
27.1 Without prejudice to Clause 4.3, no variation of this Contract will be valid unless
recorded in writing and signed by or on behalf of each of the parties.
28. GOVERNING LAW AND JURISDICTION
28.1 This Contract and all matters arising out of it (whether of a contractual or a tortious
nature) will be governed and construed in accordance with the laws of England and the
Parties irrevocably agree to the exclusive jurisdiction of the Courts of England and Wales.
IN WITNESS WHEREOF, the Parties, intending hereby to be legally bound, by their
authorised officers, have executed this Contract on the date first here written.
24
………………………………………………………………………………………….
Signed for and on behalf of
[INSERT CUSTOMER DETAILS]
Name: Position:
Date:
………………………………………………………………………………………….
Signed for and on behalf of
[INSERT CONTRACTOR DETAILS]
Name: Position:
Date:
Janet Data Archive to Tape Framework
PR/DOC/020
Page 25 of 25
PRO-FORMA CONTRACT – SCHEDULE 1
CONTRACT TERM
Initial Term
[
To be
inserted
]
Implementation Date
[
To be
inserted
]
