Exhibit

EX-10.29 3 jnpr-20181231ex1029.htm MASTER SERVICES AGREEMENT BETWEEN JUNIPER NETWORKS, INC. AND IBM, AS AMENDED Exhibit

Confidential Treatment Requested by Juniper Networks, Inc.

EXHIBIT 10.29

MASTER SERVICES AGREEMENT

Confidential Portions of this Exhibit marked as [***] have been omitted pursuant to a request for confidential treatment and have been filed separately with the Securities and Exchange Commission.

Confidential

Page 1 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

TABLE OF CONTENTS

Page



ARTICLE 1.	DEFINITIONS AND INTERPRETATION.	1
1.1	Definitions	1
1.2	Interpretation	1
ARTICLE 2.	TERM	1
2.1	Initial Term	1
2.2	SOW Term Extensions	2
ARTICLE 3.	SERVICES	2
3.1	Statements of Work	2
3.2	Non-Exclusivity of Services	4
3.3	No Minimum Commitment	4
3.4	Projects	4
3.5	Changes to Customer Group	4
3.6	Governmental Approvals and Consents	5
3.7	Technology and Process Evolution	5
3.8	Knowledge Sharing	5
3.9	Reports	5
3.10	Customer Systems	6
3.11	Satisfaction Surveys	6
3.12	Responsibility for Resources	6
3.13	Work Reprioritization	6
3.14	Cooperation with Third Parties	7
3.15	Management of Third-Party Contracts	7
3.16	Customer Policies	9
3.17	Non-Compliance with Customer Policies	9
3.18	Process Interface Manual	9
3.19	Due Diligence	9
3.20	Excuse from Performance	10
3.21	Acceptance Testing	11
3.22	Deficiencies in Reviewable Items	11
3.23	Rejection Process	11
3.24	Final Acceptance	12
3.25	No Deemed Acceptance	12
ARTICLE 4.	TRANSITION	12
4.1	Transition Plan	12

Confidential

Page 1 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

TABLE OF CONTENTS
(continued)

Page



4.2	Transition Performance	13
ARTICLE 5.	TRANSFORMATION	13
5.1	Transformation Plan	13
5.2	Transformation Performance	13
5.3	Transformation Timing	14
ARTICLE 6.	HUMAN RESOURCES	14
ARTICLE 7.	SERVICE LEVELS AND CREDITS	14
7.1	General	14
7.2	Reporting and Measurement Tools	14
7.3	Anticipated Default; Root-Cause Analysis	14
7.4	Performance Credits	15
7.5	Deliverable Credits	15
ARTICLE 8.	SERVICE LOCATIONS	15
8.1	Service Locations	15
8.2	Physical Safety and Security Procedures	16
ARTICLE 9.	PROVIDER STAFF	16
9.1	Key Personnel	16
9.2	Provider Staff Agreements	16
9.3	Provider Staff Removal	17
9.4	Background Check and Work Eligibility	17
9.5	Restricted Parties Compliance	17
9.6	Provider Agents	17
9.7	Services to Customer Competitors	18
9.8	Qualifications and Training of Provider Staff	18
9.9	Personnel Turnover Rate	19
ARTICLE 10.	CONTINUED PROVISION OF SERVICES	19
10.1	Disaster Recovery Plan	19
10.2	Force Majeure	19
10.3	Alternate Source	20
10.4	No Payment for Unperformed Services	20
10.5	Allocation of Resources	20
10.6	Service Improvement Plan and Step-In	20
ARTICLE 11.	CUSTOMER OPERATIONAL RESPONSIBILITIES	21
11.1	Customer Resources	21

Confidential

Page 2 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

TABLE OF CONTENTS
(continued)

Page



11.2	Customer Operational Responsibilities	22
ARTICLE 12.	FEES AND PAYMENT	22
12.1	General	22
12.2	Expenses	22
12.3	Disputed Fees and Right to Offset	22
12.4	Transition Fees	23
12.5	Extraordinary Events	23
12.6	Benchmarking Arrangement	23
ARTICLE 13.	TAXES	25
13.1	Customer Tax Responsibility	25
13.2	Provider Tax Responsibility	25
13.3	Excluded Tax Responsibilities	25
13.4	Tax Cooperation	25
ARTICLE 14.	AUDITS	25
14.1	Service Audits	25
14.2	Fees Audits	26
14.3	Audits Required by Governmental Authorities	26
14.4	Provider’s Controls Audits	26
14.5	Record Retention	27
14.6	Facilities	27
14.7	Response	27
ARTICLE 15.	RELATIONSHIP MANAGEMENT	28
15.1	Governance Guidelines and Principles	28
15.2	Appointments	28
15.3	Escalation Procedure for Relationship Issues	28
ARTICLE 16.	INTELLECTUAL PROPERTY RIGHTS	28
16.1	Assigned Rights	28
16.2	Moral Rights	28
16.3	Maintenance of Records	29
16.4	Further Assurances	29
16.5	Customer Property	29
16.6	Provider Property	29
16.7	No Implied License	30
ARTICLE 17.	CONFIDENTIALITY AND CUSTOMER DATA.	30

Confidential

Page 3 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

TABLE OF CONTENTS
(continued)

Page



17.1	Use and Disclosure	30
17.2	Required Disclosure	31
17.3	Security Incidents	31
17.4	Rights in Confidential Information	32
17.5	Return of Confidential Information	32
17.6	Third-Party Information	32
17.7	Other Rights	32
17.8	U.S. Defend Trade Secrets Act	32
17.9	Rights in Customer Data	32
17.10	Protection of Customer Data	33
17.11	Information and System Security	33
17.12	Return of Confidential Information and Customer Data	34
17.13	Notice of Adverse Impact	34
17.14	Internal Controls.	35
ARTICLE 18.	REPRESENTATIONS AND WARRANTIES	36
18.1	Representations and Warranties by Customer	36
18.2	Representations and Warranties by Provider	37
18.3	DISCLAIMER	40
ARTICLE 19.	TERMINATION	40
19.1	Termination for Convenience	40
19.2	Termination for Change in Control of Customer	40
19.3	Termination for Change in Control of Provider	40
19.4	Termination by Customer for Cause	41
19.5	Termination by Customer for Breach of Warranties by Provider	41
19.6	Service Level Termination Event	41
19.7	Termination by Provider for Cause	41
19.8	Termination for Failure to Transition	41
19.9	Termination for Failure to Transform	41
19.10	Other Terminations	42
19.11	Cumulative Rights	42
19.12	Termination Effectiveness	42
ARTICLE 20.	TERMINATION ASSISTANCE	42
20.1	Termination Assistance Services	42
20.2	Exit Rights	43

Confidential

Page 4 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

TABLE OF CONTENTS
(continued)

Page



20.3	Termination Assistance Upon Insourcing or Resourcing	44
ARTICLE 21.	INDEMNITIES	44
21.1	Indemnities by Customer	44
21.2	Indemnities by Provider	45
21.3	Provider Obligations Upon Infringement/Misappropriation	45
21.4	Indemnification Procedures	46
ARTICLE 22.	DAMAGES	46
22.1	Direct Damages Cap	46
22.2	Consequential Damages	47
22.3	Exceptions	47
22.4	Acknowledged Direct Damages	48
22.5	Data Breach Damages	49
22.6	Collective Caps	49
ARTICLE 23.	INSURANCE	50
23.1	Insurance	50
23.2	Period of Insurance	50
23.3	Insurance Documentation	51
ARTICLE 24.	COMPLIANCE WITH LAWS	51
24.1	Compliance	51
24.2	Changes in Law	51
24.3	Ethical Practices	52
24.4	Export Control	53
24.5	Regulatory Fines	54
ARTICLE 25.	MISCELLANEOUS PROVISIONS	55
25.1	Assignment	55
25.2	Notices	55
25.3	Counterparts	55
25.4	Relationship	56
25.5	Consents, Approvals and Requests	56
25.6	Waivers	56
25.7	Remedies Cumulative	56
25.8	Amendments	56
25.9	Survival	56
25.10	Third-Party Beneficiaries	57

Confidential

Page 5 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

TABLE OF CONTENTS
(continued)

Page



25.11	Covenant of Further Assurances	57
25.12	Conflict of Interest	57
25.13	Publicity, Branding and Co-Branding	57
25.14	Equitable Relief	57
ARTICLE 26.	CONSTRUCTION	57
26.1	Severability	57
26.2	Sole and Exclusive Venue	57
26.3	Section 365(n)	58
26.4	Governing Law	58
26.5	Continued Performance	58
26.6	Duly Authorized	58
26.7	Entire Agreement	58

Confidential

Page 6 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

MASTER SERVICES AGREEMENT

This Master Services Agreement is between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corporation, a New York corporation with a principal place of business at One New Orchard Road, Armonk, New York 10504 (“Provider”).

Provider is in the business of providing outsourcing, professional and other related services to customers. Customer Group desires to obtain certain outsourcing, professional and other related services from Provider, and Provider desires to provide such services to Customer Group, such Services as described in the Statements of Work to be entered into from time to time by Customer Group and Provider pursuant to the terms and conditions of this MSA. Customer and Provider desire to set forth in this MSA the general terms and conditions pursuant to which Provider will provide such services to Customer and all other members of Customer Group under the applicable Statements of Work.

Therefore, Customer and Provider (each a “Party” and together the “Parties”) agree as follows:

ARTICLE 1. DEFINITIONS AND INTERPRETATION.

1.1 Definitions. Capitalized terms used in the Agreement have the meanings set forth in Schedule 1 (Definitions) or Schedule 3 (Cross-Functional Terms) unless otherwise defined in the context of the provision.

1.2 Interpretation. In the Agreement, unless otherwise specified, (A) headings are for ease of reference only and will not be taken into account in construing or interpreting the Agreement; (B) references to any recital, Section, Exhibit, Schedule, or paragraph are to those contained in the Agreement; (C) all Exhibits and Schedules to the Agreement are an integral part of the Agreement and are incorporated in the Agreement by such reference; (D) the use of the term “including,” means “including without limitation,” “include without limitation” or “includes without limitation.” Similarly, the term “for example” and the abbreviation “e.g.” mean “as one example and without limitation of other examples”; (E) the singular includes the plural and vice versa and any gender includes either gender; (F) all references to time refer to the local prevailing time in Sunnyvale, California; (G) all references to “dollars” or “$” will mean United States Dollars, unless otherwise indicated; (H) reference to any statute, law, regulation, rule, delegated legislation, or order is to any statute, law, regulation, rule, delegated legislation, or order as amended, modified, or replaced from time to time and to any statute, law, regulation, rule, delegated legislation, or order replacing or made under any of them; (I) the expression “this Section” or “this section” will, unless followed by reference to a specific provision, be deemed to refer to the whole clause (not merely the sub-clause, paragraph, or other provision) in which the expression occurs; and (J) “in writing” includes any communication made by letter, facsimile, or email, in accordance with Section 25.2 (Notices), below.

ARTICLE 2. TERM.

2.1 Initial Term. The term of this MSA commences on December 31, 2018 (the “Effective Date”) and will continue until the termination or expiration of the last remaining Statement of Work under this MSA unless earlier terminated or extended in accordance with its terms. Each Statement of Work executed between the Parties will specify its effective date and expiration date, unless earlier terminated in accordance with the terms of this MSA or extended in accordance with Section 2.2 (SOW Term Extensions). If the expiration date for a specified Statement of Work occurs after the expiration or termination of this MSA, then this MSA will remain effective solely for the provision of Services under such Statement of Work, until the expiration or termination of such Statement of Work.

2.2 SOW Term Extensions. Customer may extend each Statement of Work for up to one (1) extension period or such other extension periods as agreed upon in an applicable Statement of Work (each, a “SOW Term Extension”), each of up to twelve (12) months, on the same terms and conditions (including no increase in Fees) by giving Provider notice of such extension and of the length thereof at least ninety (90) days before the end of the term of such Statement of Work or any SOW Term Extension under this Section 2.2 (SOW Term Extensions).

ARTICLE 3. SERVICES.

3.1 Statements of Work.

(A) Provider will provide the Services to, and perform the Services for, Customer Group, for use by Customer Group and its Authorized Users in accordance with this MSA and one or more Statements of Work. Provider’s timely performance of the Services under an applicable Statement of Work is of the utmost importance to Customer. Provider’s failure to meet applicable Service Levels or the milestones or other deadlines set forth in an applicable Statement of Work according to the terms of the Agreement or the applicable Statement of Work will be a breach of Provider’s obligations under the Agreement.

(B) If Customer and/or Customer Group desires Provider to perform Services pursuant to this MSA, and Provider agrees to perform such Services, Customer and/or Customer Group and Provider will enter into one or more Statements of Work for such Services, each substantially in the form included in Schedule 2 (Form of Statement of Work) (each, a “Statement of Work” or “SOW”).

(C) In the event that a particular Statement of Work contemplates the delivery of Services to entities in geographies outside the United States, the Parties will enter into, or cause each of their respective Affiliates to enter into, one or more local country agreements for the purpose of memorializing the implementation of this MSA and the applicable Statement of Work (each, a “Local Services Agreement”) at the country level. All Services will be provided by Provider or the applicable Affiliate of Provider pursuant to this MSA or an executed Local Services Agreement. Unless and to the extent an individual Local Services Agreement expressly provides otherwise, each Local Services Agreement will incorporate by reference the terms and conditions of this MSA and will not be construed as altering or superseding the rights and obligations of the Parties under this MSA. The term of each Local Services Agreement will commence on the Effective Date of the applicable Local Services Agreement and will continue until the last day of the term of the applicable SOWs, unless earlier terminated or extended in accordance with the terms of this MSA or such Local Services Agreement.

(D) From time to time during the Term, Customer and/or Customer Group may wish to obtain Services that are not then covered by an existing Statement of Work and that are materially different from or materially in addition to the Services (“New Services”). For the avoidance of doubt, additional volumes of Services for which there is a charging mechanism specified in the applicable SOW are not considered New Services. In the case of New Services, Customer has no obligation to provide Provider with a first right of refusal to provide New Services to Customer Group. Customer may, in its sole discretion, elect to have Provider bid to provide New Services to Customer Group. If Customer so elects, Customer will provide Provider with a general description of the New Services to be provided, the business requirements, or the desired outcome. Provider will promptly, and at no charge to Customer, prepare a proposal to Customer setting forth the Statement of Work terms and conditions on which it would provide such New Services and will deliver to Customer a proposed Statement of Work in the form set forth in Schedule 2

Confidential

Page 1 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(Form of Statement of Work) or a proposed amendment to the applicable Statement of Work. The proposed Fees for New Services will consider the resources and expenses of Provider for Services that would no longer be required if Provider performed New Services. Customer will review Provider’s proposal and may request Changes. If Customer in its sole discretion decides to proceed with Provider providing the New Services, the Parties will negotiate in good faith and consistent with any existing Statement of Work regarding any such requested Changes and work to promptly finalize the Statement of Work for the New Services. Customer will not be obligated to pay for any New Services prior to the finalization of a Statement of Work unless expressly stated in the Statement of Work.

(E) In addition to the services, functions, responsibilities, and tasks expressly described in the scope of services or other detailed description of the Services under a Statement of Work, the following are deemed to be included in the Services as if expressly described in the Agreement:

(1) All services, functions, responsibilities, and tasks that are an inherent part of, or a necessary sub-part included within, or that are reasonably required for or incidental to the proper and complete performance and provision of the expressly described Services;

(2) communication and coordination of efforts by and among Provider Staff as required to perform such services, functions, responsibilities, and tasks pursuant to a Statement of Work;

(3) in the case of a Statement of Work involving the transfer of Affected Employees, the services, functions, responsibilities, and tasks that were performed by the Affected Employees on a consistent or routine basis during the twelve (12) months preceding the SOW Effective Date;

(4) all services, functions, tasks or responsibilities necessary for Provider to comply with Customer Policies, as described in Section 3.16 (Customer Policies) below; and

(5) all services, functions, tasks or responsibilities necessary for Provider to comply with the cross-functional service terms, as described in Schedule 3 (Cross-Functional Service Terms.

(F) Provider will provide the Services to Customer Group designated by Customer and provide such Services at least at the industry standards practiced generally by top tier well managed service providers providing similar services in similar circumstances, but in no case less than the standard performed by Affected Employees during the twelve (12) months preceding the applicable SOW Effective Date.

(G) Each Statement of Work must be signed by an Authorized Representative of each Party. Provider acknowledges and agrees that no Statement of Work will be effective unless and until signed by Authorized Representatives of both Parties. All Statements of Work incorporate by reference and are subject to, the terms and conditions of this MSA. Once executed by both Parties, the new Statement of Work will be effective as of the effective date specified in the Statement of Work and become a part of and be a Schedule to this MSA, and the Services thereunder will form part of the Services governed by the Agreement. The Statements of Work will be serially numbered (i.e., the first being Statement of Work No. 1, the second being Statement of Work No. 2, the third being Statement of Work No. 3, etc.) and include a brief substantive description in the title.

(H) This MSA together with each Statement of Work is to be interpreted as a single agreement so that all provisions are given as full effect as possible. In the event of a conflict between the terms of this MSA and a Statement of Work, this MSA will control, except to the extent the Parties expressly agree in such Statement of Work that the Statement of Work will control with respect to the specific provision of the MSA to be overridden. The order of precedence is as follows (items with a lower number having priority over, and controlling in the event of a conflict with, items having a higher number): (1) this MSA, (2) any Schedules or other attachments incorporated in this MSA other than Statements of Work, and (3) the Statements of Work including the Exhibits and other attachments thereto (but only with respect to Services to be performed under such Statement of Work).

3.2 Non-Exclusivity of Services. Customer retains the right to perform itself or retain Customer Agents and/or other third parties to perform any or a portion of the Services subject to and in accordance with the provisions of Section 19.1 (Termination for Convenience). In the case of Customer’s reduction of any Services under this Section 3.2 (Non-Exclusivity of Services), the Fees for the remaining Services will be as set forth in a Statement of Work; or if not addressed in the Statement of Work, the Fees will be equitably adjusted to reflect those Services that are no longer required and in the case of a Partial Termination the provisions of Section 19.1 (Termination for Convenience) will apply.

3.3 No Minimum Commitment. As of the Effective Date, Customer intends to use Provider to meet certain of its outsourcing needs during the Term. However, Customer does not make any minimum Fee or volume commitment under the Agreement unless otherwise provided in the Fees Exhibit to a Statement of Work. Nothing in the Agreement will be interpreted as a requirements contract or a “take-or-pay” contract. Furthermore, Provider does not receive any exclusive rights under the Agreement and nothing in the Agreement will be construed as requiring Customer or Customer Group to purchase services solely from Provider. Any and all Fees must be agreed to in writing by Customer and Provider in advance.

3.4 Projects. From time to time during the Term, Customer may engage Provider to perform a Project in accordance with the project engagement procedure set forth in Schedule 5 (Governance). Provider will comply with Schedule 5 (Governance) and perform each Project, complete all Project Milestones, and provide all Deliverables in accordance with the Project Documents.

3.5 Changes to Customer Group. If a change to all or part of Customer’s business structure, by merger, acquisition, divestiture, or reorganization (“Restructuring”) results in an entity that was not previously an Affiliate of Customer becoming part of Customer Group (“Acquired Entity”), then Customer may require Provider to provide the Services to the Acquired Entity under the Agreement. If a Restructuring results in a business that was previously Controlled by Customer or one of its Affiliates no longer being Controlled by Customer or one of its Affiliates (“Divested

Confidential

Page 2 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

Entities” and, together with Acquired Entities, “New Entities”), then Customer may require Provider to provide the Services to the Divested Entity under the terms of the Agreement for a period of up to [***]. If Customer notifies Provider that it is considering or intends to engage in a Restructuring, Provider will, at no additional cost to Customer, provide reasonable assistance, information, and advice to assist Customer in evaluating the time and expense and any associated risks of providing Services to an Acquired Entity or continuing or terminating Services to a Divested Entity.

3.6 Governmental Approvals and Consents. At its own expense, Provider will (A) obtain and maintain all Governmental Approvals required for Provider and all Provider Agents to provide the Services; (B) obtain, maintain, and comply with all of the Provider Consents; and (C) comply with the Customer Consents. With Provider providing assistance as requested by Customer, Customer will obtain, maintain and comply with the Customer Consents. As requested by the other Party, each Party will cooperate with the other Party in the other Party’s obtainment of the Governmental Approvals and the Consents that such other Party is required to obtain pursuant to this Section 3.6 (Governmental Approvals and Consents). If Customer is unable to satisfy its obligation to obtain a Customer Consent, the Parties will discuss and agree upon commercially reasonable alternative approaches as are necessary and sufficient to provide the Services without such Customer Consent, and such alternative approaches will be documented pursuant to the Change Control Procedures.

3.7 Technology and Process Evolution. In providing the Services to Customer and/or Customer Group, Provider will, at no additional cost to Customer and/or Customer Group, (A) use commercially reasonable efforts to continually improve its technology and processes to allow Customer and/or Customer Group to take advantage of technological and process advances related to the Services, (B) regularly provide for Customer’s evaluation any technology developments that could reasonably be expected to have a positive impact on the Services that Provider uses or intends to use for any of its other clients for similar services, and (C) leverage its leading available technology and processes as appropriate for a given service when providing Services of that type for Customer and/or Customer Group as described in the applicable Statement of Work.

3.8 Knowledge Sharing.

(A) At least once every Contract Year or upon request after at least thirty (30) days’ notice from Customer, Provider will meet with representatives of Customer to in a reasonable level of detail (1) explain how the Services are provided, (2) explain how the Provider Systems work and should be operated, and (3) provide such training and Documentation as Customer may require for Customer to (a) provide services that interact with or interface with the Services, (b) understand and operate the Provider Systems, and (c) understand and perform the Services after the expiration or termination of the Agreement.

(B) In addition to the Process Interface Manual, upon Customer’s request from time to time, Provider will deliver to Customer a full description of the processes, tools, and environmental configuration related to the Services.

3.9 Reports. Provider will provide to Customer, in a form acceptable to Customer, the reports and/or explanations and/or Documentation and/or materials described in the Agreement and in all Statements of Work. Provider’s costs in collecting and analyzing data and in preparing such reports are included in the Fees and are not subject to any additional charges, fees, or reimbursements. At any time during the Term, Customer may require reasonable additional ad-hoc reports. Such additional reasonable ad-hoc reports will be provided by Provider at no additional cost. Any requests for ad-hoc reports beyond such reasonable ad-hoc reports may be subject to the Change Control Procedures.

Confidential

Page 3 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

3.10 Customer Systems. In providing the Services, Provider will ensure that it does not, without the prior written consent of an Authorized Representative of Customer or acting in accordance with a signed Statement of Work in which Provider expressly sets forth the anticipated adverse effect or alteration, adversely affect or alter (A) the operation, functionality, security, or technical environment of the Customer Systems or (B) the processes used by Customer, Customer Group, or Customer Agents in connection with their businesses (the “Retained Processes”). Provider will be proactive in keeping itself informed about Customer Systems and Retained Processes as necessary to provide the Services. At Customer’s request, Provider will coordinate with Customer to evaluate the impact of any alterations to Customer Systems and Retained Processes to the extent such alterations may impact the Services. Customer may furnish Provider Staff with access to Customer Systems, as expressly set forth in the applicable SOW when and to the limited extent necessary for the performance of Services under this Agreement. Provider will limit all access to Customer Systems, whether provided at a Service Location or through remote access, to such Provider Staff approved in advance in writing by an Authorized Representative of Customer and to such access as is reasonably necessary in connection with the performance of Services, only for the minimum duration necessary to perform the relevant Services, and as otherwise may be limited by the terms of agreements with third parties (to the extent any relevant requirements have been disclosed in advance by Customer to Provider). Provider will ensure that no Provider Staff will have “standing access” to Customer Systems (i.e., continuing access whether or not the individual is actively engaged in the performance of Services). Customer will make such Customer Systems available on an “AS IS, WHERE IS, AS AVAILABLE” basis, with no warranties whatsoever. Customer may terminate any and all such access at any time and upon such termination, such Provider Staff will immediately cease all access and use of such Customer Systems and any Non-Provider Failure resulting from such termination of access will be treated in accordance with Section 3.20 (Excuse from Performance). Provider will comply with, and will ensure Provider Staff comply with, all agreements with third parties and all Customer Policies prohibiting or restricting remote access to Customer Systems (to the extent any relevant requirements and Customer Policies have been disclosed in advance by Customer to Provider).

3.11 Satisfaction Surveys. Provider and Customer will conduct satisfaction surveys as set forth in the Statements of Work.

3.12 Responsibility for Resources. Except as otherwise expressly provided in this MSA or the applicable Statement of Work, Provider will be responsible for providing the Service Locations, personnel, Systems, software, technical knowledge, expertise, and other resources necessary to provide the Services.

3.13 Work Reprioritization. Customer may identify new activities to be performed by Provider Staff then assigned on a dedicated basis to providing the Services (including work activities that would otherwise be treated as a Project) or reprioritize or reset the schedule for existing work activities to be performed by such Provider Staff, so long as such activities are similar to the types of activities that Provider Staff is trained to perform. Unless otherwise agreed in writing, Customer will incur no additional charges for the performance of such work activities by Provider Staff to the extent such work activities can be performed by the dedicated Provider Staff then assigned to Customer. Provider will use commercially reasonable efforts to perform such work activities without impacting the established schedule for other tasks or the performance of the Services in accordance with the Service Levels. If after using such efforts it is not possible to avoid such an impact, Provider will notify Customer of the anticipated impact and obtain Customer’s consent prior to proceeding with such work activities. In its sole discretion, Customer may forego or delay such work activities or temporarily adjust the work to be performed by Provider, the schedules associated with the work, or the Service Levels to permit the performance by Provider of such work activities at no additional cost or charge to Customer. Any Non-Provider Failure resulting from such re-prioritized work will be treated in accordance with Section 3.20 (Excuse from Performance)

Confidential

Page 4 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

3.14 Cooperation with Third Parties. The performance of Services may involve work with the former third-party suppliers of the Services (“Former Providers”) and other third-party suppliers, consultants, advisors, suppliers, contractors, and agents of Customer. If reasonably requested by Customer, Provider will work diligently with any and all such third parties as specified by Customer in writing for the purposes of the fulfillment of the Services and at no additional charge. Without limiting the foregoing, Provider will provide such cooperative assistance and access to Provider Systems as reasonably requested by Customer Group, including providing: (i) the necessary information related to the Services that Customer Group requests to enable Customer Group to draft a request for proposal(s) relating to the Services and to provide existing information to support due diligence for recipients of such request for proposal; (ii) access to Service Locations used by Provider to provide the Services as necessary for Customer Group or third-party suppliers to survey the current environment being used to deliver the Service(s) (other than a Shared Service Delivery Environment); (iii) assistance and support services to Customer Group or third-party suppliers to the extent related to the Services; (iv) making the Provider Systems available to Customer, Customer Agents, and/or the third-party supplier in accordance with and to the extent required by Article 20 (Termination Assistance) and Schedule 4 (Termination Assistance); (v) such information regarding the operating environment, Provider System constraints and other operating parameters related to the Services as a person with reasonable commercial skills and expertise would find reasonably necessary for the Customer Group or third-party suppliers to perform the Services; and (vi) assisting Customer in obtaining all required Customer Consents. For the avoidance of doubt, under no circumstances are any such providers, consultants, advisors, suppliers, or contractors of Customer authorized to bind Customer in any way or enter into any commitments on behalf of Customer. Provider will treat Confidential Information received from Former Providers, such third-party suppliers, consultants, advisors, suppliers, and contractors in connection with the provision of Services as Customer’s Confidential Information subject to the terms of the Agreement. If the foregoing obligations require any of Provider’s Confidential Information to be disclosed to a third party, such third party must execute a reasonable non-disclosure agreement before receiving such information. Customer will ensure that the terms of such non-disclosure agreement are at least as protective of Provider’s Confidential Information as the terms of the Agreement. In connection with such cooperation and access, Customer, Customer Agents and other third parties will comply with Provider’s reasonable security and confidentiality requirements provided in advance in writing to Customer, and will, to the extent performing work on Provider Systems, comply with Provider’s reasonable standards, methodologies, and procedures provided in advance in writing to Customer.

3.15 Management of Third-Party Contracts.

Confidential

Page 5 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(A) Each SOW will include in an exhibit the license, support, maintenance and/or other agreements (if any) that Provider will manage as part of the Services (collectively, the “Managed Contracts”, each such agreement a “Managed Contract”). If any agreement inadvertently was omitted from such exhibit but was reasonably expected by the Parties to be included on such exhibit, then at Customer’s request, the Parties will add such agreement to the applicable exhibit. Customer hereby appoints Provider to act during the Term as its single point of contact and interface for any matters pertaining to services being managed by Provider under such Managed Contracts with respect to the Agreement, and Customer will notify all appropriate third parties (including the third-party suppliers of such Managed Contracts) of such appointment. Provider will manage the Managed Contracts in accordance with the terms of the Managed Contracts and the Agreement. Customer may at any time exercise reasonable control over Provider’s actions with respect to such third-party suppliers as it relates to the provision of Services. Notwithstanding the foregoing, (1) Provider will not manage the [***] attributable to such Managed Contracts and (2) in performing such services, Provider will not, without the prior written authorization of Customer, incur any cost, expense or obligation in the name of Customer and/or Customer Group, and/or make any representations or warranties on behalf of Customer and/or Customer Group.

(B) Without limiting the generality of the foregoing, Provider will: (1) cooperate with Customer and the applicable third-party supplier with respect to the Managed Contract; (2) manage the third-party supplier’s performance as outlined in such Managed Contract and act as a single point of contact and interface, on Customer’s behalf, to the applicable third-party supplier with respect to issues relating to such performance; (3) proactively manage the day-to-day services, deliverables and other performance obligations set forth in the Managed Contract; (4) operate an on-going quality management program to verify that the quality of services delivered by the third-party supplier meets or exceeds performance requirements stated in the Managed Contract; (5) subject to Customer’s prior written approval, include Customer and the applicable third-party supplier in operational meetings related to the Services, and overall governance meetings, to the extent necessary and appropriate to the services being performed by the third-party supplier; (6) work and cooperate with the third-party supplier to define and reduce to practice a hierarchical dispute resolution process within no more than [***] days (unless another period is requested by either Party, discussed by the Parties in good faith and agreed to by the Parties, such agreement will not be unreasonably withheld) of the addition of the applicable Managed Contract to the applicable SOW exhibit; (7) handle and reasonably resolve third-party supplier performance issues and other issues or disputes related to the Managed Contract through the hierarchical dispute resolution process to resolution and monitor occurrences to determine corrective action requirements; (8) monitor and report on third-party supplier performance and any corrective action plan status, if applicable; (9) promptly notify Customer of any issues that may impact the third-party supplier’s overall provision of the Services and which could not be reasonably resolved during the agreed upon hierarchical dispute resolution process between Provider and the applicable third-party supplier; and (10) promptly provide Customer with information with respect to Provider’s management of the Managed Contract, including the foregoing, upon written request by Customer.

(C) Upon the expiry of each Managed Contract, Customer will allow such Managed Contract to expire and, as of the expiry date, Provider will be responsible for providing the day-to-day services, deliverables and other performance obligations set forth in the Managed Contract either itself or through a Provider Agent (subject to the provisions of Section 9.6 (Provider Agents)) and the foregoing responsibilities will no longer apply with respect to such expired Managed Contract. In the event Customer terminates any such Managed Contract prior to its contract expiry date, at Customer’s request and subject to the Change Control Procedures, Provider will be responsible for

Confidential

Page 6 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

providing the day-to-day services, deliverables and other performance obligations set forth in such terminated Managed Contract.

3.16 Customer Policies. In providing the Services, Provider will comply with the Customer Policies and will cause its Provider Agents and Provider Staff to comply with all Customer Policies. Provider acknowledges that Customer may update, amend, and modify the Customer Policies and issue new Customer Policies from time to time. If changes to any such Customer Policies or any new Customer Policies are first disclosed to Provider, or revised, after the Effective Date, to the extent that Provider’s compliance with the newly disclosed or revised policies and procedures would materially increase or decrease: (A) Provider’s resource requirements; and/or (B) level of effort or ability to perform the affected Services, either Party may request the Parties to enter the Change Control Procedures specified on Schedule 6 (Change Control Procedures) to expeditiously negotiate in good faith a change order and an equitable allocation of increased or decreased costs, if any. For the avoidance of doubt, Provider will comply with such new, updated, amended, or modified Customer Policies and will cause its Provider Agents to comply with all such Customer Policies. Customer will notify Provider of any such updates, amendments or modifications to Customer Policies in writing and Provider will be responsible for complying with such changes thereafter. Provider acknowledges that such written notice may include a link to such changes on Customer’s intranet. Customer will provide Provider with a password or passwords for Provider to access Customer’s intranet. Provider will take such actions as are necessary to maintain the confidentiality of, and prevent the unauthorized use of, each password and will be responsible for any such unauthorized use. Provider will immediately notify Customer in writing if Provider determines, or has reason to believe, that an unauthorized Person has gained access to a password.

3.17 Non-Compliance with Customer Policies. Suspected or actual incidents of non-compliance with Customer Policies will be managed to resolution by Provider’s compliance team in cooperation and consultation with Customer, and Provider will provide reports to Customer on an event-occurrence basis. If Provider Staff are responsible for such incidents, appropriate disciplinary action will be taken in accordance with the appropriate Provider Staff policies. Such disciplinary action may include Provider removing such Provider Staff from providing Services to Customer.

3.18 Process Interface Manual. As Provider transitions and migrates Services in accordance with each applicable Transition Plan, Provider will as part of Transition, with Customer’s input and cooperation, develop and update as-needed at all times during the applicable SOW term, a detailed, Customer-specific Process Interface Manual for each of the Services in a mutually agreed form and scope that minimally includes the content specified on Schedule 7 (Program Management and Process Interface Manual). Provider will provide the Services in accordance with the Process Interface Manual. Prior to completion of the Process Interface Manual, Provider will provide the Services in accordance with the policies and procedures generally used by Customer.

3.19 Due Diligence.

(A) Provider acknowledges and agrees that it has performed reasonable due diligence required to perform its obligations under the Agreement. Provider will not be entitled to adjust the Fees or be relieved of any obligations under the Agreement, including performing the Services and satisfying the Service Levels, as a result of: (A) its failure to request any information or documents from Customer; (B) its failure to review any information or documents provided by or on behalf of Customer, including information or documents provided by or on behalf of Customer under the Statements of Work; or (C) its failure to verify any assumptions that would otherwise impact the Services or Fees. Customer will, in a timely manner, provide information reasonably requested by Provider to support

Confidential

Page 7 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

the performance by Provider of its due diligence obligations; provided, that such information is reasonably available to Customer and Customer has the rights necessary to provide such information to Provider.

(B) During the period starting after the Effective Date and ending on [***] (the “Joint Verification Period”), Customer and Provider may inventory and validate any information that is reflected in or omitted from this Agreement based on information provided by Customer prior to the Effective Date, related to the following categories: 1) resource unit baselines; 2) third-party contracts, leases, licenses that are in scope; 3) Customer Systems; and 3) Affected Employees and their responsibilities (“Verifiable Information”).

(1) Customer and Provider will each appoint a business lead responsible for leading and coordinating the joint verification process for Customer and Provider, respectively (“Joint Verification Leads”). The Joint Verification Leads will meet promptly (and then at least weekly during the Joint Verification Period) and will work cooperatively to request, provide and promptly respond to any requests from each other related to Verifiable Information. At the initial meeting, Provider’s Joint Verification Lead will present a list of any Verifiable Information that Provider would like to verify.

(2) If, as a result of this joint verification process, Customer or Provider discovers inaccuracies or omissions in Verifiable Information, Customer and Provider will negotiate in good faith to amend this Agreement to provide for an equitable adjustment to the Fees, baselines, Service Levels and other terms of this Agreement affected by such inaccuracies or omissions. If either Party disputes the inaccuracy or the equitable adjustment, either Party may submit the matter to the escalation process in Schedule 5 (Governance).

3.20 Excuse from Performance. Provider will be excused from failures to perform Services only if and to the extent (A) caused by (i) the act or omission of Customer, a member of Customer Group or a third party engaged by or managed by Customer (except if and to the extent caused by Provider); (ii) any Equipment, Customer Software, or other technology refresh or maintenance for which Customer or a member of Customer Group is responsible to the extent such responsibility is identified in the Statement of Work; (iii) Provider acting, or refraining from acting, in accordance with the written decision or direction of the Customer Relationship Manager; provided that Provider has described the potential adverse consequences to the Customer Relationship Manager in writing; or (v) Customer or Customer Group’s failure to perform one or more Customer Operational Responsibilities or of Customer’s responsibilities expressly identified in this Agreement or the applicable SOW, provided such Customer responsibilities are reasonably required under the circumstances and are not hindered, impaired, delayed, or otherwise impacted by or dependent on Provider, Provider Agents, or Provider Staff (a “Non-Provider Failure”); (B) such Non-Provider Failure directly and materially causes Provider’s failure to perform the applicable Services (an “Excused Performance Failure”); and (C) Provider, as soon as reasonably possible under the circumstances, (1) notifies Customer of the Non-Provider Failure and Customer fails to remedy the failure; (2) uses commercially reasonable efforts to mitigate the adverse consequences of the Non-Provider Failure; and (3) timely resumes performing the affected Services upon resolution of the Non-Provider Failure. Customer will not be in breach of the Agreement, and Provider will not have the right to terminate this MSA, the applicable SOW, or the Services (in each case, in whole or in part), to claim damages, or to seek other remedies (except for excuse from performance under this section) due to the there being a Non-Provider Failure that causes an Excused Performance Failure (except for Customer’s obligations hereunder related to payment and withholding of disputed Fees). Each member of Provider Staff is expected to immediately escalate an issue if such Provider Staff member’s performance is impacted by a Non-Provider Failure. Notwithstanding any Non-Provider Failure, Provider will use proactive, good faith efforts at all times to maximize the possibility that the Services will nonetheless be performed in a timely manner.

Confidential

Page 8 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

3.21 Acceptance Testing. Any and all Projects, Services, Deliverables, phases, and milestones where (A) an acceptance process or testing is set forth in a SOW, (B) there are Fees or other amounts specifically payable for such item, or (C) Customer reasonably requests an acceptance process or testing in advance of delivery or performance of such item (“Reviewable Items”) when performed, delivered, or completed by Provider, are subject to testing by Customer using the acceptance criteria set forth in the applicable SOW (“Acceptance Testing”). If no acceptance criteria is set forth in the applicable SOW, then acceptance for each such item will be subject to Customer’s reasonable satisfaction that such item (1) complies in all material respects with the Specifications, Documentation, and instructions therefor and (2) if applicable, is delivered free of material errors. Customer will notify Provider of its acceptance or rejection of each Reviewable Item within the time frame specified in a Statement of Work or if not specified in a commercially reasonable time frame but not exceeding [***] Business Days unless otherwise agreed. Customer may notify Provider of rejection of a Reviewable Item in writing, including through reporting at the Performance Review Board under Schedule 5 (Governance), that such item is not performing sufficiently or requires additional work, re-performance, or re-delivery in order to meet the acceptance criteria and specifying in reasonable detail how the Reviewable Item failed to meet the acceptance criteria.

3.22 Deficiencies in Reviewable Items. If Customer rejects a Reviewable Item, the Parties will agree promptly (but in no later than [***] Business Days from the date of rejection of such Reviewable Item) upon a time period, for Provider to correct the Reviewable Item at Provider’s sole cost and expense and re-deliver to Customer the corrected Deliverable (including by, at Provider’s option, repairing or replacing any and all such Deliverables), re-perform the Project or Service, or satisfy the phase or milestone (or, in each case, the portion thereof). Provider will take such actions set forth in the foregoing sentence during the agreed upon time period and will recover to the Project schedule as per the applicable SOW.

3.23 Rejection Process. If any Reviewable Item is again rejected after Provider takes such actions set forth in Section 3.22 (Deficiencies in Reviewable Items) above, then Customer may elect, in its sole discretion for those Reviewable Items for which a specific Fee or other amount is payable: (A) (1) if payment has not been made, to withhold payment for such Reviewable Item; or (2) if payment has been made, to recover from Provider the Fees paid for such Reviewable Item; (B) to correct the Reviewable Item and charge Provider with the cost of such correction; (C) to provide Provider with another opportunity to correct the Reviewable Item at Provider’s sole cost and expense and re-deliver to Customer the corrected Deliverable (including by, at Provider’s option, either repairing or replacing such Deliverable), re-perform the Project or Service if applicable, or satisfy the phase or milestone (or, in each case, the portion thereof) within the agreed upon time period determined in accordance with Section 3.22 (Deficiencies in Reviewable Items); or (D) to purchase services comparable to the Reviewable Item in the open market or from other suppliers, as deemed appropriate by Customer using commercially reasonable judgement and subject to Customer’s duty to mitigate, and, at Customer’s option, charge Provider with any reasonable cost differential between the price of the Reviewable Item and the price paid, which cost may include premium fees for expedited delivery and administrative costs. In addition, for any Reviewable Item agreed to and designated by the Parties in an SOW as a “Termination Trigger Deliverable” or otherwise as an event for which the applicable SOW may be terminated, Customer may reject the Reviewable Item in accordance with Section 3.21 (Acceptance Testing), and terminate the applicable SOW (in whole or in part), upon written notice to Provider, effective immediately, without further opportunity to cure and without further obligation or liability to Provider except for any Termination Charge Amounts specified in an SOW.

Confidential

Page 9 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

3.24 Final Acceptance. For Projects where there are multiple related Reviewable Items, acceptance pursuant to Sections 3.20 (Acceptance Testing), 3.22 (Deficiencies in Reviewable Items), and 3.23 (Rejection Process) above of any Reviewable Items by Customer only constitutes conditional acceptance (“Conditional Acceptance”) by Customer. Customer will have a commercially reasonable time frame for the final acceptance or rejection in accordance with this Section of all Reviewable Items in each Project. Customer will confirm in writing that each such Reviewable Item conforms in all material respects to any and all completion criteria and/or user acceptance testing or other similar testing processes set forth in a SOW, performance in accordance with the Specifications and Documentation in a production environment, and/or such other requirements for final acceptance set out in an applicable SOW (collectively, “Completion Criteria”). Customer will notify Provider of failure to meet the Completion Criteria in writing, including through reporting at the Performance Review Board under Schedule 5 (Governance), that such Reviewable Items are not performing sufficiently or require additional work, re-performance, or re-delivery to meet the applicable Completion Criteria and specify in reasonable detail how the Reviewable Item failed to meet the Completion Criteria. In the case of any such rejection, Provider may have a reasonable opportunity to cure any such deficiencies but no later than [***] days from receipt of such notice unless another time period is agreed by the Parties in writing.

3.25 No Deemed Acceptance. Customer’s acceptance of any Reviewable Item will not prejudice Customer’s rights or remedies in equity, at Law, or under contract, including in the event that any such Reviewable Item is subsequently found not to be in compliance with the relevant acceptance criteria during any warranty period for such Reviewable Item set out in the applicable Statement of Work. For the avoidance of doubt, access, use or possession, completion, payment for, and/or receipt of delivery of any Reviewable Item will not be deemed to be acceptance of such item.

ARTICLE 4. TRANSITION.

4.1 Transition Plan. Provider will perform all functions and services necessary to accomplish the transition of the Services to Provider (“Transition”) in accordance with the high-level Transition Plan agreed to by the Parties and attached to the applicable Statement of Work (collectively, the “Transition Services”). After the applicable SOW Effective Date, the Parties may agree in a writing signed by Authorized Representatives of the Parties on amendments to the Transition Plan to describe detailed responsibilities of the Parties, which will upon agreement supersede and replace the initial Transition Plan. Unless and until the final plan is agreed between the Parties, the initial Transition Plan (along with the other provisions of this MSA and the applicable Statement of Work) will be the binding contractual document related to the Transition. In the Agreement, “Transition Plan” means the initial plan or the final plan, as applicable.

Confidential

Page 10 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

4.2 Transition Performance. Provider will take ownership of the Transition during the entire Transition period and will be fully responsible for performing the Transition Services set forth in the Transition Plan and all other necessary activities to successfully complete the Transition. Provider will perform the Transition without causing material disruption to the businesses of Customer and/or Customer Group, including the Customer Systems and Retained Processes. Provider will work closely with Customer and all Former Providers to facilitate the performance of the Transition in such a manner as to ensure that, throughout the Transition, the Services are provided to Customer without interruption unless agreed in the Transition Plan and at a level at least as high as the Services were provided by Customer, Customer Group, Customer Agents, and/or the Former Providers prior to the applicable SOW Effective Date, in no case below levels achieved by well-managed operations performing services similar to the Services. Customer may monitor, test, and otherwise participate in the Transition as set out in the Transition Plan or as otherwise mutually agreed. If the Transition will entail phased implementation for separate countries or other Service components, unless the Transition Plan provides otherwise, Customer may delay the commencement of one or more Transition phases until deficiencies affecting prior phases have been fully remedied or, if Customer deems the delay necessary, to make Changes to the Transition process to avoid replicating such deficiencies in new phases.

ARTICLE 5. TRANSFORMATION.

5.1 Transformation Plan. Customer may request that Provider perform functions and services necessary to accomplish the transformation of Customer’s environment to the future state of operations (“Transformation”). At such request, Customer and Provider will develop an initial, high level Transformation Plan to be attached to the applicable Statement of Work, as amended by the detailed Transformation Plan (collectively, the “Transformation Services”). After the initial Transformation Plan, the Parties may agree in a writing signed by Authorized Representatives of the Parties on amendments to the initial Transformation Plan to expand the high initial Transformation Plan into a detailed Transformation Plan, which will upon agreement supersede and replace the initial Transformation Plan. Unless and until another plan is agreed between the Parties, the initial Transformation Plan (along with the other provisions of this MSA and the applicable Statement of Work) will be the binding contractual document related to the Transformation. In the Agreement, “Transformation Plan” means the initial plan or the final plan, as applicable.

5.2 Transformation Performance. Provider will take ownership of the Transformation during the entire Transformation period and will be fully responsible for performing the Provider responsibilities set forth in the Transformation Plan and any other necessary activities reasonably required to successfully complete the Transformation. Provider will perform the Transformation without causing material disruption to the businesses of Customer or Customer Group. Provider will work closely with Customer, Customer Group, Customer Agents, and any other third parties as requested by Customer to facilitate the performance of the Transformation in such a manner as to ensure that, throughout the Transformation period, unless otherwise agreed in the Transformation Plan, the Services are provided to Customer and/or Customer Group without interruption and at a level at least as high as the Services were provided by Customer, Customer Group, or Customer Agents prior to the initiation of the Transformation period, in no case below levels achieved by well-managed operations performing services similar to the Services. Customer may monitor, test, and otherwise participate in the Transformation as set out in the Transformation Plan or as otherwise mutually agreed. If the Transformation will entail phased implementation for separate countries or other Service components, unless the Transformation Plan provides otherwise, Customer may delay the commencement of one or more Transformation phases until deficiencies affecting prior phases have been fully remedied or, if Customer deems the delay necessary, to make Changes to the Transformation process to avoid replicating such deficiencies in new phases.

Confidential

Page 11 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

5.3 Transformation Timing. Provider’s timely performance of any Transformation Services under an applicable Statement of Work is of the utmost importance to Customer. Provider’s failure to achieve any required milestones or other deadlines according to the terms of the Transformation Plan in the applicable Statement of Work will be a breach of Provider’s obligations under the Agreement.

ARTICLE 6. HUMAN RESOURCES. If applicable, the transfer of all Affected Employees to Provider, as pertains to each Statement of Work, will take place in accordance with the terms and conditions of that Statement of Work and with Schedule 8 (Employee Matters).

ARTICLE 7. SERVICE LEVELS AND CREDITS.

7.1 General. Provider will perform the Services under each Statement of Work in such manner as to meet or exceed the applicable Service Levels, which will be defined, along with calculation methodologies and other detailed terms governing the Service Levels, in attachments to the Statement of Work (the “Service Level Exhibits” of such Statement of Work). In addition, on a continuous basis and at no additional charge, Provider will actively (A) identify ways to improve the Service Levels and (B) identify and apply proven techniques and tools from other installations within its operations that would benefit Customer either operationally or financially. As defined in Service Level Exhibits, Customer has the right to change one or more Service Level from time to time. Provider will perform all Services without expressly defined Service Levels with at least the same degree of accuracy, quality, completeness, timeliness, responsiveness, and efficiency as the greater of (1) the level provided prior to the SOW Effective Date by or for Customer or (2) levels achieved by well-managed operations performing services similar to the Services. Provider will perform all tasks necessary to complete the Services in a timely and efficient manner, using standard and effective methodology and tools.

7.2 Reporting and Measurement Tools. Provider will provide Customer with, at a minimum, monthly reports on Provider’s compliance with the Service Levels in accordance with Schedule 3 (Cross-Functional Service Terms) and Schedule 9 (Information and System Security Requirements). Provider will implement measurement and monitoring tools and procedures required to measure Provider’s performance of the Services and to report on such performance at a level of detail that is sufficient for Customer to readily verify compliance with the Service Levels, including measurements and metrics to assess information and system security Service Levels, and whether additional security controls or remediation are appropriate, subject to the processes described in Section 17.13 (Notice of Adverse Impact). Provider will provide Customer with online access to the raw data from such measurement and monitoring tools as such data becomes available online to Provider. Upon reasonable request by Customer, Provider will provide Customer and its designees access to and information concerning such measurement and monitoring tools, procedures, and performance information for purposes of audit, inspection, and verification.

7.3 Anticipated Default; Root-Cause Analysis. If Provider anticipates that it may fail to meet one or more Service Levels, Provider will promptly inform Customer of the anticipated failure and, thereafter, at time intervals determined by Customer, update Customer on its efforts to avoid the anticipated failure until Customer determines the updates are no longer needed and Provider is once again able to meet or exceed the affected Service Levels. If Provider fails to provide the Services in a manner that meets or exceeds one or more Service Levels, Provider will (A) promptly perform a root-cause analysis as specified in the Service Level Exhibits, (B) identify the problems causing the failure, (C) report to Customer on the nature and scope of the problems identified, (D) correct the problems as soon as practicable, (E) resume meeting the Service Levels, (F) advise Customer of the progress of correction efforts at stages determined by Customer, and (G) demonstrate to Customer that all reasonable action has been taken to prevent a recurrence of the

Confidential

Page 12 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

Service Level default. The failure to complete (A)-(G) above for Critical Performance Indicators will be considered a material breach of the Agreement.

7.4 Performance Credits. If Provider fails to provide the Services under a Statement of Work in accordance with any of one or more Critical Performance Indicators for that Statement of Work, without limiting Customer’s other remedies, Provider will incur the Performance Credits identified in the Service Level Exhibits. Performance Credits under each Statement of Work will be allocated and calculated in accordance with the procedure set forth in the Service Level Exhibits of that Statement of Work.

7.5 Deliverable Credits. Deliverables and Deliverable Credits, if applicable, are separately defined in and for each Statement of Work and, in the case of Projects, in and for each Project Document. A Deliverable Credit will be credited to Customer on the invoice that contains Fees for the month during which the right to such Deliverable Credit arose or as soon thereafter as is practicable. Issuance of a Deliverable Credit does not limit Customer’s other remedies for Provider’s delay or failure in providing a Deliverable.

ARTICLE 8. SERVICE LOCATIONS.

8.1 Service Locations. The Services under each Statement of Work will be provided to Customer and/or Customer Group from Service Locations or from other locations, including any Customer facilities, as set forth in an applicable SOW except for those services for back-office and program management functions such as financial management, contract management and risk management functions, provided that in no event will any Confidential Information, Personally Identifiable Information, or other data of Customer’s customers be Processed as a part of such services. Such Service Locations or other locations, including any Customer facilities and the Provider Software, Provider Systems and facilities used to provide such Services will be physically located at, only in the United States unless otherwise set forth in a SOW. Provider will obtain Customer’s prior written approval if Provider intends to transfer Services from one Service Location to another Service Location, even if both Service Locations are specified in the applicable SOW. Without limiting the foregoing, all Personally Identifiable Information in Customer Data will be physically located in, or on media or Provider Systems that are physically stored in the United States or at such Customer facilities where physically stored as of the Effective Date unless otherwise set forth in an applicable Statement of Work. Personally Identifiable Information will not be Processed outside of the United States or such Customer facilities without Customer’s prior written approval, in accordance with Schedule 9 (Information and System Security Requirements) unless otherwise set forth in an applicable Statement of Work. All Customer-approved transfers of Services to another Service Location is at no additional cost or charge to Customer. With the exception of any facilities and Customer Systems designated as Customer’s responsibility pursuant to a Statement of Work, Provider is financially and operationally responsible for providing all furniture, fixtures, Systems (including office equipment such as copiers, fax machines, and printers), consumables (such as office supplies), connectivity, space, and other facilities required to perform the Services and all upgrades, improvements, replacements and additions to such furniture, fixtures, Systems, consumables, connectivity, space and facilities. Without limiting the foregoing, Provider will provide (A) all maintenance, site management, site administration, and similar services for the Service Locations, and (B) uninterrupted power supply services for the Service Locations.

Confidential

Page 13 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

8.2 Physical Safety and Security Procedures. For each Service Location, Provider will maintain and enforce physical safety and security procedures that are at least equal to industry standards for locations similar to the Service Location or are any higher standard agreed on by the Parties, but at a minimum, complies with Customer Policies and Schedule 9 (Information and System Security Requirements). When on Customer premises, Provider Staff will comply with the Customer Policies that are applicable on Customer premises.

ARTICLE 9. PROVIDER STAFF.

9.1 Key Personnel.

(A) Unless otherwise agreed by the Parties, all Key Personnel will be dedicated to providing Services to Customer and/or Customer Group for the amount of time identified in the applicable SOW for each member of Key Personnel. Before assigning any individual to a Key Personnel position, Provider will give Customer prior notice of the assignment and provide information reasonably requested by Customer about the individual. Provider will obtain Customer’s consent before assigning any individual to a Key Personnel position. Except as provided in paragraph (B) below, such consent may not be unreasonably withheld.

(B) Without Customer’s prior consent, which it may withhold in its sole discretion, Provider will not replace or reassign (1) the IBM Client Partner Executive for two (2) years after the Effective Date or (2) the other Key Personnel for one (1) years after the applicable SOW Effective Date or original assignment date of that Person, whichever is later. This paragraph (B) does not apply to replacement of an individual who (a) voluntarily resigns from Provider, (b) is dismissed by Provider for misconduct (e.g., fraud, drug abuse, theft or failure to perform duties and responsibilities), or (c) dies or is unable to work because of a disability.

(C) Upon notice to Provider, Customer may require removal of any Key Personnel. In such case, Provider will, as soon as reasonably practicable, replace such Person. Provider will maintain backup procedures and conduct replacement procedures for the Key Personnel in such a manner that assures an orderly succession for any Key Personnel who are replaced.

9.2 Provider Staff Agreements. Each member of Provider Staff will be a party to a written agreement or certification process with Provider, sufficient to require, that (A) requires the person to abide by (1) Customer Policies, (2) Schedule 9 (Information and System Security Requirements), and (3) other Statements of Work in performing the Services, (B) requires the person to comply with the confidentiality provisions of the Agreement. In addition, each member of Provider Staff will be a party to a written agreement with Provider that contains such provisions for the assignment of Intellectual Property Rights as are necessary for Customer to receive ownership of Assigned Rights under the assignment set forth in Article 16 (Intellectual Property Rights).

Confidential

Page 14 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

9.3 Provider Staff Removal. If Customer determines that a member of Provider Staff should be removed from Customer’s account, Provider will have a reasonable opportunity to investigate the situation and discuss it with Customer, and if the situation is not resolved to Customer’s satisfaction promptly, Provider will immediately remove such individual upon Provider’s receipt of notice from Customer.

9.4 Background Check and Work Eligibility. At its expense and in compliance with applicable Law, Provider is responsible for conducting a background check and substance abuse screening of each member of Provider Staff. Provider will conduct background checks and substance abuse screenings in accordance with the requirements detailed in Schedule 10 (Background Checks) in addition to any and all requirements provided in the human resource related attachments to the Statement of Work (the “Human Resource Exhibits” of such Statement of Work). Without limiting the requirements specified in the Human Resource Exhibits, Provider Staff background checks and substance abuse screenings will include investigation of such matters as reasonably required by applicable Law or by Customer, subject to the limitations of applicable Law. Furthermore, Provider must complete background checks and substance abuse screenings for each member of Provider Staff prior to or within 15 days of such member initial providing Services to Customer. Provider will maintain Documentation evidencing that background investigations and substance abuse screenings have been completed on all Provider Staff and will grant Customer access to such Documentation upon request.

Provider will not assign individuals to Provider Staff who, based on the results of their background check or substance abuse screening, are likely to present a threat to the safety or security of people or assets on Customer’s premises or at Service Locations. For those Provider Staff needing a visa to enter and/or remain in the country in which Services are rendered, or otherwise needing immigration status in any country in which Services are rendered in order to carry out activities in connection with the Agreement, Provider and Provider Staff will (A) pay for and be solely responsible for obtaining and maintaining such visas and (B) take all steps necessary to obtain and maintain appropriate immigration classifications or status for such personnel. Provider will, and will cause its Provider Staff, to comply fully with the terms and conditions of any immigration classification or status.

9.5 Restricted Parties Compliance. All Provider Agents and Provider Staff performing the Services in the United States or supporting Provider activities under the Agreement, regardless of their location, will be validated by Provider to not be on any list publicly published and maintained by the U.S. government of Persons or entities with whom any U.S. Person or entity is prohibited from conducting business (“Restricted Parties Lists”).

Provider is responsible for ensuring that it remains informed of the Restricted Parties Lists and that at the time of hire no Provider Agents or Provider Staff are on any of these lists. Provider is also responsible for reviewing updates to the Restricted Parties Lists. In the event that Provider or Customer becomes aware of any Provider Agents or Provider Staff being included on any Restricted Parties List, Provider will promptly remove such Provider Agents or Provider Staff from any involvement in or in support of the Services and will report to Customer that it has done so.

9.6 Provider Agents.

(A) Except as provided in (B) below, Provider may not delegate or subcontract any of the Services or any of Provider’s obligations under the Agreement, in whole or in part, without obtaining Customer’s prior written consent. To obtain Customer’s approval of a Provider Agent, Provider must notify Customer of the proposed Provider

Confidential

Page 15 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

Agent, and the scope of the Services proposed to be subcontracted. In any event, Provider must require its Provider Agents to meet, exceed, and/or comply with any applicable terms of the Agreement.

(B) Provider may, in the ordinary course of business and without Customer’s prior written consent, enter into subcontracts (i) with the Provider Affiliates listed on Schedule 11 (Provider Affiliates); (ii) with subcontractors that it uses in a Shared Service Delivery Environment where such services or products do not represent material components of the Services and do not involve any direct contact with Customer Personnel or access to or other Processing of Confidential Information, including any Personally Identifiable Information, of any member of Customer Group; or (iii) for third-party services or products that represent non-material tasks that do not involve any direct contact with Customer Personnel or access to or other Processing of Confidential Information, including any Personally Identifiable Information, of any member of Customer Group.

(C) No subcontracting will release Provider from its responsibility for its obligations under the Agreement. Provider is responsible for the work and activities of each of Provider Agents and members of Provider Staff employed by Provider Agents. Provider will be liable for any breach of, or act or omission under, this Agreement by any Provider Agent or member of Provider Staff employed by a Provider Agent. Provider is responsible for all payments to Provider Agents. Provider will promptly pay for all services, materials, equipment and labor used by Provider in providing the Services, and Provider will promptly cause any Provider Agent to remove all claims against Customer or lien on Customer Resources.

(D) Customer may require Provider to remove from providing Services to Customer or to replace any Provider Agent who is deemed unacceptable by Customer for performance or any other reasonable reason, including potential harm to reputation or violation of Law. Except in the case of a violation of Law or unauthorized Processing of Personally Identifiable Information, Provider will have a reasonable opportunity to investigate Customer’s concerns but no more than [***] Business Days after the Customer request, correct the Provider Agent’s deficient performance and provide Customer with a written action plan to assure that such deficient performance will not recur. If Customer is not reasonably satisfied with Provider’s efforts, Provider will remove and replace such Provider Agent as soon as possible.

9.7 Services to Customer Competitors. No dedicated Provider Staff or Key Personnel will provide services to any Customer Competitor at a time when they have access to Customer’s Confidential Information and for one (1) month before or one (1) year after they have such access. Provider will take such steps that are reasonable and necessary to prevent Customer’s Confidential Information from being disclosed to any Provider Staff performing services on behalf of any Customer Competitor.

9.8 Qualifications and Training of Provider Staff. Provider will assign a clearly adequate number of Provider Staff to perform the Services and will account for turnover (voluntary and involuntary). Provider Staff will be properly educated, trained, and fully qualified for the Services they are to perform. Provider will not charge Customer for the costs of training such Provider Staff, including for the time necessary for such Provider Staff to become familiar with providing Services to Customer or with Customer or with Customer’s business. This training will include at least any required continued education and ongoing training related to data protection, risk control, regulatory requirements, and other relevant education.

Confidential

Page 16 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

9.9 Personnel Turnover Rate. Provider will take steps to keep the turnover (voluntary and involuntary) rate of Provider Staff at a level that (A) ensures continued performance of the Services in compliance with the Agreement and (B) is comparable to or better than the industry average for well-managed service providers in the applicable country performing services similar to the Services. Provider will provide to Customer a semi-annual turnover (voluntary and involuntary) report of Provider Staff, and the Parties will work together to reduce the turnover (voluntary and involuntary) rate. Provider will ensure that all replacement personnel receive sufficient information and training, without additional charge to Customer, to assure continuity of Services without adverse impact. For avoidance of doubt, the turnover (voluntary and involuntary) rate of Provider Staff is not an acceptable justification for Provider not meeting or exceeding a Service Level. Provider is responsible for managing turnover (voluntary and involuntary) to meet or exceed established Service Levels.

ARTICLE 10. CONTINUED PROVISION OF SERVICES.

10.1 Disaster Recovery Plan. Provider will maintain adequate disaster recovery and business continuity plans in respect of each Service Location from which the Services are provided or supported that, at a minimum, meet the requirements of Schedule 12 (Disaster Recovery and Business Continuity Requirements) (each, a “Provider DR Plan”). Provider will update and test the Provider DR Plans at least annually (or such other frequency specified in Schedule 12) and certify in writing the results of such testing to Customer. Provider also will comply with such other requirements specified in Schedule 12 (Disaster Recovery and Business Continuity Requirements). Upon a disaster, Provider will promptly undertake all applicable actions and precautions under the Provider DR Plan or Customer DR Plan (as defined in Schedule 12 (Disaster Recovery and Business Continuity Requirements)), as applicable, and diligently pursue them as necessary to avoid or, if unavoidable, minimize any interruption of Services, and will provide for the recovery and reconstitution of the affected System to a known state after a disruption, compromise, or failure within defined time periods consistent with recovery time and recovery point objectives. If the Services are not reinstated within the defined recovery time periods set out in Schedule 12 (Disaster Recovery and Business Continuity Requirements), Provider will work to reinstate Services within a reasonable time as agreed upon with Customer.

10.2 Force Majeure. If and to the extent that a Party’s performance is prevented or delayed by fire, flood, riot, war, pandemic, acts of God, or other events beyond such Party’s reasonable control (other than failure to perform by, or acts or omissions of, Provider Agents in connection with their responsibilities under the Agreement) and without the fault or negligence of the Party affected (a “Force Majeure Event”), then the affected performance will be excused for so long as (A) the Force Majeure Event continues to prevent or delay performance and (B) the Party continues efforts to recommence performance to the extent possible without delay or disruption to Services, including through the use of alternate sources and workaround plans. The affected Party will promptly notify the other Party in writing, describing the Force Majeure Event in reasonable detail. Force Majeure Events do not excuse any disaster recovery and business continuity obligations under Section 10.1 (Disaster Recovery Plan). Other than a Force Majeure Event subject to the parameters of this Section 10.2 (Force Majeure), neither Party will assert any excuse or defense to a breach of contract claim under the doctrine of “impossibility,” “impracticability” or “frustration of purpose,” or other similar legal argument. Notwithstanding the foregoing, “Force Majeure Event” expressly excludes: (A) any event that Provider reasonably could have prevented by any testing either required to be performed pursuant to the Services or

Confidential

Page 17 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

necessary to provide the Services; (B) any Provider Staff strike, walkout or other labor shortage; (C) any non-performance of a Provider Agent, regardless of cause (unless due to a Force Majeure Event); in the case of a Cyber Attack that would otherwise be deemed a Force Majeure Event, any event that could have been prevented through Provider’s compliance with the Agreement or Customer Policies; and/or (D) any event which could have been prevented by reasonable precautions and can reasonably be circumvented by the non-performing Party through the use of alternate sources, work-around plans, or other means.

10.3 Alternate Source. If any Force Majeure Event or disaster delays performance of Services necessary for the performance of functions Customer reasonably identifies as critical for more than [***] days, Customer may procure such Services from an alternate source, and Provider will reimburse Customer for reasonable amounts paid to the alternate source to the extent exceeding the Fees for such Services for up to a period of one hundred and eighty (180) days or until Provider is able to resume performance of the affected Services. If the Force Majeure Event or disaster delays performance of such critical Services for more than twenty (20) additional days, Customer may terminate this Agreement, the applicable Statement of Work, or the affected Services as of the date specified by Customer in a termination notice to Provider subject to payment of any Termination Charge Amounts set forth in the applicable Statement of Work.

10.4 No Payment for Unperformed Services. Customer is not required to pay for those Services that are not performed because of excused performance in a Force Majeure Event or under Section 3.20 (Excuse from Performance).

10.5 Allocation of Resources. Whenever a Force Majeure Event or a disaster causes Provider to allocate limited resources among Provider’s customers, Provider will not give other customers priority over Customer or redeploy or reassign any Key Personnel (except as permitted under the Agreement) to another Provider customer.

10.6 Service Improvement Plan and Step-In. In the event (A) Provider is failing to deliver all or a material part of the Services in material conformance with the terms of the Agreement or (B) if Customer has a good faith basis for dissatisfaction with any portion of the Services that Customer reasonably identifies as critical, within fourteen (14) calendar days (or such shorter period as may be reasonably required in Customer’s notice to comply with a legal or regulatory requirement) after receipt of Customer’s written notice of such failure or dissatisfaction Provider will: (1) commence a root cause analysis as to the cause of such failure or dissatisfaction; (2) upon completion of a root cause analysis, develop a service improvement plan to address and remedy the failure and/or improve the level of satisfaction (“SIP”); (3) present such plan to Customer for its review, comment and approval; and (4) take action in accordance with the approved SIP. Customer and Provider will establish a schedule for completion of a root cause analysis and the preparation and approval of the SIP, which will be reasonable and consistent with the severity and materiality of the problem. Provider’s SIP developed hereunder will specify the specific measures to be taken by Provider and the dates by which each such action will be completed. Provider will perform its obligations under the SIP.

If Provider fails to implement such SIP and/or upon the occurrence of any Step-In Event, then Customer may assign Customer Personnel or third parties to step in and perform any failing elements of the Services until such time as Provider can reasonably demonstrate the ability to resume provision of such Services or

Confidential

Page 18 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

assist Provider in remedying the matters triggering the Step-In Event for up to a maximum of [***] (“Step-In Period”). Provider will reasonably cooperate with any Customer, Customer Agents, Customer Group, or any other third party selected by Customer. In addition, upon the occurrence of any Step-In Event and at any time prior to the remediation, resolution, or cessation of the circumstances triggering the Step-In Event, Customer may exercise any of the following rights and take any of the following actions: (A) subject to Provider’s reasonable security and confidentiality requirements provided in advance in writing to Customer, enter and remain on any affected Service Location premises other than any Shared Service Delivery Environment; (B) take control of the Services (including the Provider Systems) other than Services and Provider Systems provided in a Shared Service Delivery Environment; and (C) give directions to and manage Provider Staff. If Customer exercises any of its rights under this Section 10.6 (Service Improvement Plan and Step-In), Provider must provide all Documentation, materials, rights, and assistance reasonably required to enable Customer (or its nominee) to exercise the step-in rights under this Section 10.6 (Service Improvement Plan and Step-In). During the Step-In Period, Customer will have no liability for or obligation to pay Provider for those Services and Provider will be relieved from its obligation to meet Service Levels for Services if and to the extent Customer has exercised its step-in rights under this Section and Provider is not performing such Services, for the Step-In Period. From and after completion of the Step-In Period, Provider will resume performing those Services in accordance with the Agreement (including Service Levels) and Customer will be obligated to pay for such Services in accordance with the Agreement. Customer’s exercise of its rights under this Section will not constitute a waiver by Customer of any termination rights or rights to pursue a claim for damages arising out of the failure that led to such rights being exercised.

ARTICLE 11. CUSTOMER OPERATIONAL RESPONSIBILITIES.

11.1 Customer Resources. As needed for Provider to provide Transition Services and/or Transformation Services and/or the Services set forth in each Statement of Work, Customer will make available to Provider the Customer Resources in accordance with the following provisions:

(A) Provider will use the Customer Resources for the sole and exclusive purpose of providing the Transition Services and/or the Transformation Services under that Statement of Work to Customer and for the sole benefit of Customer and/or Customer Group;

(B) use by Provider of the Customer Resources does not constitute a leasehold interest in favor of Provider or any Provider Agents;

(C) Provider will use the Customer Resources in a reasonably efficient manner, reimbursing Customer for any unnecessary increased facility costs incurred by Customer;

(D) Provider will, and will ensure that Provider Agents, keep the Customer Resources in good order, not commit or permit waste or damage to Customer Resources, not use the Customer Resources for any unlawful purpose, and comply with Customer’s standard policies and procedures as in effect and updated from time to time, including procedures for the physical security of the Customer Resources;

Confidential

Page 19 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(E) Provider will not make any improvements or changes involving structural, mechanical, or electrical alterations to any Customer Resources without Customer’s prior written approval; and

(F) when a Customer Resource is no longer required to provide Transition Services and/or Transformation Services and/or Services, Provider will return such resource to Customer in substantially the same condition as when Provider began using such resource, ordinary wear and tear excepted.

11.2 Customer Operational Responsibilities. Customer will perform those operational responsibilities set forth in Section 11.1 (Customer Resources) for each Transition Plan and/or Transformation Plan and for each Statement of Work with respect to the applicable Services (collectively, the “Customer Operational Responsibilities”).

ARTICLE 12. FEES AND PAYMENT.

12.1 General. In consideration of the Services under each Statement of Work, Customer will pay Provider the Fees set forth in a schedule of payments and payment-related terms attached to that Statement of Work (“Fee Exhibit”). Except as expressly set forth in the Fee Exhibits, (A) no amounts are payable under the Agreement and (B) there will be no adjustments to the Fees unless agreed to in writing by an Authorized Representative of Customer. Provider will invoice the Fees under each Statement of Work as set forth in the Fee Exhibit, including such format as set forth in the applicable SOW and such detail as reasonably requested by Customer. Customer is not liable to pay any Fees not invoiced within [***] days after Provider was first entitled to invoice Customer for such Fees. Any and all undisputed Fees, the time for payment of which is not otherwise specified in the applicable Fee Exhibit, are due and payable [***] days after receipt of invoice from Provider that has been approved in accordance with Schedule 5 (Governance). Any unused credits against future payments (including Performance Credits and Deliverable Credits) owed to either Party by the other pursuant to a Statement of Work will be paid to the applicable Party within [***] days after the expiration or termination of the applicable Statement of Work. Schedule 17 (Extended Payment Plan) will apply with respect to invoicing and payment of Fees for Services subject to and in accordance with the terms and conditions thereof.

12.2 Expenses. All costs of providing the Services are included in the Fees and will not be reimbursed by Customer. When an SOW expressly permits reimbursement of Provider’s expenses, the type of expenses that Customer will reimburse must be expressly identified in such SOW and, to be reimbursed, such expenses must be (A) for pass-through expenses, at Provider’s actual cost incurred without mark-up of any kind; (B) reasonable and customary; (C) approved in writing in advance by Customer prior to Provider incurring such expense, unless otherwise provided in the SOW; and (D) any such charges will be accompanied by legible copies of receipts or other back-up documentation sufficient enough for Customer to validate any such charges.

12.3 Disputed Fees and Right to Offset. Subject to the Disputed Payments Cap, Customer may withhold payment of any portion of an invoice that it disputes in good faith and will provide Provider with a written explanation in a form acceptable to Customer of the basis for any disputed amounts it has withheld. Customer’s failure to dispute or withhold a payment will not operate as a waiver of the right to dispute and recover such amount. Customer may deduct from the Fees owed by Customer to Provider any amount that should be reimbursed to Customer or is otherwise payable to Customer pursuant to this MSA or any Statement of Work, including but not limited to Deliverable Credits and Performance Credits.

Confidential

Page 20 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

In the event of a payment dispute, the Parties will immediately investigate and attempt to resolve the dispute pursuant to Schedule 5 (Governance) hereof. Upon resolution of the dispute, Customer will promptly pay to Provider any disputed amounts due to Provider, and Provider will promptly pay Customer any disputed amounts due to Customer, based upon the agreement reached by the Parties during the dispute resolution process. In the event such withheld amounts would, in the aggregate, exceed the equivalent of [***] months of the Fees payable under the applicable Statement of Work (including under all related Local Services Agreements) (“Disputed Payments Cap”), Customer will pay to Provider, under protest and without waiver of any rights regarding the underlying dispute, all disputed amounts in excess of the Disputed Payment Cap as and when due.

12.4 Transition Fees. Neither Customer nor any member of Customer Group will incur any charges, fees, or expenses payable to Provider or Provider Agents in connection with the Transition Services, other than those Fees specified in the applicable Fee Exhibit. In addition, to the extent Provider or Provider Agents knows of charges, fees, or expenses payable to third parties in connection with the Transition Services (other than those to be incurred by Customer in connection with its performance of tasks designated in the Transition Plan as Customer’s responsibility), such third-party charges, fees, and expenses will be generally described in the applicable Fee Exhibit. Within [***] calendar days after the SOW Effective Date, Provider will advise Customer in writing of those third-party vendors who, based on Provider’s prior knowledge from working with its other customers, typically charge their customers for required consents.

12.5 Extraordinary Events. Any significant change in Customer’s business, such as merger, acquisitions, divestitures, general business downturn, or other business event that increases or decreases or is expected to increase or decrease the utilization of the Services under any Statement of Work by more than [***] percent ([***]%), and such change persists or is expected to continue for [***] or more months, will be deemed an “Extraordinary Event.” Upon such Extraordinary Event, Customer may elect to have the Fees equitably adjusted by providing notice to Provider (“Extraordinary Event Notice”). Such equitable adjustments will be based on Provider’s [***] and related [***] that either (A) can be eliminated by Provider in the event of an extraordinary reduction or (B) will be unavoidably incurred by Provider in the event of an extraordinary increase in such utilization. If the Parties cannot agree on an equitable adjustment to the Fees within [***] ([***]) days after Provider’s receipt of the Extraordinary Event Notice, Customer has the right to terminate the applicable Statement of Work, in whole or in part, by written notice to Provider effective as of the date specified in such notice, in accordance with the provisions of Section 19.1 (Termination for Convenience).

12.6 Benchmarking Arrangement. Provider agrees to an arrangement with Customer to provide assurance to Customer that the Fees Customer pays for Services provide continuing excellent value. This arrangement includes the following terms:

(A) At any time after the first anniversary of the Effective Date but no more than once every 24 months during the Term, Customer may request the services of a benchmark service provider (“Benchmarking Consultant”) to evaluate the cost of the Services under any Statement of Work (“Benchmarked Services”) compared to other providers in the outsourcing industry (“Benchmarking”).

Confidential

Page 21 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(B) The Benchmarking Consultant will be independent of the Parties, subject to a tripartite confidentiality agreement with protections no less protective to the confidentiality provisions of this Agreement, and will be qualified to do the Benchmarking. The Parties will identify a group of pre-approved Benchmarking Consultants. At the time that Customer requests Benchmarking, the Parties will work together to mutually agree upon a specific Benchmarking Consultant for the Benchmarking. If the Parties do not agree upon a specific Benchmarking Consultant within fifteen (15) Business Days of Customer’s request, Customer has the right to unilaterally select the Benchmarking Consultant from the pre-approved group.

(C) Provider will cooperate fully with the Benchmarking Consultant and provide all information relating to the provision of the Services to Customer that the Benchmarking Consultant requests. Benchmarking Consultant will compare the Fees against a Representative Sample of a sufficient number of Comparators, and will use normalization to ensure appropriate adjustments are made to all data to account for any differences between the Services and the Comparators so that a true “like-for-like” comparison is done.

(D) Only Customer may exercise the right to conduct a Benchmarking. Provider has no right to conduct a Benchmarking under this Section 12.6 (Benchmarking Arrangement).

(E) To the extent that the Benchmarking reveals that the Fees under the applicable SOW for the Benchmarked Service are in the aggregate higher than the average of the Representative Sample (“Benchmark Level”) but are within [***] percent ([***]%) of the Benchmark Level (“Accuracy Dead Band”), then there will be no adjustment to such Fees. If the Benchmark determines that the Fees for the Benchmarked Services are in the aggregate higher than the Benchmark Level for such Benchmarked Services by more than the Accuracy Dead Band, then the applicable SOW will be amended to adjust the Fees for the Benchmarked Services in an amount equal to the percentage difference between the Fees for the Benchmarked Services and the Benchmark Level for such Benchmarked Services, less the applicable Dead Band, up to a maximum adjustment not to exceed [***] percent ([***]%) of the Fees that were in effect pursuant to the Fees Exhibit for such Services in such year (the “Mandatory Adjustment”). For example, if the Benchmark indicates that the Fees for the Benchmarked Services are [***] percent ([***]%) greater than the Benchmark Level, then the Mandatory Adjustment would be [***] percent ([***]%) (i.e., [***] percent ([***]%) minus the [***] percent ([***]%) dead band). Customer and Provider will negotiate any adjustment to the Fees in excess of the Mandatory Adjustment and escalate any dispute pursuant to Schedule 5 (Governance). If the Fees Exhibit of the applicable SOW is not amended within [***] days as set forth herein or Customer and Provider are unable to agree on any adjustment to the Fees above the Mandatory Adjustment after escalation pursuant to Schedule 5 (Governance), Customer will have the right to terminate the Agreement, in whole or in part, for convenience in accordance with Section 19.1 (Termination for Convenience) but without payment of any applicable Termination Fees.

(F) Provider has no right to increase any Fees or decrease any Service Levels as a result of Benchmarking.

(G) Any Changes made to the charges pursuant to a Benchmark will take effect on a prospective basis [***] days following the Benchmarker’s delivery of the final Benchmark Results.

(H) The Parties will resolve any disagreement related to the Benchmark using the dispute resolution process set forth in Schedule 5 (Governance).

Confidential

Page 22 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

ARTICLE 13. TAXES.

13.1 Customer Tax Responsibility. Customer is liable for any sales tax, use tax, service tax, value added tax, transfer tax, excise tax, or any other similar tax imposed by any Governmental Authority arising from the performance or furnishing by Provider of Services or Provider’s Fees to Customer. Customer is not responsible for any tariffs, customs duties, and import fees based on Provider’s import or export of Provider Equipment, if any, as part of the Services, which will remain the responsibility of Provider. Such taxes will be invoiced by Provider to Customer unless Customer provides a valid resale certificate or other Documentation required under applicable Law to evidence tax exemption. Taxes must be invoiced on the same invoice as the product or Services that are subject to the tax. Provider invoices will separately state any Fees that are subject to taxation and separately identify the tax jurisdiction and the amount of taxes invoiced therein. Provider will assume any and all responsibility (including the payment of interest and penalty assessments levied by an applicable Governmental Authority) for failure to invoice, collect, or remit a tax.

13.2 Provider Tax Responsibility. Provider is responsible for any sales tax, use tax, service tax, value added tax, transfer tax, excise tax, tariffs, duties, import fees, and any and all other similar tax imposed on Provider with respect to any labor, equipment, materials, goods, or services acquired, used, or consumed by Provider in providing the Services to Customer. Should Customer be required under applicable Law to withhold taxes on any payments to Provider or Provider Agents, Customer will be entitled to deduct any such withholdings from payments due to Provider.

13.3 Excluded Tax Responsibilities. Neither Party is responsible for any franchise, privilege, income, gross receipts, or business activity taxes based on the other Party’s gross or net income, net worth, or business activities. Neither Party is responsible for any real or personal property taxes assessed on tangible or intangible property owned or leased by the other Party.

13.4 Tax Cooperation. Customer and Provider will cooperate to segregate the Fees into the following separate payment streams: (A) those for taxable Services; (B) those for nontaxable Services; (C) those for which a sales, use or other similar tax has already been paid; and (D) those for which Provider functions merely as a paying agent for Customer in receiving goods, supplies or services (including leasing and licensing arrangements) that otherwise are nontaxable or have previously been subject to tax. Provider will assist Customer to provide any Documentation necessary to prevent withholding, if applicable (see, e.g., Section 13.2 (Provider Tax Responsibility)). In addition, each Party will cooperate as reasonably requested by the other Party to more accurately determine the requesting Party’s tax liability and to minimize such liability, to the extent legally permissible. Each Party will provide and make available to the other Party any resale certificates, information regarding out-of-state sales or use of equipment, materials, or services, and any other exemption certificates or information requested by the other Party.

ARTICLE 14. AUDITS.

14.1 Service Audits. Upon reasonable advance notice from Customer (which normally will be at least [***] Business Days, but may be less if Customer requires, in its sole discretion, that certain audits, such as physical security audits, be conducted upon shorter notice), Provider and Provider Agents will provide Customer, Customer Group, Customer Agents, and any and all regulators of Customer (“Customer Auditors”) with access to and any assistance that they may require with respect to the Service Locations and the Systems (other than access to a Shared Service Delivery Environment) for the purpose of performing audits or inspections of the Services and the business of Customer relating to the Services, including operational, security, safety, health, financial, social responsibility, and other audits, including but not limited to emergency response, disaster recovery, and business continuity. Pursuant to

Confidential

Page 23 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

written notice to Provider, Customer Auditors will be granted escorted access to Provider’s Shared Service Delivery Environments (other than a cloud services environment) for the purposes of addressing any significant security or service risks described in such notice. Provider will make every reasonable effort to comply with Customer request in a timely manner. If any audit by a Customer Auditor results in Provider being notified that Provider or Provider Agents are not in compliance with any Law or other requirement set forth in the Agreement, Provider will, and will cause Provider Agents to, promptly take actions to comply with such Law, or other requirement in the Agreement at no additional expense to Customer. Any third parties who perform audits under this Agreement will be Customer Agents which perform or render auditing services to or for Customer and are not an IBM Competitor and will execute an appropriate confidentiality agreement provided in advance in writing to Customer. Audits will be conducted during reasonable business hours and be conducted no more than twice annually and apply only to the previous twelve months’ activities (or, if longer, the time since the last previous audit) except in the case of audits required or performed by a Governmental Authority or security or emergency response, disaster recovery and business continuity audits, which may be conducted at any time on an ad-hoc basis.

14.2 Fees Audits. Upon notice from Customer, Provider will provide Customer Auditors with access to such financial records and supporting Documentation as reasonably requested to determine if Fees and/or Termination Charge Amounts have been invoiced in accordance with the Agreement. Provider will promptly reimburse Customer for any overcharge revealed by such an audit. If the aggregate overcharges related to the period of such audit exceed US $[***], Provider will also reimburse Customer for the cost of such audit.

14.3 Audits Required by Governmental Authorities. Upon the direction of a Governmental Authority having jurisdiction over Customer, and upon at least fifteen (15) days’ prior written notice from Customer, or upon such shorter period of time as may be required by the requesting Governmental Authority, Provider will provide the Governmental Authority and any other Customer Auditors, during normal business hours, with access to and any assistance (including reports) that they may require with respect to the records, systems, and operations of Provider relating to the Agreement.

14.4 Provider’s Controls Audits. Provider will conduct its own audits pertaining to the Services consistent with the audit practices of well-managed companies that perform services similar to the Services. Without limiting the generality of the foregoing, Provider will provide to Customer for Provider and Provider Agents the following unqualified audits, in each case conducted by an independent public accounting firm, and certification:

(A) Annually on or before November 30, a Statement on Standards for Attestation Engagements No. 16, Service Organization Control 1, Type 2 (SSAE 16 SOC I Type 2) audit as defined by the American Institute of Certified Public Accountants) (“SOC 1 Audit”) provided that such SOC 1 Audit will be a multi-client audit covering the common processes designed and used by Provider for applicable Service Locations designated in the applicable Statement of Work. The SOC 1 Audit does not cover specific processes designed by or provided to Provider by Customer. The scope and timing of the SOC 1 Audit will be determined by Provider based on the recommendation from and with the agreement of its auditing firm. The SOC 1 Audit may include the Services only if the transfer to Provider of operational responsibility for Services is completed in sufficient time to allow six (6) months of steady state performance of the Services after completion of Transition during the period to which the SOC 1 Audit relates;

Confidential

Page 24 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(B) An ISO 27001/27002 certification(s) covering all Provider Systems and related processes, policies, and other tools used in providing the Services under this Agreement, except for those Provider Systems used for back-office and program management functions such as financial management, contract management, and risk management functions. In the event that Provider receives notice or otherwise becomes aware that any such certification(s) will or may be revoked at any time during the Term of the Agreement, Provider will provide prompt written notice of such condition to Customer and take prompt action to comply with the relevant standards to obtain such certification(s) at Provider’s sole cost and expense; and

(C) annually on or before January 31, letters attesting that the controls existing as of the most recent SOC 1 audit and ISO 27001/27002 certification(s) remain in effect.

14.5 Record Retention. Provider will retain records and supporting Documentation sufficient to document the performance of Services and invoicing of Fees hereunder.

14.6 Facilities. Provider will provide to Customer Auditors, on Provider’s premises (or, if the audit is being performed of a Provider Agent, Provider Agent’s premises), space, office furnishings (including lockable cabinets), telephone services, internet connectivity, utilities and office-related equipment, and duplicating services as the Customer Auditors may reasonably require to perform the audits described in this Article 14 (Audits). Customer and its auditors will not have access to Provider’s or its Affiliates’ or Provider Agents’ locations (except as specified above), to any Shared Service Delivery Environment or to Provider’s other customers’ locations or proprietary data, confidential information about other IBM customers, or information subject to attorney-client, work product or other privilege or prepared at the direction of counsel, information about Provider costs (other than costs needed to confirm the accuracy of any pass-through expenses).

14.7 Response. Customer and Provider will meet promptly upon the completion of any audit conducted pursuant to this Article 14 (Audits) (i.e., an exit interview) or the issuance of an interim or final report following such an audit. Provider will respond to each exit interview or audit report in writing within fifteen (15) days, unless a shorter response time is specified in such report. Customer and Provider will develop and agree upon an action plan to expeditiously address and resolve any deficiencies, concerns, and recommendations identified in such exit interview or audit report. Provider, at its own expense, will then undertake remedial action in accordance with such action plan and the dates specified therein to the extent necessary to comply with Provider’s obligations under the Agreement to the reasonable satisfaction of Customer.

Confidential

Page 25 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

ARTICLE 15. RELATIONSHIP MANAGEMENT.

15.1 Governance Guidelines and Principles. Governance of the Parties’ relationship pursuant to the Agreement will follow the guidelines and principles set out in Schedule 5 (Governance). Each Party will make management decisions, respond to communications, and perform the other governance responsibilities set forth in Schedule 5 (Governance) in a timely manner.

15.2 Appointments. Customer will appoint an appropriately qualified individual to manage Customer’s obligations and monitor Provider’s performance under the Agreement (the “Customer Relationship Manager”). Customer will be entitled to appoint and / or change the individual designated as the Customer Relationship Manager at Customer’s sole discretion. Except as expressly stated in the Agreement, if Customer’s approval is required under the Agreement, Customer will only be deemed to have given that approval if provided by the Customer Relationship Manager, a duly authorized delegate of the Customer Relationship Manager, or the Customer’s Authorized Representative. Provider will appoint an appropriately qualified individual to manage Provider’s performance of the Agreement and day-to-day operations (the “IBM Client Partner Executive”). The IBM Client Partner Executive will be a full-time employee of Provider and provide Customer with a single point of contact, having authority and responsibility to perform the tasks referred to in Schedule 5 (Governance).

15.3 Escalation Procedure for Relationship Issues. The Parties will follow the escalation procedure set out in Schedule 5 (Governance) to resolve any issues related to the Agreement.

ARTICLE 16. INTELLECTUAL PROPERTY RIGHTS.

16.1 Assigned Rights. All Assigned Rights are the property of Customer and Customer will own all right, title, and interest therein and thereto. Provider hereby irrevocably and unconditionally assigns, transfers, and conveys to Customer, or its designee, all of Provider’s right, title, and interest throughout the world, including all Intellectual Property Rights, in and to any and all Assigned Rights. Such assignment, transfer and conveyance to Customer will not be terminated nor Customer’s right, title, and interest in and to the Assigned Rights waived by Customer for any failure of Customer to exercise such rights, in whole or in part. Provider hereby waives and irrevocably quitclaims to Customer or its designee any and all claims, of any nature whatsoever, that Provider now has or may hereafter have for infringement of any and all Assigned Rights.

16.2 Moral Rights. All assignments of Assigned Rights include all rights of attribution, paternity, integrity, modification, disclosure, and withdrawal, and any other rights throughout the world that may be known as or referred to as “moral rights,” “artist’s rights,” “droit moral,” or the like (collectively, “Moral Rights”). If any Intellectual Property Rights, including Moral Rights, in the Assigned Rights cannot (as a matter of applicable Law) be assigned to Customer as set forth in Section 16.1 (Assigned Rights), then (A) Provider hereby irrevocably waives the enforcement of such rights and all claims of any kind against Customer with respect to such rights, and (B) to the extent Provider cannot (as a matter of applicable Law) make such waiver, Provider hereby grants to Customer, without further consideration, an exclusive, perpetual, transferable, irrevocable, fully-paid, royalty-free license, throughout the world, with the right to sublicense through multiple levels of sub-licensees, under any and all such rights to (1) reproduce, create Improvements of, distribute, publicly perform, publicly display, transmit, and otherwise use the Assigned Rights in any medium or format, whether now known or hereafter discovered; (2) use, make, have made, sell, have sold, offer to sell, market, promote, import, and otherwise exploit any product or service, in each case, in whole or in part, based

Confidential

Page 26 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

on, embodying, incorporating, or derived from the Assigned Rights; and (3) exercise any and all similar present or future rights in the Assigned Rights.

16.3 Maintenance of Records. Provider will keep and maintain adequate and current written records of all Assigned Rights made or conceived by Provider or Provider Staff (solely or jointly with others) during the Term. The records may be in the form of notes, sketches, drawings, flow charts, electronic data or recordings, laboratory notebooks, or any other format or media. The records will be available to and remain the sole property of Customer at all times. Provider will deliver all such records (including any copies thereof) to Customer at the time of termination of this MSA or an applicable SOW, in each case, in whole or in part, or at any time as requested by Customer.

16.4 Further Assurances. Provider will assist Customer, or its designee, at its expense, in every proper way to secure Customer’s, or its designee’s, rights in the Assigned Rights in any and all countries, including notifying Customer no later than five (5) Business Days after the Development of each Assigned Rights that may be subject to protection as Intellectual Property Rights, the disclosure to Customer or its designee of all pertinent information and data with respect to the Assigned Rights, the execution of all applications, specifications, oaths, assignments, recordations, and all other instruments by Provider, its Provider Agents, and Provider Staff that Customer or its designee will deem necessary in order to apply for, obtain, maintain, and transfer such rights, or if not transferable, waive and agree never to assert such rights, and in order to assign and convey to Customer or its designee, and any successors, assigns, and nominees the sole and exclusive right, title, and interest in and to such Assigned Rights. Provider further agrees that Provider’s obligation to execute or cause to be executed, when it is in Provider’s power to do so, any such instrument or papers will continue during and at all times after the end of the Agreement and until the expiration of the last such Intellectual Property Right to expire in any country of the world. Provider and its Provider Agents and Provider Staff will not be entitled to any additional payment or compensation for assigning and cooperating with Customer in obtaining the Assigned Rights.

16.5 Customer Property. Provider will have no rights or interests in any Customer Property except for the licenses expressly set forth in the applicable Statement of Work. As applicable, a Statement of Work may grant Provider a non-exclusive, non-transferable license to Use the Customer Property identified in such Statement of Work that (A) is owned by Customer or Customer Group and (B) to the extent permissible under the applicable third-party agreements, is licensed from a third party and required to provide such Services, in each case solely as necessary to provide Services under such Statement of Work and solely for the benefit of Customer Group. If such license is provided in an applicable Statement of Work and to the extent permissible under the applicable third-party agreements, Provider may also sublicense such rights to Provider Agents as necessary to perform Services under such Statement of Work. Provider will comply with the duties, including use and non-disclosure restrictions, imposed on Customer by the licenses of such Customer Property licensed from a third party, and Provider will not seek to revoke or otherwise modify the terms of such licenses without Customer’s prior written consent.

16.6 Provider Property.

(A) Provider represents and warrants that Provider will not engage in any Usage of Provider Property without the prior written approval of Customer, which Customer may withhold, condition, or delay in its sole discretion. To the extent Provider engages in any Usage of Provider Property, with or without approval, Provider hereby grants Customer, without further consideration, a perpetual, transferable, irrevocable, fully-paid, royalty-free license, throughout the world, with the right to sublicense through multiple levels of sub-licensees, under any and all such Intellectual Property Rights to (1) reproduce, create Improvements of, distribute, publicly perform, publicly display, transmit, and otherwise use the Provider Property, in any medium or format, whether now known or hereafter discovered;

Confidential

Page 27 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(2) use, make, have made, sell, have sold, offer to sell, market, promote, import, and otherwise exploit all Assigned Rights, in whole or in part, based on, embodying, incorporating, or derived from the Provider Property; and (3) exercise any and all similar present or future rights in the Provider Property; each solely in connection with the applicable Assigned Rights; provided, however, that in each of subsection (1), (2), and (3) such Provider Property remains incorporated in such Assigned Rights (i.e., Customer may not commercialize the Provider Property incorporated in such Assigned Rights as a standalone product).

(B) Subject to the licenses granted in the Agreement, all Provider Property and, except as set forth in an applicable Statement of Work, any Improvements of Provider Property, including all Intellectual Property Rights therein and thereto, will remain the sole and exclusive property of Provider. During the term of each applicable Statement of Work, Provider hereby grants Customer Group a non-exclusive, non-transferable license to Use all Provider Property owned by Provider required for Customer Group to receive Services under that Statement of Work and, to the extent permissible under the applicable third-party agreements, all Provider Property licensed from third parties required to receive such Services.

(C) Provider will grant Customer Group, effective on the End Date of each Statement of Work, a global, non-exclusive, non-transferable (except to a New Entity), fully paid up license to Use the Provider Property licensed from third parties for [***] following the End Date of each Statement of Work to the extent necessary for Customer Group to internally perform the Services associated with that Statement of Work or to have a third-party provider perform such Services for Customer Group. Customer will pay to Provider the applicable license fees for the foregoing license (if any) and will comply with any applicable third-party license terms, each as expressly set forth in such SOW.

16.7 No Implied License. Nothing in the Agreement will be construed as conferring any rights by implication, estoppel, or otherwise, under any Intellectual Property Right or other right, other than the rights expressly granted in the Agreement.

ARTICLE 17. CONFIDENTIALITY AND CUSTOMER DATA.

17.1 Use and Disclosure. Neither Party as recipient Party will disclose or allow the disclosure of the Confidential Information of the other Party as disclosing Party, or use the disclosing Party’s Confidential Information for the benefit of, any third party without the disclosing Party’s prior written consent. A recipient Party will protect all Confidential Information relating to a disclosing Party against unauthorized use or disclosure by the recipient Party to the same extent and with at least the same degree of care as the recipient Party protects its own confidential or proprietary information of like kind and import, but in no event using less than a reasonable degree of care. To the extent that Provider is in possession or control of any Confidential Information of any member of Customer Group in connection with its provision of the Services, Provider will comply with no less than the security measures in the Agreement designed to safeguard Customer Data set forth in Schedule 9 (Information and System Security Requirements). Customer may disclose the Provider’s Confidential Information to Customer’s and Customer Group’s officers, employees, subcontractors, third-party providers, consultants, advisors, suppliers, contractors, agents, lawyers, and accountants only to the extent not prohibited by Law and only as necessary to receive the Services or otherwise exercise its rights or perform its obligations under the Agreement. Provider may disclose Customer’s Confidential Information to Provider’s Affiliates, officers, Provider Staff and Provider Agents, only to the extent not prohibited by Law and only as necessary to perform the Services under the Agreement. A recipient Party will be liable for any breach of the Agreement by any Person receiving disclosing Party’s Confidential Information. Each receiving Party will cause by agreement, instruction or otherwise, compliance with the confidentiality obligations of this Agreement by its employees,

Confidential

Page 28 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

agents, and others who are permitted access to or use of (in accordance with the terms herein) the Confidential Information of the disclosing Party.

17.2 Required Disclosure. If a recipient Party is requested or required by any Governmental Authority to disclose any of the disclosing Party’s Confidential Information, the recipient Party may disclose only the requested Confidential Information if the recipient Party, unless prohibited by legal order, provides prompt notice of such disclosure to the disclosing Party and, if requested by the disclosing Party, provides reasonable assistance in obtaining an appropriate protective order or other similar relief.

17.3 Security Incidents. Without limiting either Party’s rights arising from a breach of this Article 17 (Confidentiality and Customer Data), each Party as a recipient Party will, at its own cost and expense, unless otherwise specified in this Agreement:

(A) Promptly, and in no event later than 24 hours after Provider becomes aware of, or suspects that, a Security Incident has occurred, notify the disclosing Party of any such Security Incident;

(B) Promptly furnish to the disclosing Party full details of any such Security Incident, and any efforts to investigate the cause and scope of the Security Incident, correct or mitigate the Security Incident, and prevent a recurrence of such Security Incident;

(C) Promptly remediate the cause of any such Security Incident, and use diligent efforts to prevent a recurrence of any such Security Incident;

(D) Assist the disclosing Party in investigating and preventing the recurrence of and in the furtherance of any correction, remediation, or investigation of any Security Incident, and/or the mitigation of any damage, including providing any notification or remedial measures including technical and other remediation, and notifications, in coordination with the disclosing Party, that the disclosing Party may determine is appropriate. Recipient Party will be solely responsible for the costs and expenses of all such investigation and remediation measures and all other actions undertaken pursuant to the foregoing (including under subparagraph 17.3(C) above), including the costs associated with notifications and regulatory inquiries, whether undertaken by the recipient or disclosing Party, subject to Section 22 of this MSA, to the extent such Security Incident was the direct result of the acts or omissions of the receiving Party or its employees or agents (or in the case of Provider, Provider Agents or Provider Staff); and

(E) Cooperate with the disclosing Party in any litigation and investigation against any party deemed necessary by the disclosing Party to protect disclosing Party’s rights in its Confidential Information.

Confidential

Page 29 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

17.4 Rights in Confidential Information. Nothing contained in the Parties’ obligations with respect to Confidential Information will be construed as obligating a Party to disclose its Confidential Information to the other Party, or as granting to or conferring on a recipient Party, expressly or impliedly, any rights or license to the disclosing Party’s Confidential Information, and any such obligation or grant will only be as provided by the other provisions of the Agreement.

17.5 Return of Confidential Information. Except as otherwise provided in Section 17.12 (Return of Personally Identifiable Information) below, upon a disclosing Party’s written request, the recipient Party will (A) promptly return to the disclosing Party all copies of the disclosing Party’s Confidential Information in its possession or control or (B) as requested by the disclosing Party, permanently erase or destroy copies of the disclosing Party’s Confidential Information in its possession or control, except, with respect to Customer, copies of Provider’s Confidential Information that is contained in any Provider Software licensed to Customer Group following expiration or termination. However, subject to continued compliance with the confidentiality obligations set forth in this Article 17 (Confidentiality and Customer Data), and applicable Laws, the recipient Party may retain (1) one copy of tangible Confidential Information of the disclosing Party in the office of its legal counsel for record purposes and (2) electronic records that contain the disclosing Party’s Confidential Information and that are created by standard automatic archiving or system back-up procedures. In addition, to the extent requested by Customer at any time, Provider will (a) promptly return to Customer, in a commercially reasonable format or the format and on the media requested by Customer, all copies of Customer Data in its possession or control or (b) as requested by Customer, permanently erase or destroy copies of Customer Data in Provider’s possession or control. Provider may charge for returning data in a requested format that is not commercially reasonable.

17.6 Third-Party Information. Provider’s agreements in this Article 17 (Confidentiality and Customer Data) are intended to be for the benefit of Customer Group and any Person that has entrusted information or physical material to a member of Customer Group in confidence. Provider further agrees that, during the Term and thereafter, Provider will not improperly use or disclose to Customer any confidential, proprietary or secret information of Provider’s former clients or any Person, and Provider will not to bring any such information onto Customer’s premises.

17.7 Other Rights. The Agreement is intended to supplement, and not to supersede, any rights Company may have in law or equity with respect to the protection of trade secrets or confidential or proprietary information.

17.8 U.S. Defend Trade Secrets Act. The U.S. Defend Trade Secrets Act of 2016 (DTSA) provides that an individual will not be held criminally or civilly liable under any federal or state trade secret law for the disclosure of a trade secret that is made (A) in confidence to a federal, state, or local government official, either directly or indirectly, or to an attorney; and (B) solely for the purpose of reporting or investigating a suspected violation of law; or (C) in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal. In addition, the DTSA provides that an individual who files a lawsuit for retaliation by an employer for reporting a suspected violation of law may disclose the trade secret to the attorney of the individual and use the trade secret information in the court proceeding, if the individual (1) files any document containing the trade secret under seal and (2) does not disclose the trade secret, except pursuant to court order.

17.9 Rights in Customer Data.

Confidential

Page 30 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(A) Except for the limited license to Process Customer Data that may be included in a grant to Customer Property pursuant to Section 16.5 (Customer Property), Provider acknowledges and agrees that, as between Provider and Customer, Customer owns all right, title, and interest in and to the Customer Data, including all Improvements thereto, and Provider has no right, title, or interest therein or thereto. To the extent Provider, a Provider Agent or Provider Staff obtains any right, title or interest to Customer Data or any Improvement thereto, Provider hereby assigns, transfers and conveys all such right, title, and interest therein and thereto as an Assigned Right pursuant to Section 16.1 (Assigned Rights).

(B) Notwithstanding anything to the contrary in this MSA or any SOW, Provider will not (1) Process any Customer Data for generation of revenue for Provider or for any other Persons other than for the purposes of providing the Services to Customer Group and receiving the Fees from Customer under this Agreement; (2) Process any Customer Data to engage in or facilitate targeting (for marketing, advertising, or otherwise) of any individual; (3) attempt to re-identify or otherwise ascertain the identity of any individual based on de-identified Customer Data; (4) except in connection with providing the Services, display, store, decrypt, or export any Customer Data or enable any functionality that can be used to display, store, decrypt, or export any Customer Data; (5) assign, sell, resell, transfer, or otherwise dispose of any Customer Data to any other Person or permit the use of, or access to, any Customer Data for the benefit of any other Person; (6) Process or otherwise use Customer Data in any manner or for any purpose, commercial or otherwise, not expressly permitted in the Agreement; or (7) engage in any other practice or activity that may in any manner adversely affect the integrity, security, or confidentiality of Customer Data. Provider may not use the Customer Data to create anonymized or de-identified Customer Data (the “De-Identified Data Set”) without Customer’s prior written consent. If Customer approves Provider’s creation and use of the De-Identified Data Set, Provider may use it only for the explicit purposes as provided for in the written consent. In addition, Provider must in any event maintain the confidentiality of the Customer Data and Customer’s identity, in accordance with the Agreement.

17.10 Protection of Customer Data and Confidential Information. Provider represents and warrants to Customer that (A) Customer Data and Confidential Information will be logically stored separately from Provider’s property or any property or data of third parties and will not be co-mingled with Provider’s data or any data from any other client of Provider; (B) Provider will, and will cause Provider Agents to, maintain a high quality of physical, logical, and personnel security safeguards in accordance with generally accepted industry standards and all applicable Provider Laws; (C) Provider will maintain a written security program in accordance with Section 17.11 (Information and System Security) below; (D) Provider has policies, processes and procedures designed to protect the confidentiality, integrity, and availability of the Customer Confidential Information, including Customer Data, and Systems from all threats of unauthorized access, acquisition, use, disclosure or other unauthorized Processing, whether internal or external, deliberate, or accidental; (E) Provider will review the overall implementation of security controls against regulations, best practices, policies, and standards, including the NIST Framework and NIST 800-53, and against current threats and risks on a regular basis; and (F) Provider has and will maintain and will cause Provider Agents to have and maintain the controls, policies, and associated procedures regarding data and information security set forth in Schedule 9 (Information and System Security Requirements).

17.11 Information and System Security. Notwithstanding any other provision in the Agreement, Provider, its Provider Agents and Provider Staff represent and warrant to Customer that it will adhere to the data security requirements set forth in the Agreement, including this Article 17 (Confidential Information; Customer Data), any and all Customer Policies, Schedule 9 (Information and System Security Requirements), and Schedule 14 (Data Privacy). Prior to performing any Services, Provider Agents and Provider Staff who may access Customer’s premises, Customer Systems, Customer Resources, and/or Confidential Information of Customer, including Customer Data, will confirm

Confidential

Page 31 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

in writing (electronically or in any other manner), which confirmation is auditable and sufficient to ensure that each of them is aware of and will comply with the provisions of the Agreement (including Customer Policies) concerning access protection and data/software security. Upon request by Customer, Provider will confirm that each such Person has provided such confirmation. Failure of Provider, Provider Agents or Provider Staff to comply with the provisions of the Agreement will be deemed a breach and may result, among other things, in Customer restricting the offending Provider Staff from access to Customer premises, Customer Systems, Customer Confidential Information and Customer Data, and/or immediate termination of the Agreement. Without limiting the foregoing, if Provider’s failure to comply with its responsibilities under the Information and System Security requirements under this Agreement results in (A) a Security Incident involving the disclosure or improper or unauthorized Processing of Customer Data or destructive acts on Systems or (B) an actual Critical or High-Severity Security Incident, each as defined under Customer’s Incident Response Plan, such non-compliance will be deemed a material breach.

17.12 Return of Confidential Information and Customer Data. Within thirty (30) days, Provider will return to Customer, in a mutually agreed upon format and through a secure platform of Customer’s choosing, all Customer Confidential Information and Customer Data furnished, disclosed, or provided to, and/or obtained by Provider, Provider Agents or Provider Staff as result of the Agreement at the expiration or termination of the Agreement, a Statement of Work, or as otherwise requested by Customer, including to all copies stored or recorded on any medium utilized (whether available now, or in the future). In addition, within thirty (30) days of expiration or termination of the Agreement, a Statement of Work, or upon written request from Customer, except where prohibited by applicable Laws Provider will permanently delete, destroy, or erase all copies of Customer Confidential Information and Customer Data saved or stored on all media, whether for Provider’s internal archival, back up, or similar purposes, and render such Customer Confidential Information and Customer Data permanently irretrievable in perpetuity as per the data eradication and media destruction requirements of Customer and provide Customer with certification of such destruction. For the avoidance of doubt, these obligations apply immediately upon expiration or termination of the Agreement or a Statement of Work notwithstanding any Termination Assistance Services.

17.13 Notice of Adverse Impact. If Provider becomes aware of any situation (A) that has negatively impacted or reasonably could negatively impact the maintenance of Customer’s Internal Controls or compliance with Customer Policies, Process Interface Manual, or applicable Laws; (B) that has had or reasonably could have any other material adverse impact on the Services (including any delay in delivery or performance, Change in Control, or change in legal form of Provider, or infringement of third-party rights); or (C) any other act, omission, or development that would be important for Customer to be aware of in order to take precautions to prevent an adverse effect to its businesses or reputation, then Provider will promptly, and within not more than 24 hours, for any situation that has had or could have a material adverse impact on the Services, inform Customer in writing of such situation and the impact or expected impact and Provider’s proposed mitigation plan. Furthermore, at Customer’s reasonable request, Provider and Customer will meet to further formulate and implement Provider’s proposed mitigation plan to minimize or eliminate the impact of such situation.

Confidential

Page 32 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

17.14 Internal Controls.

(A) Provider will develop, implement, and maintain Internal Controls in order to ensure that all Projects, Services, and Deliverables are performed or provided in accordance with the Agreement and otherwise and as needed to comply with the Agreement. Without limiting the generality of the foregoing, Provider will, with respect to its environment (including all methods of transmission) as well as its access and use of the Customer Data: (1) maintain a strong internal control environment in day-to-day operations; (2) build the following basic control activities into its work processes and procedures: accountability clearly defined and understood; access is properly controlled; adequate supervision; policies, procedures, and responsibilities documented; adequate training and education; and adequate separation of duties; (3) implement periodic control self-assessments; and (4) maintain an internal audit function to monitor the processes and Provider Systems, including all methods of transmission (e.g., perform internal audits, track control measures, communicate status to management, drive corrective action, etc.). If Provider discovers or is notified of any risk deficiency in such Internal Controls, including control breakdowns or gaps, or potential risk deficiency in such Internal Controls, that if not corrected would create a new risk that could impact the delivery of Services or create a controls risk for Customer, then Provider will immediately notify Customer and remediate such risk or potential risk at its sole cost and expense. Provider will provide a regular, written status reports to Customer on its progress on any remediation efforts until such time as the remediation has been completed and/or tested by Customer and/or its auditors and Customer and/or its auditors have validated the remediation of such control gaps or other identified risks or potential risks. Provider acknowledges and agrees that additional or modified control and compliance requirements may be required by Customer following the Effective Date and to the extent such requirements require Changes to the Services or this Agreement, the Change Control Procedures will apply. Customer will not pay or reimburse Provider for any costs or expenses incurred by Provider in connection with its performance pursuant to this Section.

(B) Inspection and Audit Rights. Provider understands and acknowledges that Customer and/or its auditors or third-party risk management consultants will be entitled to audit, monitor and test Provider’s provision of the Services and Internal Controls, and compliance with the requirements of the Agreement, at any time during term of this Agreement. Provider will provide Customer, its authorized representatives, and any such independent inspection body or as Customer may appoint, on reasonable notice, with audit access and full cooperation to verify Provider’s compliance with its obligations under this Agreement and Schedule 9 (Information and System Security Requirements) in accordance with Section 14.1.

(C) Customer preserves the right to perform, at its own expense, not more than twice per calendar year, technical security integrity reviews, and penetration tests and monthly security scans on Customer’s Systems to ensure Provider remains compliant with this Agreement (collectively, “Security Assessments”). Company will provide seven (7) days’ notice prior to penetration testing or the commencement of monthly scanning activities, and such tests will be performed by a third-party consultant upon which both Provider and Customer agree. For any security vulnerability discovered through such Security Assessment on or pertaining to Customers Systems within scope of the Services, Provider will promptly (generally within twenty-four (24) hours) work with Juniper to correct any security vulnerability, or, if correction is not feasible within twenty-four (24) hours, assist in developing a plan to remediate any discovered vulnerability within in a reasonable time and provide alternative controls to mitigate risks pending completion of remediation.

Confidential

Page 33 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(D) Customer may at its election conduct, or have its auditors or third-party risk management consultants conduct, a meeting with Provider to obtain factual concurrence with control gaps or other risks or potential risks identified as a result of any audit, examination, monitoring or testing, investigation of a Security Incident or Provider notification. Provider will meet with Customer and its Authorized Representatives to discuss Customer’s findings, the findings of the auditors or consultants and to develop and agree upon an appropriate and effective plan in which to respond to any control gaps or other risks identified in and Changes suggested by an audit report or otherwise that are deficiencies in Internal Controls (each, a “Provider Remediation Plan”). Customer may request Provider to support Customer’s efforts to respond to any control gaps or other risks identified in or Changes suggested by an audit report with respect to Customer Compliance Requirements (each, a “Customer Remediation Plan”) (the Customer Remediation Plan together with the Provider Remediation Plan are the “Remediation Plan”). Provider will, in accordance with the agreed timeline specified in the applicable Remediation Plan, take all steps necessary, (i) at its cost and expense, to perform the activities set forth in the Provider Remediation Plan(s), and (ii) at Customer’s cost and expense, to perform the activities set forth in the Customer Remediation Plan(s); provided, however, that if the Customer Remediation Plan is only intended to correct risks resulting from a failure of Provider’s Internal Controls or caused by Provider’s unauthorized acts, Service failures or omissions, or a Security Incident (in which case, Section 17.3 will govern as to allocation of cost and expense), then it will be at Provider’s cost and expense, and provide all Documentation reasonably requested by Customer and/or its auditors or risk management consultants in connection with such remediation to Customer for its confirmation and/or approval. Provider will reimburse Customer for the reasonable costs and expenses actually charged to Customer by its external auditors or risk management consultants in connection with preparation of (i) each Provider Remediation Plan, and (ii) that portion of a Customer Remediation Plan that addresses and corrects risks caused by Provider’s unauthorized acts, Service failures or omissions, and validating completion in accordance with such Remediation Plan pursuant to Section 17.14(E) below.

(E) Within [***] Business Days after the development of a Remediation Plan, and no later than [***] thereafter, Provider will provide a written status report to Customer on its progress on remediation efforts required pursuant to each such Remediation Plan until such time as the remediation required by such Remediation Plan has been completed and/or tested by Customer and/or its auditors or risk management consultants and Customer and/or its auditors have validated the remediation of such control gaps or other identified risks or potential risks. Provider’s failure to promptly implement a Remediation Plan will be escalated to the Performance Review Board pursuant to Schedule 5 (Governance) for immediate resolution.

ARTICLE 18. REPRESENTATIONS AND WARRANTIES.

18.1 Representations and Warranties by Customer. Customer represents, warrants, and covenants that as of the Effective Date and during the Term:

(A) Customer is a corporation duly organized, validly existing and in good standing under the Laws of Delaware;

Confidential

Page 34 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(B) Customer has all requisite power and authority to execute, deliver, and perform its obligations under the Agreement;

(C) the execution, delivery and performance of the Agreement by Customer (1) has been duly authorized by Customer and (2) will not conflict with, result in a breach of, or constitute a default under any other agreement to which Customer is a party or by which Customer is bound; and

(D) Customer is duly licensed, authorized, or qualified to do business and is in good standing in every jurisdiction in which a license, authorization, or qualification is required for receipt of Services and fulling its obligations under the Agreement, except where the failure to be so licensed, authorized or qualified would not have a material adverse effect on Customer’s ability to fulfill its obligations under the Agreement.

18.2 Representations and Warranties by Provider. Provider represents and warrants that as of the Effective Date and during the Term:

(A) Provider is a corporation duly organized, validly existing and in good standing under the Laws of the State of New York;

(B) Provider has all requisite power and authority to execute, deliver and perform its obligations under the Agreement;

(C) the execution, delivery and performance of the Agreement by Provider (1) has been duly authorized by Provider and (2) will not conflict with, result in a breach of, or constitute a default under any other agreement to which Provider is a party or by which Provider is bound;

(D) Provider is duly licensed, authorized, or qualified to do business and is in good standing in every jurisdiction in which a license, authorization, or qualification is required for the provision of Services and fulfilling its obligations under the Agreement, except where the failure to be so licensed, authorized or qualified would not have a material adverse effect on Provider’s ability to fulfill its obligations under the Agreement;

(E) Provider will perform the Services and develop and deliver the Work Product and Deliverables, in accordance with applicable professional standards in the outsourcing industry related to the Services;

(F) Provider will perform all of its obligations under this Agreement, including the Services, and Develop and deliver the Work Product and Deliverables in compliance with all Provider Laws;

(G) Subject to the joint verification process set forth in Section 3.19 (Due Diligence) hereof, Provider has performed all due diligence on Customer’s environment (including systems, software and personnel) necessary for Provider to determine that it can provide the Services in accordance with the Agreement;

Confidential

Page 35 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(H) Provider will assign an adequate number of personnel to perform the Services, and such personnel will have appropriate levels of training, qualification and experience for the Services assigned to them. Provider will not charge for the costs of training such personnel;

(I) Provider is the owner of the Provider-Owned Software and has the authority to grant the licenses in the Provider Third-Party Software to be granted hereunder;

(J) the Provider Software, the Provider Equipment, any and all Work Product, any and all Deliverables, any and all Improvements to the Customer Software performed or provided by Provider or Provider Agents, and any and all other resources or items provided to Customer and/or Customer Group by Provider or Provider Agent do not and will not infringe, misappropriate or otherwise violate the Intellectual Property Rights or rights of privacy or publicity of any third party;

(K) Provider represents, warrants, and agrees that it will not introduce any Open Source Software into the Customer Systems without Customer’s prior written consent. In the event of a breach of this Section, Provider will provide a replacement to such Open Source Software product at no extra cost and expense to Customer, and fully install and implement such replacement software product into the Customer Software without interference to Customer’s information technology environment and operations.

(L) The Provider Services, Provider Software, Provider Equipment, any and all Work Product, and any and all Deliverables will comply with Customer Policies;

(M) Provider represents, warrants, and covenants that it has the information and system security controls, processes and procedures in place designed to ensure the confidentiality, integrity, and availability of Customer’s Confidential Information, Customer Data, Systems as described in Section 17.11 (Information Security) and that its information and system security program complies with Schedule 9 (Information and System Security Requirements).

Provider further represents, warrants, and covenants that it is in compliance with and will comply with Section 14.4(B).

Provider further represents, warrants, and covenants that, to the extent that Provider may be storing or Processing Personal Identification Information through or in the Provider’s cloud services, Provider currently holds, and will maintain in full force and effect throughout the Term of the Agreement, as part of the Services, ISO 27018 Certification covering all public cloud services and environments in providing the Services under this Agreement. In the event that Provider receives notice or otherwise becomes aware that any of such Certification will or may be revoked at any time during the Term of the Agreement, Provider will provide prompt written notice of such condition to Customer and take prompt action to comply with the relevant standards to obtain such certification(s), at Provider’s sole cost and expense;

(N) there is no claim or proceeding pending or threatened alleging that any of the Provider Software, the Provider Equipment, expected Work Product, or expected Deliverables infringes, misappropriates or otherwise violates the Intellectual Property Rights or rights of privacy or publicity of any third party;

Confidential

Page 36 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(O) there is no outstanding litigation, arbitrated matter, or other dispute to which Provider is a party which, if decided unfavorably to Provider, would reasonably be expected to have a material adverse effect on Provider’s ability to fulfill its obligations under the Agreement;

(P) no member of Provider Staff (1) has ever been convicted of a felony; (2) has had at any time before being assigned to Provider Staff, a civil judgment rendered against them for fraud, embezzlement, theft, forgery, bribery, falsification, or destruction of records or receiving stolen property; (3) is presently under investigation for, indicted for or otherwise charged by a Governmental Authority under criminal or civil Law with any of the offenses enumerated in clauses (1) or (2) of this paragraph; or (4) has been barred from receiving federal or state contracts or Governmental Authority contracts;

(Q) all Deliverables and Work Product delivered pursuant to the Agreement will conform in all material respects to the design specifications or other parameters contained in the relevant documents with respect to such Deliverable or Work Product and Provider will correct any non-conformance of the relevant Deliverable or Work Product (and redeliver such corrected Deliverable or Work Product) as soon as possible without charge to Customer and with no adverse impact on the performance of other Services;

(R) Provider will use commercially reasonable efforts to prevent and it will not, knowingly or negligently, cause or permit (1) the introduction into Provider Property, or Customer Property (collectively, “Protected Systems”), of any Viruses or any other contaminants (including codes, commands, instructions, devices, techniques, bugs, web bugs, or design flaws); (2) the unauthorized access (either internally or externally) to any Protected System; (3) permit any other means of misappropriating personal, corporate or Confidential Information or Intellectual Property Rights from any Protected System; and (4) denial-of-service (DoS) attacks or distributed denial-of-service (DDoS) attacks (subparagraphs (1) through (2) collectively, “Cyber Attacks”). Provider will not insert into any Protected System any code that would have the effect of a Cyber Attack. Additionally, Provider will not knowingly tamper with, compromise, or attempt to circumvent any physical, electronic or information security or audit measures employed by any member of Customer Group in the course of its business operations, and/or compromise the security of any Protected System of any member of Customer Group. In the event of a Cyber Attack, the Parties will cooperate and diligently work together to eliminate the effects of such Cyber Attack;

(S) without the consent of Customer, Provider will not insert into the Provider Systems or the Customer Systems any code that would have the effect of disabling or otherwise shutting down all or any portion of the Provider Systems, the Customer Systems or the Services;

(T) with respect to those Services of any Provider Staff that are a separately charged resource, Provider will perform such Services in the most cost-effective manner consistent with the required level of quality and performance;

(U) neither Provider nor any of its Provider Agents, nor any Provider Staff assigned to Customer’s account or in a position to influence decisions with respect to the Agreement or the performance of Services, will use any Confidential Information acquired in connection with performance of its duties and responsibilities to Customer under the Agreement to knowingly or improperly obtain financial gain, advantage or benefit for Provider, any of its Provider Agents, any Provider Staff, or any member of the immediate family of any such Provider Staff, any of its Affiliates, any Provider Staff, or any member of the immediate family of any such Provider Staff; and

Confidential

Page 37 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(V) Provider will maintain, at Provider’s expense, all of the necessary certifications and Documentation such as Employment Eligibility Verification Form I-9s as well as all necessary insurance for its employees, including workers’ compensation and unemployment insurance. With respect to subcontractors, Provider has a written agreement with each subcontractor providing that the subcontractor (1) will not be entitled to any benefits or other payments from any of Provider’s customers and (2) will maintain current employment eligibility verification (e.g., Form I-9) and other necessary certification, Documentation and insurance for all of its employees provided under the Agreement. Provider will be solely responsible for the withholding and payment, if any, of employment taxes, benefits and workers’ compensation insurance.

18.3 DISCLAIMER. EXCEPT AS EXPRESSLY STATED IN THE AGREEMENT, NEITHER CUSTOMER NOR PROVIDER MAKES ANY REPRESENTATIONS OR WARRANTIES AND EACH EXPLICITLY DISCLAIMS ALL OTHER REPRESENTATIONS AND WARRANTIES, WHETHER EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND WARRANTIES OTHERWISE ARISING FROM A COURSE OF DEALING, COURSE OF PERFORMANCE OR USAGE OF TRADE.

ARTICLE 19. TERMINATION.

19.1 Termination for Convenience. At any time after the Steady State Service Date, Customer may terminate this MSA and any and all Statements of Work at any time for convenience by giving Provider at least ninety (90) days’ notice of such termination, subject to Customer’s payment of any Termination Charge Amounts set forth in the applicable SOW. Customer may elect to partially terminate a Statement of Work at any time for convenience, including by insourcing or resourcing Services pursuant to Section 3.2 (Non-Exclusivity of Services) (a “Partial Termination”) by providing at least ninety (90) days’ written notice of such Partial Termination. Such Partial Termination may be either a termination of an entire Statement of Work in which case the applicable Termination Charge Amounts will be payable, or by reducing its consumption of Resource Units during the Term such that the aggregate reduction equals more than [***]% of the aggregate base Fees for each Contract Year as of the SOW Effective Date for the applicable Statement of Work, in which case the applicable Termination Charge Amounts for the affected Statement of Work will be payable by Customer.

19.2 Termination for Change in Control of Customer. If there is a Change in Control of Customer, Customer may, by giving Provider at least ninety (90) days’ notice of such termination, terminate the Agreement, provided that such notice must be given within ninety (90) days after the Change in Control occurs, subject to Customer’s payment of any Termination Charge Amounts set forth in the applicable SOW.

19.3 Termination for Change in Control of Provider

. If there is a Change in Control of Provider, Customer may, by giving Provider at least ninety (90) days’ notice of such termination, terminate the Agreement, provided that such notice must be given within ninety (90) days after the later of (A) the date the Change in Control occurs or (B) the date Provider provides written notice to Customer that the Change of Control has occurred, subject to Customer’s payment of any Termination Charge Amounts set forth in the applicable SOW.

Confidential

Page 38 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

19.4 Termination by Customer for Cause. If Provider commits a material breach of the Agreement and does not cure such breach within the Default Cure Period, then Customer may, by giving notice to Provider, terminate the Agreement or the affected SOW as of the termination date specified in the notice of termination. If such material breach is not curable, then Customer may exercise such termination right without observing a cure period. In addition, if Provider commits numerous breaches which individually are not material but which collectively have the same impact on Customer as a material breach, then Customer may terminate the Agreement or the affected SOW by written notice to Provider, effective as of the termination date specified in the notice of termination.

19.5 Termination by Customer for Breach of Warranties by Provider

. If Provider breaches any of the warranties in Section 18.2 (Representations and Warranties by Provider), and such breach rises to the level of a material breach of the Agreement Customer may terminate this MSA and any and all Statement of Work if such breach is not cured within the Default Cure Period and without any further liability to Provider subject to Customer’s payment of any Termination Charge Amounts set forth in the applicable SOW. If such material breach is not curable, then Customer may exercise such termination right without observing a cure period.

19.6 Service Level Termination Event

. If a Service Level Termination Event occurs, Customer may terminate the Agreement by written notice to Provider effective as of the date specified in such notice, subject to Customer’s payment of any Termination Charge Amounts set forth in the applicable SOW.

19.7 Termination by Provider for Cause. If Customer fails to make undisputed payments due to Provider under a Statement of Work or for disputed amounts Customer fails to comply with Section 12.3 (Disputed Fees and Right to Offset) and does not cure such default within the Default Cure Period, then Provider may, by giving notice to Customer, terminate that Statement of Work as of the termination date specified in the notice of termination (which will thirty (30) days after the expiration of the Default Cure Period provided that Provider has escalated the matter for dispute resolution to the Executive Review Board pursuant to Schedule 5 (Governance) and such matter has been discussed by the Executive Review Board) unless Customer has cured by the date specified in such notice. Customer will pay any Termination Charge Amounts set forth in the applicable SOW.

19.8 Termination for Failure to Transition

. If the Transition under a Statement of Work is not completed or delivered by the applicable completion date specified in the Transition Plan as a result of Provider’s failure to perform the Transition Services in accordance with such Transition Plan and Provider does not cure such failure within thirty (30) days after the specified completion date, Customer may terminate the Agreement or the affected Services by notice of termination to Provider effective upon such notice or on a later date specified in the termination notice.

19.9 Termination for Failure to Transform

. If the Transformation under a Statement of Work is not completed or delivered by the applicable completion date specified in the Transformation Plan as a result of Provider’s failure to perform the Transformation Services in accordance with such Transformation Plan and Provider does not cure such failure within thirty (30) days after the specified completion date, Customer may terminate the Agreement or the affected Services by notice of termination to

Confidential

Page 39 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

Provider effective upon such notice or on a later date specified in the termination notice, subject to Customer’s payment of any Termination Charge Amounts set forth in the applicable SOW.

19.10 Other Terminations. In addition to the provisions of this Article 19 (Termination), the Agreement or the applicable portion of the Services under the Agreement may be terminated as provided in Section 3.10 (Customer Systems), Section 3.23 (Rejection Process), Section 10.1 (Disaster Recovery Plan), Section 10.3 (Alternate Source), Section 12.5 (Extraordinary Events), Section 12.6(E) (Benchmarking Arrangement), Section 17.11 (Information and System Security), Section 24.2 (Changes in Law), Section 24.3 (Ethical Practices), and Section 24.4(C) (Export Controls).

19.11 Cumulative Rights. Rights of termination under this Article 19 (Termination) are cumulative. Circumstances that do not entitle a Party to terminate the Agreement under one Section of this Article 19 (Termination) may nonetheless entitle the Party to terminate under another Section of this Article 19 (Termination) (e.g., a Service Level default may not be a Service Level Termination Event but may, depending on the facts, still be a material breach). Any right for Customer to terminate the Agreement means the right to terminate the Agreement, in whole or in part, including the portion of Services affected by a breach, Services in a given geographic region, or Services under one or more Statements of Work.

19.12 Termination Effectiveness. Where the Agreement provides for immediate termination or termination after a specified notice period, the Agreement will cease to be effective at the specified time or after the specified notice period only if Customer has not elected to receive Termination Assistance Services under Article 20 (Termination Assistance). If Customer has elected to receive Termination Assistance Services, the Agreement will remain in effect and Customer will continue to pay for Services received until the end of the applicable Termination Assistance Period, notwithstanding the reason for termination.

ARTICLE 20. TERMINATION ASSISTANCE.

20.1 Termination Assistance Services.

(A) Termination Assistance Services are as described on Schedule 4 (Termination Assistance). In the event Customer notifies Provider of its intent to terminate this Agreement or a Statement of Work, then within [***] days after receipt of such notice Provider will provide to Customer for its approval a plan in writing for the disengagement and transfer of the Services upon the expiration, termination, insourcing, or resourcing of Services under a Statement of Work (each a “Disengagement Plan”). Customer will review Provider’s Disengagement Plan and may request Changes. The Parties will negotiate in good faith and consistent with the SOW regarding any such requested Changes and will work to promptly finalize the Disengagement Plan. Provider will ensure that each Disengagement Plan:

(1) specifies Key Personnel and other resources that will be used to perform the Termination Assistance Services;

(2) provides the billing rates for all levels of Provider Staff (as a rate per day as man day rate) and estimated hours per Provider Staff at each billing rate required to provide the Termination Assistance Services;

Confidential

Page 40 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(3) specifies substantially all things necessary to perform the Termination Assistance Services as efficiently as possible; and

(4) sets out a timetable and process for Termination Assistance Services that will enable Provider to complete disengagement in compliance with paragraph (D) of this Section 20.1 (Termination Assistance Services) and within the Termination Assistance Period.

(B) Provider will update each Disengagement Plan if required during the Termination Assistance Period for any Changes to the Services under the applicable Statement of Work and submit such updates to Customer in writing for approval. Upon Customer approval, such updates will be incorporated into the applicable Disengagement Plan.

(C) Upon the expiration or termination of a Statement of Work or the insourcing or resourcing of any portion of the Services hereunder, Provider will provide Termination Assistance Services in accordance with the Disengagement Plan at Customer’s request. Termination Assistance Services constituting continuation of Services will be performed at the Fees then applicable under a Statement of Work. Other Termination Assistance Services will be provided at the applicable Fees set forth in a Statement of Work, except to the extent that Provider Staff then providing the Services and other resources included in the Fees paid under the preceding sentence can be used to provide such Termination Assistance Services in compliance with paragraph (D) of this Section 20.1 (Termination Assistance Services).

(D) The quality and level of performance of the Services continued during the Termination Assistance Period will not be degraded as compared to the quality and level of performance of such Services before the Termination Assistance Period. After the expiration of the Termination Assistance Period, Provider will (1) answer questions from Customer regarding the terminated, insourced, or resourced Services on an “as needed” basis at Provider’s billing rates for all levels of Provider Staff (as a rate per day as man day rate) as described in the applicable Disengagement Plan and (2) deliver to Customer any remaining Customer-owned reports, Documentation, materials, Customer Data, Work Product, and Deliverables relating to the terminated, insourced, or resourced Services still in Provider’s possession.

20.2 Exit Rights. On the expiration or termination of each Statement of Work, including the completion of all Termination Assistance Services under the Statement of Work (the “End Date” of the Statement of Work):

(A) The rights granted to Provider and Provider Agents as to that Statement of Work by Section 16.5 (Customer Property) will immediately terminate and Provider will, and will cause Provider Agents, to (1) deliver to Customer, at no cost to Customer, a current copy of all Customer Software used in performing that Statement of Work in the form in use as of the End Date and (2) destroy or permanently erase all other copies in Provider’s or Provider Agents’ possession of all Customer Property used in performing that Statement of Work. Upon Customer’s request, Provider will certify to Customer that all such copies have been destroyed or permanently erased.

Confidential

Page 41 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(B) Provider will deliver to Customer one copy of all Provider Property licensed to Customer under that Statement of Work following such expiration or termination, each in the form in use as of the End Date.

(C) Provider will deliver to Customer copies of all Work Product prepared under that Statement of Work, in the form in use as of the End Date.

20.3 Termination Assistance Upon Insourcing or Resourcing. Where there is an insourcing or resourcing pursuant to Section 3.2 (Non-Exclusivity of Services) or where there is otherwise a partial termination of a Statement of Work, Section 20.2 (Exit Rights) applies only to those resources and other items referred to in Section 20.2 (Exit Rights) that are associated with the Services to be insourced or resourced or partially terminated (“Affected Resources”). As soon as practicable after Customer exercises its rights to insource or resource or partially terminate, Provider will notify Customer if any such Affected Resources are necessary for the provision of the remaining Services and cannot be duplicated, and Customer and Provider will agree on an appropriate allocation of such Affected Resources.

ARTICLE 21. INDEMNITIES.

21.1 Indemnities by Customer. Customer will defend and indemnify Provider against any third party Claims and all Losses payable to such third parties resulting from, arising out of, or relating to any and all such third party Claims:

(A) relating to Customer’s disclosure, misuse, or misappropriation of Provider Confidential Information in violation of Article 17 (Confidentiality and Customer Data);

(B) relating to any amounts assessed against Provider that are the obligation of Customer pursuant to Article 13 (Taxes);

(D) relating to a breach of any of the representations and warranties in Section 18.1(a), (b), (c), and (d) (Representations and Warranties by Customer);

(E) that Customer Property, the Customer Equipment, or any other resources or items provided by Customer to Provider or Provider’s Agents infringe, misappropriate or otherwise violate the Intellectual Property Rights of any third party, provided Customer will not be responsible to the extent such Claims would not have arisen but for (1) use in contravention of the Documentation or license granted to Provider in the Agreement; (2) failure by Provider to use new or corrected versions provided by Customer; (3) Provider’s unauthorized modification of Customer’s non-infringing Customer Property, Customer Equipment, or any other resources or items provided by Customer to Provider or Provider’s Agents; or (4) combination of the Customer Property, Customer Equipment, or any other resources or items provided by Customer to Provider or Provider’s Agents with products or systems other than those provided by, or authorized by, Customer or otherwise contemplated by this Agreement; or

Confidential

Page 42 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(F) relating to death, personal injury, or tangible personal property loss or damage directly resulting from Customer’s or Customer Agents’ acts or omissions.

[***]

21.2 Indemnities by Provider. Provider will defend and indemnify Customer Group against any third-party Claims and all Losses payable to such third parties resulting from, arising out of or relating to, any and all such third party Claims:

(A) that the Services, the Provider Property, the Provider Equipment, any Assigned Rights, or any other resources or items provided to Customer by Provider or Provider Agents infringe, misappropriate or otherwise violate the Intellectual Property Rights or rights of publicity of any third party, provided Provider will not be responsible to the extent such Claims would not have arisen but for (1) use in contravention of the Documentation or license granted to Customer in the Agreement; (2) failure by Customer to use new or corrected versions provided by Provider at no additional cost; (3) Customer’s unauthorized modification of Provider’s non-infringing Services, Provider Property, Provider Equipment, or any other resources or items provided by Provider to Customer or Customer’s Agents; or (4) combination of the Provider Property, Provider Equipment, or any other resources or items provided by Provider to Customer or Customer’s Agents with products or systems other than those provided by, or authorized by, Provider or otherwise contemplated by this Agreement;

(B) relating to any duties or obligations of Provider or Provider Agents owed to a third party, including another Provider Agent, under a contract with such third party;

(D) relating to a breach of the representations or warranties made by Provider under the following subsections of Section 18.2 (Representations and Warranties by Provider): 18.2(A), 18.2(B), 18.2(C), 18.2(D), 18.2(I), 18.2(J), 18.2(N), or 18.2(O);

(E) relating to any amounts assessed against Customer that are the obligation of Provider or a Provider Agent pursuant to Article 13 (Taxes);

(F) relating to death, personal injury, or tangible personal property loss or damage resulting from Provider’s or a Provider Agent’s acts or omissions;

(G) relating to Provider’s (i) unauthorized disclosure (ii) misuse or (iii) misappropriation of Customer Confidential Information in breach of Provider’s or a Provider Agent’s confidentiality obligations under Article 17 (Confidentiality and Customer Data); or

(H) where Provider Personnel breach a duty of diligence arising under applicable Law which is owed to the third party bringing the Claim and where such Claim alleges Gross Negligence or Willful Misconduct directly or indirectly caused by Provider.

21.3 Provider Obligations Upon Infringement/Misappropriation. If the Services, the Assigned Rights, the Provider Property, the Provider Equipment, or any other resources or items provided to Customer by Provider or

Confidential

Page 43 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

Provider Agents becomes, or in Provider’s reasonable opinion is likely to become, the subject of an infringement or misappropriation claim, in addition to indemnifying Customer in accordance with paragraph (A) of Section 21.2 (Indemnities by Provider) and in addition to Customer’s other rights (including in the case of removal under paragraph (C) of this Section), Provider will promptly take the following actions, at no charge to Customer, in the listed order of priority:

(A) promptly secure the right to continue using the item;

(B) replace or modify the item to avoid the infringement or misappropriation, only if any such replacement or modification does not degrade the performance or quality of the affected component of the Services, and Provider assumes sole responsibility for the cost of any new interfaces or integration work required as a result of the replacement or modification; or

(C) remove the item from the Services, in which case, the Fees will be equitably adjusted to reflect such removal and any reduction in value of the remaining Services caused by the removal.

21.4 Indemnification Procedures. If any third-party Claim is commenced against a Party entitled to indemnification under Section 21.1 (Indemnities by Customer), Section 21.2 (Indemnities by Provider), Section 21.3 (Provider Obligations Upon Infringement/Misappropriation) (the “Indemnified Party”), Schedule 4 (Termination Assistance) or Schedule 8 (Employment Matters), the Indemnified Party will provide the Party that is obligated to provide indemnification (the “Indemnifying Party”) notice as promptly as practicable. The Indemnifying Party will promptly, and in no event less than [***] days before the date on which a response to such Claim is due, assume and diligently pursue the defense and settlement of such Claim, engaging attorneys with appropriate expertise to handle and defend the same, at the Indemnifying Party’s sole cost and expense. The Indemnified Party will cooperate, at the cost of the Indemnifying Party, in all reasonable respects with the Indemnifying Party and its attorneys in the investigation and defense of such Claim and of any appeal arising from the Claim. At its own cost and expense, the Indemnified Party may participate through its attorneys or otherwise in such investigation and defense of such Claim and any appeal arising therefrom. No settlement of a Claim that involves a remedy other than the payment of money by the Indemnifying Party will be entered into without the consent of the Indemnified Party. So long as the Indemnifying Party timely assumes and diligently pursues the defense of any such Claim, the Indemnifying Party will not be liable to the Indemnified Party for any legal expenses incurred thereafter by such Indemnified Party in connection with the defense of that Claim. If the Indemnifying Party fails to timely assume or ceases to diligently pursue such defense, the Indemnified Party may defend or settle the Claim in such manner as it may deem appropriate at the cost of the Indemnifying Party.

ARTICLE 22. DAMAGES.

22.1 Direct Damages Cap. The aggregate liability of a Party to the other Party for all Claims and Losses related to the Agreement, whether based on an action in contract, equity, negligence, tort, or other theory, will not exceed actual direct damages equal to the greater of (a) $[***] or (b) [***] charges paid or payable under the Agreement; provided that if less than [***] have elapsed since the Steady State Service

Confidential

Page 44 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

Date under all of the Statements of Work executed as of the Effective Date, then [***] times the charges paid or payable for the most recent month under all such Statements of Work.

22.2 Consequential Damages. EXCEPT AS OTHERWISE PROVIDED IN SECTION 22.3 (EXCEPTIONS), NEITHER CUSTOMER NOR PROVIDER WILL BE LIABLE FOR NOR WILL THE MEASURE OF LOSSES UNDER THE AGREEMENT INCLUDE ANY CONSEQUENTIAL, INDIRECT, PUNITIVE, SPECIAL, OR INCIDENTAL LOSSES ARISING OUT OF OR RELATING TO ITS PERFORMANCE OR FAILURE TO PERFORM UNDER THE AGREEMENT, INCLUDING LOST PROFITS, LOST REVENUE, LOST GOODWILL. FOR CLARITY, THIS SECTION DOES NOT PRECLUDE RECOVERY OF AMOUNTS PAYABLE BY A PARTY UNDER ARTICLE 21 (INDEMNITIES), DAMAGES ACKNOWLEDGED TO BE DIRECT DAMAGES IN SECTION 22.4 (ACKNOWLEDGED DIRECT DAMAGES) OR AMOUNTS IDENTIFIED AS PAYABLE UNDER SECTION 22.5 (DATA BREACH DAMAGES).

22.3 Exceptions. THE LIMITATIONS AND EXCLUSION OF LIABILITY SET FORTH IN SECTION 22.1 (DIRECT DAMAGES CAP), SECTION 22.2 (CONSEQUENTIAL DAMAGES) AND SECTION 22.5 (DATA BREACH DAMAGES) DO NOT APPLY TO THE FOLLOWING:

(A) LOSSES ARISING OUT OF OR RELATING TO THE FAILURE OF (1) CUSTOMER TO PAY FEES DUE UNDER THE AGREEMENT OR (2) PROVIDER TO ISSUE CREDITS (INCLUDING PERFORMANCE CREDITS OR DELIVERABLE CREDITS) OR OTHERWISE MAKE PAYMENTS DUE UNDER THE AGREEMENT;

(B) INDEMNIFICATION OBLIGATIONS UNDER ARTICLE 21 (INDEMNITIES), INCLUDING BREACHES OF ARTICLE 21 (INDEMNITIES);

(C) LOSSES ARISING OUT OF OR RELATING TO EITHER PARTY’S DISCLOSURE, MISUSE, OR MISAPPROPRIATION OF THE OTHER PARTY’S CONFIDENTIAL INFORMATION IN BREACH OF ARTICLE 17 (CONFIDENTIALITY AND CUSTOMER DATA);

(D) LOSSES ARISING OUT OF OR RELATING TO PERSONAL INJURY OR DEATH OR DAMAGES TO TANGIBLE PERSONAL PROPERTY;

(E) LOSSES ARISING OUT OF OR RELATING TO A PARTY’S INFRINGEMENT, MISUSE OR MISAPPROPRIATION OF THE OTHER PARTY’S INTELLECTUAL PROPERTY RIGHTS;

(F) LOSSES ARISING OUT OF OR RELATING TO EITHER PARTY’S GROSS NEGLIGENCE, FOR WHICH JUNIPER WILL BE ENTITLED TO RECOVER UNCAPPED DIRECT AND CONSEQUENTIAL DAMAGES OTHER THAN LOST PROFIT, LOST REVENUE, LOST GOODWILL, AND LOST MARKET CAP;

(G) LOSSES ARISING OUT OF OR RELATING TO EITHER PARTY’S WILLFUL MISCONDUCT, FOR WHICH JUNIPER WILL BE ENTITLED TO RECOVER UNCAPPED DIRECT AND CONSEQUENTIAL DAMAGES OTHER THAN LOST PROFIT, LOST REVENUE, LOST GOODWILL, AND LOST MARKET CAP;

Confidential

Page 45 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(H) WITH RESPECT TO PROVIDER, REGULATORY FINES ARISING OUT OF OR RELATING TO PROVIDER’S FAILURE TO COMPLY WITH PROVIDER LAW (OTHER THAN FAILURES CAUSED BY CUSTOMER’S FAILURE TO COMPLY WITH CUSTOMER LAW), INCLUDING (i) LOSSES AND REGULATORY FINES ARISING UNDER ARTICLE 83 OF GDPR OR (ii) TO THE EXTENT PROVIDER’S FAILURE TO COMPLY WITH PROVIDER LAW CAUSED CUSTOMER’S FAILURE TO COMPLY WITH CUSTOMER LAW;

(I) WITH RESPECT TO CUSTOMER, REGULATORY FINES ARISING OUT OF OR RELATING TO CUSTOMER’S FAILURE TO COMPLY WITH CUSTOMER LAW (OTHER THAN FAILURES CAUSED BY PROVIDER’S FAILURE TO COMPLY WITH PROVIDER LAW), INCLUDING (i) LOSSES AND REGULATORY FINES ARISING UNDER ARTICLE 83 OF GDPR OR (ii) TO THE EXTENT CUSTOMER’S FAILURE TO COMPLY WITH CUSTOMER LAW CAUSED PROVIDER’S FAILURE TO COMPLY WITH PROVIDER LAW; AND

(J) LOSSES ARISING OUT OF PROVIDER’S ABANDONMENT, FOR WHICH JUNIPER WILL BE ENTITLED TO RECOVER UNCAPPED DIRECT AND CONSEQUENTIAL DAMAGES OTHER THAN LOST PROFIT, LOST REVENUE, LOST GOODWILL, AND LOST MARKET CAP.

22.4 Acknowledged Direct Damages. The following, without limitation, will be considered direct damages and neither Party will assert that they are indirect, incidental, collateral, consequential or special damages to the extent they result from either Party’s failure to perform in accordance with the Agreement and are subject to the claiming Party’s duty to mitigate its damages:

(A) Overtime, straight time and direct expenses (including travel, lodging, and subsistence) incurred by Customer Personnel to remediate Provider’s failure to provide the Services in accordance with the requirements of the applicable SOW);

(B) Cover damages, including the costs and expenses incurred to procure the Services, Deliverables, or corrected Services or Deliverables from an alternate source on substantially similar terms and conditions, to the extent such costs are in excess of the applicable Fees;

(D) Costs of replacing commercially available software; and

(E) Overtime, straight time and direct expenses incurred by Customer to reload lost or corrupted data onto Customer Systems from available backup and archival media.

The absence of a Loss listed in this Section 22.4 (Acknowledged Direct Damages) will not be construed or interpreted as an agreement to exclude it as a direct damage under the Agreement. For purposes of this Article 22 (Damages), the Parties agree that for purposes of determining liability “Party” includes such Party’s Affiliates, and its and their officers, directors, employees, agents, contractors, and Authorized Representatives.

Confidential

Page 46 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

22.5 Data Breach Damages. Subject to the terms of this Section 22.5 (Data Breach Damages), the limitations set forth in Section 22.1 (Direct Damages Cap) do not apply to (a) Losses arising out of or relating to breach by Provider of any of its data privacy or security obligations under this Agreement (including or an applicable SOW), or any (b) breach by Provider of any of its obligations under this Agreement, including an applicable SOW, and such breach results in a Security Incident; provided that Provider’s aggregate liability for all Claims and Losses under subsections (a) and (b) will not exceed [***]. Losses recoverable pursuant to this Section 22.5 (Data Breach Damages) include:

(A) the cost of providing notices required by applicable Law, recommended in writing by a Governmental Authority (including guidance from such Governmental Authority) or otherwise deemed necessary by Governmental Authorities and other entities with regulatory authority in connection with the data subject affected by a Security Incident or pursuant to Customer Policies, as determined by its Chief Privacy Officer or an equivalent senior executive;

(B) the cost of additional call center operations for responding to customer inquiries, including employee overtime and out-of-pocket employee expenses related to such overtime actually incurred, in connection with a Security Incident;

(C) the cost of two (2) years’ (or other period as is then-currently customary in the industry, required by applicable Law or recommended by a Governmental Authority) of credit monitoring or protection services for the data subject to affected by a Security Incident;

(D) all amounts that Customer or its Affiliates is obligated to pay to Persons under applicable Law, under contract (except for indirect or consequential damages under such contract), or in connection with (1) a settlement with or a judgment, order, or decree of any court or (2) a settlement with or a judgment, order, decree, or recommendation issued by a Governmental Authority in connection with a Security Incident or a compliance breach, provided in each case Provider will approve the amounts of settlements in advance, which approval will not unreasonably withheld, conditioned or delayed;

(E) reasonable costs and expenses associated with forensic and remediation services provided by the forensics analysts or other third-party security consultants performed in connection with an Security Incident;

(F) Losses paid to third parties due to personal data breach as defined in Art. 4(12) GDPR or as defined under any other equivalent data protection Laws; and

(G) all other costs expressly set out in this Agreement that Provider is required to pay or reimburse Customer or its Affiliates as part of Security Incident under this section.

For clarity, in no event will such Losses include lost profits, lost revenue, a decrease in market capitalization, or loss of goodwill; provided, however, that Provider will not assert that the Losses in this Section 22.5 (Data Breach Damages) are indirect, incidental, collateral, consequential or special damages.

22.6 Collective Caps22.7 . Cap amounts are not intended to be additive or allow recovery under multiple caps for the same breach or event; however, for a breach or event that may be characterized under two or more

Confidential

Page 47 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

types of claims under this Agreement, the type of claim that allows for the highest amount recoverable will control and be available to the claiming Party.

ARTICLE 23. INSURANCE.

23.1 Insurance. Provider will obtain and maintain at Provider’s expense, the following insurance coverage, which must be placed with reputable insurance carriers eligible to do business in the state or country where work is performed and having a financial strength rating of A- or better and a financial size category of VII or better:


(A)	Workers’ compensation insurance in accordance with all federal, state and local requirements, and such policy to include an alternate employer endorsement;


(B)	Employer’s liability insurance with minimum limits of $[*] per accident for bodily injury by accident; $[] policy limit by disease; and $[**] for bodily injury by disease, each employee, and such policies to include alternate employer endorsements;


(C)	Commercial general liability or CGL insurance with minimum limits of $[*] per occurrence, $[] aggregate for products and completed operations, $[] for advertising and personal injury, and $[*] for general aggregate;


(D)	Automobile liability insurance covering use of all owned, non-owned and hired automobiles with bodily injury & property damage coverage with minimum limits of $[***];


(E)	Umbrella Liability insurance with minimum limits of $[***] and with terms and conditions at least as broad as the underlying insurance policies, with respect to general liability, automobile liability and employers’ liability;


(F)	Professional liability insurance (errors and omissions) with the minimum limit of $[***] for each occurrence;


(G)	Crime insurance with the minimum limit of $[***] for each loss; and

(H)

Cyber liability insurance, including network business interruption, data protection, information security, or privacy breach, (including coverage for events arising from ransomware, extortion, business email compromise, general fraud and EU General Data Protection Regulation requirements), which may be included as part of Provider’s professional errors and omissions liability policy with minimum limits of $[***] for each occurrence.

Any insurance limits in (B) – (H) of this schedule do not limit Provider’s liability or indemnification obligations set forth in the Agreement. For avoidance of doubt, Provider may be liable for Losses in excess of an insurance limit.

23.2 Period of Insurance. Provider will take out and maintain the insurance policies referred to in Section 23.1 (Insurance) for the following periods:

(A) for the Term, in the case of insurance policies that are on an “occurrence” basis (that is, policies that cover any liability arising during the term of the policy); and

Confidential

Page 48 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(B) for the Term and [***] years thereafter, in the case of insurance policies that are on a “claims made” basis (that is, policies that cover claims made during the term of the policy) as long as such coverage remains available in the marketplace.

23.3 Insurance Documentation. Provider will not begin performing the Services until it has obtained all the insurance coverage required under Section 23.1 (Insurance) and furnished satisfactory certificates of insurance to Customer. No later than ten (10) days prior to the expiration dates shown on such certificates of insurance, Provider will provide certificates to Customer evidencing that the insurance required by the Agreement will remain in effect after the expiration dates listed in the initial certificates. Provider will also furnish to Customer certificates of insurance or other appropriate Documentation naming Customer as an additional insured on all policies listed in paragraphs (C) and (D) of Section 23.1 (Insurance) for liabilities assumed in the Agreement. Customer will be named a loss payee for employers’ liability and crime insurance. Any cancellation or material alteration of coverage will not relieve Provider of its continuing obligation to maintain insurance coverage in accordance with this Article 23 (Insurance), and notice of such cancellation or material alteration of coverage will be provided to Customer [***] days prior to cancellation or material alteration of coverage. Provider will secure a waiver of subrogation in favor of Customer and Customer Agents from the company carrying the insurance specified in paragraphs (C) and (D) of Section 23.1 (Insurance), and the required certificates of insurance will indicate that waiver of subrogation. Provider will ensure that Provider Agents used in the performance of the Services will maintain insurance coverages of the types and in the amounts customary for businesses of similar size and in accordance with industry practice appropriate for the services provided or work being performed by such Provider Agents. Provider’s insurance specified in paragraphs (C) and (D) of Section 23.1 (Insurance) will be primary and Customer’s insurance will be non-contributory with respect thereto. All deductibles, self-insured retentions and self-insurance carried by Provider under its insurance program are the sole responsibility of Provider and will not be borne by Customer.

ARTICLE 24. COMPLIANCE WITH LAWS.

24.1 Compliance. Each Party will perform its obligations under the Agreement in a manner that complies with all Laws that apply to that Party’s business. Without limiting the foregoing, Provider will comply with Laws that apply to Provider in addition to Laws that apply to Provider’s performance of the Services including Laws requiring the procurement of inspections, certificates, and approvals needed to perform the Services; Laws regarding healthcare, workplace safety, insurance, data protection, and privacy; import and export Laws; and the U.S. Foreign Corrupt Practices Act and similar anti-corruption Laws in non-U.S. jurisdictions (collectively, “Provider Laws”).

24.2 Changes in Law. Provider and Customer will work together to identify the effect of changes in Laws on the provision and receipt of the Services and will promptly discuss the Changes to the Services, if any, required to comply with all Laws.

(A) If a change to the Services is required for Provider to comply with a change in Provider Laws, the change will be implemented at Provider’s sole expense and will not impact the Fees paid by Customer under the Agreement.

Confidential

Page 49 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(B) If a change to the Services is required for Provider to comply with a change in any Laws other than Provider Laws and Provider can reasonably demonstrate that the change will materially increase Provider’s costs, Customer will by written notice to Provider either:

(1) direct Provider to implement the required change to the Services, in which case Customer will pay any additional Fees that may be determined to be payable under the Change Control Procedure, or

(2) if such a change in Laws will cause an increase in the annual Fees payable under the affected Statement of Work by more than [***] percent ([***]%), then Customer will have the option to terminate the portion of the Services affected by the change in Law subject only to Customer’s payment of any applicable Termination Charge Amounts set out in the Fees Exhibit to a Statement of Work in an amount proportionate to the Services terminated.

24.3 Ethical Practices.

(A) Provider acknowledges that certain Laws of the United States (including the Foreign Corrupt Practices Act (“FCPA”)), Laws of other countries (including the UK Bribery Act 2010), anti-corruption Laws of local jurisdictions and any Laws intended to implement the OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, signed in Paris on December 17, 1997 (“OECD Convention”) (collectively, “Anti-Corruption Laws”) may result in the imposition of sanctions on Customer or a member of Customer Group in the event that, directly or indirectly, offers, promises, or payments are made to a Public Official for the purpose of influencing actions favorable to Customer. Therefore, in carrying out Provider responsibilities and obligations under the Agreement, Provider, Provider Agents, and Provider Staff, and any and all principals, owners, officers, and directors of Provider and Provider Agents, will not, directly or indirectly: (1) pay, offer or promise to pay, or authorize the payment of, any monies or anything of value to any Public Official for the purpose of inducing action or non-action or influencing action by the Public Official, or securing an improper advantage, to assist in obtaining or retaining business for or with, or directing business to, any Person; or (2) pay, offer or promise to pay, or authorize the payment of, any monies or anything of value to any Person if the payer, offeror, or promisor knows or has reason to know that any part of what has been or is to be paid will be paid, offered, or promised to a Public Official for the purpose of inducing action or non-action or influencing action by the Public Official, or securing an improper advantage, to assist in obtaining or retaining business for or with, or directing business to, any Person.

(B) Provider will forego all corrupt activity and other unethical practices, including activity forbidden by Anti-Corruption Laws. In no event will either Party be obligated under the Agreement to take any action or omit to take any action that such Party believes, in good faith, would cause it to be in violation of any applicable Law, including any Anti-Corruption Law. Customer does not make any special payments (e.g., bribes) whatsoever, in cash or in kind, either directly or indirectly to any Person with a view to influencing the decision of such Person in order to obtain any improper benefit or advantage whatsoever.

(C) Provider will ensure that all documents, books, and records, including invoices, vouchers, financial settlements, billings, and reports submitted by Provider to Customer accurately reflect the facts about the activities and transactions to which they pertain, and Provider represents that with respect to any further recording or reporting made by Provider for whatever purpose, Customer may rely upon all such documents, books, and records and the data therein as being complete and accurate.

Confidential

Page 50 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(D) Provider will furnish to Customer, by affidavit or other reasonable means from time to time at Customer’s request, and to the reasonable satisfaction of Customer, assurances that the appointment of Provider hereunder, its activities under the Agreement, and the payment to Provider of any monies or consideration contemplated hereunder are proper and lawful under applicable Laws, including Anti-Corruption Laws. Provider further represents no part of any monies or consideration paid hereunder will accrue for the benefit of any such Public Official. Provider will conduct at least annual anti-corruption training for all Provider Staff. Provider also will make all Provider Staff conducting activities on behalf of Customer available for compliance training as requested by Customer.

(E) Provider will not engage in any Modern Slavery Practice. Provider will (1) conduct proper and detailed checks on any Person used by Provider to provide Provider Staff to perform tasks for Provider (in each case, whether on a permanent or temporary basis) to ensure that any such Person does not engage in any Modern Slavery Practice or other abuse of human rights and (2) provide Customer at Provider’s cost and expense with such reasonable assistance and information as it may require from time to time to enable Customer to (a) perform any activity required by any Governmental Authority in the relevant jurisdiction for the purpose of compliance with any applicable Anti-Slavery Laws or as required by Customer; (b) prepare a slavery and human trafficking statement as required by Section 54 Modern Slavery Act and to include the matters referred to in Section 54(5) of that Act; (c) comply with any requirement to report on respect for human rights or to enable Customer to demonstrate compliance with any human rights code or policy to which it adheres or which applies to it; (d) identify any violation or non-compliance with Anti-Slavery Laws or Customer Policies relating thereto; and (e) conduct due diligence and to measure the effectiveness of the steps Customer is taking or wishes to take to ensure that Modern Slavery Practices or abuses of human rights are not taking place.

(F) Provider will promptly report to Customer any potential violations of this Section 24.3 (Ethical Practices) or non-compliance with Anti-Corruption Laws or Anti-Slavery Laws or Customer Policies relating to such Laws or otherwise to Provider’s performance under this Agreement, including, in the case of Anti-Corruption Law compliance, notifying Customer of (1) any request or demand for any financial or other advantage received by it, its Provider Agents or Provider Staff; and (2) any financial or other advantage it, its contractors or Provider Staff give or intends to give, in each case, whether directly or indirectly, in connection with the Agreement.

(G) In the event that Customer reasonably believes that a breach of any of the representations and warranties of this Section 24.3 (Ethical Practices) has occurred Customer may terminate this MSA or any SOW, in each case, in whole or in part, upon written notice to Provider, for material breach, if uncured by the end of the Default Cure Period (or immediately if such breach is not capable of being cured), effective immediately, without further opportunity to cure and without further obligation or liability to Provider.

24.4 Export Control.

(A) Provider and Provider’s performance of and actions in connection with the Agreement, will comply with all export controls, economic sanctions, customs rules, and requirements relating to unauthorized boycotts (“Trade Controls”), including obtaining all approvals, consents, licenses, and/or permits required for any export, import, and/or use of a good, service, software, or controlled technology by Provider, its Affiliates, or any Provider Agent (each, an “Item”). Similarly, in its receipt of the Services, Customer will comply with all Trade Controls. Without limitation, Provider will not, directly or indirectly, sell, provide access to, export, re-export, transfer, divert, loan, lease, cosign, or otherwise dispose of any Item (in whole or in part) to or via, or otherwise have any direct or indirect dealings under the Agreement involving: (1) any Person on a list of Persons who have been sanctioned by governmental authorities of the United States, Canada, the EU, or any government with jurisdiction over Provider or any Person otherwise subject

Confidential

Page 51 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

to export control restrictions of any such authority; (2) any (a) individual who is a citizen or resident of or (b) entity organized, registered, headquartered, or operating in, or owned or controlled by, a citizen or resident of any of the following jurisdictions: Crimea, Cuba, Iran, Syria, and North Korea; or (3) any Person or destination, or for any activity or end-use restricted by any applicable Laws (including those applicable to money laundering activities), in the case of each of the foregoing, without first obtaining all required Customer and Government Authorizations. Without limiting the foregoing, Provider will ensure that no Provider Staff performing the Services or supporting Provider activities under the Agreement, regardless of their location, are encompassed by any of (1) through (3) above. Should Provider become aware of any activity associated with the Agreement that involves or is related to Crimea, Cuba, Iran, Syria, or North Korea, or any other violation of the foregoing requirements, it will notify Customer immediately.

(B) Transfers and other actions relating to certain software (source code and object code), controlled technology, or both and that are in performance of otherwise connected to the Agreement may be subject to export controls (such as Export Administration Regulations (“EAR”)) under applicable Laws of the United States and the export or import control applicable Laws of other countries. In the event Provider becomes aware or reasonably should be aware that an export or import license is required for the export, import, or use of any Item in performance of or in connection with the Agreement, Provider will promptly notify Company. Each Party will cooperate with the other in making the appropriate filings and obtaining any licenses required for the export, import, or use of such software, controlled technology or both with the U.S. Bureau of Industry and Security or the U.S. Department of State and any cognizant foreign authority; and provide any information, certificates, or documents reasonably requested by the other Party as are required to comply with such applicable Laws. If and to the extent Provider is expressly permitted by Customer under the Agreement to send, receive or store data, Provider will meet the technical requirements for Processing controlled information in a cloud service of the EAR or any other applicable Law, including, as required, using end-to-end NIST FIPS 140-2 validated encryption (and ensuring that Provider or any third party does not have the ability to decrypt the information), or any ITAR requirements. Each Party will be solely responsible for all of its costs associated with such compliance.

(C) In the event that Customer has reason to believe that a breach of any of the representations and warranties of this Section 24.4 (Export Control) has occurred or a concrete indication that any such breach will occur, may terminate this MSA or any SOW, in each case, in whole or in part, upon written notice to Provider, for any material breach in accordance with Section 19.4 (Termination by Customer for Cause), without further opportunity to cure and without further obligation or liability to Provider.

24.5 Regulatory Fines. If a Governmental Authority notifies either Party that a Party is not in compliance with any applicable Laws, the Party notified by the Governmental Authority will promptly notify the other Party of the same in writing. Provider is responsible for any Regulatory Fines incurred by Customer arising from Provider’s noncompliance with Provider Laws. Customer is responsible for any Regulatory Fines incurred by Provider arising from Customer’s noncompliance with Customer Laws.

Confidential

Page 52 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

ARTICLE 25. MISCELLANEOUS PROVISIONS.

25.1 Assignment. Neither Party will assign the Agreement or otherwise transfer its rights or obligations under the Agreement, without the prior written consent of an Authorized Representative of the other Party, except that (A) Provider may assign the right to be paid to a third party without Customer’s consent; provided that no such assignee will be a third-party beneficiary or have any rights to collect under this Agreement and any disputes or other dealings related to payments or otherwise related to the Agreement will remain between Customer and Provider, and (B) Customer may assign or otherwise transfer its rights and obligations under the Agreement to its Affiliates, including to any successor by merger, or to any entity that acquires all of substantially all of Customer’s assets or business without the prior written consent of Provider. For purposes of this Section 25.1 (Assignment), a Change in Control of Provider will be deemed an assignment requiring the prior written consent of Customer. The consent of a Party to any assignment of the Agreement does not constitute such Party’s consent to further assignment. The Agreement is binding on the Parties and their successors and permitted assigns. Any assignment in contravention of this subsection is void.

25.2 Notices. Except as otherwise specified in the Agreement, all notices, requests, consents, approvals, agreements, authorizations, acknowledgements, waivers, and other communications required under the Agreement will be in writing addressed to the individual listed below must be (A) delivered in person, (B) sent by registered or certified mail, or (C) sent by overnight air courier, in each case properly posted and fully prepaid to the appropriate address set forth below.



In the case of Customer:	1133 Innovation Way Sunnyvale, California 94089 Attn: Chief Information Officer

In the case of Provider:	One North Castle Drive
	Armonk, New York 10504

	Attn: General Manager, Global Technology Services (North America)

Either Party may change its address for notification purposes by giving the other Party ten (10) days’ written notice of the new address and the date on which it will become effective. Notices will be considered to have been given (A) at the time of actual delivery in person, (B) three (3) Business Days after deposit in the mail as set forth above, or (C) one (1) day after delivery to an overnight air courier service.

25.3 Counterparts. The Agreement may be executed in any number of counterparts, each of which is deemed an original, but all of which taken together constitute one single agreement between the Parties.

Confidential

Page 53 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

25.4 Relationship. The Parties intend to create an independent contractor relationship, and nothing contained in the Agreement will be construed to make the Parties partners or joint venturers, or principals, agents, or employees of each other. Provider is solely liable for all costs and obligations incurred by Provider payable to third parties in connection with Services rendered by Provider hereunder. Neither Party has any right, power, or authority, express or implied, to bind the other. Actual direction and control of the personnel actions and the terms and conditions of employment between Provider and its employees or agents will at all times be Provider’s responsibility. Customer is not responsible, and Provider will remain solely responsible for, all personnel actions affecting Provider’s employees and agents, including the withholding of and remittance to the proper authorities of employment taxes and other payroll deductions.

25.5 Consents, Approvals and Requests. Except for consents, approvals, or requests that the Agreement expressly provides are in a Party’s sole discretion, (A) all consents and approvals to be given by either Party under the Agreement will be in writing and will not be unreasonably withheld or delayed and (B) each Party will make only reasonable requests under the Agreement. However, where the Agreement does not expressly require a Party’s consent or approval (e.g., a right to terminate), this provision will not be construed as requiring such consent or approval or as limiting a Party’s discretion to exercise any right in equity, at Law, or under agreement.

25.6 Waivers. No delay or omission by either Party to exercise any right or power it has under the Agreement will impair or be construed as a waiver of such right or power. A waiver by any Party of any breach or covenant will not be construed to be a waiver of any succeeding breach or other covenant. All waivers must be signed by a duly Authorized Representative of the Party waiving its rights.

25.7 Remedies Cumulative. No right or remedy herein conferred on or reserved to either Party is intended to be exclusive of any other right or remedy, and each and every right and remedy is cumulative and in addition to any other right or remedy in equity, at Law, or under contract, whether now or hereafter existing.

25.8 Amendments. No amendment or waiver of any provision of the Agreement and no addition of provisions to the Agreement are valid unless executed by the duly Authorized Representatives of both Parties. Neither the course of dealings between the Parties nor any trade practices will act to modify, vary, supplement, explain, or amend the Agreement.

25.9 Survival. Any provision of this Agreement that contemplates or governs performance or observance subsequent to termination or expiration of this Agreement will survive the expiration or termination of this Agreement for any reason and remain in effect until fulfilled and apply to respective successors and permitted assigns. Further, expiration or termination of this Agreement will not affect the rights and/or obligations of the Parties that arose prior thereto (unless otherwise provided herein) and such rights and/or obligations will survive any such expiration or termination. Except as otherwise specifically set forth in this Agreement, the Parties’ obligations under Article 1 (Definitions and Interpretation), Article 4 (Transition), Article 5 (Transformation), Article 6 (Human Resources), Section 9.7 (Services to Customer Competitors), Article 10 (Continued Provision of Services), Section 12.3 (Disputed Fees and Right to Offset), Article 13 (Taxes), Section 14.2 (Fees Audits) (for a period of 18 months), Section 14.3 (Audits Required by Governmental Authorities), Section 14.5 (Record Retention), Section 14.6 (Facilities), Section 14.7 (Response), Article 16 (Intellectual Property Rights), Article 17 (Confidentiality and Customer Data), Article 18 (Representations and Warranties), Article 19 (Termination), Article 20 (Termination Assistance), Article 21

Confidential

Page 54 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

(Indemnities), Article 22 (Damages), Article 23 (Insurance), Article 25 (Miscellaneous Provisions), and Article 26 (Construction) will survive the expiration or termination of the Agreement.

25.10 Third-Party Beneficiaries. Except as expressly provided in the Agreement, neither Party intends the Agreement to benefit or create any right or cause of action in or on behalf of any Person or entity other than the Parties, unless specifically stated in the Agreement.

25.11 Covenant of Further Assurances. The Parties will without any additional consideration execute and deliver any further legal instruments and perform any acts that are or may become necessary to effectuate the purposes of the Agreement.

25.12 Conflict of Interest. Provider will not pay any salaries, commissions, or fees to any Customer Agent or to any designee of such Customer Agent, or make any payments or rebates to any Customer Agent or to any designee of such Customer Agent, or favor any Customer Agent or any designee of such Customer Agent with gifts or entertainment of significant cost or value or with services or goods sold at less than full market value. Provider’s obligation to Customer under this Section 25.12 (Conflict of Interest) is also binding on Provider Agents.

25.13 Publicity, Branding and Co-Branding. Provider will not use Customer’s or any of its Affiliates’ names, logos, proprietary indicia, service marks, trade names, or trademarks or refer to Customer or any of its Affiliates in any media release, listing on a website or social media platform, presentation, public announcement, advertising and marketing materials, customer lists, testimonials, business presentations, or public disclosure relating to the Agreement, its subject matter, or any part thereof without the prior written consent of Customer, which may be granted, withheld or conditioned in Customer’s sole discretion.

25.14 Equitable Relief. If Provider breaches or attempts or threatens to breach its obligations related to confidentiality, intellectual property ownership, data security, or the provision of Termination Assistance Services, Customer will be entitled, without the need to post bond or prove damages, to proceed directly to court for the entry of an appropriate order compelling performance by Provider and restraining it from any further breaches or attempted or threatened breaches.

ARTICLE 26. CONSTRUCTION.

26.1 Severability. If any provision of the Agreement is held by a court of competent jurisdiction to be contrary to Law, then the remaining provisions of the Agreement remain in effect, as long as such remaining provisions are capable of substantial performance.

26.2 Sole and Exclusive Venue. Each Party irrevocably agrees to bring any legal action, suit, or other proceeding in any way arising out of the Agreement solely and exclusively in the State of New York and each Party irrevocably accepts and submits to the sole and exclusive jurisdiction of such court in personam, generally and unconditionally with respect to any action, suit, or proceeding brought by it or against it by the other Party. Each Party further irrevocably consents to the service of process from such court by registered or certified mail, postage prepaid, to such Party at its address designated pursuant to Section 25.2 (Notices) of this MSA.

Confidential

Page 55 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

26.3 Section 365(n). All rights and licenses granted under or pursuant to the Agreement by Provider to Customer Group are and will otherwise be deemed to be for purposes of Section 365(n) of Title 11 of the United States Code, as amended from time to time (the “Bankruptcy Code”), licenses to rights to “intellectual property” as defined under the Bankruptcy Code. Customer Group, as licensee of such rights under the Agreement, retains and may fully exercise all of its rights and remedies available to it under the Bankruptcy Code including Section 365(n) thereof.

26.4 Governing Law. The Agreement and the rights and obligations of the Parties under the Agreement are governed by and will be construed in accordance with the Laws of the State of New York, without giving effect to the principles thereof relating to the conflicts of Laws. Except to the extent expressly required by Law, neither the United Nations Convention on Contracts for the International Sale of Goods 1980 nor any international and domestic legislation implementing such Convention applies to the Agreement. The Parties’ rights and obligations under the Agreement are solely and exclusively as set forth in the Agreement; and the Uniform Computer Information Transactions Act (“UCITA”), whether enacted in whole or in part by any state or applicable jurisdiction, regardless of how codified, does not apply to the Agreement and is hereby disclaimed. The Parties will amend the Agreement as may be necessary to comply with any mandatory disclaimer language required by UCITA in any applicable jurisdiction.

26.5 Continued Performance. Provider will continue performing its obligations while a dispute is being resolved except to the extent the issue in dispute precludes performance (disputes regarding Fees will not be deemed to preclude performance). If there is a breach of this obligation, Customer will be entitled to obtain injunctive relief, without the need to post bond or prove damages.

26.6 Duly Authorized. Each Party warrants and represents that the person whose signature appears below as signatory for it has been and is on the Effective Date hereof duly authorized by all necessary and appropriate action to execute this Agreement.

26.7 Entire Agreement. This Agreement constitutes the entire understanding of the Parties with respect to its subject matter and supersedes all prior or contemporaneous written and oral agreements with respect to its subject matter. Except as provided expressly herein, this Agreement will not be modified, amended, or in any way altered except by a writing executed by both of the Parties (including by such means as set forth in Section 25.3 (Counterparts)). The Parties agree that this Agreement will not be supplemented, amended, or otherwise modified by any acknowledgement, invoice, provision, of or use of any website or software operated by or for, or provided by, Provider or otherwise by any electronic or online agreement regardless of its terms. No waiver of, breach of, or default under, any provision of this Agreement, or of any rights or obligations of any Party hereunder, (A) will be effective unless in writing and signed by the Party waiving compliance (including by such means as set forth in Section 25.3 (Counterparts)) or (B) will be deemed a waiver of any other provision, or of any subsequent breach or default of the same provision hereof.

[Signature Page to Follow]

Confidential

Page 56 of 66

Juniper – IBM, MSA, dated 12-31-2018

MA-IB-00136-2018

Confidential Treatment Requested by Juniper Networks, Inc.

IN WITNESS WHEREOF, each of the Parties has caused this Master Services Agreement including all Schedules hereto to be signed and delivered by its duly authorized representatives and, in the case of Customer, the Authorized Representative of Customer, making this Agreement effective as of the Effective Date set forth above.



	Juniper Networks, Inc.
	By: ______________________________
	Name: Brian M. Martin
	Title: SVP, General Counsel and Secretary
	Date: ____________________________




	International Business Machines Corp.
	By: ______________________________
	Name: ___________________________
	Title: _____________________________
	Date: ____________________________

MA-IB-00136-2018

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 1

DEFINITIONS

Capitalized terms used in the Agreement have the meanings set forth in this Schedule 1 or as otherwise defined in the context of the provision. Capitalized terms, acronyms, and phrases used in the outsourcing and professional services industry or other pertinent business context that are not defined will be interpreted in accordance with their then-generally understood meaning. Unless otherwise specified, all article and section references in this Schedule 1 refer to sections of the MSA.

“Abandonment” means the intentional refusal by Provider to provide or perform all or substantially all of the Services (including the Termination Assistance Services) in breach of Provider’s obligations under the Agreement.

“Acceptance Testing” is defined in Section 3.21 (Acceptance Testing).

“Acquired Entity” is defined in Section 3.5 (Changes to Customer Group).

“Affected Employee(s)” means, for each Statement of Work, the Customer employees (if any) that will be employed by Provider after the SOW Effective Date as identified in that Statement of Work.

“Affected Resources” is defined in Section 20.3 (Termination Assistance upon Insourcing or Resourcing).

“Affiliate” means business entities, which by means of ownership greater than fifty percent (50%) of the voting interest or by contract or otherwise, directly or indirectly control, are controlled by, or are under common control with a Party of the Agreement.

“Agreement” means (A) this Master Services Agreement between Customer and Provider, including the Schedules hereto and their Exhibits, and all Statements of Work thereto and their Exhibits, and (B) all Local Service Agreements, including Schedules thereto and their Exhibits, and all Statements of Work and their Exhibits, if any, each as may be amended from time to time.

“Anti-Corruption Laws” is defined in Section 24.3 (Ethical Practices).

“Assigned Rights” means, excluding any underlying Provider Background Intellectual Property with respect thereto, any and all (A) Work Product, including any and all Intellectual Property Rights and other proprietary rights in, to, and under such Work Product and (B) other Intellectual Property Rights, and any and all Improvements thereto, in the case of each of subparagraphs (A) and (B), that relate, at the time of Provider’s, its Provider Agents’ or Provider Staff’s Development to, or result from Customer or its Affiliates, or its or their businesses, Intellectual Property Rights, Customer Property, products, services, data, or projects. In addition, all Improvements of Customer Property will be deemed Assigned Rights.

“Authorized Representative” subject to Section 26.6 (Duly Authorized) means the individual for each Party providing any and all authorizations required under the Agreement, and restricted to: (A) in the case of Customer, its Chief Information Officer, Vendor Management Officer, or the Project Management Officer, or levels above, as may be specifically identified by Customer from time to time; and (B) in the case of Provider, its Client Partner Executive or levels above, as may be specifically identified by Provider from time to time.

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

“Authorized User” means any person who is determined by Customer to be authorized to have access to any of the Services.

“Bankruptcy Code” is defined in Section 26.3 (Section 365(n)).

“Benchmarked Services” is defined in Section 12.6(A) (Benchmarking Arrangement).

“Benchmarking” is defined in Section 12.6 (Benchmarking Arrangement).

“Benchmarking Consultant” is defined in Section 12.6 (Benchmarking Arrangement).

“Business Day” means any day other than a Saturday, Sunday, or other day on which banking institutions in New York City, New York, are authorized or obligated by Law or executive order to close.

“Change(s)” means any change or modification to the Services or Deliverables or the Agreement, or any part thereof, including changes or modifications to any applicable Statement of Work and Operational Changes.

“Change Control Procedures” means the written description of the change control procedures applicable to any and all changes under the Agreement and contained in Schedule 6 (Change Control Procedures).

“Change in Control” means a sale or transfer, whether actual or beneficial, of greater than fifty percent (50%) of the voting securities of a Party, sale of all or substantially all of the assets of a Party, licensing of all or substantially all of the Intellectual Property Rights of a Party or any similar undertaking, whether in one transaction or a series of related transactions and whether to one person or entity or a group of related persons or entities.

“Claim” any and all, whether actual or threatened or proven or not, actions, audits, arbitrations, assertions, suits, mediations, litigations, proceedings, examinations, hearings, inquiries, investigations, charges, complaints, claims (including counter or cross-claims), or demands by whosoever asserted.

“Comparators” means entities that are customers of other top tier well managed service providers providing similar services in similar circumstances.

“Completion Criteria” is defined in Section 3.24 (Final Acceptance).

“Conditional Acceptance” is defined in 3.24 (Final Acceptance).

“Confidential Information” of a Party means all information and Documentation of that Party as the disclosing Party, whether disclosed to or accessed by the recipient Party in connection with the Agreement before, on or after the Effective Date, including (A) with respect to Customer, all Customer Data, the Customer Property, the Work Product, the Deliverables, and all information of Customer Group or its or their customers, providers, consultants, advisors, suppliers, contractors, and other third parties doing business with Customer Group, including any and all data and information received, stored, collected, derived, generated, or otherwise obtained or accessed by Provider or any Provider Agents in connection with the Agreement, performance of the Services, or if applicable, accessible through access to any of Customer’s facilities or Customer Systems, including all proprietary information including information associated with system procedures, employment practices, finances, marketing, sales, inventions, business methodologies, trade secrets, copyrightable and patentable subject matter; any system information, including information about system architecture, security controls, functionality, and the other attributes of systems, software, and other computer assets; any Personally Identifiable Information, including employee data, customer information or information provided by third parties, or

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

other regulated information, (B) with respect to Customer and Provider, the terms of the Agreement, and (C) with respect to Provider, the Provider Software; provided that, except to the extent otherwise provided by Law, the term “Confidential Information” does not include information that (1) is independently developed by the recipient Party without using the disclosing Party’s Confidential Information, as demonstrated by the recipient Party’s written records, (2) is or becomes publicly known (other than through unauthorized disclosure by the recipient Party), (3) is already known by the recipient Party at the time of disclosure, as demonstrated by the recipient Party’s written records, other than pursuant to any other agreement between the recipient Party and disclosing Party; or (4) is rightfully received by recipient Party from a third party free of any obligation of confidentiality. The relief from confidentiality obligations provided by clauses (1), (2), (3), and (4) of this definition does not apply to Personally Identifiable Information provided by or accessed from or through any member of Customer Group, disclosure of which is subject at all times to prior written consent from the Data Subject and an Authorized Representative of Customer.

“Consents” means the Customer Consents and the Provider Consents, collectively.

“Contract Year” means each twelve (12)-month period commencing, in the case of the first Contract Year, on January 1, 2019 and thereafter upon the completion of the immediately preceding Contract Year.

“Control” means, with respect to any entity, the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of such entity, whether through the ownership of voting securities or other ownership interest, by contract or otherwise.

“Controlled Unclassified Information” or “CUI” means unclassified government information marked and classified as “CUI” for purposes of requiring special handling under United States Department of Defense (“DoD”) regulations, specifically Defense Federal Acquisition Regulation Supplement (“DFARS”), which requires contractors who Process CUI to protect it pursuant to the requirements of NIST SP 800-171.

“Critical Performance Indicators” means, (i) for each Statement of Work, those performance measurements and related performance targets identified as such in the Service Level Exhibits or elsewhere in the Agreement, failure to achieve which will result in the payment of a specified Performance Credit.

“Customer” is defined in the introductory paragraph and includes Customer Affiliates.

“Customer Agents” means the agents, business partners, subcontractors, and other representatives of Customer, other than Provider, Provider Staff, and Provider Agents.

“Customer Auditors” is defined in Section 14.1 (Service Audits).

“Customer Background Intellectual Property” means any and all (A) Technology; (B) Intellectual Property Rights, including Intellectual Property Rights in and to Technology; and (C) Improvements of and to the items in subparagraphs (A) and (B), in the case of each of subparagraphs (A), (B), and (C), that Company or its Affiliates either (1) owned, controlled or had rights with respect to prior to the Effective Date or (2) Develop, or acquire ownership or control, or rights with respect to, outside of the Agreement but during the Term.

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

“Customer Competitor” means any entity that is listed in Schedule 15 (Customer Competitors) to this Agreement.

“Customer Consents” means all licenses, consents, permits, approvals, and authorizations that are necessary to allow Provider and Provider Agents to access and (A) use Customer Resources and (B) use the services provided for the benefit of Customer under Customer’s third-party services contracts.

“Customer Data” means all data and information, including all Personally Identifiable Information and other regulated data, including Controlled Unclassified Information: (A) provided to Provider by or on behalf of any member of Customer Group, and/or other third parties or accessed, collected, derived, or otherwise obtained by Provider for Processing in connection with the Services, or, if applicable, accessible through access to any of Customer’s facilities, Customer Systems, or computer assets; (B) generated by Provider or the Services in connection with this Agreement or the performance of the Services; or (c) described in the applicable SOW.

“Customer Equipment” means any Equipment leased or owned by Customer or Affiliates of Customer, in each case that is used by or on behalf of Customer or any other member of Customer Group in connection with their businesses.

“Customer Group” means Customer, as defined in the introductory paragraph, together with its Affiliates.

“Customer Law” means Laws applicable to Customer’s business or otherwise regulate Customer and its receipt of the Services under this Agreement.

“Customer Operational Responsibilities” is defined in Section 11.2 (Customer Operational Responsibilities).

“Customer-Owned Software” means the software, software tools, and related Documentation that are owned by Customer or Affiliates of Customer and used in connection with the Services.

“Customer Personnel” means Customer Group’s employees, contractors, agents, and Authorized Representatives.

“Customer Policies” means all of Customer’s policies and standards applicable to Provider’s performance of the Services or its obligations under the Agreement and disclosed in writing by Customer to Provider, including those relating to (A) conduct on Customer’s premises, including logical and physical security, safety, and disposal of hazardous materials; (B) privacy, data security, data access, and data protection; and (C) supplier conduct and compliance with applicable Laws, including Schedule 16 (Customer Code of Conduct), in each case, as such policies and standards are issued by Customer from time to time, including all updates and amendments thereto.

“Customer Property” means any and all information, Customer Data, Confidential Information of Customer, Customer Policies, Customer Background Intellectual Property, Customer Software, Customer Systems, Work Product, and other materials provided or made available by or on behalf of any member of Customer Group, or its or their agents in connection with the Services, and all Improvements thereto.

“Customer Relationship Manager” is defined in Section 15.2 (Appointments).

“Customer Remediation Plan” is defined in Section 17.14 (Internal Controls).

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

“Customer Resource(s)” means any facilities, Equipment, furnishings, and/or fixtures supplied by any member of Customer Group for Provider use.

“Customer Software” means the Customer-Owned Software and the Customer Third-Party Software.

“Customer Systems” means the Customer Software, Customer Equipment and infrastructure, including networks, websites and databases.

“Customer Third-Party Software” means the software and software tools that are licensed, leased, or otherwise obtained by Customer or any other member of Customer Group from a third party and required to be used by Provider in connection with the provision of the Services as detailed in the applicable SOW.

“Cyber Attack(s)” is defined in Section 18.2(R) (Representations and Warranties by Provider).

“Data Subject” means individuals to whom Personally Identifiable Information relate.

“Default Cure Period” means [***] days after receipt by a Party of a notice of default from the other Party.

“De-Identified Data Set” is defined in Section 17.9 (Rights in Customer Data).

“Deliverable” means any and all material(s) or other output, in tangible or intangible form, to be delivered by Provider to Customer as specified in the applicable SOW, or otherwise arising out of the provision of the Services, including materials embodying a solution, process, report or other document, or the delivery of Equipment or other tangible items, or the completion of a defined portion of the Services.

“Deliverable Credit(s)” means credits for Provider’s failure to provide, by the time or in the manner agreed, the Deliverables specified under the Agreement or any other Deliverables for which the Parties agree to Deliverable Credits.

“Develop (and its derivatives)” means to create, develop, conceive, fix in a tangible medium of expression, or first reduce to practice, whether alone or with others.

“Disengagement Plan” is defined in Section 20.1 (Termination Assistance Services).

“Divested Entity” is defined in Section 3.5 (Changes to Customer Group).

“Documentation” means any and all user manuals, operating manuals, technical manuals, and other instructions, documents, designs and materials, in any form or media, that describe the specifications, functionality, installation, testing, operation, use, maintenance, support, and technical and other components, features, and requirements of any software.

“DTSA” is defined in Section 17.8 (U.S. Defend Trade Secrets Act).

“EAR” is defined in Section 24.4 (Export Control).

“Effective Date” is defined in Section 2.1 (Initial Term).

“End Date” is defined in Section 20.2 (Exit Rights).

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

“Equipment” any and all (A) computer equipment, including desktops, laptops, VOIP handsets and associated attachments, features, accessories, printers, peripheral devices, and other information technology, mechanical or electronic equipment, such as servers; (B) networks and telecommunications equipment, including private branch exchanges, multiplexors, modems, hubs, bridges, routers, switches, firewall, managed network devices (e.g., VPN hosts, load balancers, controllers, accelerators) and other telecommunications equipment required for the performance or receipt of the Services; (C) storage devices; (D) video conferencing and AV equipment; and (E) all related firmware and embedded software.

“Excused Performance Failure” is defined in Section 3.20 (Excuse from Performance).

“Extraordinary Event” is defined in Section 12.5 (Extraordinary Events).

“Extraordinary Event Notice” is defined in Section 12.5 (Extraordinary Events).

“FCPA” is defined in Section 24.3 (Ethical Practices).

“Fee Exhibit” is defined in Section 12.1 (General).

“Fees” means all amounts payable by Customer to Provider pursuant to the Agreement.

“Force Majeure Event” is defined in Section 10.2 (Force Majeure).

“Former Providers” is defined in Section 3.14 (Cooperation with Third Parties).

“Governmental Approvals” means all licenses, consents, permits, approvals, and authorizations from any Governmental Authority or any notice to any Governmental Authority that are required by Law, including any regulatory schemes to which Customer or Provider is required to submit or voluntarily submits from time to time for the consummation of the transactions contemplated by or Services provided under the Agreement.

“Governmental Authority” means any federal, state, municipal, local, territorial, or other governmental department, regulatory authority, judicial, or administrative body, whether domestic, foreign, or international.

“Gross Negligence” means an act or omission (A) which when viewed objectively from the standpoint of the actor at the time of its occurrence involves an materially unreasonable degree of risk, considering the probability and magnitude of the potential harm to others, and (B) of which the actor has subjective awareness of the risk involved, but nevertheless proceeds with conscious indifference to the rights, safety, or welfare of others, in breach of a duty.

“Human Resource Exhibits” is defined in Section 9.4 (Background Check and Work Eligibility).

“IBM Client Partner Executive” is defined in Section 15.2 (Appointments).

“IBM Competitor” means any entity that is listed in Schedule 13 (IBM Competitors) to this Agreement.

“Improvement” means any and all customizations, enhancements, additions, modifications, extensions, updates, new versions, translations, improvements, and derivative works.

“Indemnified Party” is defined in Section 21.4 (Indemnification Procedures).

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

“Indemnifying Party” is defined in Section 21.4 (Indemnification Procedures).

“Initial Term” is defined in Section 2.1 (Initial Term).

“Intellectual Property Rights” means any and all (A) patents, reissues of and, re-examined patents, and patent applications (wherever filed and wherever issued, including continuations, continuations-in-part, substitutes, and divisions of such applications and all priority rights resulting from such applications) now existing and hereafter filed, issued or acquired; (B) rights to inventions, Improvements, Developments, and ideas (in each case, whether patentable or unpatentable); (C) rights associated with works of authorship, including copyrights, Moral Rights, copyright applications, copyright registrations, synchronization rights, mask work rights, mask work applications, and mask work registrations; (D) trademarks, service marks, trade names, domain names, logos, trade dress, and the applications for registration and the registrations of the foregoing and rights in goodwill; (E) rights in undisclosed or confidential information (such as know-how, trade secrets and inventions (whether patentable or not)), and other similar or equivalent rights or forms of protection (whether registered or unregistered); and (F) other proprietary rights arising under statutory or common law, contract, or otherwise, and whether or not perfected and all applications (or rights to apply) for, and for renewals and extensions of, such rights as may now or in the future exist anywhere in the world, in all forms, formats, and media, in all languages, and in all versions and elements, and for the entire duration of such rights.

“Internal Controls” means operational risk management, quality assurance, testing, and internal controls, including financial and accounting controls, organizational controls, input/output controls, system modification controls, processing controls, system design controls, and access controls.

“ITAR” is defined in Section 24.4 (Export Control).

“Item” is defined in Section 24.4 (Export Control).

“Key Personnel” means, for all Statements of Work, the IBM Client Partner Executive, and for each Statement of Work, the other positions identified as Key Personnel positions in that Statement of Work.

“Law” means any declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule, or other binding restriction of or by any Governmental Authority.

“Local Services Agreement” is defined in Section 3.1 (Statements of Work).

“Losses” means any and all damages, fines, penalties, deficiencies, losses, liabilities (including settlements and judgments), and expenses (including interest, court costs, reasonable fees and expenses of attorneys, accountants, and other experts and professionals, or other reasonable fees and expenses of litigation or other proceedings of any claim, default, or assessment).

“Managed Contract(s)” is defined in Section 3.15 (Managed Contracts).

“Modern Slavery Practice” means any practice that amounts to (A) slavery or servitude (each as construed in accordance with Article 4 of the Convention for the Protection of Human Rights and Fundamental Freedoms of 4 November 1950, as amended); (B) forced or compulsory labor (as “labour” is defined by the International Labour Organisation’s Forced Labour Convention 1930 (No. 29) and Protocol); (C) human trafficking; or (D) the arrangement or facilitation of the travel of another person with a view to that person being exploited.

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

“Moral Rights” is defined in Section 16.2 (Moral Rights).

“MSA” means the body of this Master Services Agreement.

“New Entity” means an Acquired Entity or a Divested Entity.

“New Services” is defined in paragraph (B) of Section 3.1 (Statements of Work).

“Non-Provider Failure” is defined in Section 3.20 (Excuse from Performance).

“OECD Convention” is defined in Section 24.3 (Ethical Practices).

“Open Source Software” means any and all software components that are subject to any open-source copyright license agreement, including any GNU General Public License or GNU Library or Lesser Public License, or other obligation, restriction or license agreement that substantially conforms to the Open Source Definition as prescribed by the Open Source Initiative or otherwise may require disclosure or licensing to any other person of any source code with which such software component is used or compiled.

“Operational Change(s)” means a change or modification that is within the scope of the Services described in the applicable Statement of Work and only modifies how Provider intends to perform the Services but not the scope of what Provider is required to perform under the Agreement.

“Partial Termination” is defined in Section 19.1 (Termination for Convenience).

“Parties” means Customer and Provider.

“Party” means either Customer or Provider.

“Performance Category” means, for each Statement of Work, a grouping of various Critical Performance Indicators designated as such in the Service Level Exhibits to the Statement of Work.

“Performance Category Allocation” means, for each Statement of Work, the portion of the Pool Percentage allocated to a particular Performance Category as set forth in the Service Levels Exhibits of the Statement of Work.

“Performance Credits” means, for each Statement of Work, the credits set forth in the Service Level Exhibits of the Statement of Work, payable for Provider’s failure to meet or exceed the Critical Performance Indicators for that Statement of Work.

“Performance Indicator” means, for each Statement of Work, those Provider performance measurements and related performance targets identified as such in the Service Level Exhibits of the Statement of Work.

“Person” means an individual, corporation, partnership, joint venture, limited liability entity, governmental authority, unincorporated organization, trust, association, or other entity.

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

“Personally Identifiable Information” means any and all information or data relating to or about an identified or identifiable individual, in any form, format, or media, whatsoever, that can identify, or be used in combination with any other data to identify, that individual, including, (A) information or data that may be used to locate or authenticate such individual or to access an account of such individual (e.g., names, addresses, telephone numbers, email addresses, government-issued identification number (or foreign equivalents) including Social Security number, driver’s license number, or state-issued identification number, dates of birth, passwords, or PINs, recordings of individuals, unique identification numbers or answers to security questions, tracking, behavioral or biometric data, and geo-location data) and (B) personal information that is subject to applicable Laws.

“Pool Percentage” means, for each Statement of Work, the percentage multiplier set forth in the Service Level Exhibits of the Statement of Work, which is distributed across various Performance Categories as Performance Category Allocations.

“Process” and its derivatives means to perform any operation or set of operations on, including to (A) obtain, have access to, collect, receive, input, upload, download, record, reproduce, merge, modify, organize, combine, log, catalog, cross-reference, manage, maintain, store, copy, alter, adapt, translate, or make other Improvements of; (B) use, process, retrieve, output, consult, transmit, share, disseminate, submit, post, transfer, distribute, or otherwise provide and make available; or (C) block, erase, disclose or destroy, or any other form of processing, including as “process” or “processing” may be defined under applicable Laws.

“Process Interface Manual” means the process and procedures manual used by Provider and approved by Customer for delivery of Services to Customer Group.

“Project” means a set of interrelated tasks and deliverables to be completed and delivered within a defined timeframe (as opposed to an ongoing service), as defined in Project Documents approved by the Parties in accordance with Section 3.4 (Projects).

“Project Documents” means, for each Project, the documents approved by the Parties for that Project in accordance with Schedule 5 (Governance), which documents govern Provider’s performance of the Project.

“Project Milestone” means a milestone specified in the Project Documents for a Project, including the timeframe for completion of a task and the specification of what is required to be completed within that timeframe.

“Protected System(s)” is defined in Section 18.2(R) (Representations and Warranties by Provider).

“Provider” is defined in the introductory paragraph.

“Provider Agent(s)” means the agents, subcontractors, and representatives of Provider and includes Affiliates of Provider to which Provider subcontracts any of the Services under the Agreement.

“Provider Background Intellectual Property” means any and all (A) Technology; (B) Intellectual Property Rights, including Intellectual Property Rights in and to Technology; and (C) Improvements of and to the items in subparagraphs (A) and (B), in the case of each of subparagraphs (A), (B), and (C), that Provider either (1) owned, controlled or had rights with respect to prior to the Effective Date or (2) Develops, or acquires ownership or control, or rights with respect to, outside of the Agreement but during the Term.

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

“Provider Consents” means all licenses, consents, permits, approvals, and authorizations that are necessary to allow (A) Provider and Provider Agents to use the Provider Software and any assets owned or leased by Provider, (B) Provider and Provider Agents to (1) use any third-party services retained by Provider to provide the Services during the Term, (2) grant the licenses contemplated by Article 16 (Intellectual Property Rights), (3) assign to Customer the Work Product and Deliverables, or (4) to comply with Law applicable to provision of Services, and (C) Customer and Customer Agents to Use the Provider Third-Party Software after the expiration or termination of the Agreement, a Statement of Work or the Services, in each case, in whole or in part.

“Provider DR Plan” is defined in Section 10.1 (Disaster Recovery Plan).

“Provider Equipment” means any Equipment leased or owned by Provider and Provider Agents that is used by Provider and Provider Agents to provide the Services.

“Provider Laws” is defined in Section 24.1 (Compliance).

“Provider-Owned Software” means the software, software tools, and related Documentation that are owned by Provider or Affiliates of Provider (excluding Work Product and Deliverables) and used in connection with the Services or with any Provider Third-Party Software or Customer Software.

“Provider Property” means any and all Provider Background Intellectual Property, Confidential Information of Provider, Provider Systems, and other materials provided or made available by or on behalf of Provider to Customer Group or its agents in connection with the Services, and all Improvements thereto.

“Provider Remediation Plan” is defined in Section 17.14 (Internal Controls).

“Provider Software” means the Provider-Owned Software and the Provider Third-Party Software.

“Provider Staff” means any full-time or part-time personnel of Provider or Provider Agents who provide the Services, the actions of all of whom are the responsibility of Provider.

“Provider Systems” means the Provider Software, Provider Equipment, and infrastructure, including networks, websites, and databases owned, controlled, or operated by Provider or Provider Agents and used by Provider Staff in the provision of the Services.

“Provider Third-Party Software” means the software, software tools, and related Documentation licensed, leased, or otherwise obtained by Provider from a third party (other than Affiliates of Provider) that is used in connection with the provision of the Services.

“Public Official” means any (A) officer or employee of a Governmental Authority; (B) person acting in an official capacity for or on behalf of a Governmental Authority; (C) officer or employee of a state-owned or controlled company; (D) political party; (E) official of a political party; (F) candidate for political office; (G) employee of a public international organization, such as the United Nations; or (H) an immediate family member of any of the forgoing.

“Regulatory Fine” means any and all fines, regulatory assessments, penalties, withholdings, interest, and other monetary remedies similar amounts imposed by any Governmental Authority.

“Remediation Plan(s)” is defined in Section 17.14 (Internal Controls).

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

“Representative Sample” means a minimum of six (6) Comparators, and if six (6) Comparators cannot be identified, then the Parties will work together to determine a statistically relevant sample of Comparators.

“Restricted Parties Lists” is defined in Section 9.5 (Restricted Parties Compliance).

“Restructuring” is defined in Section 3.5 (Changes to Customer Group).

“Retained Processes” is defined in Section 3.10 (Customer Systems).

“Reviewable Items” is defined in Section 3.21 (Acceptance Testing).

“Security Assessment(s)” is defined in Section 17.14(C) (Internal Controls).

“Security Incident” means any Event or series or set of Events, whether actual, attempted, or reasonably suspected, that (A) indicates an attack upon, unauthorized disclosure of, access to or Processing of, or attempt to compromise the confidentiality, integrity, availability and/or security of any or all of Systems, Confidential Information, and Customer Data; (B) compromises or reasonably expected to compromise the confidentiality, integrity, availability or security of Customer Data; or (C) leads to the accidental, unlawful or unauthorized destruction, loss, alteration, disclosure or Processing of, or access to Customer Data. For purposes of this definition, an “Event” is any observable indication that the security of a System, Service, or network may have been compromised, whether accidental or deliberate, including that an information security policy may have been violated or a safeguard may have failed.

“Service(s)” means any and all services, functions, and responsibilities, as they may evolve during the Term, to be performed by Provider under the Agreement, including the Schedules and their Exhibits to this MSA, and the Statements of Work, including the Exhibits and other attachments to such Statements of Work, as well as all Transition Services, Transformation Services, Projects, and Termination Assistance Services, and includes all services, functions and responsibilities deemed to be included in each of the above pursuant to Section 3.1(E) (Statements of Work).

“Service Level Exhibits” is defined in Section 7.1 (General).

“Service Level Termination Event” is defined for each Statement of Work in the applicable Service Level Exhibits.

“Service Levels” means, for each Statement of Work, the Performance Indicators and Critical Performance Indicators that Provider must attain in providing the Services, as set forth in the Service Level Exhibits of the Statement of Work.

“Service Location” means the locations owned or controlled by Provider from which the Services are provided, as identified in each applicable Statement of Work; provided that those Affected Employees that are working remotely as of the Effective Date may continue to do so subject to compliance with Customer Policies.

“Shared Service Delivery Environment” means collectively, such Provider Systems, facilities, and other infrastructure components that are used by Provider Staff on shared basis to provide Services to Customer and Customer Group as well as to provide services to other Provider clients or for the benefit of Provider, its Affiliates, or third parties. By way of example, such services may include cloud computing or storage, infrastructure-as-a-service (IaaS), call center services, or other managed services provided using a Shared Service Delivery Environment.

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

“SIP” is defined in Section 10.6 (Service Improvement Plan and Step-In).

“SOC 1 Audit” is defined in Section 14.4(A) (Provider’s Controls Audits).

“SOW Effective Date” means the effective date separately in and for each Statement of Work.

“SOW Term” means that period from the SOW Effective Date to the End Date (as defined in a SOW) including any SOW Term Extension.

“SOW Term Extension” is defined in Section 2.2 (SOW Term Extensions).

“Specifications” means any and all business requirements (e.g., details about “what” the system does), functional requirements (e.g., how to achieve the business requirements from a functional perspective, such as technical details, processing, or specific functionality), and technical requirements (e.g., how to achieve the business requirements from a technical perspective), related to the Project, Services, including Deliverables, phases, and milestones set forth in the Agreement or an applicable SOW.

“Statement of Work” or “SOW” is defined in paragraph (A) of Section 3.1 (Statements of Work).

“Steady State Services Date” means the date set forth in each SOW upon which Transition has been accepted by Customer for each Service within each SOW, and Services will commence.

“Step-In Event(s)” is defined separately in and for each Statement of Work.

“Step-In Period” is defined in Section 10.6 (Service Improvement Plan and Step-In).

“Systems” means Customer Systems and Provider Systems, collectively.

“Technology” means any and all software (in object or source code), technology, tools, content, data, information, know-how, trade secrets, ideas, concepts, methodologies, instructions, specifications, Documentation, files, scripts, APIs, graphics, images, designs, processes, inventions (whether or not the subject of a patent right), invention disclosures, discoveries, formulae, hardware, schematics, diagrams, prototypes, models, samples, products, commercial embodiments, works of authorship, or other intellectual property, whether in tangible or intangible form, in all forms, formats, and media, in all languages, and in all versions and elements.

“Term” means the Initial Term and any renewal period under Section 2.2 (Term Extensions), including the Termination Assistance Period.

“Termination Charge Amounts” means the wind-down expenses, Termination Fees and other amounts that may be payable (e.g., unamortized investments), as applicable, upon a termination of this Agreement or a Statement of Work, which such expenses, Termination Fees and amounts will be dependent upon the event of termination, as set out in the Fees Exhibit to the applicable Statement of Work.

“Termination Assistance Period” means a period of time designated by Customer, commencing on the date a determination is made by Customer that there will be an expiration or termination of, or an insourcing or resourcing in respect of, the Agreement and continuing for up to eighteen (18) months after such expiration, termination, insourcing, or resourcing, during which Provider will provide the Termination Assistance Services in accordance with Section 20.1

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

(Termination Assistance Services) or Section 20.3 (Termination Assistance Upon Insourcing or Resourcing), as applicable.

“Termination Assistance Services” means, in accordance with Schedule 4 (Termination Assistance), (A) the continuation of the Services, to the extent Customer requests such continuation during the Termination Assistance Period, (B) Provider’s cooperation with Customer or another supplier designated by Customer in the transfer of the Services to Customer or such other supplier in order to facilitate the transfer of the Services to Customer or such other supplier, and (C) any other services requested by Customer in order to facilitate the transfer of the Services to Customer or another supplier designated by Customer.

“Termination Fees” means the breakage fees payable in certain circumstances by Customer for Customer’s early termination of this Agreement or a Statement of Work, to the extent set out in and calculated pursuant to the Fees Exhibit to a Statement of Work.

“Trade Controls” is defined in Section 24.4 (Export Control).

“Transformation” is defined in Section 5.1 (Transformation Plan).

“Transformation Plan” is defined in Section 5.1 (Transformation Plan).

“Transformation Services” is defined in Section 5.1 (Transformation Plan).

“Transition” is defined in Section 4.1 (Transition Plan).

“Transition Plan” is defined in Section 4.1 (Transition Plan).

“Transition Services” is defined in Section 4.1 (Transition Plan).

“UCITA” is defined in Section 26.4 (Governing Law).

“Usage of Provider Property” means any and all Development of Work Product and/or Assigned Rights that incorporate any Provider Property or otherwise require rights to any Provider Property.

“Use” means the right to load, execute, store, transmit, display, copy, maintain, modify, enhance, create derivative works, make, and have made.

“Virus” means computer instructions that, through malicious design, (A) adversely affect the operation, security, or integrity of a computing, telecommunications, or other digital operating or Processing system or environment, including other programs, data, computer libraries, and Equipment, by altering, destroying, disrupting, or inhibiting such operation, security, or integrity; (B) without functional purpose, self-replicate without manual intervention; or (C) falsely purport to perform a useful function but which actually perform either a destructive or harmful function, or perform no useful function and utilize substantial computer, telecommunications, or memory resources.

“Willful Misconduct” means a willful (A) breach of a duty of care or (B) wrongdoing in disregard of a known or obvious risk, with intent to cause the harm, injury, or loss. The mere lack of due care is not Willful Misconduct.

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

“Work Product” means any and all: (A) Deliverables; (B) Technology, specifications, feedback, reports, Improvements to Customer Property, or other work product of any nature whatsoever (in each case, Developed or delivered by Provider, its Provider Agents or Provider Staff in connection with the Services and/or during the Term, with or without assistance from Customer); (C) Intellectual Property Rights in and to the foregoing in subparagraphs (A) and (B); and (D) Improvements of and to the items in subparagraphs (A), (B), and (C).

MA-IB-00136-2018

Schedule 1

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 2

FORM OF STATEMENT OF WORK

This is Schedule 2 (Form of Statement of Work) (this “Schedule”) to the MSA by and between Juniper Networks, Inc., and International Business Machines Corporation. Unless otherwise expressly defined in this Schedule, the capitalized terms used in this Schedule have the meaning assigned to them in the MSA.

This Statement of Work #[__] (“Statement of Work” or “SOW”) is made as of [______], 20[__] (the “SOW Effective Date”), by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”) pursuant to the terms and conditions of the Master Services Agreement dated [______], 20[__] (the “MSA”) as amended from time to time, under which it is being issued. Capitalized terms used but not defined in this SOW have the same meanings as provided in the MSA. If a capitalized term is not defined or does not have a meaning ascribed to it in the context in which it is used, the capitalized term shall have the industry standard meaning. Customer and Provider agree to execute this SOW pursuant to the specifications and other terms set forth below. Customer and Provider are sometimes referred to herein each individually as a “Party” and collectively as the “Parties”.

WHEREAS, the Parties have contemporaneously herewith entered into the MSA;

WHEREAS, Provider is engaged in the business of outsourcing, professional and other related services to customers, submitted a proposal to and has represented itself as having extensive experience providing such outsourcing consulting and other professional services and as being experienced at helping Provider’s customers benchmark their processes and requirements against Provider’s other customers;

WHEREAS, Provider has evaluated the needs of Customer through review of documents and meetings with Customer prior to the SOW Effective Date, and has the resources and expertise to provide the Services further described in this SOW as required by Customer in the manner and on the schedule set forth in this SOW;

WHEREAS, based on Provider’s proposal and the extensive discussions between the Parties leading up to the execution of this Statement of Work, and Provider’s expertise and skills communicated to Customer by Provider, Customer wishes to engage, and will rely on, Provider to provide the Services described in this Statement of Work and Provider desires to perform such Services, all pursuant to the terms and conditions in the MSA and this SOW; and

NOW, THEREFORE, the Parties agree as follows:

This SOW adds the following Services to the MSA, as detailed in Exhibit A (Service Description):



Service Tower Title	Service Tower Description
[●]	[●]
[●]	[●]

MA-IB-00136-2018

Schedule 2

Confidential treatment requested by Juniper Networks, Inc.

This SOW comprises the terms and conditions in the following Exhibits:


•	Exhibit A (Service Description)


•	Exhibit B (Fees)


•	Exhibit C (Service Levels and Performance Credits)


•	Exhibit D (Critical Deliverables and Deliverable Credits)


•	Exhibit E (Transition)


•	Exhibit F (Reports)


•	Exhibit G (Human Resources)


•	Exhibit H (Provider Key Personnel)


•	Exhibit I (Service Locations)


•	Exhibit J (Customer Operational Responsibilities and Customer Resources)


•	Exhibit K (Satisfaction Surveys)


•	Exhibit L (Asset Responsibility and Ownership Matrix)


•	Exhibit M (SOW Specific Customer Policies)


•	Exhibit N (Incremental Terms and Conditions)


•	Exhibit O (Transformation)


•	Exhibit P (Projects)

[Signatures Appear on Following Page]

[Remainder of Page Intentionally Left Blank]

MA-IB-00136-2018

Schedule 2

Confidential treatment requested by Juniper Networks, Inc.

IN WITNESS WHEREOF, each of the Parties has caused this Statement of Work to be signed and delivered by its duly authorized representatives and, in the case of Customer, the Authorized Representative of Customer, making this SOW effective as of the SOW Effective Date set forth above.

Juniper Networks, Inc.

By:

Name:

Title:

Date:

International Business Machines Corp.

By:

Name:

Title:

Date:

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

STATEMENT OF WORK #[ ]

TERMS AND CONDITIONS


1.	DEFINITIONS.

Capitalized terms herein have the meanings set forth in the MSA and in this Section 1, unless otherwise defined in the context of the provision. If a defined term in this SOW is inconsistent with a defined term in the MSA, the defined term in this SOW will take precedence solely as such inconsistency relates to the specific Services described herein.

[LIST DEFINITIONS]


2.	SERVICES.

2.1

Service Description. Provider will, subject to the terms and conditions of the MSA and this SOW, provide to Customer the Services described in Exhibit A (Service Description). The Services may be supplemented, enhanced, modified or replaced, in each case, in accordance with the terms of the MSA. The Parties will comply with their respective obligations set forth in Exhibit A (Service Description) and elsewhere in this SOW. In addition to Provider’s tasks and responsibilities expressly set forth in this SOW and in Exhibit A (Service Description), the Services include other Provider responsibilities, roles and tasks as provided for in paragraph (D) of Section 3.1 (Statements of Work) and elsewhere in the MSA.


2.2	Responsibility for Services. Customer will meet its obligations and provide the resources with respect to the Services as are specifically identified as Customer’s responsibility in Exhibit A (Service Description) and Provider shall perform all other services, tasks and functions necessary to accomplish the Services subject to Customer’s reasonable satisfaction.


3.	FEES AND INVOICING.

3.1

Fees. In consideration of the Services provided to Customer under this SOW, Customer will pay to Provider the undisputed Fees set forth in Exhibit B (Fees). Exhibit B (Fees) describes in detail the methodologies for calculating the Fees (providing formula examples, where applicable), the measures of resource utilization, and the means of tracking such usage for purposes of calculating variable charges hereunder.


3.2	Transition Fees. Customer will pay Provider the undisputed Fees for Transition as set forth in Exhibit B (Fees) which may require that Provider successfully achieves the relevant milestone, meets the applicable acceptance criteria set forth in Exhibit E (Transition) and that milestone is approved by Customer in accordance with Exhibit E (Transition).

3.3

Invoicing. Unless otherwise set forth in Exhibit B (Fees), Provider shall invoice Customer for all Fees on a calendar month basis. Any and all Fees for a partial month will be prorated. All invoices must include: (A) all detail reasonably requested by Customer in a form sufficient to satisfy Customer’s internal accounting and chargeback requirements (such as allocating charges between capital and expense, among locations and departments, etc.); (B) the Fees and, subject to Section 12.2 (Expenses) of the MSA, any reimbursable expenses under Project Documents, where applicable; (C) the calculations utilized to establish the charges in such

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

reasonably sufficient detail to enable Customer to confirm the accuracy of the charges included in the invoice, and (D) any credits, rebates, and/or adjustments due, such as Performance Credits and Deliverable Credits. Each invoice must comply with (1) the form of invoice approved by Customer, and (2) local accounting and tax requirements. If there are any errors in invoicing during the previous month(s), Provider will (a) during the next billing cycle, provide Customer with a revised invoice report for such month(s) showing the correction in Fees, (b) upon request of Customer, provide an explanation of the underlying reasons, and (c) enclose, with the revised invoice report, any credit or debit due to Customer for the overcharges or undercharges.


4.	SERVICE LEVELS AND PERFORMANCE CREDITS.

4.1

Service Levels and Reporting. Beginning on the date on which Provider assumes responsibility for the Services in accordance with the Transition Plan set forth in Exhibit E (Transition), and continuing throughout the Term, Provider shall perform the Services so as to meet or exceed the Service Levels in Exhibit C (Service Levels and Performance Credits). Provider will monitor the Service Levels and provide the Service Level reports as specified in Exhibit C (Service Levels and Performance Credits) and Exhibit F (Reports).


4.2	Performance Credits. If Provider does not meet the Critical Performance Indicators, Provider will pay Customer the Performance Credits specified in Exhibit C (Service Levels and Performance Credits) in accordance with the MSA.


4.3	Service Level Termination Events. For purposes of this SOW, Service Level Termination Events are as follows: [TBD].


5.	CRITICAL DELIVERABLES AND DELIVERABLE CREDITS.

Provider will provide the Critical Deliverables specified in Exhibit D (Critical Deliverables and Deliverable Credits) in accordance with the timelines set forth in Exhibit D (Critical Deliverables and Deliverable Credits). If Provider fails to provider the Critical Deliverables in the timeframe specified, then Provider will immediately and automatically issue the Deliverable Credits to Customer in accordance with the MSA.


6.	TRANSITION.

Provider will provide the Transition Services in accordance with the Transition Plan attached hereto as Exhibit E (Transition), including the time periods specified therein, as updated by the Parties as soon as reasonably practical after the SOW Effective Date but in any event, not later than [ ] days thereafter.


7.	REPORTS.


7.1	Monthly Reports. In addition to the Service Level reports, Provider will provide to Customer the other monthly reports set forth in Exhibit F (Reports), or such other frequency as may be specified in that Exhibit.

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.


7.2	No Additional Fees for Reports. Reports identified in Exhibit F (Reports) constitute the agreed upon reports as of the SOW Effective Date, including but not limited to any other reports as the Parties may mutually agree during the Project.

7.3

Form of Reports. Where requested by Customer, Provider will provide Customer with all reports specified in the MSA and Exhibit F (Reports) electronically and in two forms: (A) raw data captured or generated from various systems, data feeds and other data sources from which Provider generates the reports (e.g., server logs) and by Provider personnel in the course of performing the Services (e.g., manually generated record information) (collectively, the “Raw Data”); and (B) Raw Data that Provider has altered, manipulated or refined to generate reports, provide certain data views or otherwise meet its obligations under this SOW (“Refined Data”). In addition, where the tool used to generate the report allows real time (or near real time) access to the Raw Data used to generate the reports, Provider agrees to provide that real-time (or near real-time) access to Customer at no charge, or otherwise provide the relevant Raw Data used to generate the reports under this Exhibit F (Reports) and the MSA as soon as reasonably practicable following the request from Customer.


8.	HUMAN RESOURCE TRANSITION.

The transfer of the Affected Employees to Provider will take place in accordance with the terms and conditions set forth in Article 6 (Human Resources) of the MSA and in Exhibit G (Human Resources) herein.


9.	SATISFACTION SURVEYS.

Provider shall conduct a satisfaction survey in accordance with the user satisfaction survey requirements set forth in Exhibit K (Satisfaction Surveys). Provider will conduct the satisfaction survey in a manner and cadence requested by Customer and consistent with the policies and processes provided by Customer.


10.	SERVICE LOCATIONS.

Subject to Section 8.1 of the MSA, Provider will only provide the Services from the Service Locations set forth in Exhibit I (Service Locations). Any changes to such Service Locations requires Customer’s prior written approval and will be processed following the Change Control Procedures.


11.	CUSTOMER OPERATIONAL RESPONSIBILITIES AND CUSTOMER RESOURCES.

Customer will meet its operational responsibilities, and make available to Provider the Customer Resources, expressly set forth in Exhibit J (Customer Operational Responsibilities and Customer Resources).


12.	ADDITIONAL AUDIT REQUIREMENTS.

In addition to the audits set forth in Article 14 (Audits) in the MSA, the Parties will perform the following audits:

[LIST ADDITIONAL AUDIT REQUIREMENTS]

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.


13.	PROVIDER KEY PERSONNEL.

The Provider will provide its Key Personnel for this SOW are set forth in Exhibit H (Provider Key Personnel) in accordance with Section 9.1 (Key Personnel) of the MSA.


14.	STEP-IN EVENTS.

The Step-In Events for this SOW are as set forth below: [TBD by the Parties]


15.	SOW TERM.

The term of this SOW shall commence on the SOW Effective Date and, unless this SOW is earlier terminated in accordance with its terms or the MSA, or extended via the Change Control Procedures, shall expire on [●] (deemed to be the “End Date” of this SOW in accordance with the MSA).


16.	ASSET RESPONSIBILITY AND OWNERSHIP MATRIX.

Provider and Customer will have legal and financial responsibility for the third-party contracts related to the assets for which it is responsible, as specified in the Asset Responsibility and Ownership Matrix attached as Exhibit L (Asset Responsibility and Ownership Matrix).


17.	SOW SPECIFIC CUSTOMER POLICIES.

Provider will comply with the policies, standards and requirements set forth in Exhibit M (SOW Specific Customer Policies) in performing its obligations under this SOW.


18.	INCREMENTAL TERMS AND CONDITIONS.

The terms and conditions set forth in Exhibit N (Incremental Terms and Conditions) are deviations from, or additions to, the terms and conditions of the MSA. The terms and conditions in Exhibit N (Incremental Terms and Conditions) apply to the Services described in this SOW, and each Party’s performance of its obligations under this SOW.


19.	TRANSFORMATION.

Provider will provide the Transformation Services in accordance with the Transformation Plan attached hereto as Exhibit O (Transformation).


20.	PROJECTS.

Provider will provide the Project management and related Services and Deliverables and Customer will meet its responsibilities in accordance with Exhibit P (Projects) attached hereto.

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

* * * * *

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit A

SERVICES DESCRIPTION

This Exhibit A (Services Description) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit B

FEES

This Exhibit B (Fees) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

This Exhibit B (Fees) describes the methodology for calculating all of the Fees payable by Customer to Provider with respect to the Services that Provider shall deliver to the Customer as set forth in the Excel spreadsheet entitled [__________] and dated [______], 20[__] (the “Fees Spreadsheet”). The pricing provided herein/therein includes: [Interim Services, Transition Services and [●] of steady state Services pricing for the Services. In addition, the Fees Spreadsheet and this Exhibit B (Fees) describes the methodology for measuring and tracking the resources provided by Provider and consumed by the Customer Group for the purposes of calculating any variable charges. The Fees described in this Exhibit B (Fees) shall fully compensate Provider for providing the Services. Customer shall not be required to pay Provider any amounts for the Services in addition to the Fees described in this Exhibit. Rates and pricing are provided in U.S. dollars only.

1. The following Appendices are attached and incorporated by reference to this Exhibit B (Fee):

[PLEASE LIST COMPLETE DESCRIPTION OF ALL CATEGORIES OF FEES RELATED TO THE SERVICES TO BE PROVIDED (e.g., Summary of Charges, Rate Card, Transition Charges, Benchmarking, etc.)]

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit C

SERVICE LEVELS AND PERFORMANCE CREDITS

This Exhibit C (Service Levels and Performance Credits) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Appendix 1

SERVICE LEVEL MATRIX

Exhibit C

SERVICE LEVELS AND PERFORMANCE CREDITS

This Appendix 1 (Service Level Matrix) to Exhibit C (Service Levels and Performance Credits) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

The table below outlines Provider’s performance of the Services and the Critical Performance Indicators for each of the Service Levels set forth below.

Table 1

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit D

CRITICAL DELIVERABLES AND DELIVERABLES CREDITS

This Exhibit D (Critical Deliverables and Deliverables Credits) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit E

TRANSITION

This Exhibit E (Transition) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

1. Provider will provide the following Transition Services:


2.	During Transition, the Parties will agree upon the Project management and related Services and Deliverables for in-flight Projects to be provided pursuant to this SOW.

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Appendix 1

INTERIM TRANSITION PLAN

Exhibit E

TRANSITION

This Appendix 1 (Interim Transition Plan) to Exhibit E (Transition) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

1. Provider will provide the following interim Transition Services:

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Appendix 2

TRANSITION CRITICAL MILESTONES

Exhibit E

TRANSITION

This Appendix 2 (Transition Critical Milestones) to Exhibit E (Transition) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

The table below outlines the critical milestones of the Transition Services and Plan as described in Exhibit E (Transition).

Table 1



Transition Critical Milestone	Description/Comments	Transition Critical Milestone Completion Date

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit F

REPORTS

This Exhibit F (Reports) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

[NTD: The information provided needs to also include the Service Level reports required (discussed in this SOW, Section 4.1. above)].

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit G

HUMAN RESOURCES

This Exhibit G (Human Resources) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

[NTD: The information provided needs to also include any Customer requirements for Provider to conduct background checks and substance abuse screenings (discussed in the MSA, Section 9.4)].

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit H

*PROVIDER KEY PERSONNEL

This Exhibit H (Provider Key Personnel) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.



ROLE	RESOURCE NAME	FULL TIME / PART TIME	COMMITMENT HOURS / DURATION	COMMENTS

[NTD: The information provided needs to also include the Provider Relationship Manager as a full-time employee of Provider (discussed in the MSA, Section 15.2)].

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit I

SERVICE LOCATIONS

This Exhibit I (Service Locations) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

[NTD: Refer to MSA, Section 8.1)].

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit J

CUSTOMER OPERATIONAL RESPONSIBILITIES AND CUSTOMER RESOURCES

This Exhibit J (Customer Operational Responsibilities and Customer Resources) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

[NTD: The information provided needs to also include any Customer Property that will need to be tracked and returned at the end of the SOW term, the end of the MSA or the end of the relationship (discussed in the MSA, Section 16.5)].

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit K

SATISFACTION SURVEYS

This Exhibit K (Satisfaction Surveys) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit L

ASSET RESPONSIBILITY AND OWNERSHIP MATRIX

This Exhibit L (Asset Responsibility and Ownership Matrix) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit M

SOW SPECIFIC CUSTOMER POLICIES

This Exhibit M (SOW Specific Customer Policies) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit N

INCREMENTAL TERMS AND CONDITIONS

This Exhibit N (Incremental Terms and Conditions) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

Exhibit O

TRANSFORMATION

This Exhibit O (Transformation) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at [______] (“Provider”). Any capitalized term not defined herein shall have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

[NTD: The information provided needs to include the Transformation Plan, Transformation Performance and Transformation Timing elements (discussed in the MSA, Article 5)].

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.

EXHIBIT P

PROJECTS

This Exhibit P (Projects) to this SOW is incorporated into and made part of that certain Master Services Agreement dated [______], 20[__] (the “MSA”), as amended from time to time, by and between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corp., a New York corporation with a principal place of business at One New Orchard Road, Armonk, New York (“Provider”). Any capitalized term not defined herein will have the meaning assigned to such term in either this SOW or in Schedule 1 (Definitions) to the MSA, as applicable.

1. INTRODUCTION


1.1	This Exhibit P (this “Exhibit”) describes the overall Project management process that will be implemented in order to support delivery of all Projects (including all in-flight Projects) under this SOW.

2. PROJECT MANAGEMENT PROCESS


2.1	The Provider Project Executive will have overall responsibility and accountability to meet agreed upon quality, cost, schedule and technical objectives of the Project.

2.2

Provider will assign an individual to act as Project Manager and Customer will assign a Project Point of Contact who each has the authority to represent and bind Customer and Provider, respectively, for that Project and who will have specific operational roles as described below and further delineated in the Project Plan. A Project Manager or Project Point of Contact may be assigned to oversee more than one Project at a time. The Project Manager or Project Point of Contact is a role which may be assigned to an individual who has other job responsibilities and who will serve as the point of accountability for the specific Project at hand. Customer and Provider will each provide the other reasonable advance written notice of a Change to their respective Project Point of Contact or Project Manager and will discuss any objections the other has to such Change.


2.3	Customer and Provider will develop a Project Plan as specified in Section 6 below. The terms and conditions of the Agreement will apply to all Projects, except to the extent expressly amended by the applicable Project Plan. Timeframes within which deliverables will be submitted and accepted will be mutually agreed by the Parties as necessary in the Project Plan.

3. PROJECT MANAGERS


3.1	Provider Responsibilities. Provider will cause the Provider Project Executive to:


(A)	be the single-point-of-contact to Customer for establishing and maintaining communications through the Customer Project Point of Contact regarding the Project;


(B)	develop the detailed Project Plan in conjunction with the Customer Project Point of Contact;


(C)	measure, track and evaluate progress against the Project Plan;

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.


(D)	maintain files of the Project Plan and any associated documentation;


(E)	manage the Project for Provider including planning, directing, and monitoring all Project activities;


(F)	establish the Provider Project team and, in conjunction with the Customer Project Point of Contact, orient team members regarding the Project management process and the Project Plan, including individual responsibilities, deliverables, and timelines;


(G)	provide operational guidance to, manage and be accountable for the performance of Provider's employees and subcontractors assigned to the Project;


(H)	define and monitor the support resources required for the Project;


(I)	request all Changes via a Change Request;


(J)	resolve deviations from the Project Plan with the Customer Project Point of Contact


(K)	address the resolution of Project issues;


(L)	plan, schedule, conduct and participate in periodic Project planning, review and status meetings, as applicable, including review of the work products being produced;


(M)	coordinate and schedule the attendance of Provider's employees and subcontractors, as appropriate, at such periodic planning, review, and status meetings; and


(N)	provide periodic written status reports to Customer Project Point of Contact that provide information such as schedule status, technical progress, issue identification and related action plans.


3.2	Customer Responsibilities. Customer will cause the Customer Project Point of Contact to:


(A)	be the single-point-of-contact for the management of Customer’s obligations under the Project;


(B)	serve as the interface between the Project team members and Customer’s business functions, units, or Affiliates participating in the Project;


(C)	define Customer's business and technical requirements for each Project;


(D)	reasonably assist Provider in Provider's development of the detailed Project Plan and validate that the Project Plan meets Customer’s business and technical requirements;


(E)	request all Changes via a Change Request;


(F)	participate in and provide reasonable support during periodic Project planning, review, and status meetings, as scheduled by Provider;

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.


(G)	obtain and provide information, data, decisions and approvals, within the agreed time period;


(H)	coordinate and schedule the attendance of Customer employees and subcontractors, as appropriate, at planning, review, and status meetings scheduled by Provider;


(I)	assist in the resolution of Project issues and escalate within Customer's management as needed;


(J)	assist Provider in resolution of deviations from the Project Plan;


(K)	participate in periodic Project reviews, as reasonably requested by Provider; and


(L)	review the deliverables to determine if they meet the Completion Criteria set forth in the applicable Project Plan and, within the specified time frame, inform the Provider Project Executive in writing of the results of such review.

4. PROJECT PLAN


4.1	A Project Plan will contain the following information:


(A)	Project Manager and Project Point of Contact


(B)	This section will identify Customer’s Project Point of Contact and Provider's Project Managers including name, address, telephone number, and mobile number.


(C)	Purpose and Scope of Work


(D)	This section will provide a summary of the overall purpose of the Project and define the scope of work to be performed.


(E)	Assumptions and Dependencies


(F)	This section will describe any key assumptions or dependencies upon which the Project was based or is dependent upon for successful completion, or both.


(G)	Definitions


(H)	This section will define any terms specific to the Project.


(I)	Provider Responsibilities


(J)	This section will describe the responsibilities that Provider is required to perform in order to complete the Project.


(K)	Customer Responsibilities

MA-IB-00136-2018

Schedule 2

Confidential Treatment Requested by Juniper Networks, Inc.


(L)	This section will describe the responsibilities that Customer is required to perform in order to complete the Project.


(M)	Required Equipment and Materials


(N)	This section will list all required equipment and materials including, hardware and software, that Customer or Provider must provide in order to facilitate completion of the Project.


(O)	Deliverables


(P)	This section will provide a description of any items to be delivered by Provider under the Project.


(Q)	Estimated Exhibit


(R)	This section will provide the estimated schedule for completion of the Project, including any milestones and target dates for completion.


(S)	Completion Criteria


(T)	This section will state the criteria that Provider must meet in order to satisfy its obligations under the Project and the timelines for acceptance thereunder.


(U)	Charges


(V)	This section will specify the applicable fees, if any, for the Project (for example, included within the Annual Services Charge or performed for additional fees on a fixed price or time and materials basis) as well as the interval at which said fees will be paid to Provider by Customer.


(W)	Additional or Unique Terms and Conditions


(X)	This section will identify terms and conditions, if any, in addition to or different from the terms in the Agreement or SOW.

5. PROJECT CHANGE MANAGEMENT


5.1	A Project may be changed in accordance with Schedule 12 (Change Control Procedures).

6. COMPLETION


6.1	The Services will be completed when all of the Deliverables have been accepted by Customer pursuant to the Completion Criteria in the Project Plan.

7. IN-FLIGHT PROJECTS


7.1	As part of the Transition for each Statement of Work, Provider will provide the Project management and related Services and Deliverables for in-flight Projects as agreed upon by the Parties during the Transition.

MA-IB-00136-2018

Schedule 2

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 3

CROSS-FUNCTIONAL SERVICE TERMS

This is Schedule 3 (Cross-Functional Service Terms) (this “Schedule”), to the MSA by and between Juniper Networks, Inc. and International Business Machines Corporation. Unless otherwise expressly defined in this Schedule, the capitalized terms used in this Schedule have the meaning assigned to them in the MSA.


1.	CROSS-FUNCTIONAL SERVICES OVERVIEW AND OBJECTIVES


1.1	Services Overview

This Schedule 3 (Cross-Functional Service Terms) sets forth the roles and responsibilities of the Parties for the set of common services that apply generally to the provision, delivery, and management of Services (“Cross-Functional Services”). Provider will provide Cross-Functional Services across all SOWs entered into by the Parties from time to time unless otherwise expressly provided in a SOW. The services, activities and roles and responsibilities described in this Schedule are within the scope of each SOW for the Services and are included within the Fees for each SOW.


1.2	Service Objectives


(A)	The following are the key high-level Service objectives across the Cross-Functional Services:


(1)	Critical IT and service management functions are integrated into and made a part of the Services provided as part of each SOW.


(2)	The Customer Group receives Services with an enterprise view across SOWs.


1.3	Required Tooling

(A)

Provider’s Services and Fees are dependent upon Provider’s ability to implement the automation tools defined in the SOWs. Provider requires Customer’s consent, reasonable support and reasonable participation in implementing the automation prerequisites set forth in the SOWs into Customer’s environment in accordance with the agreed upon implementation plan. Subject to Section 3.20 (Excuse from Performance), if Customer prevents or unreasonably impedes the implementation of Provider’s automation tools, then Provider may be required to make Changes to its implementation plan in order to provide the Services as agreed in the SOWs. Any Changes to the agreed upon implementation plan will be addressed through the Change Control Procedures and may result in an equitable and corresponding adjustment to the Fees and/or Baselines set forth in Exhibit B (Fees) of the applicable SOW.

(B)

Notwithstanding anything else in the MSA or SOWs to the contrary, Provider reserves the right to implement automation tools and technologies to enhance its ability to deliver the Services in accordance with the Service Levels. In the event that Provider elects to implement any such tools and/or technologies, Customer will cooperate in good faith in such implementation including, at a minimum, assisting with the implementation of any required automation prerequisites. All such implementations will be addressed through the Change Control Procedures.

MA-IB-00136-2018

Schedule 3
1

Confidential treatment requested by Juniper Networks, Inc.


2.	SERVICE DESCRIPTIONS AND ROLES AND RESPONSIBILITIES


2.1	General Roles and Responsibilities


(A)	The following table identifies general roles and responsibilities that Provider and Customer will perform:



General Roles and Responsibilities	[***]
1. Identify Customer Group’s IT requirements.	[***]
2. Provide Services that support Customer Group’s technical requirements and end user requirements.	[***]
3. Comply with known Customer Policies, standards and regulations applicable to the Services.	[***]
4. Provide Customer Polices, standards and regulations applicable to the Services to Provider.	[***]
5. Develop and timely maintain the comprehensive Process Interface Manuals (“PIM”) in accordance with the MSA that contains the actual operational and process standards that will be used in the delivery of the Services.	[***]
6. Report performance against the Service Levels in accordance with the reporting requirements of the applicable SOW.	[***]
7. Monitor and audit Provider’s performance in its delivery of the Services under the Agreement.	[***]
8. Coordinate changes to the IT infrastructure that may affect the Service Levels of any other Service area.	[***]
9. Provide timely creation, updating, maintenance and provision of appropriate Project Plans, Project time and cost estimates, technical specifications, management Documentation and management reporting in a form/format that is acceptable to Customer for Projects and major Service activities.	[***]
10. Coordinate Service delivery with other support groups within each of the other SOWs in coordination with Authorized Users, Customer, and appropriate persons, as necessary.	[***]
11. Provide VIP support Services as necessary.	[***]
12. Provide list of individuals who will receive VIP support.	[***]

MA-IB-00136-2018

Schedule 3
2

Confidential treatment requested by Juniper Networks, Inc.


2.2	IT Processes and Responsibilities


(A)	Administration


(1)	Administration Services are the activities associated with providing a stable System infrastructure and to effectively and efficiently perform procedures to ensure the Services meet the Service Levels.


(2)	The following table identifies operations and administration roles and responsibilities that Provider and Customer will perform, including:



Administration Roles and Responsibilities	[***]
1. Producing periodic reports as necessary and respond in a timely manner to queries and requests concerning the inventory data or supporting information.	[***]
2. On a periodic basis (at least semi-annually), updating the Asset Inventory and Management System by electronically polling Equipment (to the extent enabled in the Customer-approved enterprise management System provided by Provider).	[***]
3. When performing Equipment installations, validating and correcting physical inventory information.	[***]
4. Conducting regular inventory reconciliation through random record-to-floor physical inventory verification.	[***]
5. Timely updating the Asset Inventory and Management System by the following actions: securely removing Assets that are no longer in use; modifying Asset information resulting from Asset relocation and/or use by a different Authorized User; adding new Asset information upon implementation of new Equipment or Software.	[***]
6. Identifying strategies and approaches that will result in the elimination of unnecessary Equipment or Software, or modifications to existing Equipment and Software that Provider believes will provide Customer with competitive advantages, increased efficiency, increased performance, or cost savings (for example: securely eliminate redundant Equipment; deploy handsets that can utilize a single line for Voice and data; consolidate multiple PCs where a single unit would satisfy Customer’s needs, etc.). For the avoidance of doubt, all such identified strategies and/or approaches will follow the Change Control Procedures prior to implementation of any such strategies and/or approaches.	[***]


(B)	Software Support


(1)	Software support Services consist of the activities related to the secure and efficient installation, upgrade, changes, and support for Customer approved Software.


(2)	The following table identifies Software support roles and responsibilities that Provider and Customer will perform, including:

MA-IB-00136-2018

Schedule 3
3

Confidential treatment requested by Juniper Networks, Inc.



Software Support Roles and Responsibilities	[***]
1. Installing, upgrading, and changing Software as required and in accordance with Customer Policies and/or technical review board.	[***]
2. Interfacing with retained Customer Personnel and other third parties to promote the compatibility of Software products.	[***]
3. Unless otherwise directed by Customer, installing, upgrading, and changing the Software to prescribed release levels in accordance with Customer Policies and/or technical review board.	[***]
4. Providing installation of department or Authorized User-specific Software as requested by Customer.	[***]
5. Installing bug fixes, patches, updates and upgrades from Third-Party Suppliers for third-party Software Problems, which includes installation of third-party supplied Software patches as required.	[***]
6. At least thirty (30) days prior to the start of each calendar quarter, giving written notice to Customer of upgrades and Software changes that are planned to occur in the following quarter.	[***]
7. Provide input and approval of Software upgrade and change timeline.	[***]
8. Upgrading and effecting changes to the Software in accordance with the timeline approved by Customer.	[***]
9. Coordinating testing, installation, customization, and support of Software with Application development and maintenance personnel, Authorized Users, and other third parties as required.	[***]
10. Observing Customer Change Management procedures while implementing all changes, upgrades, or enhancements.	[***]
11. For any changes, upgrades, or enhancements, advising Customer of any additional Equipment, Network, environmental, or other requirements needed during integration testing and/or otherwise known to be necessary for the implementation thereof.	[***]
12. Supporting Software identified as in-scope in the applicable SOW; excluding Applications supported by Customer’s retained staff or other third parties, as required and in accordance with Customer Architecture Standards.	[***]
13. Supporting Software at prescribed release levels or as directed by Customer.	[***]
14. Subject to Change Control Procedures, supporting Software used by a specific Authorized User, pursuant to Customer Policies and/or technical review board as requested by Customer.	[***]
15. Supporting Software internally developed and used by Customer.	[***]
16. For System Software, providing Level 1 and Level 2 support and provide and/or coordinate Level 3 Support.	[***]
17. Providing Authorized Users with Software support, advice, and assistance as needed.	[***]
18. Timely maintaining a list of Documentation that reflects the complexity and diversity of the environment and that enhances the Software support process.	[***]

MA-IB-00136-2018

Schedule 3
4

Confidential treatment requested by Juniper Networks, Inc.



Software Support Roles and Responsibilities	[***]
19. Timely maintaining a library of Provider-supplied and Provider-developed Documentation that identifies the Software supported by Provider and the operational support procedures associated with all such Software.	[***]
20. Timely maintaining master copies of all Customer standard Software in a secure, Customer approved source code repository.	[***]
21. Maintaining subscription to the anti-virus/malware Software support in order to proactively receive virus/malware engine and pattern updates.	[***]
22. Performing virus/malware scans on all e-mails.	[***]
23. Providing and implementing the capability to scan hard drives or other temporary storage devices (such as USB memory sticks, PCMCIA flashcards, FireWire hard drives) for virus/malwares upon request.	[***]
24. Developing any plans necessary to provide virus/malware protection.	[***]
25. Promptly responding to virus/malware Incidents per the instructions provided by the Customer in the Incident/ticket submitted to Provider.	[***]
26. Providing proactive alerts to Authorized Users relative to current virus/malware threats specific to Customer’s environment.	[***]


(C)	Service Catalog


(1)	Service Catalog Services are the activities associated with developing, revising, archiving, maintaining, managing, reproducing, and distributing an archive of information relating to approved products, Software, and Equipment for Authorized Users.


(2)	The following table identifies Service Catalog roles and responsibilities that Provider and Customer will perform, including:

MA-IB-00136-2018

Schedule 3
5

Confidential treatment requested by Juniper Networks, Inc.



Service Catalog Roles and Responsibilities	[***]
1. Creating and regularly (at least quarterly) updating a list of Equipment and Software that includes the approved products for purchase or lease by Authorized Users for new deployments (the “Service Catalog”).	[***]
2. Aligning the Service Catalog with Customer’s IT strategic direction, technical architecture, Refresh strategy, roadmap, and product evaluation and test results. Provider will obtain Customer’s approval for the Service Catalog.	[***]
3. Timely maintaining the Service Catalog on a relational database System in Customer’s ServiceNow System, which contains links/integration with the Asset Inventory and Management System as necessary and appropriate. Provider will obtain Customer’s prior written approval for the database design and Customer will have full and continual access to the database.	[***]
4. Implementing new Service Catalog items in Customer’s ServiceNow System.	[***]
5. Categorizing the Service Catalog content by type of Service, configuration type, and/or Equipment or Software type (for example, IMACS, network, desktops, laptops, printers, office suite software, PDAs, etc.).	[***]
6. Including in the Service Catalog individual Services, Equipment and Software items, as well as entire configurations of Services, Equipment and Software, as applicable, based on the deployment standards or options (for example: a “New Hire” selection might include acquisition and installation of a PC, network drop, telephone, etc.).	[***]
7. Including any notation required for specific use (or limitation) of the Equipment or Software—or of the delivery of the Service—by region, by business unit, or by category of Authorized User.	[***]
8. Including any technical limitations/requirements for the use of Equipment or Software (for example: minimum disk space, memory, operating System, etc.) or execution/delivery of the Service.	[***]
9. Integrating approvals into the Service Request workflow.	[***]
10. Including a description of how to obtain additional information about all Services, Equipment, and/or Software.	[***]
11. Making the Service Catalog, available on Customer’s Intranet, along with search capabilities and contact information for queries.	[***]


(D)	Maintenance


(1)	Maintenance Services are the activities associated with the maintenance and repair of Software, Equipment, and infrastructure, including networks, websites and databases, including “break/fix” services. Installed platform and product version levels are to be maintained in accordance with this Schedule, unless coordinated with and approved in writing by Customer.


(2)	The following table identifies Maintenance roles and responsibilities that Provider and Customer will perform, including:

MA-IB-00136-2018

Schedule 3
6

Confidential treatment requested by Juniper Networks, Inc.



Maintenance Roles and Responsibilities	[***]
1. Timely coordinating and managing third parties that provide maintenance-related support for Equipment and Software used in conjunction with the Services and performing these responsibilities regardless of the Party (Provider or Customer) that has financial responsibility for the underlying Asset and maintenance expenses.	[***]
2. Timely performing maintenance of Equipment and Software in accordance with Change Management procedures and scheduling this maintenance to minimize disruption to Customer’s Services.	[***]
3. Where Provider is financially responsible for the underlying Equipment or Software maintenance expense, providing (or arranging for qualified third parties to provide) maintenance for such Equipment and Software.	[***]
4. Providing such maintenance as necessary to keep the Equipment and Software in good operating condition and in accordance with the manufacturer’s specifications, or other agreements as applicable, so that such Assets will qualify for the manufacturer’s standard maintenance plan upon sale or return to a lessor.	[***]
5. Coordinating with the Third-Party Supplier of Equipment and Software, and installing and testing all updates, upgrades, bug fixes, and patches in order to maintain such Equipment and Software as necessary to meet specified Service Levels.	[***]
6. For in-scope third-party maintenance contracts, administering and managing the contract on behalf of Customer, notify Customer in writing at least ninety (90) days in advance about maintenance contracts that are about to expire, and recommending modifications to the Services during such third-party maintenance contract renewal consideration period.	[***]


(E)	Refresh and Technical Currency


(1)	Refresh and Technical Currency Services are the activities associated with modernizing the IT infrastructure on a continual basis to keep the System components current with evolving industry standard technology platforms.


(2)	The following table identifies Refresh and Technical Currency roles and responsibilities that Provider and Customer will perform, including:



Refresh and Technical Currency Roles and Responsibilities	[***]
1. Refresh Equipment and Software as required throughout the Term, for purposes that include meeting Customer’s IT requirements; preventing technological obsolescence or failure; and accommodating volume changes, the ability to increase efficiency, the ability to lower costs, and/or the need to maintain the required Third-Party Supplier support; maintaining compatibility with the Customer-owned Software, Customer-licensed Software and Equipment for which Customer has financial responsibility for Equipment Refresh; and otherwise as required for Provider to meet its obligations under the Agreement (including the Performance Standards). Deploying Equipment and Software associated with any Refresh in accordance with the standards of Customer’s technical architecture and long-range IT plan.	[***]

MA-IB-00136-2018

Schedule 3
7

Confidential treatment requested by Juniper Networks, Inc.



Refresh and Technical Currency Roles and Responsibilities	[***]
2. Providing Refresh within the timeframes and other requirements associated with Refresh, as well as the financial responsibility for the underlying Assets in accordance with the Financial Responsibility Matrix, including performing Refresh throughout the Term in accordance with the timeframes and other requirements. Customer reserves the right to modify the Refresh timeframes and requirements during the Term based on its business requirements.	[***]
3. Where Customer is financially responsible for Equipment and Software used in conjunction with the Services, implementing and supporting the new Assets provided by Customer.	[***]
4. Regardless of the ownership of underlying Assets: providing Provider Staff who are adequately trained and skilled with the appropriate expertise in the use of the Equipment or Software to be deployed as part of the Refresh, and providing such training prior to the Refresh; providing minimal disruption to Customer’s business operations associated with technology Refresh; using best practices and effective automation tools during Refresh deployment; and performing changes to Equipment and Software in accordance with Change Management procedures.	[***]
5. Unless otherwise directed by Customer, providing and supporting Software under Provider’s operational responsibility at the N-1 Release Level.	[***]
6. As directed by Customer, supporting the N-1 Release Level, the N-2 Release Level, and earlier versions of the Software for the longer of the following: (1) the version N Release Level’s general public availability or (2) from the time the Third-Party Supplier ceases to support such version.	[***]
7. Using commercially reasonable efforts to support Software that is no longer supported by the Third-Party Supplier.	[***]
8. Providing support for mutually agreed Software versions and release levels that exist as of the Effective Date until otherwise directed by Customer.	[***]
9. Maintaining a standard current level of Software on Customer and the other Authorized User’s computing platforms, including: performing the following upon each new N Release Level issued by a Provider: within eight (8) months after the release of a new N Release Level by a Third-Party Supplier (1) testing and evaluating the new release in preparation for upgrading the global Authorized User environment to the new standard level; (2) engaging with Customer Application teams to understand the Authorized User workload required to migrate the production environments to the new Software revision; and (3) building a deployment strategy and plan.	[***]
10. Review and provide input and approval for the Software release deployment strategy and plan.	[***]
11. Deploy Software release in accordance with approved deployment plan.	[***]
12. In partnership with the Software manufacturer(s), building and maintaining a schedule of anticipated releases of major and minor releases of Systems Software, and timely presenting these schedules to the Technical Review Board meetings prior to communicating such schedules to Customer Application teams to build awareness and preparedness to perform the necessary testing and porting of Applications into the new standard environments.	[***]

MA-IB-00136-2018

Schedule 3
8

Confidential treatment requested by Juniper Networks, Inc.



Refresh and Technical Currency Roles and Responsibilities	[***]
13. Developing an annual plan for Refresh, including: at least ninety (90) days prior to Customer’s annual planning process meetings, reviewing the Asset inventory and producing and delivering a report that lists the Assets that are due to be Refreshed in the upcoming plan year. Based on usability of the Assets and reviewing with Customer alternatives to replace, re-lease, consolidate, or retain the Assets.	[***]
14. Participate in Asset review discussion and provide input in Refresh and/or reasonable alternatives.	[***]
15. Deliver recommendations regarding Asset Refresh and/or reasonable alternatives to Customer within thirty (30) days after the Asset review discussion.	[***]
16. If Software Changes are required due to replacement of Assets, Provider, in consultation with the Customer, will review alternatives for making changes to such Software. requests for replacement of the Assets and mutually agreed Software will be processed in accordance with the Change Control Procedures.	[***]
17. Provide proposal for Refresh of Customer-owned and leased Assets.	[***]
18. Provide input and approval for Refresh plan of Customer-owned and leased Assets.	[***]
19. Execute that Refresh plan utilizing established Service Desk and procurement processes approved in writing by Customer.	[***]
20. Providing monthly reports ninety (90) days prior to lease expiration date showing Assets to be Refreshed with latest data.	[***]
21. Notifying Customer monthly of open agreements related to Assets that will retire within ninety (90) days of the report date.	[***]
22. Tracking and reporting on basic information related to the start and end dates of leases of Equipment.	[***]
23. Updating Asset records after and on retirement.	[***]


(F)	Redeployment and Disposal of Equipment


(1)	The secure redeployment and disposal of Equipment services are the activities associated planning, tracking, and executing the de-installment and/or redeployment of Customer Assets in order to provide uninterrupted Services.


(2)	The following table identifies Redeployment and Disposal of Equipment roles and responsibilities that Provider and Customer will perform, including:

MA-IB-00136-2018

Schedule 3
9

Confidential treatment requested by Juniper Networks, Inc.



Redeployment and Disposal of Equipment Roles and Responsibilities	[***]
1. Performing de-installation and/or secure re-deployment of Equipment in accordance with Change Management procedures, including: complying with backup requirements and providing permanent removal of any Customer Software or data that may exist on storage media (either fixed, removable, or shared).	[***]
2. Upon secure redeployment or secure disposal of Equipment, make the necessary changes in the Asset Inventory and Management System.	[***]
3. Prior to a new purchase or lease of any Equipment, advise Customer of any possibility of securely re-deploying existing Equipment.	[***]
4. To the extent the Equipment is owned or leased by Customer, returning the Equipment to a central location or securely re-deploy Equipment as requested by Customer; securely disposing of unusable Equipment in an appropriate, environmentally responsible manner, securely erasing data and configuration information resident in the computer System, storage components, and/or devices in such a manner that makes the data permanently irretrievable prior to securely disposing of Equipment; if the Equipment is owned by Customer and sold for salvage, crediting Customer for the Equipment’s salvage price.	[***]


(G)	Delivery and Staging


(1)	Delivery and Staging Services are the activities associated with the safe, efficient, and timely packing, shipping, and set-up of IT-related Assets.


(2)	The following table identifies Delivery and Staging roles and responsibilities that Provider and Customer will perform, including:



Delivery and Staging Roles and Responsibilities	[***]
1. Providing Services associated with the delivery and staging of Equipment and Software.	[***]
2. Develop shipping and delivery processes during Transition.	[***]
3. Provide input and approval or shipping and delivery processes during Transition.	[***]
4. Receiving Equipment and Software that are delivered in accordance with valid procurement orders from Customer; also assist Customer in the receiving process as necessary at Customer Facilities.	[***]
5. Verifying that contents of the delivery are included according to the valid procurement order.	[***]
6. As appropriate and required, notifying representatives from Customer, Provider or any applicable Third-Party Suppliers that the order has been received; plus completing and forwarding any required paperwork associated with verifying the receipt and contents of the order to the appropriate Customer, Provider, or Third-Party Supplier personnel.	[***]
7. Providing timely input into Provider and/or Customer Systems and processes to provide accurate billing and order/inventory management.	[***]

MA-IB-00136-2018

Schedule 3
10

Confidential treatment requested by Juniper Networks, Inc.



Delivery and Staging Roles and Responsibilities	[***]
8. After receipt at the initial site, moving or shipping, Equipment and Software (if necessary) to the staging site(s) (and a location within the site) on a scheduled delivery date that is agreed to with the appropriate Authorized User(s) or Third-Party Supplier.	[***]
9. Facilitating shipping to and from sites, as required.	[***]
10. Providing temporary storage and staging facilities for Customer when needed.	[***]
11. Assuming responsibility for freight-related and transportation-related costs associated with the shipment and receipt of Equipment from Equipment manufacturer locations to Customer Facilities and/or Provider Service Locations.	[***]
12. Assuming responsibility for freight-related and transportation-related costs associated with the shipment and receipt of Equipment from Customer Facilities to other Customer Facilities.	[***]
13. Store the Equipment and Software in a Customer provided secure area and do not subject the Equipment or Software to extreme heat, cold, dampness or other unfavorable conditions.	[***]
14. Providing logistics Services (for example, provisioning, site preparation, etc.) associated with the movement of the Equipment or Software from Third-Party Suppliers to staging facilities.	[***]
15. After the Equipment and/or Software has reached its final staging destination and prior to its actual installation: unloading, uncrating, and/or removing the packaging that was used to ship and contain the product; removing shipping and packaging materials from Customer’s premises in an environmentally responsible manner; assembling and/or testing the product, including assembling a complete or partial configuration, if required by the agreed installation plan; providing the specific configuration required to complete the assembly and/or installation of the Equipment and Software; using the Customer standard configuration for the underlying type of Equipment and/or Software for new Equipment and Software, unless otherwise approved by Customer in writing; providing configuration specifications and assembly/test instructions to Provider Staff or Third-Party Supplier in electronic format and/or paper copy as needed; providing parts and materials necessary for proper assembly and installation of Equipment, Software and Services, exclusive of electrical power and environmental resources and any other materials specifically agreed in advance and in writing with Customer or a Third-Party Supplier; coordinating with Third-Party Suppliers that are supplying peripheral or ancillary Equipment or Software; providing replacement parts/units to remedy out-of-box failures or Equipment found inoperable during assembly.	[***]


(H)	Quality Assurance


(1)	Quality Assurance (QA) Services are the activities associated with the assessment and definition of QA activities and parameters, including metrics and procedures consistent with industry standards.


(2)	The following table identifies Quality Assurance roles and responsibilities that Provider and Customer will perform, including:

MA-IB-00136-2018

Schedule 3
11

Confidential treatment requested by Juniper Networks, Inc.



Quality Assurance Roles and Responsibilities	[***]
1. Developing and employing a quality assurance program, subject to Customer’s approval, designed to promote and consistently maintain performance of the Services at a high level of quality and focus on measuring and improving reliability, speed, cost effectiveness, and Customer satisfaction.	[***]
2. Writing and maintaining procedures and measurements on quality assurance activities associated with the Services.	[***]
3. Ensuring that the quality metrics and procedures employed are consistent with similar standards in Customer’s industry and/or in the provision of similar professional services.	[***]
4. Subject to Section 17.14 (Internal Controls) of the MSA, ensuring compliance with a published quality assurance program, with adequate internal controls and verification activities.	[***]
5. In accordance with Article 14 (Audits) of the MSA, allowing Customer to perform audits that will focus on Provider’s adherence to its quality assurance procedures and standards; on the metrics gathered to support quality assurance activities; and on Provider’s efforts to improve overall quality.	[***]


(I)	Security Management


(1)	Security Management Services are the activities that enable Customer, Provider, and Third-Party Suppliers to meet the security requirements detailed in security policies, contractual requirements, legislative requirements, and in the Service Levels schedule.


(2)	The following table identifies security management roles and responsibilities that Provider and Customer will perform, including:



Security Management Roles and Responsibilities	[***]
1. Comply with Customer’s requirements according to security policies, contractual requirements, legislative requirements, and as expressed in the Service Levels.	[***]
2. Comply with Provider’s internal security requirements according to internal security policies and standard security baselines.	[***]
3. Assisting Customer to define security requirements based upon business needs.	[***]
4. Providing advice on improving the information security model and plan implementation.	[***]
5. Complying with its physical and logical security responsibilities, including, in particular, providing that proper segregation of duties exists where appropriate, including where processes span to Provider and/or Third-Party Supplier(s). If during the implementation of Changes or management of crises it is not feasible to observe a proper segregation of duties, immediately informing Customer of this fact and keeping a complete and accurate record of any and all actions performed and by whom.	[***]
6. Provide Customer with a written record within two (2) days after the change or crisis.	[***]

MA-IB-00136-2018

Schedule 3
12

Confidential treatment requested by Juniper Networks, Inc.



Security Management Roles and Responsibilities	[***]
7. Promptly informing Customer if Provider becomes aware of any vulnerability or weakness in the Services or any Security Incident and participate in discussions related to a possible solution or mitigation.	[***]
8. Complying with Customer security and safety policies, standards and procedures at Customer Facilities, as they may be revised or updated.	[***]
9. Recommending supplemental physical security standards to increase the overall level of security at Customer Facilities.	[***]
10. When noted, recommending supplemental physical security provisions at Customer Facilities.	[***]
11. Complying with Customer Policies, including data and records management and electronic records and data archiving.	[***]
12. Provide to Provider Customer Policies related to data and records management and electronic records and data archiving.	[***]
13. Supporting security administration process with Customer’s and Third-Party Supplier(s)’s physical security administration processes, where the processes interact.	[***]
14. In Service Locations, comply with Provider’s security processes.	[***]
15. Performing Provider’s physical security functions (for example, identification badge controls, and alarm responses) at Service Locations from which Services are being performed.	[***]
16. Provider will provide logical security administration to maintain authorized access to IT data.	[***]
17. Establishing and maintaining mechanisms to safeguard against Security Incidents in accordance with Schedule 9 (Information and System Security Requirements) and the Customer Security Document.	[***]
18. Implementing an information security approach that follows a resource-ownership concept for security, for certifying owners, and for periodically reviewing authorized access for computer users.	[***]
19. Researching System security Problems for infrastructure or Applications under the control of Provider. Provider will remediate all such problems on Provider Equipment and will remediate all such problems on Customer Equipment per Customer’s instructions.	[***]

MA-IB-00136-2018

Schedule 3
13

Confidential treatment requested by Juniper Networks, Inc.



Security Management Roles and Responsibilities	[***]
20. Managing and administering access to the Provider-operated Customer Systems and Customer Data; such management and administration will: allow Customer IT security read-only rights related to such Provider-operated Customer Systems regarding the Services, including access to audit trails and logs; allow Customer to retain authority for approval of data and System access requirements; provide such entities and persons as Customer informs Provider access to the Provider-operated Customer Systems; follow Customer’s instructions and the procedures regarding such access as in accordance with Article 14 (Audits) of the MSA; maintain security rules and access rights in accordance with Schedule 9 (Information and System Security Requirements) and the Customer Security Document.	[***]
21. Reviewing documented information security procedures with Customer pertaining to the Provider-operated Customer Systems.	[***]
22. Developing, maintaining, updating, and implementing security procedures with Customer’s review and approval, including physical access strategies and standards.	[***]
23. Assisting in the development and utilization of an action plan and escalation procedures to be set forth in the PIM for any Security Incidents in accordance with the Schedule 9 (Information and System Security Requirements) and the Customer Security Documentand reporting any Security Incidents to Customer, and escalating within Provider’s and Customer’s organizations, in accordance therewith.	[***]
24. Monitoring users of the Systems and Services for authorized access, reviewing, and deciding which users need to be removed and reporting that to Provider.	[***]
25. Timely responding and promptly removing those users who Customer identifies as no longer having authorized access.	[***]
26. Promptly identify to Customer security risks associated with the Services.	[***]
27. Notifying Customer, and escalating within Provider’s and Customer’s organizations, in the event of a Security Incident in accordance with the PIM.	[***]
28. Conducting periodic reviews, as appropriate, to validate that Provider employee access to programs and libraries is appropriate for Provider-operated Customer Systems.	[***]
29. Conducting periodic reviews, as appropriate, to validate that Customer employee access to programs and libraries is appropriate for Provider-operated Customer Systems.	[***]
30. Running monthly reports to identify to Customer those accounts that should be removed on Systems for Provider operated Customer Systems.	[***]
31. Capturing data regarding routine access and exceptions for audit trail purposes and making such data available to Customer upon request.	[***]
32. Performing security audits, providing Incident investigation support, and initiating corrective actions as part of the Change Management process to minimize and prevent Security Incidents.	[***]

MA-IB-00136-2018

Schedule 3
14

Confidential treatment requested by Juniper Networks, Inc.



Security Management Roles and Responsibilities	[***]
33. After obtaining Customer’s written approval, installing, updating, and maintaining Software that will provide security monitoring, alarming, and access-tracking functionality for Provider-operated Customer Systems.	[***]
34. Security access control tools for data, Software, and Networks in compliance with Customer Policies, standards and procedures, and maintaining such security and access control devices in proper working order.	[***]
35. Implementing and maintaining a set of automated and manual processes designed to enforce Customer Policies.	[***]
36. Establishing policies and processes for assigning, resetting, and disabling IDs and passwords used for data or System access.	[***]
37. Executing password and ID management, in accordance with Customer Policies, e.g. Active Directory.	[***]
38. Implementing and maintaining a secure database of Provider access requests, access rights, and approval authorities.	[***]
39. Communicating with Authorized Users regarding requests for System or data access, and coordinating with Customer IT security, which authorizes access to Customer Data and Systems.	[***]
40. Running periodic reports to identify accounts that should be removed or unusual disk space usage of a particular Authorized User or group and providing timely reports to Customer IT security.	[***]
41. Coordinating System password changes and, subject to Customer’s approval.	[***]
42. Performing backup and recovery procedures in response to Security Incidents that result in lost/damaged information.	[***]
43. Responding to security audit requests from Customer and/or regulatory authorities in accordance with the provisions of Article 14 (Audits) of the MSA.	[***]
44. Cooperating and assist with efforts by Customer and/or representatives of Customer for security tests on Customer Systems.	[***]
45. Working together with Customer to Change security in responses to evolving requirements and changing technology.	[***]
46. Maintaining safeguards against Security Incidents in accordance with Article 17 (Confidentiality and Customer Data) of the MSA and Schedule 14 (Data Privacy) of the MSA.	[***]
47. Supporting security administration processes with Customer’s and Third-Party Supplier(s)’ logical security administration processes, where the processes interact.	[***]
48. Supporting logical security administration process with Service Management processes, especially Incident Management, Change Management, and IT Service Continuity Management.	[***]
49. Providing Application Development and maintenance security support and advice.	[***]
50. Developing any Application functionality consistently with Customer’s security standards and procedures.	[***]

MA-IB-00136-2018

Schedule 3
15

Confidential treatment requested by Juniper Networks, Inc.


(J)	Service Delivery


(1)	Capacity Management


(a)	Capacity Management Services are activities to provide that the capacity of the IT Infrastructure matches the evolving demands of Customer Group in the most cost-effective and timely manner. The process encompasses the following:


(i)	Monitoring performance and throughput of the Services, Systems, and supporting IT components


(ii)	Understanding current demands and forecasting for future requirements


(iii)	Developing capacity plans which will meet Customer Group’s demand and the Service Levels


(iv)	Conducting risk assessment of capacity recommendations


(v)	Identifying financial impacts of capacity plans


(vi)	Undertaking tuning activities of the Systems and Services


(b)	The following table identifies Capacity Management roles and responsibilities that Provider and Customer perform, including:



Capacity Management Roles and Responsibilities	[***]
1. Capacity Management is the primary responsibility of Provider.	[***]
2. Provide input on and participate in capacity management planning.	[***]
3. Provider will apply Capacity Management to the applicable Services.	[***]
4. Formally reviewing capacity requirements as part of Customer’s normal business planning cycle.	[***]
5. Verifying that there is adequate capacity to meet the required Service Levels.	[***]
6. Managing capacity to demand for the Services.	[***]
7. Working with Customer to achieve optimal utilization of capacity.	[***]
8. Providing additional capacity or advising Customer regarding the need for additional capacity, as appropriate.	[***]
9. Monitoring resources and System performance, System utilization, capacity limits, and expected capacity needs, and recording that information.	[***]
10. Producing regular management reports, including current usage of resources, trends and forecasts, and exceptions.	[***]
11. Determining capacity requirements of new Systems to determine the necessary computer and Network resources required, and then sizing such new Systems, taking into account Equipment utilization, performance of Service Levels, and cost (minimizing cost to Customer). Changes or implementations of new Systems will be subject to the Change Control Procedures.	[***]

MA-IB-00136-2018

Schedule 3
16

Confidential treatment requested by Juniper Networks, Inc.



Capacity Management Roles and Responsibilities	[***]
12. Utilizing, and reporting on the use of such, new Equipment and Software in order to improve the efficiency and effectiveness of the process, as part of the continuous improvement and evolution of the Services.	[***]
13. Carrying out performance testing of new Systems to confirm that such Systems meet planned performance and utilization expectations and requirements.	[***]
14. As requested by Customer, or as needed to deliver the Services, proposing Service Levels that are maintainable and cost-justified.	[***]
15. Tuning Systems to achieve optimum use of Equipment, Network, and Software resources.	[***]
16. Timely resolving performance-related Incidents and Problems.	[***]
17. Performing ad hoc performance and capacity studies as requested by Customer or as needed to deliver the Services.	[***]
18. In support of Application development and maintenance activities, estimating applicable resource requirements, including impact on the capacity of the server environment, network environment, end-user computing environment, etc., as required.	[***]
19. Deploying proactive capacity management processes wherever practicable to do the following: prevent Incidents and Problems related to resource utilization from occurring; trend current System and resource utilization and estimate future utilization; validate and verify that planned changes affect only the expected resource impact.	[***]
20. Utilizing reactive capacity management (that is, responding reactively to occurrences of insufficient capacity) whenever necessary to facilitate successful performance of the Services.	[***]
21. Investigating new technology applicable to the Services and incorporating technological development, advances, and evolution into the Services and reporting on such technology upgrades/proposals. Incorporation of new technology is subject to the Change Control Procedures.	[***]
22. Aligning capacity management and Provider’s IT business plan for the Services with Customer’s Long-Range IT Plan.	[***]
23. Applying capacity management tools, data, reports, and disciplines to Incidents and Problems relating to poor performance in order to timely resolve such Incidents and Problems.	[***]
24. Aligning capacity management outputs with the Service Levels and other performance requirements documented in the Agreement.	[***]
25. Actively including capacity management in the Change management process to assess Changes for their impact on the capacity of the Systems and providing appropriate feedback to those submitting change requests.	[***]
26. Incorporating Customer work schedules, periodic business fluctuations, and dependencies between elements of the Services into capacity management planning.	[***]
27. Performing short-term demand management as required to maintain delivery of the Services during failures, spikes in demand, or other spontaneous events.	[***]

MA-IB-00136-2018

Schedule 3
17

Confidential treatment requested by Juniper Networks, Inc.



Capacity Management Roles and Responsibilities	[***]
28. In consultation with Customer, supporting demand management activities to encourage Authorized Users to make the most efficient use of the Services and assisting Customer to minimize its costs while maximizing the value it receives from the Services. Provider’s responsibilities in this regard include developing demand management models and making recommendations to dampen Authorized User demands on Systems, when requested by Customer.	[***]
29. Assisting Customer in forecasting Customer’s capacity requirements and monitoring, validating and reporting to Customer the capacity forecast against Customer’s actual utilization.	[***]
30. Proactively developing and delivering to Customer forecasts of growth and other changes in response to the projected Customer business and operational needs disclosed by Customer to Provider on an annual basis, or more frequently as Customer may reasonably require.	[***]
31. Working with Customer to maintain knowledge base of future demand for the Services and estimating the effects of demand on Service Levels.	[***]
32. Reviewing Customer’s IT strategies, IT plans, and IT financial plans and validating that capacity management requirements align with those plans and, to the extent such alignment does not exist, work with Customer in order to bring about such alignment.	[***]
33. On an agreed schedule, or as requested by Customer, revising the capacity planning model based on actual performance.	[***]
34. Using appropriate types of modeling in support IT planning and capacity and utilization studies; such modeling could include: estimates based upon experience and current and historical resource utilization experience; pilot projects; prototype development; analytical modeling; simulation modeling; baseline models; trend analysis; forecasting.	[***]
35. Participate as needed in Customer’s business capacity management planning processes.	[***]
36. Producing and updating the capacity plan in conjunction with Customer’s IT business planning cycle.	[***]
37. Provide capacity planning recommendations based on business needs to Provider.	[***]
38. Incorporate Customer’s capacity planning recommendations into Provider’s annual plan. Provider will include the Capacity Plan in Provider’s annual publication of the IT business plan.	[***]
39. Updating Provider’s capacity management information in a timely manner with the technical specifications of newly acquired Configuration Items (“CIs”), changed CIs, Service performance requirements, planned workloads and demands to be placed upon the IT resources, and any other relevant information. at least twice-yearly, sampling the Provider’s capacity management information to ensure the correctness of the data contained therein and provide report to Customer.	[***]
40. Investigating and researching threshold breaches and near misses to determine what remedial action should be taken, then planning and performing such remedial actions through the Change Management process.	[***]

MA-IB-00136-2018

Schedule 3
18

Confidential treatment requested by Juniper Networks, Inc.



Capacity Management Roles and Responsibilities	[***]
41. Employing regular monitoring, identification of exceptions, and manual review of reports and trends.	[***]
42. Maintaining an understanding of the capacity and utilization of each of the IT components that Provider manages, including Equipment, Software licenses, and voice and data circuits.	[***]
43. As necessary to provide optimum resource usage (Equipment, Software, circuits, etc.) in the delivery of the Services, installing Equipment and Software monitors, properly configuring those monitors, and collecting the resultant data.	[***]
44. Upon request, estimating the resource and utilization effects of planned changes.	[***]
45. Reactively responding to Incidents and Problems that are caused by a lack of resource or an inefficient use of a resource.	[***]
46. Proactively identifying components that are susceptible to failure and recommending cost-effective solutions for Customer’s consideration and possible approval.	[***]


(2)	Availability Management


(a)	Availability Management Services are the activities associated with tuning Service components for maximum availability of Services.


(b)	The following table identifies Availability Management roles and responsibilities that Provider and Customer will perform, including:



Availability Management Roles and Responsibilities	[***]
1. Optimizing the capability of the Infrastructure and Services by collecting, monitoring, analyzing, and reporting on key elements of Availability and then initiating Change through the Change Control Procedures when required, necessary to meet the Service Level requirements for Availability.	[***]
2. Determining Availability requirements in business terms.	[***]
3. Provide requirements on expected performance levels of Availability and security to Provider.	[***]
4. Designing for expected Service Levels of Availability and security.	[***]
5. Develop Availability plans.	[***]
6. Review and approve Availability plans.	[***]
7. Implement approved Availability plans.	[***]
8. Continuously reviewing and improving Availability.	[***]
9. Operating and maintaining an Availability management process to plan, implement, measure, and manage the Availability and the general reliability of the Services to confirm that the levels of Availability and reliability consistently meet Customer’s IT requirements and objectives.	[***]
10. Integrating Provider’s Availability management process with Customer’s and/or Customer’s Third-Party Supplier’s Availability management processes, where the processes interact.	[***]

MA-IB-00136-2018

Schedule 3
19

Confidential treatment requested by Juniper Networks, Inc.



Availability Management Roles and Responsibilities	[***]
11. Integrating the Availability management process with other Service management processes, including Incident management, Change management, Service capacity management, and IT Service continuity management.	[***]
12. Providing the levels of Availability and reliability of the Services in compliance with the Service Levels. Provider will provide an IT Infrastructure architecture that allows the introduction of new layers of complexity that does not compromise overall reliability.	[***]
13. Producing Availability and reliability impact assessments with respect to change request and work orders.	[***]
14. Cooperating with Customer and its Third-Party Supplier(s) to provide Availability and reliability of the Services to Authorized Users in accordance with the Service Levels.	[***]
15. Retaining at least twenty-four (24) months of Availability and reliability data to enable trend analysis and making such data available to Customer.	[***]
16. Providing early warning or advice to Customer of potential or actual Availability and reliability issues. Provider will provide additional advice as the potential threat to Availability or reliability increases and as the threat becomes more imminent. Work diligently to remediate all such threats.	[***]
17. Providing regular reporting of Service outages related to the Services that affect Authorized Users irrespective of where the outage occurred.	[***]
18. Providing a monthly report in a format agreed upon with Customer that, at a minimum, provides a comparison of performance and Availability; providing a list of outages, linked to an Incident, including the date and time the outage commenced, its duration, and the affected infrastructure and Applications; providing trend analysis of the performance for critical Services and the Applications supported by the critical Services (the “Critical Applications”) during the thirteen (13) most recent months; reporting on proposed preventative maintenance activities.	[***]
19. Providing Customer with recommendations of preventative maintenance options and implementing any such preventative options approved by Customer pursuant with the Change Control Procedures.	[***]


(3)	Service Continuity Management


(a)	Service Continuity Management Services are the activities required to provide prioritized Service Continuity for Customer, including Applications, and their associated infrastructure (e.g., CPU, servers, network, data and output devices, End-User Devices) and associated Voice and data Networks.


(b)	The following table identifies Service Continuity Management roles and responsibilities that Provider and Customer will perform, including:

MA-IB-00136-2018

Schedule 3
20

Confidential treatment requested by Juniper Networks, Inc.



Service Continuity Roles and Responsibilities	[***]
1. Customer will retain responsibility for its business continuity plans and management activities and will approve Provider’s activities in advance.	[***]


(K)	Service Support


(1)	Incident Management


(a)	Incident Management Services include the activities associated with restoring normal Service operation as quickly as possible and minimize the adverse impact on Customer business operations, thus ensuring that the best possible levels of Service quality and availability are maintained.


(b)	The following table identifies Incident and Problem Management roles and responsibilities that Provider and Customer will perform, including:



Incident Management Roles and Responsibilities	[***]
1. Providing an Incident management process that will restore Service operation as quickly as possible with minimum disruption to the business, thus enabling the best achievable levels of availability and Service quality to be maintained to promote Authorized User satisfaction.	[***]
2. When an Incident occurs, restoring Service as quickly as possible with minimal business impact.	[***]
3. Implementing an Incident management process that is flexible and facilitates effective communication and coordination across functions, Customer Facilities, regions and Third-Party Suppliers.	[***]
4. Integrating Provider’s Incident management process with the Customer’s Service management processes, including Problem Management, Configuration Management, and Change Management.	[***]
5. Validating that the Incident management process provides an audit trail that meets Customer’s requirements, including; recording detailed audit information of the activity that creates, changes, or deletes data and user access to Systems that contain Customer Data; providing end-to-end traceability even when transactions span across multiple Applications, Systems components, or parties.	[***]
6. Communicating the Incident management process to Provider’s organization, Customer, and each Third-Party Supplier involved in the delivery of IT Services.	[***]
7. Facilitating and leading information exchange between and among Provider, Customer, and/or Third-Party Suppliers to improve end-to-end Incident management.	[***]
8. Developing and documenting processes regarding interfaces, interaction, and responsibilities between Level 1 support personnel, Level 2 support personnel, and other internal or external persons or entities that may either raise an Incident, act on an Incident, or receive an Incident.	[***]

MA-IB-00136-2018

Schedule 3
21

Confidential treatment requested by Juniper Networks, Inc.



Incident Management Roles and Responsibilities	[***]
9. Wherever possible, designating end-to-end responsibility and ownership for each Incident to a single Provider Service Desk staff member, thus minimizing redundant contacts with the Authorized User.	[***]
10. Providing a mechanism for expedited handling of Incidents that are of high business priority to Customer and/or Third-Party Suppliers, based on the assigned Severity Level, as per escalation processes described in the Incident and Problem management procedures.	[***]
11. Use Customer’s existing ServiceNow tools in order to provide real-time visibility of data records associated with Incidents, including Service Requests to Customer and other Third-Party Suppliers.	[***]
12. Receiving and logging Incidents (including submissions received by telephone, electronically, or other means approved by Customer) and opening an Incident record.	[***]
13. Providing Incident detection, reporting, recording, and initial support.	[***]
14. Providing Incident investigation, diagnosis, impact analysis, and reclassification as required.	[***]
15. Utilizing and timely updating the Incident management System with complete and relevant information relating to an Incident.	[***]
16. Making an initial determination of the potential resolution.	[***]
17. Prioritizing and escalating Incidents from VIP users.	[***]
18. Linking multiple contacts pertaining to the same Incident to the associated Incident record.	[***]
19. Linking multiple Incidents pertaining to the same Service Request to the associated Service Request.	[***]
20. Resolving as many Incidents as possible during the Authorized User’s initial contact with the Service Desk, without transferring the call or using any escalation.	[***]
21. Resolving Incidents that are resolvable by Level 1 support and closing the Incident, including Service Requests, after receiving confirmation from the affected Authorized User that the Incident has been resolved.	[***]
22. Resolving Incidents arising from or related to the Services, including break/fix Equipment and Software support.	[***]
23. Acting proactively and coordinating with other parties (whether Parties or third parties) as needed in order to resolve Incidents and action Service Requests.	[***]
24. Transferring Incidents within specified time limits to the appropriate party without compromising Service Levels or security requirements.	[***]
25. Providing or coordinating the Resolution of Incidents.	[***]
26. Escalating issues to the appropriate levels for Resolution in accordance with escalation procedures approved by Customer.	[***]
27. Escalating an Incident where the Incident cannot be resolved within the relevant Service Levels or otherwise agreed timeframe.	[***]

MA-IB-00136-2018

Schedule 3
22

Confidential treatment requested by Juniper Networks, Inc.



Incident Management Roles and Responsibilities	[***]
28. Closing an Incident, including Service Requests, only after receiving confirmation from the affected Authorized User that the Incident has been resolved.	[***]
29. Restoring normal Service operations as quickly as possible following an Incident, with minimum disruption to Customer’s business operations, and in compliance with Service Levels.	[***]
30. Retaining overall responsibility and ownership of Incidents until the Incident is closed subject to the Incident management process defined in the PIM.	[***]
31. Tracking and reporting the progress of Resolution efforts and the status of Incidents Provider is responsible for, including: reviewing the proposed resolution time for each Incident with the appropriate party and updating the status accordingly; coordinating Incident tracking efforts, and providing and maintaining regular communications between parties and Authorized Users until Incident resolution; keeping Customer informed of changes in Incident status throughout the Incident life cycle in accordance with agreed Service Levels; keeping Customer informed of anticipated Resolution times for active Incidents.	[***]
32. Leveraging a knowledge base to assist with the Resolution of Incidents and the processing of Service Requests, including: making the knowledge base available online to Authorized Users for user self-help. Tracking the use of the knowledge base and reporting usage statistics to Customer on a monthly basis, or as requested by Customer (for example, the number of Incidents resolved using the knowledge base).	[***]
33. Where Incidents relate to Assets, updating details in the Asset Inventory and Management System and the CMDB, or coordinating with the relevant process to confirm updates are made.	[***]
34. Performing the same functions and assuming the same responsibilities for Service Requests as required for Incident Management, including: tracking and managing Service Requests from Authorized Users; resolving Service Requests by working with Service management teams, business owners, and Third-Party Supplier(s); and providing liaison with Change Management to confirm that Service Requests follow the Change Management procedures, as appropriate.	[***]
35. Recording the Incident and opening an Incident record.	[***]
36. Transferring the Incident to the appropriate person or entity for resolution or to provide guidance.	[***]
37. Continuing to work toward resolution of the relevant part(s).	[***]
38. Transferring the remaining part(s) to the Service Desk, without compromising relevant Service Levels.	[***]
39. Providing status updates to Authorized User within agreed Service Levels.	[***]
40. Escalating unresolved Incidents according to procedures approved by Customer, and prioritizing high-impact Applications, Software, Equipment and Services, such that they are treated with the highest priority.	[***]

MA-IB-00136-2018

Schedule 3
23

Confidential treatment requested by Juniper Networks, Inc.



Incident Management Roles and Responsibilities	[***]
41. Implementing escalation procedures that reflect and describe the Incident, including: Severity Level of the Incident; location of the Incident and the name and/or number of affected Authorized Users; elapsed time before an Incident is escalated to the next higher Severity Level; The levels of involvement (and notification) of Provider management and Customer management at each Severity Level; investigative and diagnostic activities to identify workarounds for each Incident; Incident resolution activities to restore normal Service in compliance with the relevant Service Levels; ability to resolve Incidents by matching Incidents to known errors that are stored in a Known Error Database; ability to resolve Incidents by implementing workarounds that are stored in a knowledge base; escalation process used to escalate Incidents to appropriate support teams when necessary; escalation process used to escalate Incidents to Provider’s and/or Customer’s management team; ability to generate Change requests where necessary for the implementation of workarounds; ability to generate a Problem from an Incident; ability to record information on the details of the Incident and the corrective action for later statistical analysis as part of the Problem Management process.	[***]
42. Creating an audit trail of activity that creates, changes, or deletes data and user access to Systems that contain Customer Data and end-to-end traceability across Applications, Systems, and parties.	[***]
43. Maintaining a central knowledge database used to capture, store, and retrieve information and solutions for reuse by Provider Staff, Third-Party Supplier(s), and Authorized Users. This knowledge database will enable the sharing of policies, procedures, best practices, and methods to resolve Incidents among Provider Staff, Third-Party Suppliers(s), and Authorized Users.	[***]
44. Regularly updating the Incident Management System (including the central knowledge database) with Provider solutions and best practices as they are developed, including updates based on “lessons learned” and experience with similar technologies and problems for other customers.	[***]
45. Allowing Customer to monitor and view the knowledge database on an ongoing basis (including Authorized Users).	[***]
46. Limiting access to the Incident Management Systems to the agreed levels for the type of Authorized Users who require access to the Systems.	[***]
47. Providing Provider, at Customer’s expense, with appropriate licenses and/or interfaces to use the ServiceNow (or any replacement thereof).	[***]
48. Providing regular progress notifications to Customer on current Priority Level 1, Priority Level 2, Priority Level 3, and Priority Level 4 Incidents and, as necessary, through any follow-up communication and work required post-Resolution. The frequency of such notification is determined by the severity of the Incident in accordance with the PIM.	[***]

MA-IB-00136-2018

Schedule 3
24

Confidential treatment requested by Juniper Networks, Inc.



Incident Management Roles and Responsibilities	[***]
49. Providing regular progress notifications to the Service Desk on Incidents raised by VIP users, with the frequency of such notification in accordance with relevant Service Levels and Customer requirements.	[***]
50. Providing prompt notification to Customer of System outages on Systems Customer designates as critical and otherwise providing affected Authorized Users with regular and timely progress updates that clearly indicate information about the Incident including: nature of the Incident; estimated time to completion; potential short-term alternatives.	[***]
51. Providing the monthly report in electronic copy in a format agreed to with Customer, which at a minimum includes: key issues relating to Incident Management; number of Incidents during the month, grouped by severity, Service, region, and classification; list of Incidents, short description, reference number, and a shortcut to detailed description; detailed description, including timing of activities; links to Problems and the Known Error Database; trend analysis of the Incidents reported during the thirteen (13) most recent months.	[***]
52. Calculating statistics and providing monthly reports to Customer, which include: sources of the Incidents; frequency regarding the types or categories of Incidents; the duration of open Incident (average and quantities by age); number of Incidents resolved upon first contact; the Service Desk call-abandoned rate.	[***]
53. Provide information regarding Incident resolution, including Service Level measurement reporting.	[***]


(L)	Problem management

(1)

Problem Management Services also include minimizing the adverse impact of Incidents and related Problems on the business of Customer Group that are caused by errors in the IT infrastructure, and to prevent the recurrence of Incidents related to those errors. In order to achieve this goal, Problem Management seeks to get to the root cause of Incidents and then initiate actions to improve or correct the situation.


(2)	The following table identifies Problem Management roles and responsibilities that Provider and Customer will perform, including:



Problem Management Roles and Responsibilities	[***]
1. Determining the root cause of the Incidents comprising a Problem, and then initiating actions to improve or correct the situation.	[***]
2. Using a Problem Management process to reduce the recurrence of Incidents.	[***]
3. Communicating the Problem Management process within the Provider organization and to each Third-Party Supplier(s).	[***]
4. Integrating Provider’s Problem Management process with its other Service management processes, especially Incident Management, Configuration Management, and Change Management.	[***]

MA-IB-00136-2018

Schedule 3
25

Confidential treatment requested by Juniper Networks, Inc.



Problem Management Roles and Responsibilities	[***]
5. Managing the effective entry of data into Problem Management Systems and escalating to Customer for prioritization and approval, including: Providing Customer the ability to enter Problem tickets directly into the Problem Management System; Supporting the effective execution of root-cause analysis.	[***]
6. Managing and resolving any deviation from the effective management of Problems.	[***]
7. Facilitating information exchange between and among Provider and Third-Party Supplier(s), which will drive continued improvement in Problem Management.	[***]
8. Conducting regularly scheduled Problem Management meetings to prioritize the resolution of Problems. Providing single point of contact, or designated assignee, for each Problem.	[***]
9. Survey Incidents to identify reoccurring Problems.	[***]
10. Validating that Problem resolution and corrective actions taken are sufficient to confirm that root causes identified do not reoccur in same or similar environments regularly. This includes updating manuals, procedures, and other Documentation.	[***]
11. Verifying Provider and Third-Party Supplier(s) are implementing corrective actions identified above in accordance with the PIM.	[***]
12. Escalating to appropriate management within Provider and Third-Party Supplier(s) if corrective actions are not being closed.	[***]
13. Documenting and publishing Problem Management meetings status reports to Customer, Provider, and necessary Third-Party Supplier(s) key resources; recording Problem Management status in the IT Service management (ITSM) system, which as of the Effective Date is ServiceNow.	[***]
14. Updating the knowledge database with relevant information, including documented workarounds for known Problems.	[***]
15. Performing trend analyses on the volume and nature of Problems in order to identify areas for improvement and reporting on the trend analyses and improvements to Customer and Third-Party Supplier(s) on at least a quarterly basis.	[***]
16. Developing tools/scripts and enhancing processes to proactively perform Problem Management, with the objectives of automating the Problem Management process and predicting Problems before they occur.	[***]
17. Implementing measures to avoid unnecessary reoccurrence of Problems.	[***]
18. Coordinating Problem tracking efforts and notifications to the Service Desk and Third-Party Supplier(s); and maintaining regular communications between parties until problem resolution.	[***]
19. Managing Problems in accordance with consistent and agreed classification and prioritization criteria.	[***]
20. Retaining overall responsibility and ownership of Problems until the Problem is closed subject to Customer approval.	[***]

MA-IB-00136-2018

Schedule 3
26

Confidential treatment requested by Juniper Networks, Inc.



Problem Management Roles and Responsibilities	[***]
21. Updating the Problem Management System (including the knowledge database) with Provider solutions and best practices as they are developed, including updates based on “lessons learned” and experience with similar technologies and problems for other customers.	[***]
22. Maintaining access to Problem Management information and ability to write reports.	[***]
23. Providing a monthly report in a format approved by Customer. This report includes: the number of Problems in total and grouped by type, severity, status and whether a known error; Problem reviews; Problem trend analysis findings; issues relating to the Problem Management Service, such as any other information that may improve or facilitate a better Problem Management process, including decisions to be made by Customer and Provider; trend analysis of Problems reported during the thirteen (13) most recent months; Communication and Notification.	[***]
24. Maintaining communications and providing reports through the Service Desk to Customer and affected Authorized Users and, as necessary, to Third-Party Supplier(s) from the time a Problem is identified through resolution. As necessary, also providing any follow-up communications and reporting work required post-resolution.	[***]
25. Tracking and reporting any backlog of unresolved Problems on at least a monthly basis to the Problem Manager, or more frequently as requested by Customer.	[***]
26. Providing the Problem Management team with monthly and ad hoc electronic reports on Problems including: statistics on total numbers of Problems; outstanding Problems; Resolution time; chronic outages; performance; and Problem trend analysis.	[***]


(M)	Configuration Management

(1)

Configuration Management Services are activities that provide a logical model of the infrastructure by identifying, controlling, maintaining, and verifying installed Software, Equipment, and infrastructure, including networks, websites and databases versions to account for IT Assets and configurations, provide accurate information on configurations and provide a sound basis for Incident, Problem, Change Management and Release Management and to verify configuration records against the infrastructure and correct any exceptions.


(2)	The following table identifies Configuration Management roles and responsibilities that Provider and Customer will perform, including:



Configuration Management Roles and Responsibilities	[***]
1. Maintain a CMDB that contains details of the elements that are used in the provision and management of its IT Services and which contains information that relates to the maintenance, movement, and problems experienced with the CIs.	[***]

MA-IB-00136-2018

Schedule 3
27

Confidential treatment requested by Juniper Networks, Inc.



Configuration Management Roles and Responsibilities	[***]
2. Maintaining a Configuration Management process including in accordance with the PIM, that will include; Maintaining accurate configuration data for the CIs — including operations documents, Equipment, Software and Applications — used to provide the Services; verifying that only authorized and identifiable CIs — including operations documents, Equipment, Software and Applications — are accepted and recorded from receipt to disposal; based on the capability of the CMDB platform reproducing the configuration status of the CIs — including operations Documentation, Equipment, Software and Applications — at any point in time throughout its life cycle; conducting reviews and sampling to verify the physical existence of CIs — including operations documents, Equipment, Software, and Applications — and checking that they are correctly recorded in the CMDB; producing and maintaining current Equipment, Software, and Applications architecture and design Documentation for issue to Customer upon request.	[***]
3. Integrating the Provider’s Configuration Management process with Customer’s and Third-Party Supplier(s)’ Configuration Management processes, where the processes interact, as defined in the PIM.	[***]
4. Integrating the Configuration Management process with Service management processes, including Incident Management, Problem Management, Change Management, and Release Management as defined in the PIM.	[***]
5. Using the Configuration management process to identify, control, maintain, and verify the CIs (CIs) approved by Customer as comprising the Equipment, Software, and Applications to provide the Services as defined in the PIM.	[***]
6. Verifying that CIs approved by Customer for the Equipment, Software, and Applications are incorporated into Customer’s CMDB as defined in the PIM.	[***]
7. For each Customer-approved CI, using at least the attributes specified by Customer.	[***]
8. Validating that change to any CI record in the CMDB is the result of an approved Request for Change, including: Validating the integrity and currency of the CMDB by validating the content of the CMDB against the CIs that provide the Services; and If a discrepancy is found, taking corrective action through the Incident Management process as defined in the PIM.	[***]
9. Maintaining the CMDB to meet performance standards, to maximize efficiency, and to minimize outages, as necessary.	[***]
10. Provide CMDB physical database management support, including providing backups and restores of data in a timely manner.	[***]
11. Install, maintain, and support CMDB-related database Software products.	[***]
12. In the event of unusual activity, correct situations caused by lack of CMDB capacity in a timely manner (such as dataset or table space capacity events, full log files, etc.).	[***]

MA-IB-00136-2018

Schedule 3
28

Confidential treatment requested by Juniper Networks, Inc.



Configuration Management Roles and Responsibilities	[***]
13. Validate synchronization and currency of the CMDB and Active Directory by continually validating the content of the Active Directory components of the CMDB against the content of the relevant Active Directory.	[***]
14. Testing and implementing CMDB database environment changes, as approved by Customer.	[***]
15. Validating synchronization and currency of the CMDB and Active Directory by validating the content of the Active Directory components of the CMDB against the content of the relevant Active Directory.	[***]
16. In accordance with the PIM, taking corrective action through the Incident Management process if a physical sample identifies any deficiency in the accuracy or completeness of the records in the CMDB.	[***]
17. Scope of CMDB includes non-production environments, including pre-deployed CI’s	[***]
18. Verifying release and configuration Documentation before Changes are made to the live environment.	[***]
19. Maintaining a secure audit trail of CMDB transactions.	[***]
20. Customer will retain access to information in the CMDB and be able to write reports on this data.	[***]


(N)	Change Management

(1)

Change Management Services are activities that are to ensure that standardized methods and procedures are used for efficient and prompt handling of changes, in order to minimize the impact of change upon Service quality and consequently to improve the day-to-day operations of Customer Group. Change Management covers aspects of managing the introduction and implementation of changes affecting Services and in any of the management processes, tools, and methodologies designed and utilized to support the Service components. The Change Management process includes the following process steps:


(a)	Request process


(b)	Recording/tracking process


(c)	Prioritization process


(d)	Responsibility assignment process


(e)	Impact/risk assessment process


(f)	Review/approval process


(g)	Implementation process


(h)	Verification (test) process


(i)	Release process

MA-IB-00136-2018

Schedule 3
29

Confidential treatment requested by Juniper Networks, Inc.


(j)	Closure process


(2)	The following table identifies Change Management and Release Management roles and responsibilities that Provider and Customer will perform:



Change Management Roles and Responsibilities	[***]
1. Communicating the Change Management process within the Provider’s own organization and to each Third-Party Supplier(s).	[***]
2. Validate the Change Management process complies with Customer’s Software quality standards and requirements.	[***]
3. Provide Software quality standards and requirements.	[***]
4. Align the Change Management process with Customer’s IT processes for new hardware/Software requests and Projects.	[***]
5. Provide requirements for IT processes for new hardware/Software requests and Projects.	[***]
6. Verifying that the effective execution of the Change Management process, as well as an appropriate review of planned changes, takes place with due consideration of the business and technology risk of planned changes, taking into consideration all defined criteria (such as complexity of change, the skill level of the individual(s) executing the change, the planned change execution timeframe, the change slot timeframe, the back-out timeframe, and the relevant business processing criticality).	[***]
7. With proper authorization, stopping any planned changes that, in the professional view of the person(s) performing the Services, would compromise the continuation of Services to Customer, and act as the gatekeeper to production, unless expressly overridden by Customer’s Operations Manager in accordance with the approved Change Advisory Board escalation process, and assuming responsibility for escalating any issues arising from the decision to stop a planned change.	[***]
8. Managing and conducting the review of any change failures and providing a strong interlock between Change Management and Incident Management and Problem Management processes so that post-change issues can be linked to the change activity where relevant.	[***]
9. Managing to Resolution any deviation from effective Change Management process, providing review and closure of failed changes.	[***]
10. Facilitating and leading information exchange between and among the Provider and the Third-Party Suppliers in order to drive an effective Change Management Process.	[***]
11. Not making changes that (a) may adversely affect the function or performance of, or decrease the resource efficiency of the Services, (b) increase Customer’s costs or fees, or (c) impact the way in which Customer conducts its business or operations, without obtaining prior Customer approval via the Change Advisory Board (CAB).	[***]
12. Approve or reject, via Change Advisory Board (CAB). Changes that may (a) adversely affect the function or performance of, or decrease the resource efficiency of the Services, (b) increase Customer’s costs or fees, or (c) impact the way in which Customer conducts its business or operations.	[***]

MA-IB-00136-2018

Schedule 3
30

Confidential treatment requested by Juniper Networks, Inc.



Change Management Roles and Responsibilities	[***]
13. Raising and recording changes.	[***]
14. Assessing the impact, costs, benefit, and risk of the proposed changes.	[***]
15. Providing and maintaining compliance with Customer policies.	[***]
16. Provide Customer Polices and maintain compliance with said polices.	[***]
17. Confirming business justification and obtaining approval.	[***]
18. Performing changes in Customer’s IT environment pertaining to the Services, including changes to individual components and coordination of changes across components.	[***]
19. Making changes in accordance with Change Management processes approved by Customer and documented in the PIM.	[***]
20. Monitoring and reporting on the change implementation.	[***]
21. Reviewing and closing changes.	[***]
22. Cooperating with the Service Desk and Third-Party Supplier(s) for changes across Applications, System components, and parties.	[***]
23. Participate in changes that are cross-Application, System components, or parties.	[***]
24. Integrating the Change Management process with its other Service management processes, including Incident Management, Problem Management, Configuration Management, and IT Service Continuity Management.	[***]
25. Collecting data on every change attempted, including: the reason for change; detailed description of change; the cause of any Incidents; measures taken to prevent recurrence; and whether the change was successful from the perspective of the Authorized Users of the System or Third-Parties affected by the change.	[***]
26. Summarizing the changes made each week and reporting the information to Customer on a weekly basis.	[***]
27. Capturing Customer change data centrally.	[***]
28. Providing an audit trail of changes to the production environment in order to determine the change made and the authorization to make the change.	[***]
29. Conducting Post Implementation Reviews (PIR) on changes as requested by Customer.	[***]
30. Maintain a standardized method and procedure for the efficient and effective handling of changes (an overall Change Management process), in a way that minimizes risk exposure and maximizes availability of the Services in accordance with the Change Management process in the PIM.	[***]
31. Manage and lead Change Advisory Boards (CAB).	[***]
32. Coordinating Change Management activities across functions, Customer’s Facilities, regions, and Third-Party Supplier(s) that provide services to Customer.	[***]
33. Participate in Change Management activities across functions, Customer’s Facilities, regions, and Third-Party Supplier(s) that provide services to Customer.	[***]
34. Making any changes necessary to provide the Services and to meet required Service Levels, in accordance with the PIM.	[***]

MA-IB-00136-2018

Schedule 3
31

Confidential treatment requested by Juniper Networks, Inc.



Change Management Roles and Responsibilities	[***]
35. In an emergency, gaining approvals from the Change Advisory Board Emergency Committee, according to Change Management process.	[***]
36. Perform Provider responsibilities in the Change Management process in accordance with the PIM and responsibilities laid out in the change request.	[***]
37. Perform Customer responsibilities in the Change Management process in accordance with the PIM and responsibilities laid out in the change request.	[***]
38. On a weekly basis, participating in Change Management meetings with Customer’s Change Manager or designee.	[***]
39. Submit proposed changes in advance to Customer in accordance with the change requirements set out in the Change Management process in the PIM.	[***]
40. Reviewing proposed changes and schedules with Customer and obtaining necessary approvals for proposed changes.	[***]
41. Coordinating with Customer affected Third-Parties and designated representatives at Facilities potentially affected by a change in order to minimize disruption of normal business processes.	[***]
42. Controlling System changes and activities required by moves, upgrades, replacements, migrations, and so forth.	[***]
43. Including rollout, testing, and roll-back plans for change requests.	[***]
44. Providing information to Customer in accordance with Customer’s Change Management process on the outcome of any request for change and the updated status after each change is implemented.	[***]
45. Updating operational and other Documentation affected by the change.	[***]
46. Reporting the status of scheduled changes, including maintaining a comprehensive list of Projects and dates.	[***]
47. Report that status of scheduled changes to the Services.	[***]
48. Conducting Post Implementation Reviews (PIR) on changes.	[***]
49. Implementing standard operating procedures in the PIM for standard changes, where appropriate.	[***]
50. Performing routine maintenance during regular periods scheduled in advance and approved by Customer.	[***]
51. Validating that Systems will be unavailable during maintenance windows only to the extent necessary for Systems maintenance purposes.	[***]
52. Providing prior notice to Customer of the maintenance to be performed during scheduled maintenance windows in accordance with the PIM. Changing scheduled maintenance windows at Customer’s request and upon reasonable notice.	[***]
53. Scheduling outages for maintenance, expansions, and modifications during hours that meet Customer’s business needs. Allowing Customer, at any time at its discretion, to specify “freeze” periods during which the Provider will not make any Changes.	[***]
54. If there is a need for emergency Systems maintenance, providing Customer with as much notice as reasonably practicable, and performing such maintenance so as to minimize interference with the business and operational needs of Customer.	[***]
55. Fully testing changes to the environment and resolving faults, if possible, prior to production startup, including inter-operability testing.	[***]

MA-IB-00136-2018

Schedule 3
32

Confidential treatment requested by Juniper Networks, Inc.



Change Management Roles and Responsibilities	[***]
56. Creating and maintaining a forward schedule of change of upcoming Releases and changes as part of the Change Management process in the PIM.	[***]
57. Providing monthly Change Management reports in a format agreed with Customer.	[***]
58. Providing a weekly report in a format agreed with Customer that, at a minimum, includes: the status of Services changes active at the beginning of the week and Services changes raised during the week; the Services changes to be implemented the following week; the Services changes submitted for approval.	[***]
59. Leading regularly scheduled Change Advisory Board meetings between Customer and Third-Party Supplier(s).	[***]
60. Participating in regularly scheduled Change Advisory Board meetings between Customer and Third-Party Supplier(s).	[***]
61. Reviewing proposed changes and schedules through a formal walk-through process with Customer and Third-Party Supplier(s), and necessary approvals for proposed changes, in accordance with the PIM.	[***]


(O)	Release Management

(1)

Release Management Services are activities that take a holistic view of a change to a Service to ensure that technical and non-technical aspects of a release are considered together and to plan and oversee the successful rollout of Software, Equipment, and Infrastructure, including networks, websites and databases. Design and implement efficient procedures for distribution and installation of changes. The activities also provide that correct, authorized and tested versions are installed, and that changes are traceable and secure.


(2)	The following table identifies Release Management roles and responsibilities that Provider and Customer will perform, including:



Release Management Roles and Responsibilities	[***]
1. Communicating the Release Management process to the Provider’s Staff, other Customer IT service departments and Third-Party Supplier(s).	[***]
2. Planning and overseeing the successful roll-out of new and changed Infrastructure-Released Software, as well as associated Equipment and Documentation, per Customer’s specifications when required.	[***]
3. When required, provide Documentation specifications for roll-out of new and changed Infrastructure-Released Software, as well as associated Equipment.	[***]
4. Providing liaison with Change Management to agree on the exact content and roll-out plan for each Release.	[***]
5. Validating that items being rolled out or changed are secure and traceable via the CMDB.	[***]

MA-IB-00136-2018

Schedule 3
33

Confidential treatment requested by Juniper Networks, Inc.



Release Management Roles and Responsibilities	[***]
6. Managing Customers’ and Authorized Users’ expectations of Releases and roll-outs.	[***]
7. Attending Customer’s Release Management weekly meeting.	[***]
8. Establishing a Release and distribution process so that Changes to the Services and Infrastructure-Released Software are controlled, tested, traceable, authorized, and implemented in a structured manner.	[***]
9. Producing Release impact assessments in support of Customer Release planning.	[***]
10. Developing implementation and back-out plans for Provider-managed change requests that will be included in a Release.	[***]
11. Building, testing, implementing, and, if necessary, backing out Releases.	[***]
12. Resolving Release issues associated with Provider-executed releases.	[***]
13. Assigning a single point of contact for each requested Release.	[***]
14. Providing proper testing for Releases going into the managed environments.	[***]
15. Managing the functions and work activities associated with Release Management, including: creating Release plans, and performing tracking and oversight functions to support the plan; coordinating the design, build, and configuration of the Release; coordinating Release acceptance activities with Customer; Developing and implementing rollout plan for the Release.	[***]
16. Developing and coordinating Release communications, preparation, and training activities.	[***]
17. Assist Customer in development and coordination of Release communications and preparation and attend training activities.	[***]
18. Coordinating distribution and installation of Releases.	[***]
19. Providing updates to Customer regarding Release status.	[***]
20. Reviewing changes and enhancements with the Authorized User to obtain sign-off.	[***]
21. Maintaining a secure audit trail of Releases.	[***]
22. Providing Customer with the reports and notices detailed in the Release Management process for each Release.	[***]
23. Verifying Projects are ready to move into Production.	[***]
24. Conducting the tests on Customer’s standard suite of products including: COTS and custom-developed Applications, for compatibility; unit testing; Systems integration testing; LAN/WAN connectivity testing; load testing; Application inter-connectivity testing, which simulates Customer’s production environment provided the tools and simulated environments are available in the Customer environment.	[***]
25. Coordinating the resolution of platform-integration-related issues with Applications development.	[***]
26. Validating compliance with the quality assurance procedures.	[***]
27. Utilizing validation and testing process.	[***]

MA-IB-00136-2018

Schedule 3
34

Confidential treatment requested by Juniper Networks, Inc.



Release Management Roles and Responsibilities	[***]
28. Developing the test plan and ensuring such plan addresses operational readiness, testing of any data conversion procedures, System performance, and System reliability, as may be applicable.	[***]
29. Performing unit testing.	[***]
30. Performing stress testing, including performance and volume testing.	[***]
31. Performing System testing.	[***]
32. Performing regression testing.	[***]
33. Performing functional testing of Provider initiated releases.	[***]
34. Assist in performing functional testing.	[***]
35. Providing Application inter-connectivity testing and network connectivity/communication testing.	[***]
36. Managing uer acceptance testing (UAT).	[***]
37. Developing a user acceptance test structure to allow testing of Customer-provided test cases.	[***]
38. Implementing a matrix of user and design requirements to test cycles and scripts.	[***]
39. Coordinating user acceptance testing.	[***]
40. Completing required testing Documentation.	[***]
41. Developing and maintaining test data	[***]
42. Monitoring and reviewing production errors in order to improve test models over time.	[***]
43. Performing pilot implementation and support.	[***]
44. Logging test results for Releases except those related to UAT.	[***]
45. Logging UAT results.	[***]
46. Conducting a walk-through of test results with Customer.	[***]
47. Reviewing test results to ensure each test was both successfully executed and passed the success criteria established for that test.	[***]
48. Reviewing the stress test results to verify that the projected additional capacity fits within the projected capacity utilization.	[***]
49. Creating an Application-specific deployment guide for the transition walk-through with the Application maintenance team.	[***]
50. Providing knowledge transfer of learnings gained from the testing to the Application maintenance team.	[***]
51. Testing Applications for which the Provider has responsibility in support of Third-Party Supplier(s)’s System testing.	[***]

MA-IB-00136-2018

Schedule 3
35

Confidential treatment requested by Juniper Networks, Inc.

Appendix 1

DEFINITIONS

Schedule 3

CROSS-FUNCTIONAL SERVICES TERMS

“Additional Resource Charge” or “ARC” means the additional charge per Resource Unit, as set forth in Exhibit B (Fees) of a SOW, to Customer if Customer's usage of Resource Units in the category is above the applicable Baseline.

“Applications Software” or “Application” means the programs, including all supporting Documentation, source code, and media that: (1) perform specific data processing and telecommunication tasks and /or (2) Is used to perform business functions or business support functions.

“ASC” means the annual Fees, which will be prorated into monthly Fees, for the Baseline quantities of the Resource Units set forth in the Fees Exhibit for the Services.

“Assets” means Equipment, hardware, Software, and other Assets used in provision of the Services. Assets are considered in use as of the date of deployment.

“Asset Management” is the process used to maintain a record of the Assets including incoming and outgoing) for those environments which Provider is providing Services. This process includes tracking by Equipment location and providing necessary information to permit maintenance vendor coordination.

“Availability” means the percentage calculated by adding actual uptime and planned downtime, dividing the sum by the total hours in the period, and multiplying the result by 100.

“Availability Management” is the process for coordinating the appropriate skills, information, tools and procedures required to manage the Availability of interactive networks and their supporting hardware and software components.

“Baseline” set by the Parties for each Resource Unit for each Service as of the Effective Date is set forth in the Fees Spreadsheet for each SOW, and will be subject to any adjustments pursuant to Exhibit B (Fees) to each SOW.

“Cable(ing) and Wire(ing)” is any inside cable and inside wiring within a facility specified in the applicable SOW or Project required for connectivity up to the rack, which includes connectivity to the patch panel or any other demarc, where Provider will install Equipment.

“Capacity” is the maximum throughput that a Configuration Item or IT Service can deliver while meeting agreed levels of Service.

“Capacity Management” is the process for planning for adequate IT resources required to fulfill current and future resource requirements and includes planning for the efficient use of existing IT resources and identifying any change in the type and quantity of IT resources necessary to perform the Services.

MA-IB-00136-2018

Schedule 3
36

Confidential treatment requested by Juniper Networks, Inc.

“Change Management” is the process for planning, testing, coordinating, implementing and monitoring changes affecting Service delivery and the operating environments without adversely impacting Service delivery.

“Collaborative Applications” include Applications containing functionality to enable electronic communication and messaging; work group collaboration; information transfers; frequently-asked questions (FAQs); and similar Applications that allow collaborative interaction and receipt/transfer of data and information, both within and outside of Customer.

“Configuration Management” is the process for designing, planning, and maintaining the physical and logical configuration of the in-scope hardware and software as well as network components and the way these resources are interrelated in Customer’s environment.

“Customer Architecture Standards” means the design, process, strategies, and specification of Customer’s overall structure, logical components, and the logical interrelationships of Equipment and Software, including System Software, a Network, or other reasonably related conception.

“Customer Facility” means the facilities owned, managed, operated or leased by Customer and from which Service Provider will provide Services from, or to, in accordance with the applicable SOW, as specifically identified in Exhibit I (Service Locations) in each such SOW.

“End User Computing Equipment” means a unit of computing hardware, and its associated standard software image, that is used and interacted with by an Authorized User, including stationary, mobile, and hand-held computing components, including laptops, desktops, tablets, and mobile devices (e.g., mobile phones, PDAs, smartphones, pagers, Blackberries, etc.) and all components that are located within any such device (e.g., memory, internal disk drives, battery, etc.).

“Hard IMAC” means an approved IMAC request received from Customer, which requires Provider to dispatch a technician to the affected Site or Authorized User’s location in order to perform such required IMAC. A Hard IMAC will include a Soft IMAC, if necessary.

“High Availability” (clusters) means, with respect to Servers, any redundant pair of such devices for which automatic fail over, load balancing, or clustering has been configured such that when one of the devices fails, Availability is provided by the other device with no loss of Availability to the Authorized User.

“IMAC” (Install, Move, Add or Change) means an installation, move, add, change or de‑installation of any computing System and/or telecommunications infrastructure components, including any device, System, Service, circuit or other Assets supported as part of the Services, including all functions, tasks and responsibilities required to conduct an installation, move, add, change or de-installation.

“Incident” means an unplanned interruption to an IT Service

“Incident Management” is the process for minimizing the impact of Incidents, which is accomplished through analysis, tracking, and prevention of Incidents.

MA-IB-00136-2018

Schedule 3
37

Confidential treatment requested by Juniper Networks, Inc.

“Infrastructure” means the entire portfolio of Equipment, System Software and Network components required for the integrated provision and operation of Customer Systems and Applications.

“IT Service Continuity Management” means the process of ensuring that identified IT Services will be available during abnormal situations. It typically involves a detailed assessment of the business risk of key IT Services being lost, and then identifies countermeasures and plans to prevent -- or recover from -- identified contingencies.

“Known Error Database” (KEDB) means a repository containing all Known Error Records that includes data on the Configuration Items, symptoms, and resolution or circumvention actions relating to all Known Errors.

“Layer 2” means the data-link layer of the OSI Network Layer Reference Model.

“Layer 3” means the network layer of the OSI Network Layer Reference Model.

“Level 1 Support” means support that is provided as the entry point for Incidents, Service Requests and Problem reports from Authorized Users. If Level 1 personnel cannot Resolve the Incident, Service Request or Problem, the Incident, Service Request, or Problem will be directed to the appropriate Level 2 personnel or third party for Resolution.

“Level 2 Support” means support that serves as a consolidation point for Incidents, Service Requests and Problem reports between Level 1 and Level 3. If Level 2 personnel cannot Resolve the Incident, Service Request or Problem, then the Incident, Service Request or Problem will be directed to the appropriate Level 3 personnel or third party for Resolution.

“Level 3 Support” means support provided by Provider Staff or a third party that is most knowledgeable about the underlying Problem or question and that is utilized when efforts to Resolve the Problem or question by Level 1 and Level 2 Support have failed or are bypassed. Incidents, Service Requests and Problem reports are usually reported by Level 1 or Level 2 support personnel but may be initiated directly by Authorized Users or Provider.

“Major Incident” means an unplanned situation that impacts critical or essential Services causing severe disruption or extreme impact, resulting in such Services being unavailable.

“Managed Assets” means the Assets used to provide the Services managed in accordance with the Asset Management process.

“Messaging Services” means the provision and management of the Systems for transmission of electronic messages over a computer network using software that immediately displays the message in a chat window on the screen of the recipient.

“Mobility Services” means the Services and/or capabilities provided to, and for, personal handheld End User Computing Equipment (i.e., mobile phone), digital tablets, or wearable digital devices (if and when such wearable digital devices are added pursuant Change Control Procedures) to access and/or interact with Customer Data. This includes Services provided to both Customer purchased/fully managed End User Computing Equipment, as well as, independently/individually/personally owned End User Computing Equipment.

MA-IB-00136-2018

Schedule 3
38

Confidential treatment requested by Juniper Networks, Inc.

“Network” comprises the WAN, LAN and Wireless LAN Equipment, circuits and software that Customer uses for its internal communications.

“Priority Level” (also known as “Severity Level”) means the priority designation assigned to a problem call.

“Priority 1” means an outage causing severe impact on a “Critical” or “Foundational” Application, as recorded in the CMDB (Tier Field).

“Priority 2” means degraded performance for a critical app or an outage for an essential app, as recorded in the CMDB (Tier Field).

“Priority 3” means either impacting an individual Authorized User or utility Application.

“Priority 4” means an individual request for an item not defined within ServiceNow.

“Problem” means the underlying cause of one or more Incidents, including where such cause is unknown or where it is known and a temporary work-around or permanent alternative has been identified.

“Problem Management” is the process for identifying, recording, tracking, correcting and managing Problems impacting Service delivery, recognizing recurring Problems, addressing procedural issues and containing or minimizing the impact of problems that occur.

“Project” means work requested by Customer after the Effective Date that (a) is discrete and non-recurring; (b) is not required for Provider to meet Provider’s other obligations under this MSA, including meeting the Service Levels; and (c) requires planning, start-up, execution, and closure.

“Reduced Resource Credit” or “RRC” means the credit per Resource Unit, as set forth in Exhibit B (Fees) of a SOW, to Customer if Customer's usage of Resource Units in the category is less than the applicable Baseline.

“Refresh” means the periodic replacement of Equipment to ensure continuing reliability of Equipment and/or improved speed and capacity or a scheduled technology change of existing Equipment and includes configuration, IMAC activity, data migration and testing.

“Release(s)” means a collection of hardware, software, Documentation, processes, or other components required to implement one or more approved Changes to IT Services.

“Release Management” means the process responsible for planning, scheduling, and controlling the movement of Releases to Test and Production Environments.

“Resolution” means to repair, replace, reconfigure, reinstall, re-route, or otherwise provide a complete solution to an Incident or a Problem that returns the System and/or Authorized User(s) to non-degraded full functionality. Implementing a workaround is a partial or temporary Resolution.

“Resource Baseline” or “RU” for each applicable Service, a unit of resource for which Customer and Provider have established a fixed price and a Baseline. The fixed price amount and Baseline for each Resource Unit is set forth in

MA-IB-00136-2018

Schedule 3
39

Confidential treatment requested by Juniper Networks, Inc.

the Fees Spreadsheet for each SOW. The definition and measurement interval for each type of Resource Unit is set forth in Appendix 1 (Resource Unit Definitions) to Exhibit B (Fees) of each SOW.

“Root Cause Analysis” is a Problem management analysis process used in determining and documenting the unknown underlying cause(s) (e.g., root causes) of one or more Incidents so that appropriate actions are taken to correct the situation to minimize the possibility of recurrence of the Incident(s) or events.

“Service Level Effective Date” means, with respect to each Service Level other than Service Levels established pursuant to Section 3.2(A) (Service Levels for Services with Existing Service Performance Data), the date that such Service Level will be effective and enforced, which shall be the date that is the first day of the month following completion of the Baseline Period or such other date agreed by the Parties.

“Service Request” means a request from an Authorized User for information, or advice, or for a standard change or for access to an IT Service, such as to reset a password or to provide standard IT services for a new Authorized User.

“Soft IMAC” means an approved Software IMAC request received from Customer, which can be performed concurrently with remote element management tools and does not require any physical on-site intervention. A Software patch or error correction upgrade will not be considered as a Soft IMAC.

“Software” means computer software, including object, executable or binary code, screens, user interfaces, data structures, data libraries, definition libraries, templates, menus, buttons and icons, and all files, data, and manuals, and with respect to Applications Software, Infrastructure Software, or Systems Software, only to the extent generally commercially available to end users, also including source code, comments design notes and other items and Documentation related thereto or associated therewith.

“Software Providers” means Third-Party suppliers of Software.

“Standard Products” the hardware and software for which Provider will provide the End User Services.

“System Software” means the control programs that manage computer resources and enable an individual computing device to function, and includes operating Systems, device drivers, firmware and all utility programs. For clarity, System Software does not include Applications or Middleware.

“Third-Party Suppliers” (also referred to as “Third-Party Providers”) means a third party that provides Customer with products or services that are related to, or in support of, the Services. Subcontractors of Provider are not “Third-Party Providers.”

“Unpaid Amortized Charges” means those Charges that Provider has amortized over the Term, but that have not been paid by Customer at the time of termination or expiration.

“Voice Services” or “Voice” means Skype for business service or a similar tool.

MA-IB-00136-2018

Schedule 3
40

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 4

TERMINATION ASSISTANCE

This is Schedule 4 (Termination Assistance) (this “Schedule”), to the MSA by and between Juniper Networks, Inc. and International Business Machines Corporation. Unless otherwise expressly defined in this Schedule, the capitalized terms used in this Schedule have the meaning assigned to them in the MSA. For the purposes of Termination Assistance Services, all references to “Customer” in this Schedule 4 (Termination Assistance) will mean Customer, its successors, and any of its designees, and any New Provider (defined below) of the Services.


1.	DEFINITIONS

“Available Contract(s)” means contracts (other than contracts of employment or engagement, in the case of individual contractors but including licenses for Available Third-Party Software) to which Provider is a party, which are used to provide the Removed Services and which either (A) the Parties agree in the Disengagement Plan should be Available Contracts, or (B) in the absence of agreement, contracts which fall into any of the following categories:


(1)	Transfer Contracts and Subsequent Transfer Contracts (each, as defined in any Resource Transfer Agreement) (to the extent such contracts relate solely to the provision of the Removed Services);


(2)	contracts which replace Transfer Contracts or Subsequent Transfer Contracts (to the extent such contracts relate solely to the provision of the Removed Services); and


(3)	other contracts, the subject matter of which is used wholly or mainly in the provision of the Removed Services,

in each case in (1) through (3), other than contracts that relate wholly or mainly to the maintenance, support, operation or development of (a) Systems that are not Available Systems or (b) a Shared Service Delivery Environment;

“Available Employee(s)” has the meaning given to it in Section 2.5(F)(1) of this Schedule;

“Available System(s)” means Provider Systems which are used wholly or mainly to provide the Removed Services and which either (A) the Parties agree (in the Disengagement Plan) should be Available Systems, or (B) in the absence of agreement, which fall into any of the following categories:


(1)	Transfer Assets and Subsequent Transfer Assets (each, as defined in any Resource Transfer Agreement);


(2)	Provider’s Customer Site Equipment; and


(3)	other Provider Systems,

MA-IB-00136-2018

Schedule 4
1

Confidential treatment requested by Juniper Networks, Inc.

in each case to the extent that they were used wholly or mainly in the provision of the Removed Services;

“Available Third-Party Software” means Provider Third-Party Software (other than Excluded Software) that is used wholly or mainly in the provision of the Removed Services;

“Commercially Available Provider Property” means Provider Property that is, at the time that it is introduced, delivered or used in the provision of the Services, licensed generally to the public as a commercially available product by Provider or Provider Agents in the ordinary course of business, on standard terms and conditions;

“Critical Exit Deliverable” means a critical deliverable to be provided by Provider as part of the Termination Assistance Services, as identified in the Specific Disengagement Plan;

“Critical Services” has the meaning given to it in Section 3.4 of this Schedule;

“Employment Liabilities” means all liabilities, compensation, awards, penalties, costs (including the cost of wages, salaries and other remuneration or benefits (including penalties and interest), social insurance, contributions, universal social charges, heath contributions, levies, losses, claims, demands, actions, fines, damages, and reasonable expenses (including reasonable legal costs), or other payments however arising which are connected with or arising from contract or all and any Laws, including directives, statutes, secondary legislation, orders, codes of practice and common law, whether of the European Community, the Republic of Ireland, the United Kingdom or other jurisdictions, relating to or connected with the employment of employees or the engagement of other workers, including in each case their health and safety at work.

“Excluded Software” means software programs owned by a third party and used by Provider or Provider Agents to provide Removed Services that are generally commercially available in the form in which they are used in connection with the performance of Provider’s obligations under this Agreement, (A) used in a Shared Service Delivery Environment, or (B) in respect of which Provider has notified Customer in writing that this is the case, on the understanding that such software would not be assignable or otherwise transferable to a member of Customer Group upon termination or expiration of the Agreement;

“Exit License Third-Party Software” means, in relation to an expiration or termination (in whole or in part) of, or an insourcing or resourcing in respect of, this Agreement, software that is Available Third-Party Software at the Start of the Termination Assistance Period and which is identified as Exit License Third-Party Software in a purchase notice under Section 5.1 of this Schedule or in relation to which Customer separately gives Provider reasonable notice (but at least [***] days before the Exit Service Transfer Time) that it wishes it to be Exit License Third-Party Software;

“Exit Payments” has the meaning given to it in Section 12.1 of this Schedule.

“Exit Service Transfer Time” means the time specified as such in the Specific Disengagement Plan prepared and agreed by the Parties in contemplation of the termination (in whole or in part) or expiration of, or an insourcing or resourcing in respect of, this Agreement, or if no such time is specified,

MA-IB-00136-2018

Schedule 4
2

Confidential treatment requested by Juniper Networks, Inc.


(1)	if this Agreement expires, the time of expiration;


(2)	if this Agreement is terminated, in whole or in part, the time that Customer specifies, which will be no later than the expiration of the Termination Assistance Period; and


(3)	if there is an insourcing or resourcing in respect of this Agreement, the date upon which Customer notifies Provider such insourcing or resourcing will commence.

“Exit Transfer Contract(s)” means, in relation to an expiration or termination (in whole or in part) of, or an insourcing or resourcing in respect of, this Agreement, contracts which are Available Contracts at the Start of the Termination Assistance Period and which are identified as Exit Transfer Contracts in a purchase notice under Section 5.1 of this Schedule or contracts which are Available Contracts and in relation to which Customer separately gives Provider reasonable notice (but at least [***] days before the Exit Service Transfer Time) that it wishes them to be Exit Transfer Contracts;

“Exit Transfer Contractor” means those independent contractors whose services are provided to Provider or Provider Agents pursuant to an Exit Transfer Contract;

“Exit Transfer Systems” means, in relation to an expiration or termination (in whole or in part) of, or an insourcing or resourcing in respect of, this Agreement, Systems which are Available Systems at the Start of the Termination Assistance Period and that are identified in a purchase notice under Section 5.1 of this Schedule or Available Systems in relation to which Customer separately gives Provider reasonable notice (at least [***] days before but before the Exit Service Transfer Time) that it wishes them to be Exit Transfer Systems;

“Expected Removed Services Position(s)” means the positions fulfilled in the provision of the Removed Services as well as the number of Provider Staff in those positions which are listed in the Specific Disengagement Plan;

“Depreciation Method” means the method of depreciation which applies to all assets of which an Available System, Available Contract, item of Commercially Available Provider Property or Available Third-Party Software consists;

“Final Exit Date” means, in respect of each Removed Service, the date on which all aspects of the Specific Disengagement Plan have finally been implemented, being the date on which the Parties have fulfilled all of their obligations under that Specific Disengagement Plan;

“New Provider” means a supplier, other than Provider, to whom Customer intends to transfer the provision of some or all of the Removed Services, as well as any subsequent suppliers of likewise services;

“Non-Critical Services” has the meaning given to it in Section 3.4(A) of this Schedule;

“Non-Transfer Jurisdiction Exit Transfer Employee” has the meaning given to it in Section 4.5 of this Schedule;

MA-IB-00136-2018

Schedule 4
3

Confidential treatment requested by Juniper Networks, Inc.

“Non-Transfer Jurisdiction(s)” means those jurisdictions in which the Transfer Legislation does not apply;

“Performance Credit” means the discount on the Fees payable for a Critical Exit Deliverable to be given by Provider for failure to deliver a Critical Exit Deliverable in accordance with the Specific Disengagement Plan;

“Permitted Exit Purposes” means the supply of services similar to the Removed Services to members of Customer Group, Authorized Users and any other Person that is permitted to receive the benefit of the Services under the Agreement;

“Planned Final Exit Date” means the date specified as such in a Specific Disengagement Plan by which the Parties intend that Specific Disengagement Plan to be finally implemented;

“Provider’s Customer Site Equipment” means such of the Transfer Assets and the other Provider Equipment provided by Provider or Provider Agents that are (A) used solely to provide the Services and (B) located at a member of Customer Group’s facilities from time to time;

“Provider’s Customer Site Exit Equipment” means such of Provider Customer Site Equipment that was used solely to provide the Removed Services;

“Relevant Software” has the meaning given to it in Section 9.1 of this Schedule;

“Removed Service(s)” means the Services that Provider is to cease supplying to Customer under this Agreement as a result of an expiration or partial or full termination of, or an insourcing or resourcing in respect of this Agreement;

“Removed Services Employees” means those Provider Staff (excluding agents and individual contractors) who are wholly or mainly engaged in the provision of the Removed Services and who are fulfilling Expected Removed Services Positions as per the Exit Service Transfer Time;

“Resource Transfer Agreement” means each agreement separately entered into by the Parties in connection with this Agreement pursuant to which assets are transferred, for example a purchase and sale agreement (if applicable);

“Specific Disengagement Plan” means a specific Disengagement Plan to be prepared by Provider under Section 3.3 of this Schedule in the event of the expiration or termination (in whole or in part), or an insourcing or resourcing in respect, of this Agreement;

“Start of the Termination Assistance Period” means the date Customer notifies Provider upon which there will be an expiration or termination of, or an insourcing or resourcing in respect of, the Agreement.

“Subcontract” means a subcontract of any of Provider’s obligations under this Agreement (including a subcontract granted by a Provider Agent);

MA-IB-00136-2018

Schedule 4
4

Confidential treatment requested by Juniper Networks, Inc.

“Supply Contract” means a contract or license, other than a Subcontract, under which Provider or Provider Agents obtains Provider Systems (or the right to use Provider Systems) necessary to the performance of Provider’s obligations under the Agreement;

“Transfer Asset(s)” and “Subsequent Transfer Asset(s)” means each asset defined as such under any Resource Transfer Agreement;

“Transfer Contract(s)” and “Subsequent Transfer Contract(s)” means each agreement defined as such under any Resource Transfer Agreement;

“Transfer Jurisdiction(s)” means those jurisdictions in which the Transfer Legislation applies; and

“Transfer Legislation” means the Transfer of Undertakings (Protection of Employment) Regulations 2006, European Communities (Protection of Employees on Transfer of Undertakings Regulations 2003, the EU Acquired Rights Directive, or similar Law anywhere in the world which provides for the automatic transfer of workers in connection with the transfer of a business or change in service provider.

In this Schedule, a reference to a partial termination of the Agreement includes the removal of a Service.


2.	THE DISENGAGEMENT PLAN

2.1

Provider will prepare the Disengagement Plan for each SOW pursuant to Section 20.1 (Termination Assistance Services) of the MSA and deliver it to Customer as set forth therein. The parties will agree upon the content, effectiveness, accurateness and completeness of the Disengagement Plan and the information provided therein. Provision of Termination Assistance will not be complete until all tasks and Deliverables set forth in the applicable Disengagement Plan have been completed.


2.2	Provider will notify Customer of any known or reasonably foreseeable significant risk factors relating to the transfer of any terminated Services.


2.3	Reserved.


2.4	The Parties may jointly review the draft Disengagement Plan agreed to by Customer no less than [***] months prior to the date on which the next Disengagement Plan is to be delivered by Provider pursuant to Section 2.1. The conduct of such review, or the absence thereof, does not affect Provider’s obligations pursuant to this Schedule.


2.5	In addition to any and all requirements set forth in the MSA, Provider will ensure that each Disengagement Plan:

(A)

sets out a reasonably detailed set of timetables, procedures, and arrangements for the transfer of the provision of any or all of the Services from Provider or Provider Agents to Customer or one or more New Providers or to a combination of Customer and New Providers, with a view to eliminating or minimizing any disruption to or deterioration of the provision of services similar to the Services and other information technology services to, and businesses of, Customer as a result of the expiration or termination (in whole or in part) of, or an insourcing or resourcing in respect of, this Agreement;

MA-IB-00136-2018

Schedule 4
5

Confidential treatment requested by Juniper Networks, Inc.


(B)	sets out in relation to each item of Provider Software used in the performance of Provider’s obligations under the Agreement, the arrangements (if any) in relation to the licensed code and related documents which apply to that item;


(C)	includes complete and accurate lists of all Available Systems and Available Contracts and items of Commercially Available Provider Property and Available Third-Party Software, including:


(1)	a brief description of the role of that Available System or Available Contract or item of Commercially Available Provider Property or Available Third-Party Software in the performance of Provider’s obligations under this Agreement;


(2)	in respect of the Available Systems, an asset ledger setting out the date of acquisition and the current net book value of each individual asset of which the Available Systems consist; and


(3)	in respect of each of the Available Contracts, the Commercially Available Provider Property and the Available Third-Party Software, an overview of each of them and their respective value;


(D)	includes an accurate list of maintenance contracts among Provider, Provider Agents, and Customer Group where Provider or Provider Agents have offered software maintenance to Customer Group and which are Available Contracts;

(E)

and (only with respect to a Specific Disengagement Plan and at the cost of Provider) includes complete and accurate lists of all Provider Systems other than Available Systems and contracts other than Available Contracts and items of non-Commercially Available Provider Property and Third-Party Software other than Available Third-Party Software, with a brief description of the role of such system, contract or item of non-Commercially Available Provider Property or such Third-Party Software in the performance of Provider’s obligations under this Agreement, necessary to provide for a continuation of the Services;


(F)	includes the following information on Provider Staff:


(1)	the number, positions and/or job functions of dedicated Provider Staff and Affected Employees still engaged in the performance of the Services (collectively, “Available Employees”), a brief description of each such position and/or job function, an indication of the amount of working time spent in that position/function and the locations of all Provider Staff; and


(2)	the names and positions/job functions of each individual who is determined a member of the Key Personnel. Provider will use its best efforts to obtain, if required pursuant to, and in accordance with, applicable data protection Laws, the express consent of such Key Personnel to include this information in the Disengagement Plan.

MA-IB-00136-2018

Schedule 4
6

Confidential treatment requested by Juniper Networks, Inc.


(G)	includes a list of positions and/or job functions that are required to provide the Termination Assistance Services, a brief description of each such position and/or job function and an indication of the amount of working time to be spend in that position and/or function in connection with the Termination Assistance Services;


(H)	sets out activities to be performed by Provider during the Termination Assistance Period to effect a smooth transfer of operational responsibilities for the Removed Services, which include at minimum:


(1)	documenting and delivering to Customer object libraries, reference files and software tools used to provide the Removed Services;


(2)	delivering to Customer the existing systems support profiles, monitoring or system logs, problem tracking and resolution documentation and status reports;


(3)	providing to Customer work volumes, staffing requirements and actual Service Levels achieved and information on historical performance for each Removed Service component over the preceding twelve (12) months;

(4)

with respect to work in progress for each Removed Service at the end of the Termination Assistance Period, documenting and delivering to Customer the current status of such work, stabilizing such work for continuity during transition and providing any required training to achieve transfer of responsibility without loss of momentum or any adverse impact on project timetables, or providing a mutually agreeable bridge services agreement to complete essential projects after the effective date of expiration or termination the Term and the Termination Assistance Period; and


(5)	providing Customer with any problem logs, if any, that have not been previously provided to Customer in respect of the one-year period prior to the end of the Termination Assistance Period;


(I)	and


(1)	is in English and in language likely to be readily comprehensible to such members of Customer’s operational, management and technical staff who are reasonably capable in relation to the operational, technical and other elements of the kind that are relevant to the Removed Services and are involved in the exit transfer arrangements;


(2)	provides sufficient detail enough to allow partial termination of the Services and the continued provision of other Services not the subject of partial termination;


(3)	specifies those measures which are necessary to minimize, so far as Provider is reasonably able to assess, any disruption to the businesses of Customer as a result of the expiration or termination (in whole or in part) of, or an insourcing or resourcing in respect of, this Agreement; and

MA-IB-00136-2018

Schedule 4
7

Confidential treatment requested by Juniper Networks, Inc.


(4)	provides estimated time periods by which Provider reasonably believes the provision of the Removed Services should have migrated to Customer or a New Provider, as the case may be, and sets out the assumptions upon which such estimates are based.

2.6

As part of the Disengagement Plan, Provider will provide a transition plan with a list of activities to be performed by Customer and/or New Provider and Provider during the Termination Assistance Period to effect a smooth transfer of operational responsibilities for the Services, and which sets out any other information as reasonably required by Customer relevant to the potential transitioning of Services prior to the Disengagement Plan being developed or updated.


2.7	Provider will clearly mark the changes it has made in the updated Disengagement Plan, if one is prepared, compared to the previous Disengagement Plan. Provider will provide such mark-up together with an explanation of the changes to Customer in writing simultaneously with the submission of the updated version of the Disengagement Plan.

2.8

Each Party has the rights and obligations allocated to it in any Specific Disengagement Plan, once it has been agreed and signed on behalf of both Parties. If there is any conflict or inconsistency between this Schedule and any Specific Disengagement Plan, the Specific Disengagement Plan will prevail. The provisions of this Schedule will apply in relation to the expiration or a termination (in whole or in part) of, or an insourcing or resourcing in respect of, this Agreement irrespective of whether the Parties agree a Specific Disengagement Plan.


2.9	Provider will promptly provide Customer with such information as Customer reasonably requests and Provider or Provider Agents are reasonably able to provide in relation to the Available Systems, Available Contracts, Commercially Available Provider Property, Available Third-Party Software and Available Employees identified in the Disengagement Plan from time to time.


2.10	Provider will, on request, provide to or make available to Customer a copy of any document in possession or control of Provider and not provided to or in possession of Customer which is referred to in the Disengagement Plan, unless the Disengagement Plan specifies that such document will not be disclosed by Provider and provides reasonable justification for such non-disclosure.

2.11

Provider acknowledges that Customer is entitled to rely upon the accuracy of information and disclose the Disengagement Plan, as well as such information included in the Disengagement Plan or provided in the preparation and distribution of requests for proposals, requests for quotations, agreements and other documents for potential New Providers. Provider must make all necessary inquiries to fulfill its obligations under this Schedule and provide sufficient and accurate information for inclusion in the Disengagement Plan.


3.	TERMINATION PLANNING


3.1	Promptly following the Start of the Termination Assistance Period, the Parties and the New Provider(s) will meet to begin planning for the execution of the Termination Assistance Plan and the migration of the Removed Services to Customer and/or one or more New Providers.


3.2	Provider will develop a Specific Disengagement Plan acceptable to Customer within [***] business days of the Start of the Termination Assistance Period.

MA-IB-00136-2018

Schedule 4
8

Confidential treatment requested by Juniper Networks, Inc.


3.3	Except to the extent that the Parties agree otherwise in writing, Provider will ensure that the Specific Disengagement Plan meets the requirements set out in this Schedule above, as well as the following additional requirements. The Specific Disengagement Plan must:


(A)	identify the Critical Exit Deliverables, associated performance criteria and set out the relevant Performance Credits, in each case to the extent applicable;


(B)	specify the Exit Service Transfer Time;


(C)	specify the Planned Final Exit Date;


(D)	specify the details of any alternative services (if any) to be provided by Provider in substitution for the Removed Services;


(E)	specify a timetable, process and critical controls for conducting the Termination Assistance Services;


(F)	reflect the matters notified to Provider and/or agreed by the Parties under Sections 3.4 to 3.6 below;


(G)	include the following information on Expected Removed Services Positions:

(1)

a complete and accurate list of Available Employees who fulfill an Expected Removed Services Position, including the positions and/or job functions, brief description of each such position and/or job function, location, date of commencement of employment or engagement, salaries, benefits, pension entitlements and other compensation, indication of the amount of working time spent in a position/function; and

(2)

the names, job functions, titles and all individual terms and conditions of employment or engagement of each Available Employee who fulfills an Expected Removed Services Position and who is identified as Key Personnel in the applicable SOW. Provider will use commercially reasonable efforts to obtain, if required pursuant to, and in accordance with, applicable data protection Laws, the express consent of such Key Personnel to include such information in the Specific Disengagement Plan; and


(3)	the numbers of such Key Personnel in: (i) Transfer Jurisdictions and (ii) Non-Transfer Jurisdictions, and in each case also indicating the relevant Transfer Jurisdiction or Non-Transfer Jurisdiction, as the case may be;


(H)	include a complete and accurate list of all Available Employees who fulfill an Expected Removed Services Position. Provider will use commercially reasonable efforts to obtain, if required pursuant to, and in accordance with, applicable data protection Laws, the express consent of such personnel to include, share and distribute such information in the Specific Disengagement Plan; and


(I)	reflect such other information reasonably requested by Customer.

MA-IB-00136-2018

Schedule 4
9

Confidential treatment requested by Juniper Networks, Inc.


3.4	Following the Start of the Termination Assistance Period, Customer will identify and notify Provider of which of the Removed Services it deems critical for the purpose of this Schedule (“Critical Services”), and the extent to which Customer:


(A)	where the Agreement (or any part thereof) has been terminated (as opposed to expiration of the Agreement), requires Provider to perform the other Removed Services (“Non-Critical Services”); and


(B)	requires the Service Levels to continue to apply as they applied in accordance with the provisions of this Agreement in respect of the Services identified as Critical Services and the Non-Critical Services during the Termination Assistance Period.


3.5	Within [***] business days of being notified of the Critical Services, Provider will identify Provider Staff and resources which are:


(A)	required in order to ensure the provision of the Critical Services and Non-Critical Services in accordance with Customer’s Service Level requirements; and


(B)	not required under Section 3.5(A) above and are available to perform Termination Assistance Services.


3.6	Within [***] business days of the Start of the Termination Assistance Period:


(A)	the Parties will use commercially reasonable efforts to agree to the allocation of Provider Staff and resources referred to in Section 3.5 above; and

(B)

the Parties will use commercially reasonable efforts to agree to the extent to which additional resources are required for the performance of Critical Services and non-Critical Services (to make Provider Staff and resources available for Termination Assistance Services that have sufficient knowledge of the Critical Services and Non-Critical Services) and Termination Assistance Services during the Termination Assistance Period, it being agreed that the rates at which any such additional resources will be charged to Customer will follow the normal charging methods previously agreed between the Parties, applying any applicable agreed cost standards set forth in the Agreement.

3.7

Provider agrees that Provider Staff fulfilling positions as listed in the Specific Disengagement Plan will continue to provide the Services during the Termination Assistance Period. The involvement of other Provider Staff to provide the Services during the Termination Assistance Period will be subject to agreement between the Parties taking into account that Provider may require such other Provider Staff to meet the Service Levels.

3.8

Customer or its Affiliates will be permitted to solicit and hire any Provider Staff that have been dedicated to, or have been performing work primarily for Customer, the terminated Services as of the date of Start of the Termination Assistance Period. Provider will not interfere with Customer’s efforts, will not enforce any restrictions imposed on such Provider Staff by agreement or policy (i.e., employment contract or covenant) which would interfere with Customer’s efforts, and will provide Customer reasonable access to such Provider Staff for the purposes of interviews, evaluations and recruitment. Any such employment by Customer would

MA-IB-00136-2018

Schedule 4
10

Confidential treatment requested by Juniper Networks, Inc.

not be effective until the end of the applicable Termination Assistance Period unless otherwise agreed by the Parties.


4.	TERMINATION ASSISTANCE PERIOD


4.1	Provider will, during the Termination Assistance Period, perform and observe its obligations under or in connection with the employment or engagement of each member of Provider Staff who fulfills an Expected Removed Services Position, whether arising under contract, applicable Law or in the ordinary and usual course of business.


4.2	Provider will during the Termination Assistance Period, other than with the prior written consent of Customer, not:


(A)	make or propose any material change to the terms and conditions of employment or engagement of any member of Provider Staff which fulfills an Expected Removed Services Position, unless required by or provided for in any collective (labor) agreement or under any contract of employment or engagement or in the ordinary and usual course of business; or


(B)	make any changes to the duties or involvement or engagement in the provision of the Removed Services by any member of Provider Staff that fulfills an Expected Removed Services Position (other than to achieve the performance of an obligation under the Agreement);


(C)	except for any changes which are made in the ordinary and usual course of business, assign an employee, who is not a member of Provider Staff which fulfills an Expected Removed Services Position, to the provision of the Removed Services and Customer will not unreasonably withhold or delay its consent; or


(D)	except for any changes which are made in the ordinary and usual course of business, assign a member of Provider Staff which fulfills an Expected Removed Services Position to the provision of services which do not form part of the Removed Services and Customer will not unreasonably withhold or delay its consent.

4.3

During the Termination Assistance Period, Customer and/or New Provider(s) will not announce or propose any change to the terms and conditions of employment of a Removed Services Employee after the Exit Service Transfer Time, unless the Parties have fulfilled and finalized any local statutory or contractual obligation to consult with the relevant local works council, trade unions and other relevant employee representative bodies in a manner satisfactory to the Parties.


4.4	During the Termination Assistance Period, but at least [***] weeks before Exit Service Transfer Time Provider will provide to Customer and/or New Provider(s) the names of each Removed Services Employee together with full details of all their terms and conditions of employment and any other information required by Customer and/or the New Provider(s).

4.5

At any time during the Termination Assistance Period but not later than [***] days prior to the Exit Service Transfer Time, Customer and/or New Provider(s) may inform Provider (in respect of member of Provider Staff(s) in any of the Non-Transfer Jurisdictions) of the number, if any, and specific positions of those Available Employees who fulfill an Expected Removed Services Position, who Customer and/or New Provider(s) may

MA-IB-00136-2018

Schedule 4
11

Confidential treatment requested by Juniper Networks, Inc.

wish to employ in view of their staffing needs to perform the Removed Services (“Non-Transfer Jurisdiction Exit Transfer Employees”).

4.6

In Transfer Jurisdictions, Provider will during the Termination Assistance Period (provided such Termination Assistance Period commences following the termination of the Agreement for reason other than Force Majeure) at the request of Customer use commercially reasonable efforts to redeploy Removed Services Employees to accounts other than Customer’s account prior to the end of the Termination Assistance Period. Should such redeployment not be successful, legal obligations to transfer staff from Provider to Customer remain in effect.


5.	SALE AND PURCHASE OF EXIT TRANSFER SYSTEMS

5.1

In relation to each expiration, partial termination or termination of, or an insourcing or resourcing in respect of, this Agreement, Customer will have the option, exercisable by [***] days’ prior written notice to Provider at any time before the Exit Service Transfer Time, to buy (or, in relation to a particular Provider System, ensure that a New Provider buys) and Provider will (if the option is exercised) sell, (or in relation to a particular Provider System, ensure that the relevant Provider Agent sells) with effect from the Exit Service Transfer Time, the Exit Transfer Systems constituting Equipment owned by Provider and Provider Agents (and in the case of partial termination only those Exit Transfer Systems constituting Equipment which are used wholly or mainly to provide the Services which are the subject of the partial termination). Customer will seek in its notice to identify all such Exit Transfer Systems and Exit Transfer Contracts.

5.2

In consideration for each sale of an Exit Transfer System made under Section 5.1, Customer will in the case of expiration or termination (in whole or in part) of, or an insourcing or resourcing in respect of, this Agreement pay to Provider the current net book value (depreciated consistent with the Depreciation Method) of that Exit Transfer System, to be invoiced at or after completion of the sale and purchase of that Exit Transfer System.


5.3	Provider will (or will procure that its Provider Agents will), in the event that Customer exercises its option described in Section 5.1 or purchases the Exit Transfer Systems under Section 5.4, provide unqualified warranties in favor of Customer or New Provider (as the case may be) in respect of the Exit Transfer Systems, to the effect that:


(A)	Provider or Provider Agent (as the case may be) has good and valid legal title to the Exit Transfer Systems and all components thereof; and


(B)	Except for those exceptions previously approved by Customer in writing, the Exit Transfer Systems and all components thereof are eligible for manufacturers’ recommended maintenance without any additional expenditure (other than standard maintenance charges for the period commencing as of the completion of the transfer of the relevant Exit Transfer System) or repair required.


5.4	In respect of:


(A)	any Exit Transfer System constituting Equipment that is leased by Provider from a Provider Agent; and

MA-IB-00136-2018

Schedule 4
12

Confidential treatment requested by Juniper Networks, Inc.


(B)	any Provider System constituting Equipment that is leased by Provider or Provider Agent from a third party and that would fall within the definition of an Exit Transfer System if it were owned by Provider or a Provider Agent,

if requested by Customer and at Customer’s option, Provider will transfer or assign the relevant Exit Transfer Contract to Customer in accordance with the provisions of Section 7 below, or exercise any option it may have under the Exit Transfer Contract to purchase the Exit Transfer System, and sell the Exit Transfer System to Customer in accordance with the provisions of this Schedule at the option exercise price.

5.5

Where, in respect of any Exit Transfer Asset, a member of Customer Group has during the Term paid to Provider a one-time charge relating to the maintenance of, or warranty given by a supplier in respect of, such Exit Transfer Asset, Provider will ensure that the member of Customer Group acquiring such Exit Transfer Asset receives at no additional cost the benefit of any portion of such maintenance or warranty that relates to the period beyond the Term.


6.	EXIT TRANSFER COMPLETION


6.1	The Parties will ensure that completion of the sale and purchase of such Exit Transfer Systems takes place at such place as the Parties may reasonably agree (in the purchase notice or otherwise by reasonable notice to Provider) immediately before and with effect from the Exit Service Transfer Time.

6.2

Subject to the provisions of the Disengagement Plan, at such completion, Provider will give Customer (or the relevant New Provider) possession of the Exit Transfer Systems. Provider will leave those Exit Transfer Systems which are Provider’s Customer Site Exit Equipment at the premises at which they have been used in the provision of the Removed Services (and other Exit Transfer Systems will, at completion and at the cost of Customer, be disconnected and delivered and installed at the premises of Customer or the New Provider or at a location otherwise agreed by Provider and Customer).

6.3

Risk in each Exit Transfer System will pass to Customer (or the relevant New Provider) at delivery of the Exit Transfer Systems in accordance with Section 6.2 above (provided that the risk in Provider’s Customer Site Exit Equipment will pass to Customer (or the relevant New Provider) at completion of the sale), but title to each Exit Transfer System will not pass to Customer or New Provider until Customer or New Provider has paid the amount specified in Sections 5.2 or 5.4 in relation to that Provider System to Provider in full.


7.	EXIT TRANSFER CONTRACTS: NOVATION, ASSIGNMENT OR TRANSFER


7.1	Where:


(A)	Provider is entitled to transfer, or (to the extent permitted under applicable Law) assign both the benefit and the burden of, an Exit Transfer Contract to Customer or a New Provider nominated by Customer in relation to that Exit Transfer Contract without breach of that Exit Transfer Contract; and

MA-IB-00136-2018

Schedule 4
13

Confidential treatment requested by Juniper Networks, Inc.


(B)	no provision in that Exit Transfer Contract would, following such transfer or assignment, prohibit or seriously restrict the use by Customer or New Provider of the subject matter of that Exit Transfer Contract,

Provider will, subject to Section 7.4, as the case may be, transfer or (to the extent permitted under applicable Law) assign both the benefit and the burden of that Exit Transfer Contract to Customer or that New Provider at the Exit Service Transfer Time.

7.2

In relation to each Exit Transfer Contract to which Section 7.1 does not apply as a result of the parties’ inability to obtain rights to transfer or re-transfer (as the case may be), unless the Parties agree otherwise in writing, Provider, with the reasonable assistance of Customer (which reasonable assistance will include the execution by Customer of such documentation as may be reasonably required to affect the arrangements described below), will, subject to Section 7.4, use its reasonable efforts to ensure, at Customer’s option, that the benefit and burden of the relevant Exit Transfer Contracts are transferred to Customer by one of the following methods:


(A)	Novation

Each other party to the Exit Transfer Contract agrees to the termination of all of Provider’s rights and obligations (other than accrued rights to make any claim for damages or accrued rights under any indemnity) under the Exit Transfer Contract and the simultaneous assumption by Customer (or a New Provider nominated by Customer in relation to the Exit Transfer Contract) of identical rights and obligations, and if this agreement is obtained the parties will ensure that the termination and assumption promptly takes place.


(B)	Assignment

To the extent permitted under applicable Law, each other party to the Exit Transfer Contract consents to the assignment of all of Provider’s rights (other than accrued rights) and obligations under the Exit Transfer Contract to Customer (or a New Provider nominated in relation to the Exit Transfer Contract), and if this consent is obtained Provider will promptly make the assignment.


(C)	Transfer

Each other party to the Exit Transfer Contract consents to the transfer of that Exit Transfer Contract to Customer (or a New Provider nominated in relation to the Exit Transfer Contract) and if this consent is obtained Provider will ensure that the transfer promptly takes place.


(D)	Right to use

Each other party to the Exit Transfer Contract consents to the reasonable use of the subject matter of the Exit Transfer Contract by Customer or New Provider to the extent required in connection with the Removed Services.

MA-IB-00136-2018

Schedule 4
14

Confidential treatment requested by Juniper Networks, Inc.

7.3

From the Exit Service Transfer Time until (if at all) such termination and assumption or assignment takes effect, Provider will take each step reasonably requested of it by Customer or any New Provider nominated by Customer in relation to the Exit Transfer Contract to enable performance of the Exit Transfer Contract and to provide for Customer or New Provider the benefit of the Exit Transfer Contract. Provider will promptly notify Customer if it is aware (or reasonably should have been aware) that any step requested by Customer or a New Provider will put Provider, Customer or the New Provider (as the case may be), in breach of any Exit Transfer Contract.

7.4

In relation to Exit Transfer Contracts that are not Transfer Contracts, Provider must use its reasonable efforts to ensure that it obtains the right to transfer such Exit Transfer Contracts to Customer under Sections 7.1 and 7.2 at no additional cost to Customer. Where Customer would incur any costs in relation to the transfer of the Exit Transfer Contracts that are not Transfer Contracts, Provider must notify Customer of such costs and the Parties will, at the election of Customer, discuss in good faith alternative solutions and Customer may elect not to take transfer of such Exit Transfer Contracts.

7.5

To the extent that a contract would fall within the definition of Available Contracts but for the fact that it is not used wholly or mainly in the provision of the Removed Services (but such contract is nevertheless used solely in relation to the Services), the Parties will, at the election of Customer, use reasonable efforts to come to arrangement by which the portion of the contract relating to the Removed Services is novated, assigned or transferred to Customer or Customer obtains rights to use in respect of such contract to the extent required in relation to the Removed Services.


8.	SOFTWARE LICENSING AND ASSISTANCE


8.1	Provider will upon termination or expiration of this Agreement (in whole or in part):

(A)

offer to grant to Customer Group upon the expiration of the Termination Assistance Period licenses to use the Commercially Available Provider Property that is not otherwise licensed to Customer pursuant to such license agreed upon in writing by the Parties, which license will be on commercially reasonable terms no less favorable to Customer than those in licenses granted to Provider’s other customers and with an initial license fee equal to the lower of (1) Provider’s commercially available price at the time or (2) the discount generally applicable to Customer on the discount it generally receives at the time the Statement of Work is terminated, in either case, prorated over a period starting on the date the charges were incurred and ending on the applicable Statement of Work expiration date; and


(B)	if requested by Customer, agree on applicable terms for Provider support upon the expiration of the Termination Assistance Period no more restrictive than commercial terms offered by Provider to licensees of the same or similar Provider Property.

8.2

Provider will procure that prior to the commencement of use, the owner, owners or authorized licensors of the Intellectual Property Rights in each item of Available Third-Party Software and each item of Commercially Available Provider Property that is the subject of an Available Contract (other than a Transfer Contract or Subsequent Transfer Contract) agree to grant to Customer, with effect from (and at the election of Customer grant at) the Exit Service Transfer Time, at no extra cost or expense to Customer beyond the applicable license

MA-IB-00136-2018

Schedule 4
15

Confidential treatment requested by Juniper Networks, Inc.

fees set forth in the Available Contract, a license granting Customer the same rights as those granted by the relevant owner, owners or authorized licensors to Provider in respect of:


(A)	each item of such Available Third-Party Software and each item of Commercially Available Provider Property that is the subject of an Available Contract (other than a Transfer Contract or Subsequent Transfer Contract); and


(B)	each item of Commercially Available Provider Property that is the subject of a Transfer Contract or Subsequent Transfer Contract, to the extent that the relevant owner, owners or authorized licensors of the Intellectual Property Rights agrees to such grant;

for the Permitted Exit Purposes and to permit the other members of Customer Group and any New Providers to use each such item of Available Third-Party Software and each such item of Provider Software that is the subject of an Available Contract for the Permitted Exit Purposes.


8.3	Where Customer would incur costs in relation to the grant of a license with effect from the Exit Service Transfer Time in accordance with Section 8.2, Provider will make a record in the Disengagement Plan of the relevant costs and expenses to be incurred by Customer in securing such licenses under Section 8.2 in relation to the item of Provider Software.


8.4	After the Start of the Termination Assistance Period, Provider will not enter into any contract for the licensing or maintenance of Third-Party Software or other Third-Party Materials that is to be wholly or mainly used in connection with the provision of the Removed Services unless done in accordance with the relevant terms of the Agreement.


9.	DELIVERY OF SOFTWARE AND ESCROW ARRANGEMENTS


9.1	Provider will provide Customer copies of any software program up to the number of licenses set forth in the Specific Disengagement Plan:


(A)	which Customer or any New Provider is entitled to use under:


(1)	any Exit Transfer Contract; or


(2)	any contract made to replace an Exit Transfer Contract;


(B)	for which Customer is granted a license pursuant to Section 8 above,

(the “Relevant Software”), sufficiently far in advance and at the latest at the date set out in the Specific Disengagement Plan to enable Customer to use this so as not to cause any interruption to Customer Group’s business (or will ensure that the owner of the Intellectual Property Rights in the Relevant Software, or a person appropriately authorized by that owner, does so). If to do so would place Provider in breach of an Exit Transfer Contract, Provider will provide such copies as soon as it is able to do so without such breach.


9.2	Where the Parties have agreed to do so through the procedures for New Services set forth in Section 3.1(D) of the MSA, Provider will procure that the relevant Third Party enters into an escrow agreement pursuant to that Section.

MA-IB-00136-2018

Schedule 4
16

Confidential treatment requested by Juniper Networks, Inc.


9.3	If any Relevant Software was, immediately before the relevant time, used on Exit Transfer Systems that Customer has elected to buy in accordance with this Schedule, then to the extent set forth in the Specific Disengagement Plan, Provider will fulfill its obligations under this Article 9 by:


(A)	allowing Customer to take possession of such Exit Transfer Systems in accordance with this Schedule without removing such copies; and


(B)	providing Customer with a reasonable number of back-up copies.


9.4	Provider will provide Customer with copies of other software programs to which this Article 9 applies in such form as Customer may reasonably request.


10.	SOFTWARE MAINTENANCE


10.1	If Customer requests Provider to do so by reasonable notice before the relevant Exit Service Transfer Time Provider will offer to Customer maintenance on the terms set out, and in relation to the Provider Property specified, in the applicable Specific Disengagement Plan.


10.2	Any dispute as to whether maintenance terms proposed by Provider for the purposes of Section 10.1 are reasonable or commercial will be resolved in accordance with Section 15.3 (Escalation Procedure for Relationship Issues) of the MSA.


10.3	Provider will upon Customer’s request (on reasonable notice to do so) before the relevant Exit Service Transfer Time procure support, maintenance and enhancement of relevant Provider Third-Party Software for Customer’s benefit in accordance with the applicable SOW.

10.4

Where, in respect of any Exit License Third-Party Software, Commercially Available Provider Property, or any Deliverables, a member of Customer Group has during the Term paid to a member of Provider Group a one-time charge relating to the maintenance of, or warranty given by a supplier in respect of, such Exit License Third-Party Software, Commercially Available Provider Property, or any Deliverables for a time period governed by the Specific Disengagement Plan, Provider will ensure that the member of Customer Group acquiring such Exit License Third-Party Software, license to such Commercially Available Provider Property, or any Deliverables receives at no additional cost the benefit of any portion of such maintenance or warranty that relates to the period beyond the Term.


11.	REMOVED SERVICES EMPLOYEES

11.1

The Parties agree between them that, unless agreed otherwise in writing, the expiration or termination (in whole or in part) of, or an insourcing or resourcing in respect of, the Agreement is not deemed to constitute a transfer of employment of the Removed Services Employees from Provider to Customer and/or one or more New Provider(s) (as the case may be), unless and to the extent that, in a Transfer Jurisdiction it is determined or established otherwise in accordance with the Transfer Legislation if there is a dispute between the Parties and finally, in court). Where and to the extent that it is determined or established otherwise in accordance with the Transfer Legislation that Removed Services Employees will transfer from Provider to Customer and/or one or more New Provider(s) (as the case may be), those rights and obligations resulting from the employment of each Removed Services Employee in Transfer Jurisdictions (including those relating to compensation and benefits and the position, function and location in which such Removed Services Employee is employed, but

MA-IB-00136-2018

Schedule 4
17

Confidential treatment requested by Juniper Networks, Inc.

excluding pension benefits to the extent pension benefits do not transfer by operation of the Transfer Legislation that would transfer will transfer accordingly to Customer and/or New Provider(s) (as the case may be), as per the Exit Service Transfer Time in accordance with the Transfer Legislation, unless (A) that Removed Services Employee, in exercise of his or her rights under the Transfer Legislation objects to being employed by Customer and/or New Provider(s) and (B) under the relevant Transfer Legislation such objection would result in continued employment with Provider.


11.2	For clarity, for future cases, the Parties may agree that Customer or the New Provider will offer employment to Removed Services Employees who are located in a Non-Transfer Jurisdiction.

11.3

In Non-Transfer Jurisdictions, Provider will after the termination of the Agreement or parts thereof (other than for Force Majeure) or expiration of the Agreement, or an insourcing or resourcing in respect of the Agreement, as per the Exit Service Transfer Time, assume full responsibility for Removed Services Employees in those Non-Transfer Jurisdictions and Customer has no obligation to extend an offer of employment to any Removed Services Employees in such Non-Transfer Jurisdictions.

11.4

Customer and/or New Provider(s) cannot to the detriment of the Removed Services Employees deviate from the principle set forth in Section 11.1 that Customer and/or New Provider(s) will provide terms and conditions of employment, which are comparable to and no less favorable. Customer and/or New Provider(s) is allowed to pay cash compensation or to grant other alternative benefits to the Removed Services Employees to minimize differences between the terms and conditions of Customer and/or New Provider(s) and Provider to the extent (A) such is permitted by applicable Law and (B) any local statutory or contractual obligation to consult or inform the relevant local works councils, trade unions and other relevant employee representative bodies on such deviation has been fulfilled.


11.5	In the event that Customer terminates the Agreement (in whole or in part) due to a Force Majeure Event in accordance with Section 10.2 (Force Majeure) of the MSA, Sections 11.1 through 11.4 above will not apply and instead the Parties agree between them that:


(A)	to the extent the Services are terminated in Provider Service Locations affected by the Force Majeure Event, Provider will bear all costs of employment, redeployment and termination of employment resulting from such termination; and

(B)

to the extent the Services are terminated in locations that have not been affected by the Force Majeure Event the following will apply (1) in respect of Transfer Jurisdictions: if the termination (in whole or in part) is deemed to constitute a transfer of employment of the Removed Services Employees from Provider to Customer by operation of the Transfer Legislation then Section 11.1 will apply accordingly; and (2) in respect of Non-Transfer Jurisdictions and Transfer Jurisdictions where the termination (in whole or in part) is not deemed to constitute a transfer of employment of the Removed Services Employees from Provider to Customer by operation of the Transfer Legislation, then Section 11.2 will apply accordingly and Customer has a right to offer employment to the Removed Services Employees as per the Exit Service Transfer Time on discretionary terms and conditions of employment.

MA-IB-00136-2018

Schedule 4
18

Confidential treatment requested by Juniper Networks, Inc.


11.6	Nothing in this Section 11 or in this Schedule will be construed as granting any independent rights to Removed Services Employees by Provider and/or Customer and/or New Provider(s) or to make any Claims on the basis of this Schedule.


11.7	The Parties will as soon as practicable, but in any event at the latest one (1) month prior to the applicable Exit Service Transfer Time, jointly send to each Removed Services Employee, to the extent transferred to Customer and/or New Provider(s) in accordance with this Section 11 a letter on his or her transfer to Customer and/or New Provider(s) in a form to be agreed upon between the Parties.

11.8

Without prejudice to the obligation of Provider to disclose information pursuant to this Schedule and to the extent permitted under applicable Law, Provider will give Customer and/or New Provider(s) such information, assistance and cooperation as Customer and/or New Provider(s) may reasonably request in writing and Provider may reasonably be able to provide, with a view to completing the transfer of employment of the Removed Services Employees. In view of the transfer of employment, Provider will, to the extent permitted under applicable Law, as soon as possible after the applicable Exit Service Transfer Time provide to Customer and/or New Provider(s) the original records or documents, payroll records and final salary details relating to the Removed Services Employees, but will after the applicable Exit Service Transfer Time preserve data or documents relating to such Removed Services Employees for such period as is required or permitted by applicable Law.


11.9	To the extent permitted by local data protection Laws, Customer, New Provider(s) and Provider will each at the other Party’s request provide to the requesting party all such information, which will be accurate and not misleading, as may be reasonably necessary to enable the requesting Party to comply with any (joint) obligation to inform and/or consult with:


(A)	Removed Services Employees;


(B)	other Provider Staff and personnel of Customer;


(C)	any relevant works council, trade union or other relevant employee representative body; or


(D)	any Governmental Authority,

and will each pay to the requesting Party an amount equal to any and all direct Losses arising as a result of its failure to provide such Party with such information, as required by applicable Law.

11.10

In respect of the period up to the applicable Exit Service Transfer Time, Provider will perform and discharge all its obligations in respect of all Removed Services Employees, including those in connection with the termination of the employment of the Removed Services Employees with Provider, unless otherwise provided for in this Section 11. Provider will pay to the individual Removed Services Employee who transfers to Customer and/or the New Provider(s) pursuant to this Section 11, a pro rata proportion of accrued but unpaid vacation allowances and accrued but outstanding days of vacation, in respect of the period prior to the applicable Exit Service Transfer Time, unless such is prohibited by applicable Law, in which case Provider will reimburse Customer and/or New Provider(s) in respect of accrued but unpaid vacation allowances and accrued but outstanding days of vacation of relevant Removed Services Employees, in respect of the period prior to the applicable Exit Service Transfer Time and Provider will indemnify Customer or New Provider(s) against any

MA-IB-00136-2018

Schedule 4
19

Confidential treatment requested by Juniper Networks, Inc.

and all Losses resulting from, arising out of or relating to, any and all Claims of Removed Services Employees in respect of such accrued vacation allowance and days that are either not paid by Provider to the Removed Services Employees or not reimbursed to Customer or New Provider(s).

11.11

Customer will, and will ensure that the New Provider(s) will, perform and discharge all its obligations in respect of all Removed Services Employees who are employed by Customer or New Provider(s) pursuant to this Section 11 in respect of the period from the applicable Exit Service Transfer Time. Customer will indemnify Provider from and against any and all Losses resulting from, arising out of or relating to, any and all Claims (including claims made by, or on behalf of, the relevant Removed Services Employees) incurred by Provider in respect to these obligations. In addition, Customer will indemnify Provider from and against any and all Losses resulting from, arising out of or relating to, any and all Claims, arising as a result of:


(A)	any event, matter or circumstance with respect to Removed Services Employees who as of the applicable Exit Service Transfer Time are employed by Customer or New Provider(s) pursuant to this Article 11 (including an act or omission of Customer and/or New Provider(s)) which took place after the applicable Exit Service Transfer Time;


(B)	any person employed or engaged or formerly employed or engaged by Customer and/or New Provider(s) (other than a Removed Services Employee) at any time; or


(C)	any Removed Services Employee who as of the applicable Exit Service Transfer Time is employed by Customer or New Provider(s) pursuant to this Article 11, claiming that as a result of the transfer of employment to Customer and/or New Provider(s) his or her compensation, benefits, position, function and location has changed to his or her detriment.


11.12	Where the Transfer Legislation applies in connection with the assignment, novation, suspension, expiration or termination of the Services contemplated by a SOW (or part thereof) then:


(A)	Provider will indemnify Customer Group and/or the New Provider(s) (as the case may be) from and against any and all Losses, including all Employment Liabilities resulting from, arising out of or relating to, any and all Claims arising out of:


(1)	any claim in connection with the termination of the employment of any of the Removed Services Employees by the Provider prior to the date of transfer of employment of the Removed Services Employees to Customer or any New Provider (as the case may be);


(2)	any claim by any of the Removed Services Employees related to the period during which they were employed by Provider up to and including the date of transfer of their employment to Customer or any New Provider (as the case may be); and/or


(3)	any failure by Provider to comply with its obligations under the Transfer Legislation.


11.13	Provider agrees that where any Removed Services Employee (who was not identified to be subject to a Transfer Jurisdiction by the Provider prior to the relevant transfer) claims that the Transfer Legislation applies during or on the assignment, novation, suspension, expiration or termination (for whatever reason) of the applicable

MA-IB-00136-2018

Schedule 4
20

Confidential treatment requested by Juniper Networks, Inc.

SOW and/or the MSA (or part thereof) against Customer and/or New Provider(s) and a court or tribunal orders that the Transfer Legislation applies such that the Removed Services Employee has a right to transfer to the employment of Customer or the New Provider(s) (as the case may be) under the Transfer Legislation, Provider agrees:


(A)	it will notify Customer of that finding or allegation as soon as reasonably practicable after becoming aware of it;


(B)	Customer will inform Provider in writing whether it or the relevant New Provider(s) will accept the transfer of such person and the terms on which it will do so; and


(C)	if Customer confirms in writing that it or the New Provider(s) will accept the transfer of employment of that person, subject to any other terms agreed between the Parties, such person will be considered to be subject to a Transfer Jurisdiction for the purposes of this Schedule with effect from the date that he or she transfers.


11.14	Should any Service Location be subject to the Transfer Legislation, Provider will organize the Services provided from that location in such a way that no individual employee could be considered “wholly or mainly” engaged in the provision of Services.


12.	APPORTIONMENTS

12.1

There will be apportioned between Provider and Customer, at each Exit Service Transfer Time, all outgoings and expenses (including any remuneration due, and the cost of any benefit provided, under or in connection with the contract of employment of an Removed Services Employee) and all rents, royalties and other periodical payments receivable in respect of the Exit Transfer Systems, Exit Transfer Contracts and Removed Services Employees (“Exit Payments”).


12.2	This apportionment will be carried out as follows:


(A)	all Exit Payments will be apportioned in the currency in which the original invoice is presented;


(B)	the Exit Payments (other than fixed payment amounts) will be annualized and divided by 365 to reach a daily rate;


(C)	Customer will be responsible for or entitled to (as the case may be) an amount equal to the number of complete days during the period of the invoice after the Exit Service Transfer Time multiplied by that daily rate; and


(D)	Provider will be responsible for or entitled to (as the case may be) the rest of the invoice for Exit Payments.


12.3	Each Party will make payments due under this Section as soon as practicable.

MA-IB-00136-2018

Schedule 4
21

Confidential treatment requested by Juniper Networks, Inc.


13.	TRANSITIONAL COOPERATION AND ASSISTANCE


13.1	In relation to the expiration or any termination (in whole or in part) of, or an insourcing or resourcing in respect of, this Agreement, unless the Parties agree otherwise in writing in relation to a Provider System, Subcontract, Supply Contract or member of Provider Staff, Provider will ensure (and will ensure that each Provider Agent will ensure) that:


(A)	each Provider System that is an Available System at the Start of the Termination Assistance Period is an Available System at the Exit Service Transfer Time; and

(B)

each Subcontract or Supply Contract that is an Available Contract at the Start of the Termination Assistance Period is an Available Contract at the Exit Service Transfer Time, provided that where: (1) the term of an Available Contract will expire (for the avoidance of doubt, such expiration does not include the termination of such Available Contract at election of Provider) prior to the Exit Service Transfer Time; and (2) the extension of the term of such Available Contract would require Provider to enter into additional costs, the Parties will, without prejudice to Provider’s obligation to continue delivering the Services, in good faith consult with one another regarding alternative solutions to the extension of such Available Contract,

with a view to ensuring that the Available Systems and Available Contracts are held together as a coherent system available for transfer to Customer or a New Provider.

13.2

Without prejudice to the other obligations allocated to Provider in this Schedule and the Specific Disengagement Plan, Provider will, from the Start of the Termination Assistance Period in respect of the expiration or any termination (in whole or in part) of, or an insourcing or resourcing in respect of, this Agreement, and then until six (6) months after the end of the Termination Assistance Period, but always subject to Sections 13.4 and 13.5 below, (A) provide all reasonably necessary cooperation and assistance to Customer and any New Provider or New Providers to facilitate the smooth, timely and orderly transfer of and transition of responsibility for the Removed Services to Customer or New Provider, and will ensure that each Provider Agent does so, in a way which avoids or minimizes any disruption or adverse effect to the provision of information technology services to, and the businesses or operations of, Customer as a result of expiration or termination (in whole or in part) or an insourcing or resourcing in respect of, this Agreement; and (B) continue to meet its remaining obligations under the Agreement. During the Termination Assistance Period, upon Customer’s request, Provider will provide Customer with Provider’s non-proprietary information and other assistance related to the Services as would be reasonably necessary for a third party to prepare for an informed assumption of responsibility for the Services upon termination or expiration of the Agreement. If, in the case any Available System has to be deinstalled or reinstalled, Provider will, at no additional charge to Customer, install and configure the new instance for Customer to the same installation and configuration as it was previously installed or configured when used by Provider in providing the Services.


13.3	The cooperation and assistance referred to in Section 13.2 will include the following:


(A)	Informing Customer of, and delivery to Customer, by such means, at such time(s) and place(s), and in such format, as Customer reasonably requests in writing, of all documents, data, information and other Customer Property held or controlled by Provider or any Provider Agent on behalf of Customer in the course of providing the Removed Services, including all of Customer security badges,

MA-IB-00136-2018

Schedule 4
22

Confidential treatment requested by Juniper Networks, Inc.

passwords and all Customer facility keys at such time as the items are no longer needed to provide Termination Assistance Services, and providing Customer with a certification by an authorized representative of Provider verifying such return;


(B)	continued provision of such of the Removed Services and such other information technology services as Customer Group or any New Provider reasonably requires;


(C)	a period of parallel working specified by Customer, including the assignment by Customer of Customer personnel to work with Provider Staff to facilitate knowledge transfer to Customer;


(D)	reasonable access to the technical records of Provider and Provider Agents relating to the Removed Services and the provision to Customer or relevant New Provider or New Providers of the following information:


(1)	in relation to the Exit Transfer Systems: all system logs, historical logs, security manuals, operations manuals, procedures manual, technical documentation relating to running of exit transfer systems, operating standards, configuration diagrams, schematics, and all such similar documents;


(2)	copies of Exit Transfer Contracts;


(3)	key support contact details for Third Party personnel in respect of contracts assigned or transferred to Customer under Section 3; and


(4)	details of physical and logical security processes and tools that will be available to Customer in accordance with the Agreement;

and an explanation of all policies, processes, standards and procedures and related operations necessary to facilitate the transfer of the Removed Services;


(E)	support and assistance in respect of the transporting, loading and running of Customer Data;

(F)

reasonable support and assistance with a view to enabling Customer or a New Provider to maintain any Commercially Available Provider Property, Exit License Third-Party Software, Deliverables, and provision of appropriate interface information and other technical details reasonably required to enable Customer or a New Provider to use, develop or replace any Provider Software used in the Removed Services that is not commercially available;


(G)	at Customer’s request, providing such assistance and support in connection with any physical inventory to be conducted by or on behalf of Customer of the Customer Property constituting Equipment to be returned to Customer.


(H)	at Customer’s request, transfer of any telephone number or IP address of Customer from Provider, Provider Agents, or Provider Staff to a New Provider;

MA-IB-00136-2018

Schedule 4
23

Confidential treatment requested by Juniper Networks, Inc.


(I)	at Customer’s request, provide complete and final accounting, reconciliation and invoicing for all Services, including any amounts that may be due and owing with respect to Termination Assistance in accordance with the Agreement, together with any and all reasonably required supporting documentation;


(J)	in conjunction with Customer, conducting a rehearsal of the transition prior to the cutover at such time as is reasonably acceptable to both Parties;


(K)	providing such support and assistance as may be reasonably requested to support Customer’s customers, including Authorized Users, in connection with the Termination Assistance Services, including the participation in meetings with Customer and its customers, provided that Customer will continue to serve as the primary point of contact with its customers;

(L)

Prior to removing any Systems, Equipment, software or other items from any Customer facilities, Provider will provide advance notice to Customer identifying the property it intends to remove. Such identification will be in sufficient detail to apprise Customer of the nature and ownership of such property. Provider will not remove property owned by Customer or any other member of Customer Group or Authorized Users from a Customer facility. Provider will comply with the removal procedures reasonably established by Customer and provided to Provider in writing for removal of property from any Customer facilities and all removals will be in accordance with Customer’s redeployment and disposal processes and policies, provided however, that Customer will not prevent Provider from removing Provider Systems or other items owned or leased by Provider; and


(M)	reasonable support and training in the provision of, and the technology, apparatus and software used to provide, the Removed Services so as to enable Customer to provide services similar to the Removed Services with minimum disruption and in accordance with service levels similar to the Service Levels.


13.4	Except to the extent notified by Customer to Provider under Section 2.4, the quality of the Removed Services and other Services provided by Provider and Provider’s performance otherwise will not be degraded during the Termination Assistance Period will accordingly at all times comply with the service level requirements set out in the Service Level Agreement.

13.5

Notwithstanding any arrangement between Customer and Provider (in the Specific Disengagement Plan or otherwise), Customer may by written notice to Provider and at its sole discretion, (A) postpone the date on which the responsibility for any Removed Service was to be transferred to Customer or a New Provider (as is agreed in the Specific Disengagement Plan) by a period of up to the maximum duration of the Termination Assistance Period; and (B) Provider will continue to provide the relevant Removed Service and/or relevant Termination Assistance Services for the duration of such postponement. The relevant Removed Service and Termination Assistance Services will be provided subject to the provisions of the Agreement (including all pricing arrangements) as such provisions would have been applicable to the services prior to the effective date of termination or expiration, Customer agreeing that it will furthermore pay to Provider any additional demonstrable costs of Provider (not otherwise accounted for the in Charges or the rates referred to in Section 18.1 hereof) resulting from the extension of the Termination Assistance Period pursuant to this Section 13.5.

MA-IB-00136-2018

Schedule 4
24

Confidential treatment requested by Juniper Networks, Inc.


14.	FURTHER COOPERATION


14.1	Provider will in good faith assist and cooperate with Customer in providing such information as Customer may reasonably request in connection with any request for proposal, request for quotation, agreement or otherwise in connection with the process conducted for the provision of services similar to the (potentially) Removed Services, including:


(A)	providing such information as will assist Customer in developing base cost models; and performance histories; and


(B)	providing an update of the Disengagement Plan for the (potentially) Removed Services.

14.2

Provider acknowledges that Customer is entitled to rely upon the accuracy of information and, subject to Article 17 (Confidentiality and Customer Data) of the main body of the Agreement, disclose the Disengagement Plan, as well as such information included in the Disengagement Plan or provided under Section 14.1 in the preparation and distribution of requests for proposals, requests for quotations, agreements and other documents for potential New Providers.


15.	BUSINESS CONTINUITY


15.1	Provider will provide reasonable assistance to support Customer’s requirements for business continuity during the Termination Assistance Period, including:


(A)	updating and supplying information concerning Provider’s business continuity services, testing procedures and frequencies, redundancy diagrams and plans;


(B)	training and informing Customer of its current policies and procedures with regard to backup and business continuity;


(C)	arranging for additional overlapping coverage or support through the Termination Assistance Period to minimize disruption in the event of an outage during that period;


(D)	providing reasonable assistance to Customer in configuring Customer Systems;


(E)	performing Provider’s disaster recovery obligations set forth in the applicable SOW including with respect to the Provider DR Plan in effect immediately prior to the initiation of the Termination Assistance through the end of the Termination Assistance Period for those Services still being provided by Provider;


(F)	reasonably assisting with physical de-installation and transportation of Equipment and other Customer Property, and related physical assets from the Service Locations; and


(G)	if requested by Customer, participating in business continuity testing after the Termination Assistance Period until a successful test has been accomplished.


16.	POST COMPLETION OBLIGATIONS

MA-IB-00136-2018

Schedule 4
25

Confidential treatment requested by Juniper Networks, Inc.

Each Party will promptly pass to the other any payment, notice, correspondence, information or enquiry in relation to the Exit Transfer Systems, Exit Transfer Contracts or Removed Services Employees which it receives after an Exit Service Transfer Time and which properly belongs to the other.


17.	RIGHT TO USE PROVIDER SYSTEMS DURING TERMINATION ASSISTANCE PERIOD

Customer may continue to use the Provider Systems used to provide the Removed Services for the duration of the Termination Assistance Period on the same terms (including relevant pricing arrangements) as it was entitled to use the same as set in the Agreement.


18.	EXIT MANAGEMENT COSTS

18.1

Subject to Section 18.2 below, Customer will reimburse Provider on the basis of reasonable rates to be agreed by the Parties in the Specific Disengagement Plan, in respect of time reasonably incurred, and any other expenses reasonably incurred, by Provider in each case in performing Provider’s obligations under this Schedule, unless the obligations can be performed using Provider Staff or resources used wholly or mainly in the provision of Services to Customer which have been paid for by Customer, in which case Provider will notify Customer of the extent to which using such resources would materially impact on the supply of the Services which would have been performed by such resources. To the extent that Provider’s compliance with its obligations under this Schedule will require the use of different or additional Provider Staff, services or resources beyond that which are covered by the applicable base charges and ARCs/RRCs, such Termination Assistance Services will be considered a chargeable service to be agreed through the procedures for New Services set forth in Section 3.1(D) of the MSA.


18.2	The sums to be reimbursed to Provider pursuant to Section 18.1 and which are attributable to a Critical Exit Deliverable will be allocated to such Critical Exit Deliverable. Customer will only be obliged to make the reimbursement of each such allocated sum on delivery of the Critical Exit Deliverable in accordance with its performance criteria.


19.	CHANGE TO THE CHARGES FOLLOWING START OF THE TERMINATION ASSISTANCE PERIOD

The Parties recognize that the migration of the Removed Services from Provider to the New Provider or Customer (as the case may be) may occur in stages and that this may result in a gradual cessation by Provider of the provision parts of the Services and their provision by the New Provider or Customer. In this regard, the Parties agree that the Fees will be varied, from time to time during the migration of the Removed Services based on the relevant principles set out in the Fee Exhibit to the applicable SOW.


20.	FAILURE TO PROVIDE TERMINATION ASSISTANCE

Any failure by Provider to provide the termination assistance described in this Schedule (or any threat by Provider not to provide such assistance) may constitute irreparable harm to Customer and Customer will accordingly in such cases, notwithstanding any arrangements to the contrary (as are set out in the Agreement or agreed pursuant to the terms thereof) have the right to proceed directly to court for any such legal or equitable remedies Customer may request. If a court should find that Provider has breached any of its termination assistance obligations as described in this Schedule, Provider agrees that it will not oppose any corresponding

MA-IB-00136-2018

Schedule 4
26

Confidential treatment requested by Juniper Networks, Inc.

court order to the extent such order compels the performance by Provider of such breached obligations hereunder.


21.	PAYMENT OF TERMINATION COSTS

Customer will pay Termination Charge Amounts only to the extent expressly provided for in the relevant Fee Exhibit to a SOW.


22.	STORAGE AND RETURNING MATERIALS, DATA, INFORMATION AND OTHER CUSTOMER PROPERTY

22.1

Upon Customer’s request at any time during the Term or at the end of the Termination Assistance Period, Provider will return or destroy Customer Property, Customer’s Confidential Information and Customer Data (including Personally Identifiable Information), according to, and otherwise comply with the obligations set forth in, Section 17.5 (Return of Confidential Information), Section 17.12 (Return of Personally Identifiable Information) and Sections 20.2 (Exit Rights) of the MSA. Provider will transfer responsibility for off-site storage of Customer’s documents (electronic and hardcopy), if any, to Customer.

22.2

In accordance with the Disengagement Plan, Provider will vacate the Customer facilities and return to Customer, if not previously returned, all Customer resources, including Customer Equipment, in a condition at least as good as the condition thereof on the applicable SOW effective date, subject to ordinary wear and tear. Provider will perform those activities required to enable a smooth transition of operational responsibility for the terminated/expired Services, including (to the extent applicable):


(A)	returning current copies of the standard software configuration(s) and any business specific applications materials owned by Customer or which Customer is entitled to obtain as provided in the Agreement and in Provider’s possession;


(B)	delivering the existing System support profiles, enhancement logs, problem tracking/resolution documentation, and status reports associated with the terminated/expired Services;


(C)	providing monthly work volumes, Service Levels and information on historical performance for each terminated/expired Service component over the preceding twelve (12) months;


(D)	providing reasonable assistance with the movement of Customer Data from the then-existing databases to the new processing environment;


(E)	provide the orderly hand-off of applicable ongoing Projects, including a listing of the applicable then-current and planned Projects. With respect to each such Project, achieving transfer of responsibility without loss of momentum or material adverse impact on Project timetables (e.g., document current status, stabilize for continuity during disengagement, and provide required training); and

MA-IB-00136-2018

Schedule 4
27

Confidential treatment requested by Juniper Networks, Inc.


(F)	cooperating with Customer’s test plans, back out procedures, and contingency plans as part of the transition.

22.3

If Customer’s request under this Section 22 affects the ability of Provider to perform its obligations under this Agreement, Provider will be relieved from its performance to the extent that Provider is unable to comply with its obligations without such data, information, records and documentation, it being agreed that where Provider is able to comply with its obligations without such data, information, records and documentation, the further compliance by Provider of the relevant obligations will be agreed through the procedures for New Services set forth in Section 3.1(D) of the MSA.

MA-IB-00136-2018

Schedule 4
28

Confidential Treatment Requested by Juniper Networks, Inc.

SCHEDULE 5

GOVERNANCE

This is Schedule 5 (Governance) (this “Schedule”) to the MSA by and between Juniper Networks, Inc. and International Business Machines Corporation. Unless otherwise expressly defined in this Schedule, the capitalized terms used in this Schedule have the meaning assigned to them in the MSA.

1. INTRODUCTION

1.1

This Schedule sets out the management and reporting responsibilities of each Party with respect to the provision of the Services to Customer and provides an overview of the Governance Structure. The “Governance Structure” describes the internal governing bodies and reporting mechanisms to be set up and implemented by the Parties in order to manage and implement the Agreement, including the provision of the Services.

The detail of the Governance Structure and the working of the Governance Bodies (as defined in Section 2.1, below) may be further defined in a procedure guide, which will be completed as an element of the Transition activities, as set forth in this Schedule (the “Governance Procedure Guide”).


1.2	The overall purpose of the Governance Structure is to provide leadership from the executive management of both Parties for the development and ongoing operation of the Services. The Governance Structure is intended to:


(A)	Maintain current knowledge of Customer’s business direction and strategy.


(B)	Facilitate compliance with Customer’s risk management, Project approval procedures and other Customer Policies in connection with the provision of the Services and any Projects agreed.


(C)	Enable the Parties to work together to promote the achievement of the expected return on investment in connection with Customer’s relationship with Provider.


(D)	Maintain control of all Changes.


(E)	Jointly manage the prioritization and planning of Services to ensure that the potential for business benefit to Customer is optimized.


(F)	Maintain disciplined management regarding cost, quality and mutual compliance with contractual commitments.


(G)	Provide general oversight and consolidated performance reporting.


(H)	Provide a clear route for Project reporting, issue escalation and resolution and risk management.

MA-IB-00136-2018

Schedule 5

Confidential Treatment Requested by Juniper Networks, Inc.


(I)	To promote the achievement of the business case with regard to Customer’s relationship with Provider.

2. GOVERNANCE BODIES AND RESPONSIBILITIES


2.1	Governance Structure

Provider will manage the Services for Customer’s benefit in accordance with the terms of the Agreement. In order to facilitate the management of the provision of the Services by Provider and the Parties’ overall management and implementation of the Agreement, the following joint governance bodies (“Governance Bodies”) will be established immediately following the Effective Date:


(A)	Strategic Level


(1)	Executive Review Board


(B)	Operating Level


(1)	Performance Review Board


(2)	Transformation Review Board

The Parties acknowledge and agree that meetings within and among the various Governance Bodies will be part of the normal operations of each Party in relation to the Services and are necessary to provide the most effective level of direction and support for Provider’s provision of, and Customer’s receipt of, the Services. The Parties may add or remove a Governance Body or change the Governance Structure, in each case, upon mutual written agreement. Meetings of the Governance Bodies may be held either in person or telephonically. As a general rule, meetings will be held in person, with telephone meetings being the exception and only as agreed to by the Parties. The meeting structures (activities, schedules, inputs, outputs), specific names of meeting attendees, meeting dates and meeting times will be more specifically specified in the applicable Procedure Guide. Provider will ensure that such content is updated and amended (with Customer’s prior written approval) so that the Procedure Guide is kept current during the Term. Provider additionally will procure that its representatives on the Governance Bodies attend Customer internal governance meetings and meetings with Customer Agents at the prior written request of Customer.

If a Party’s representative on any of the Governance Bodies, through resignation, illness, death or misconduct, ceases to be a member of that Governance Body, that Party will, within thirty (30) days, propose to the other Party a replacement of equivalent standing for such other Party’s approval. The other Party’s consent to such proposal may not unreasonably be withheld or delayed. Provider will be, at its sole cost and expense, responsible for any knowledge transfer as may be necessary in order to affect the smooth transition onto the Project of any such replacement representative.

Each Party will appoint suitably senior persons to each Governance Body who are empowered to commit their organizations within the terms of the relevant Governance Body.

MA-IB-00136-2018

Schedule 5

Confidential Treatment Requested by Juniper Networks, Inc.


2.2	Strategic Level


(A)	The “Executive Review Board” will have the purpose and responsibilities described below.


(1)	Purpose


(a)	To review Provider’s performance under this Agreement.


(b)	To ensure that the objectives of both Customer and Provider are satisfied with respect to the Agreement.


(c)	To approve strategy with respect to the Services in accordance with Customer’s Risk Management and Project approval procedures.


(d)	To manage the overall Customer and Provider relationship.


(e)	To ensure alignment of Customer and Provider goals and objectives.

The chairperson of the Executive Review Board will be appointed by Customer. The other members of the Executive Review Board will be agreed upon by the Parties during the Transition. The Executive Review Board will not be involved in day-to-day management of the Agreement but will retain overall accountability for the Agreement in addition to the business relationship.

Each Party, where possible, will give the other Party one (1) month’s prior written notice in the event of a change to its representatives on the Executive Review Board. Neither Party will change its representatives on the Executive Review Board without the other Party’s prior written approval. Meetings will take place quarterly, unless otherwise agreed by the Parties. Each meeting of the Executive Review Board will be attended by at least two (2) members from each of Provider and Customer. Where a decision is required of the Executive Review Board, Customer and Provider will each designate one representative to vote on its respective behalf (i.e., each of Provider and Customer have one vote without regard to the number of actual participants on the Executive Review Board) and all decisions required of the Executive Review Board will be made by a unanimous vote. Members of the Executive Review Board may not delegate voting authority to a person outside of the Executive Review Board. The time and place of such meetings will be mutually agreed. Meetings will be minuted by Provider and minutes will be circulated by Provider for approval between the Parties.


(2)	Key Responsibilities


(a)	To monitor and direct the strategic relationship between Customer and Provider.


(b)	To provide an “interface” to the executive teams of both Parties by providing regular feedback on progress and achievements to executive meetings.


(c)	To review long term plans, business trends and directions.

MA-IB-00136-2018

Schedule 5

Confidential Treatment Requested by Juniper Networks, Inc.


(d)	To review overall performance of the Services including financial performance investments and the effectiveness of gain/risk share arrangements.


(e)	To monitor and confirm the achievement of the Transition and the Transformation as reported by the Transformation Review Board.


(f)	To prioritize, identify, and resolve strategic issues.


(g)	To resolve issues and/or disputes escalated by the Performance Review Board.


(h)	To examine proposals for amendments to the Agreement.


(i)	To review new policies or changes to existing policies.


(j)	To review new business opportunities submitted for consideration by Customer or Provider.


(3)	Members of the Executive Review Board


(a)	The Parties will name their representatives to the Executive Review Board within thirty (30) days from the Effective Date, including: Customer - TBD


(b)	Customer - TBD


(c)	Customer - TBD


(d)	Provider - TBD


(e)	Provider - TBD


(f)	Provider - TBD


(g)	Provider - TBD

IBM Client Partner Executive and Customer Relationship Manager, or such other person as is considered appropriate by the chairperson, may attend Executive Review Board meetings by request of the chairperson of the Executive Review Board.


2.3	Operating Level


(A)	Performance Review Board


(1)	Purpose


(a)	To provide overall operational leadership for the Services, including the delivery of the Services and Projects.

MA-IB-00136-2018

Schedule 5

Confidential Treatment Requested by Juniper Networks, Inc.


(b)	To manage ongoing and day-to-day relations between Customer Personnel and Provider Staff regarding the delivery of the Services.


(2)	Key Responsibilities


(a)	The identification and resolution of operational issues, including those issues escalated to the Performance Review Board by the Transformation Review Board.


(b)	The preparation, examination and implementation of any modifications to the format of all reports prepared by Provider.


(c)	The examination and validation of the service level credits, if any, to be paid by Provider.


(d)	To approve Service plans, guide overall activities and manage Service expectation.


(e)	To discuss and implement changes, Projects or New Services that should be agreed at a level above the day-to-day management team.


(f)	To discuss process improvement steps and oversee the implementation of any Changes decided upon by way of continuous improvement.


(g)	To review the progress of the Projects and (if applicable) all additional Projects. These reviews are to include a consideration of budget, timetable, dependencies, and progress against Project Milestones.


(h)	To review the progress of the Projects. These reviews are to include a consideration of budget, timetable, dependencies, and progress against Project Milestones.


(i)	To review monthly invoices related to the performance of the Services.


(j)	To identify any material current or future events that may affect Services.


(k)	To review the results of satisfaction surveys to be conducted by Provider and, if required, formulate an action plan to address any issues arising from such surveys.


(l)	To review the results of any qualitative surveys to be conducted by Provider, as agreed to by the Parties.


(m)	To prepare and implement any necessary amendments to the Agreement within the authority of the team (which will not include any authority to agree any of the items such as New Services).

MA-IB-00136-2018

Schedule 5

Confidential Treatment Requested by Juniper Networks, Inc.


(n)	To review and report to the Executive Review Board on the achievement of the Transition and the Transformation as reported by the Transformation Review Board.


(o)	To review annually the future technology maintenance costs.


(p)	To refer to the Executive Review Board for resolution of issues and/or disputes not resolved at Performance Review Board level.


(q)	To manage service interfaces between Customer and Provider in relation to the Agreement.


(r)	To review Service Level results and other operational and financial reporting.


(s)	To review reports produced by Provider for Customer, including the following:


(i)	service performance for the current month;


(ii)	summary of Customer usage of resources;


(iii)	prioritization of issues;


(iv)	agreed actions for any Party from any previous meetings; and


(v)	other performance measures as agreed to by the Parties.


(t)	To resolve issues affecting the provision of the Services to Customer.


(u)	To review and schedule Services-related change requests for referral to the Executive Review Board.


(v)	To review the Technology and Process Evolution described in Section 3.7 (Technology and Process Evolution) of the MSA and formulate proposals for the implementation of any required changes Customer may wish to investigate further.


(w)	To agree on process improvement actions, including continuous improvement opportunities, and keep the appropriateness of the Service Levels under continuous review.


(x)	To agree on any changes to the Service Levels.


(y)	To discuss any need for initiation of Change Control Procedures to address Changes to the Services, or for any additional Projects.


(3)	Members of the Performance Review Board

MA-IB-00136-2018

Schedule 5

Confidential Treatment Requested by Juniper Networks, Inc.

The Parties will name their representatives to the Performance Review Board within thirty (30) days from the Effective Date, including:


(a)	Customer - TBD


(b)	Customer - TBD


(c)	Customer - TBD


(d)	Provider - TBD


(e)	Provider - TBD


(f)	Provider - TBD


(g)	Other - Other personnel as required.

The Performance Review Board meetings will be held monthly or as either Party may reasonably request. Relevant Customer business representatives and Provider representatives will also participate and provide input as required.

The purpose of such meetings will be to maintain clear channels of communications, facilitate Project planning and generally serve to minimize problems.

A written record of these meetings will be made by IBM Client Partner Executive and agreed by Customer. Such meetings will have a set of defined formal agenda items agreed by the Parties from time to time.


2.4	Transformation Review Board


(A)	Purpose


(1)	To provide overall leadership for the technology and application transformation delivered by the Projects and, if appropriate, any technology-related additional Projects (collectively “Technology Transformation Projects”).


(B)	Key Responsibilities


(1)	To approve Technology Transformation Project plans in accordance with Customer’s Risk Management and Project approval procedures and guide overall activities.


(2)	To review the progress of the Technology Transformation Projects. These reviews are to include a consideration of budget, scope, timetable, dependencies, and progress against Project Milestones.


(3)	The identification and resolution of project issues, including those issues escalated to the Transformation Review Board by individual Project workstreams.

MA-IB-00136-2018

Schedule 5

Confidential Treatment Requested by Juniper Networks, Inc.


(4)	To assess Change Requests related to Projects in advance of submission to the Performance Review Board.


(5)	The preparation, examination, recommendation and integration of any modifications to the Technology Transformation Projects.


(6)	To identify any material current or future events that may affect the implementation of the Technology Transformation Projects.


(7)	Escalate matters as required to the Performance Review Board.


(C)	Members of the Transformation Review Board

The Parties will name their representatives to the Transformation Review Board within thirty (30) days from the Effective Date, including:


(1)	Customer - [Program Director]


(2)	Customer - [Director of IT]


(3)	Provider - [IBM Client Partner Executive]


(4)	Provider - TBD


(5)	Other - Other personnel as required (for example Customer Group representatives).

The Transformation Review Board meetings will be held monthly or as either Party may reasonably request. Relevant Customer business representatives and Provider representatives will also participate and provide input as required.

3. DEFINITION OF DETAILED GOVERNANCE PROCESSES AND TASKS

3.1

The detailed processes to be conducted and the tasks to be performed by the various Governance Bodies will be defined during the Transition as part of the development of the Procedure Guide for the applicable SOW. The Procedure Guide will define the detail around the scheduling of and agendas to be followed by each Governance Body. The Parties will during the Term comply with and, if necessary, develop the policies and procedures set out in the Procedure Guide.


3.2	The requirements for the submission of reports to the various Governance Bodies will also be defined by the Parties in the Procedure Guide.

4. ESCALATION PROCEDURES


4.1	Prior to the initiation of formal dispute resolution procedures, the Parties will first attempt in good faith to resolve any dispute, controversy or claim arising under or in connection with this Agreement (a “Dispute”), as follows:

MA-IB-00136-2018

Schedule 5

Confidential Treatment Requested by Juniper Networks, Inc.


(A)	First, Customer Relationship Manager and IBM Client Partner Executive will meet as often, for such duration and as promptly as the Parties deem necessary to discuss the Dispute and negotiate in good faith in an effort to resolve the Dispute.

(B)

If Customer Relationship Manager and IBM Client Partner Executive are unable to resolve the Dispute within ten (10) Business Days after the referral of the Dispute to them, the Dispute will be referred to the Performance Review Board. The Performance Review Board will use reasonable efforts to resolve such Dispute or, if appropriate, to negotiate a modification or amendment to this Agreement. The Performance Review Board will meet as often, for such duration and as promptly as the Parties reasonably deem necessary to discuss the Dispute and negotiate in good faith in an effort to resolve the Dispute.

(C)

If the Performance Review Board is unable to resolve the Dispute within ten (10) Business Days after the referral of the Dispute to them, the Dispute will be referred to the Executive Review Board. The Executive Review Board will use reasonable efforts to resolve such Dispute or, if appropriate, to negotiate a modification or amendment to this Agreement. The Executive Review Board will meet as often, for such duration and as promptly as the Parties reasonably deem necessary to discuss the Dispute and negotiate in good faith in an effort to resolve the Dispute.

(D)

During the course of such discussions, all reasonable requests made by one Party to another for non-privileged or non-confidential information, reasonably related to the Dispute, will be considered in good faith in order that each of the Parties may be fully apprised of the other’s position. The specific format for such discussions will be left to the discretion of the Parties, but may include the preparation of agreed-upon statements of fact or written statements of position.

(E)

The Parties will continue to perform their obligations under this Agreement (to the extent reasonably possible in view of the Dispute being escalated) until such time as the Dispute has been resolved (by agreement or otherwise). While such escalation process is in process, neither Party will raise court proceedings against the other except where such action is necessary to stop or prevent an actual or threatened unauthorized disclosure of its Confidential Information, or to stop or prevent an actual or threatened misuse of its Intellectual Property Rights, or otherwise to stop or prevent irreparable harm to that Party.

MA-IB-00136-2018

Schedule 5

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 6

CHANGE CONTROL PROCEDURES

This is Schedule 6 (Change Control Procedures) (this “Schedule”) to the MSA by and between Juniper Networks, Inc. and International Business Machines Corporation. Unless otherwise expressly defined in this Schedule, the capitalized terms used in this Schedule have the meaning assigned to them in the MSA.

1. INTRODUCTION


1.1	This Schedule describes the Change Control Procedures to be followed by Customer and Provider when either Party wishes to make a Change. The Parties may, by joint agreement, amend or waive any part of the Change Control Procedures in accordance with the Agreement, including where the Parties agree that shorter or longer time frames are more appropriate.


1.2	Objectives. The objectives of the Change Control Procedures are as follows:


(A)	to review each request for a Change (a “Change Request”) to determine whether such Change is appropriate;


(B)	to determine whether a Change is within the scope of the Services or constitutes a New Service or is considered to be a change to the in-scope Services without constituting a change in the scope;


(C)	to prepare a more detailed proposal to implement a Change Request (such proposal, a “Change Proposal”);


(D)	to prioritize all Change Requests and Change Proposals;


(E)	to minimize the risk of exceeding both time and cost estimates, if any, associated with the requested Change by identifying, documenting, quantifying, controlling, managing and communicating: (a) Change Requests, (b) the preparation of Change Proposals, and (c) their disposition;


(F)	to identify the different roles, responsibilities and actions that will be assumed and taken by the Parties to define and implement the Changes; and


(G)	to document a Change whether or not such Change results in any additions or reductions in Fees, scope or time.


1.3	Each Party will be responsible for all costs and expenses incurred by its personnel, agents and subcontractors (in Provider’s case, Provider Agents and Provider Staff) with respect to its participation in, and responsibilities and obligations under, the Change Control Procedures.

2. CHANGE REQUESTS


2.1	Either Provider or Customer may initiate a Change Request by delivering to the other Party’s Authorized Representative or his/her nominated representative a document (a “Change Request Form”) that describes the Change and the reasons for it. Such Change Request Form will be the same or similar to that in Exhibit

MA-IB-00136-2018

Schedule 6

Confidential treatment requested by Juniper Networks, Inc.

A (Change Request Form). Provider will assign a unique number to any and all such requests and will register the Change Request in the Change Request Log as described in Section 3 (Change Request Log) below. Each Change Proposal that may be prepared for a Change Request will be tracked by reference to the Change Request to which it relates.

2.2

Each Party’s respective Authorized Representative or his/her nominated representative will be responsible for reviewing and considering any Change Request, and will approve it for further investigation, if deemed necessary. If the Parties agree that the Change Request requires further investigation, the Authorized Representatives will authorize such investigation, which will be performed as required by Provider and/or Customer. In accordance with Section 3 (Change Request Log) below, the Provider’s Authorized Representative or a designated representative (with review and concurrence from the Customer’s Authorized Representative) will be responsible for keeping up to date the status of each Change Request in the Change Request Log as the status of the Change Request changes through the Change Control Procedures.


2.3	Preliminary Change Report.

(A)

Preliminary Change Report Preparation. For each Change Request that the Parties have approved for further investigation, regardless of which Party has proposed the Change, Provider will prepare and submit to Customer within [***] calendar days (or as otherwise agreed in writing by the Parties, e-mail to suffice), with Customer’s reasonable cooperation and provision of any information reasonably requested by Provider, a preliminary written report. Such preliminary report will contain:


(1)	the costs associated with the Change;


(2)	the timeframe for implementing the Change (including any timing constraints);


(3)	the preliminary technical rationale for making the Change, as well as any changes or additions to policies, standards and procedures of Provider and/or Customer as the case may be, in accordance with which the Change is to be implemented;


(4)	the resources (including without limitation human resources, hardware, software and other Equipment) and associated Fees, if any, required for implementing the Change; and


(5)	an initial analysis of the potential risks (if any) to Customer or Provider if the Change is not implemented.

Provider will bear the costs of preparing the preliminary report contained in this Section, and will provide such report as part of the Services.

(B)

Report Review. Customer and Provider will review the preliminary report and Customer will, within [***] calendar days after delivery of such preliminary report in writing, either (a) instruct Provider to prepare a comprehensive Change Proposal as set forth in Section 2.3(C) (Comprehensive Change Proposals) below, (b) notify Provider that it does not wish to proceed with the Change, or (c) proceed with the Change on the material terms set forth in the preliminary report and other mutually-agreed terms as necessary to reasonably complete the Change Order.

MA-IB-00136-2018

Schedule 6

Confidential treatment requested by Juniper Networks, Inc.


(C)	Comprehensive Change Proposals. Where Customer has instructed Provider to prepare a comprehensive Change Proposal, [***] calendar days (or as otherwise agreed in writing by the Parties, e-mail to suffice) after receiving such instruction, Provider will prepare a Change Proposal including the following elements of the Agreement, to the extent relevant:


(1)	scope of the Services;


(2)	the Service Levels;

(3)

whether the Change will be an increase in Project cost, a decrease in Project cost, or cost neutral to Customer, including any Fees for the Change (e.g., fixed price or time and materials, including an estimate of total costs) as well as changes to the Fees, if any; provided, however, if a Change Proposal covers multiple customers, Provider will offer to perform the Change Proposal for Customer at a cost which takes into account Customer’s proportional share of the pro-ratable costs;


(4)	the resources (including without limitation human resources, hardware, Software and other Equipment) required for implementing the Change;


(5)	timeline, milestones and delivery dates for implementing the Change;


(6)	evaluation testing, development, Acceptance Testing, Acceptance Testing period, and acceptance criteria (which must be included in the final Change Order);


(7)	DR Plan and/or changes to the applicable DR plan;


(8)	impacts to, additions or deletions of, Third-Party Contracts;


(9)	any impacts on Customer Equipment, Customer Software, Customer Property, Provider Equipment, Provider Software, Provider Property, or any member of Customer Group’s, Customer Agents’ (in the case of Customer), Provider’s or Provider Agents’ business operations, personnel requirements or other services;


(10)	any related technical or human resource Systems/procedures;


(11)	any legal and regulatory compliance issues;


(12)	any other matter reasonably requested by Customer at the time of preparation of the impact analysis or reasonably considered by Provider to be relevant;


(13)	the Transition Plan and/or changes to the applicable Transition Plan;


(14)	any additional terms and conditions applicable to the Change;

MA-IB-00136-2018

Schedule 6

Confidential treatment requested by Juniper Networks, Inc.


(15)	where the Change relates to New Services to be provided, how the business objectives of Customer and Provider will be achieved in the provision of those Services;


(16)	any additional contractual terms and conditions which would apply to the Change, any changes to the contractual terms and conditions of the Agreement, together with details of the effect (if any) those terms and conditions will have on the Agreement; and


(17)	an analysis of the potential risks (if any) to Customer or Provider if the Change Proposal is not implemented.

Provider will bear the costs of preparing the comprehensive Change Proposal as set forth in this Section 2.3(C) (Comprehensive Change Proposals), and will provide such comprehensive Change Proposal as part of the Services.


(D)	Change Proposal Review.


(1)	Once submitted by Provider, Customer will review the Change Proposal and as soon as reasonably practicable, and in any event not more than [***] calendar days (or as otherwise agreed in writing by the Parties, e-mail to suffice) after receipt of the Change Proposal, either:


(a)	Customer may notify Provider that it does not wish to proceed with the Change, in which case no further action will be taken in respect of the Change Proposal; or


(b)	Customer may request that it and Provider meet to discuss the Change Proposal (such meeting to be referred to as the “Change Proposal Meeting”).


(2)	At the Change Proposal Meeting, the Parties will use reasonable efforts to agree to:


(a)	take no further action in respect of the proposed Change, in which case no further action will be taken in respect of the Change Proposal and it will be deemed to be “rejected” on the action log;


(b)	acquire further information before deciding whether to proceed with the Change;


(c)	amend some or all of the contents of the Change Proposal, which Provider will incorporate into a revised version of the Change Proposal; or


(d)	proceed with the Change as detailed in the Change Proposal, in which case the Change Proposal will be signed and the Change incorporated in accordance with Section 2.4 (Effectiveness of a Change) below.

MA-IB-00136-2018

Schedule 6

Confidential treatment requested by Juniper Networks, Inc.

(3)

If the Parties agree to proceed in accordance with one of the options detailed in Section 2.3(D)(2) above, then the Parties will gather any necessary information and/or Provider will prepare a revised version of the relevant Change Proposal, upon which the Parties will decide whether to proceed in accordance with Section 2.3(D)(2) above. The Parties will continue to go through the process detailed above until such time as a final resolution is made by the Parties. The Parties will act in good faith at all times during such process.

(4)

The Parties anticipate that not all Changes will result in increases in the Fees. Nevertheless, the Parties intend that all Changes will be documented under this this Schedule 6 (Change Control Procedures). Additional Fees for Changes will apply in general when Provider reasonably demonstrates that the implementation or adoption of the Change requires Provider to supply additional resources or perform Services that are not otherwise covered by the existing Fees.

(5)

Notwithstanding anything else, (a) all Changes that do not materially increase the cost of Provider for performing the Services; (b) all Changes to Services for which Provider can mitigate the impact of the Change by re-ordering, re-using or otherwise re-prioritizing or mitigating the impact without incurring material additional cost, (c) all Changes caused by a failure of Provider to perform any of its obligations under the Agreement, and (c) all other Operational Changes initiated (i) by Provider or (ii) by Customer that do not incur a material additional cost for Provider, will be made at no cost to Customer but provided, however, that for Changes with increases in volumes of existing Services where such increased volumes would subject Customer to additional Fees pursuant to the applicable Fees Exhibit, Customer shall pay additional Fees pursuant to the applicable Fees Exhibit.


2.4	Effectiveness of a Change.

(A)

Signed Change Orders. Upon the signature of a Change Proposal by both Parties’ Authorized Representatives, the contents of such Change Proposal will be deemed to be agreed and incorporated into the Agreement on the date of the last signature or as the Parties may otherwise agree (each such accepted Change Proposal will become a “Change Order”). All services added or modified by a Change Order will be Services under the Agreement, and the performance of Change Orders will in all respects be governed by the Agreement. Except as expressly provided herein, no part of the discussions or interchanges between the Parties will obligate the Parties to approve any Change or will constitute an amendment or waiver of the Agreement unless and until reflected in a Change Proposal and adopted in accordance with this Schedule 6 (Change Control Procedures). Neither Party will have any obligation to commence or comply with any Change, perform services that would be covered by any Change, or pay any Fees that would be covered by any Change, until such time as the Parties’ Authorized Representatives have signed the appropriate Change Order. Disputes (as defined in Schedule 4 (Governance) of the Agreement) regarding a Change will be subject to the Dispute resolution process in Schedule 4 (Governance) of the Agreement.

MA-IB-00136-2018

Schedule 6

Confidential treatment requested by Juniper Networks, Inc.


(B)	Acceptance Criteria. To the extent specified in a Change Order or the work under such Change Order is otherwise related to a Reviewable Item, Customer’s acceptance of, and payment for, work under such Change Orders will be subject to Customer’s acceptance in accordance with the acceptance process in Section 3.20 (Acceptance Testing) – Section 3.24 (No Deemed Acceptance) of the Agreement.

(C)

Failure to Agree. If the Party initiating a Change Request believes that the requested Change is required or necessary, the requesting Party will inform the other Party in writing of the reasons why the Change is required and the impact if it is not implemented or the reasons why a Change to the Fees is justified and equitable. If the other Party does not agree to implement the Change, the requesting Party will be entitled to consider the other Party’s refusal to agree to implement the Change as a Dispute, and the requesting Party may escalate such Dispute for resolution in accordance with Schedule 4 (Governance) of the Agreement.

2.5

Emergency Change Process. In the event that either Party requires a Change in order to respond to an emergency and such Change would, in the reasonable opinion of the requesting Party, if it was not implemented until Change Control Procedures had been followed, have a detrimental effect generally on Customer Group, including without limitation Customer Group’s financial interests, Customer Group’s welfare or public safety, or specifically impacting Provider‘s ability to meet its obligations pursuant to the Agreement, the requesting Party will make all reasonable efforts to contact the other Party’s Authorized Representative, and if the requesting Party is unable to contact the other Party’s Authorized Representative after reasonable efforts, the requesting Party may make temporary Changes to the Services without the prior consent of the other Party. The requesting Party will notify the other Party as soon as practicable but no later than twenty-four (24) hours after the event of such Change and will, as soon as reasonably practicable (but no later than two (2) business days thereafter) document and report in writing on such Changes to the other Party. Any agreed Change as a result will be agreed in accordance with Change Control Procedures. Disputes regarding any additional Fees for Changes under this Section 2.5 are subject to the Dispute resolution process in the Agreement.

2.6

Mandatory Changes. Notwithstanding the Change consideration and implementation process outlined in this Schedule 6 (Change Control Procedures) but in all events subject to Section 2.4(C) above, if a Change requested by Customer is a Mandatory Change, Provider will immediately begin implementing the Mandatory Change upon request by Customer provided Customer agrees to pay any upfront one-time charges related to such change (for example, hardware, software or similar investments) that are approved in writing in advance by Customer. Provider will also prepare and deliver to Customer a Change Proposal related to the Mandatory Change on an expedited basis, where appropriate, and the Parties will work together in good faith to determine the impact on the Agreement (including without limitation, any impact on the Fees) as a result of implementing the Mandatory Change. If the Parties are unable to agree on the impact on the Agreement within [***] calendar days after Customer has received the Change Proposal from Provider, either Party may consider such failure to agree to be a Dispute, and may escalate such Dispute for resolution in accordance with Schedule 4 (Governance) of the Agreement. If the Parties are unable to resolve the Dispute within [***] calendar days of the escalation of such Dispute, then Provider may discontinue implementing the Mandatory Change. “Mandatory Change” means (A) any Change requested by Customer, that, in the reasonable judgment of Customer is required (1) to comply with any Customer Law; (2) as a result of any new Customer Policy or updated, amended or modified Customer Policy that Customer issues to comply with any Law; or (3) for

MA-IB-00136-2018

Schedule 6

Confidential treatment requested by Juniper Networks, Inc.

Contractor to perform services critical to Customer Group’s businesses where such services are not within the scope of the Services, but are not materially different in nature or kind from the Services; (B) any Change that is required to protect Customer Group’s welfare or public safety; or (C) without reference to (A)-(B) above, any Change otherwise described as a Mandatory Change in the Agreement.

3. Change Request Log.


3.1	Provider will provide Customer, as part of its monthly reporting obligations, a summary specifying the status of all pending Change Requests and Change Proposals.


3.2	Each entry made in the Change Request Log will consist of the following fields:


(A)	number of the Change Request;


(B)	name of the originating Party;


(C)	a brief description of the Change;


(D)	the current status of the Change; and


(E)	the date of registration of the Change Request in the Change Request Log.


3.3	The status of the Change Request at any stage in Change Control Procedures will be one of the following:


(A)	raised (i.e., that the Change Request has been entered in the Change Request Log, but no Change Proposal has been issued);


(B)	pending (i.e., that the Change Request has been raised and the Change Proposal has been issued);


(C)	approved (i.e., awaiting implementation);


(D)	closed (i.e., all implementation tasks have been completed); or


(E)	rejected (i.e., closed and not implemented).

MA-IB-00136-2018

Schedule 6

Confidential treatment requested by Juniper Networks, Inc.

EXHIBIT A

CHANGE REQUEST FORM

The data to be filled in on the Change Request Form is the following:



Change Request Information	Comments
Document Number	Chronological number of the Change Requests
Version	Document version to keep track of the version history
Creation Date	Date of creation of the Change Request
Beneficiary	Name of the beneficiary for which this Change Request is required
Request Date	Date at which the Change Request was requested
Requested By	Name of the individual who originated the request at Customer or Provider
Position	Position of the originator of the Change
Requested Priority	Priority is proposed by Provider’s Authorized Representative and approved by the Customer’s Authorized Representative. Priority may be: * Urgent: the request has to be implemented on an expedited basis; or * High/Medium/Low: the Change Request is not urgent but has a level of priority and is to be implemented in the timeframe agreed in the final Change Order
Impacted Service Location	Service Location(s) that will be impacted by the proposed Change
Overall Description	High level explanation of the Change Request
Overall Impact Evaluation	High level evaluation of the main impacts of the Change Request
Estimated costs for detailed analysis	Initial estimate of the costs necessary for the preparation and drafting of a detailed, written proposal relative to the Change
Estimated costs for implementation	Initial estimate of the costs needed to implement the Change, including the increase or decrease or any additional Fees that may be due pursuant to the proposed Change
Submission Date	Date at which the Change Request was submitted to Customer’s Authorized Representative
Approval	Yes/No information
Date of Approval	Date at which the Change Request was approved by Customer’s Authorized Representative
Name of Customer Approver	Name of the individual who has approved the Change
Target Implementation date	Date at which Customer is expecting the Change to be implemented

MA-IB-00136-2018

Schedule 6

Confidential treatment requested by Juniper Networks, Inc.



Change Request Information	Comments
Reasons for approving	Explanation supporting the approval
Other proposed solution	Customer may propose a different solution from the one presented by Provider
Customer Sign-Off	Customer individual who has signed the Change Request
Customer Sign-Off Date	Date of sign-off of the Change Request
Provider Sign-Off	Provider individual who has signed the Change Request
Provider Sign-Off Date	Date of sign-off of the Change Request

MA-IB-00136-2018

Schedule 6

Confidential treatment requested by Juniper Networks, Inc.

Change Request Form



Change Request Identification
Document Number:		Version:
Creation Date:
Beneficiary:		Request Date:
Requested by:		Position:



Change Request Description
Requested Priority:
Impacted Service Location(s):
Overall Description:
Overall Impact Evaluation:
Estimated costs for detailed analysis:
Estimated Costs for Implementation:
Submission Date:



Change Request Approval

Approval:		Approval Date:
Approver Name:		Target Implementation Date:
Approved Priority:
Reasons for Approving:
Other Proposed Solution:
Change Request Sign-Off
Customer Sign-off:		Date of Sign-off:
Provider Sign-off:		Date of Sign-off:

MA-IB-00136-2018

Schedule 6

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 7

PROGRAM MANAGEMENT AND PROCESS INTERFACE MANUAL

This is Schedule 7 (Program Management and Process Interface Manual) (this “Schedule”), to the MSA by and between Juniper Networks, Inc. and International Business Machines Corp. Unless otherwise expressly defined in this Schedule, the capitalized terms used in this Schedule have the meaning assigned to them in the MSA. The Program Management System (“PgMS”), and the Process Interface Manual (“PIM”) to be implemented by Provider support execution of business processes, plans and policies applicable to the Services.


1.	INTRODUCTION

The purpose of this Schedule is to define the outline for the Program Management System and Process Interface Manual to be prepared in connection with each SOW by Provider in accordance with Section 3.17 (Program Management and Process Interface Manual) of the Agreement. This Schedule sets forth the general terms and methodology for Program Management System obligations, and more specific terms will be set forth in the applicable Program Management System schedule.

In addition, the Process Interface Manual will also be created. The Process Interface Manual describes the operational processes and policies used by Provider Global Service Delivery organization to deliver Services.

To further such purposes, this Schedule 7 (Program Management and Process Interface Manual) provides the agreed tables of contents and descriptions, without limitation of additional content as may be mutually agreed.

MA-IB-00136-2018

Schedule 7

Confidential treatment requested by Juniper Networks, Inc.

[***]

Figure: IBM Program Management System


2.	PROGRAM MANAGEMENT SYSTEM CREATION AND UPDATES


2.1	Provider Responsibilities.


(A)	Provider will incorporate into the Program Management System relevant business processes, applicable standards, policies and requirements employed by Provider in providing the Services, including:


(1)	Existing approved policies, procedures and data of and/or collected from Customer Group, including Customer Policies (including forms and instructions contained therein); and


(2)	New policies, procedures and data, subject to Customer’s prior written authorization, required for the operation and governance of the Agreement.


(B)	Provider will maintain the Project Management System in a current state during the Term. Updates will include:


(1)	Revised approved policies, procedures and data, including Customer Policies (including forms and instructions contained therein) collected from Customer;


(2)	New policies, procedures and data, subject to Customer’s prior written authorization, required for the operation and governance of the Agreement; and


(3)	Deletion of obsolete policies, procedures and data, subject to Customer’s prior written authorization. Deleted policies, procedures and data will be logged with the date and reason for deletion.


(C)	Changes to the Program Management System will be made in accordance with the Change Control Procedures.

3. PROJECT MANAGEMENT SYSTEM CONTENT

The Program Management System will include the content and topics described below and any other content and topics required in the applicable SOW.



Content	Brief Description
1. ORGANIZATIONAL OVERVIEW
(a) Provider Management and Delivery Organization	Includes organization charts, description of functions performed, contact information.

MA-IB-00136-2018

Schedule 7

Confidential treatment requested by Juniper Networks, Inc.



Content	Brief Description
(b) Key Contacts – Customer	List of contacts within Customer that are key users of the Services and/or perform a liaison function in regard to the Services.
(c) Key Contacts – Provider Agents	List of key Provider Agent contacts.
2. PERFORMANCE MANAGEMENT PROCEDURES	Ongoing, “steady state” processes, procedures and policies including information on coordination activities, responsibilities of each party (by title/function).
(a) Performance Monitoring and Reporting Procedures	Procedures Provider will use to verify Service delivery on a day‑to‑day basis, including internal reporting and reporting to Customer.
(b) Problem Management and Escalation Procedures	Procedures Provider will use to identify problems, report and resolve problems, and escalate as necessary within Provider organization and/or Customer.
(c) Root Cause Analysis Procedures	Procedures Provider will use to determine root cause of problems, including involvement of (and/or support to) Customer, End Users or other applicable third parties.
(d) Service Level Measurement and Reporting Procedures	Procedures Provider will use to measure and report Service Levels (including Performance Indicators and Critical Performance Indicators) to Customer.
(e) Project Management Procedures	Description of the methodology and procedures Provider will use to manage and report on Projects.
(f) Change Management Procedures	Description of the methodology and procedures Provider will use to implement Improvements and bug fixes into its environment.
(g) Physical Access & Security Procedures	Physical access and security procedures Provider will use at Service Locations.
(h) Network Access & Security Procedures	Network access and security procedures to which Provider will adhere.

MA-IB-00136-2018

Schedule 7

Confidential treatment requested by Juniper Networks, Inc.



Content	Brief Description
(i) DR Plan	Procedures Provider will use in regard to disaster recovery and business continuity developed in accordance with the requirements specified in Section 10.1 (Disaster Recovery Plan) of the MSA. Provider may reference other documents containing comprehensive procedures, including Schedule 12 (Disaster Recovery and Business Continuity Requirements) but should provide a general overview within the Procedure Guide.
(j) Other relevant procedures	Description of any other procedures required to deliver the Services as agreed to by the Parties.
3. FINANCIAL MANAGEMENT PROCEDURES	Ongoing, “steady state” procedures and policies, including information on coordination activities and responsibilities of each Party (by title/function).
(a) Invoicing	Procedures for invoicing and verification of invoice by Customer.
(b) Project Milestones	Procedures for reporting on Project Milestone progress, measurement and achievement.
(c) Other relevant procedures	Description of any other procedures required to deliver the Services as mutually agreed to by the Parties.
4. CONTRACT MANAGEMENT PROCEDURES	Ongoing, “steady state” procedures and policies, including information on coordination activities, responsibilities of each Party (by title/function).
(a) Provider Key Personnel and Subcontractors	Procedures for Customer’s authorization regarding replacement or removal of Provider Key Personnel, Provider Staff and Provider Agents in compliance with the Agreement.
(b) Problem Resolution	Any further description of the procedures regarding the problem resolution process in the Agreement and the Parties’ respective representatives.
(c) Other relevant procedures	Other procedures required to deliver the Services as mutually agreed to by the Parties.
5. RELATIONSHIP MANAGEMENT PROCEDURES	Ongoing, “steady state” procedures and policies, including information on coordination activities and responsibilities of each Party (by title/function).

MA-IB-00136-2018

Schedule 7

Confidential treatment requested by Juniper Networks, Inc.



Content	Brief Description
(a) Satisfaction Surveys	Description of the process to be used for conducting satisfaction surveys. Content should include procedures regarding action items and attempts to resolve Customer’s issues.
(b) Customer / Provider Relationship Management	Procedures and responsibilities regarding the relationship between Customer, the Customer governance organization (including the Customer executive team) and Provider. Content should include procedures regarding communication and coordination regarding work requests, Service delivery issues, budgeting and financial issues.
(c) Other relevant procedures	Other procedures required to deliver the Services as mutually agreed to by the Parties.
6. PROVIDER OPERATIONAL PROCEDURES	Ongoing, “steady state” procedures and policies, including information on coordination activities, responsibilities of each Party (by title/function).
(a) Operational Procedures	Operational processes and policies used by Provider for its interface with Customer in delivery of the Services will be set forth in the Process Interface Manual as described below in Section 4.
(b) Regulatory Compliance Policies	Customer’s regulatory compliance policies and Provider’s processes, procedures and methodologies utilized in the implementation of such regulatory compliance policies.
(c) Finance Policies and Procedures	Customer’s finance policies and procedures and Provider’s processes, procedures and methodologies utilized in the implementation of such finance policies and procedures.
(d) Quality Assurance Procedures	Provider’s quality management procedures relating to the provision of the Services including the checkpoint reviews, testing and acceptance procedures.
(e) Information Security Controls Procedures	Detailed data, network and physical access requirements and procedures that will define the security controls that Provider will implement as part of the Services will be set out in the Customer Security Document as set forth in Schedule 9.


4.	PROCESS INTERFACE MANUAL CREATION AND UPDATES

The IBM Process Interface Manual describes the operational processes and policies used by Provider’s Global Service Delivery organization to deliver agreed services for Customer.

MA-IB-00136-2018

Schedule 7

Confidential treatment requested by Juniper Networks, Inc.


4.1	Provider Responsibilities.


(A)	Provider will incorporate into the Process Interface Manual relevant operational processes, applicable standards, policies and requirements employed by Provider in providing the Services, including:


(1)	Existing approved operational processes collected from Customer Group, including interfaces between Customer and Provider Managed Operations service offerings; and


(2)	New operational process, subject to Customer’s prior written authorization, required for the operation and governance of the Agreement.


(B)	Provider will maintain the Process Interface Manual in a current state during the Term. Updates will include:


(1)	Regularly revise, subject to mutual agreement by Customer and Provider, to support enhancements and changes to operational processes and interfaces, to support the services as described in Infrastructure & End User SOWs;


(2)	Add new operational processes and interfaces, subject to mutual agreement by Customer and Provider, to support changes in contracted services required for the operation and governance of the Agreement; and


(3)	Deletion of obsolete operational processes and interfaces, subject to mutual agreement by Customer and Provider, to support changes in contracted services.


(4)	Deleted operational processes and interfaces will be logged with the date and reason for deletion.


(C)	Changes to the Process Interface Manual will be made in accordance with the Change Control Procedures.

5. PROCESS INTERFACE MANUAL CONTENT

The Process Interface Manual will include the content and topics described below and any other content and topics required in the applicable SOW.

MA-IB-00136-2018

Schedule 7

Confidential treatment requested by Juniper Networks, Inc.



Content	Brief Description
OPERATIONAL PROCESSES	Ongoing, “steady state” services and interfaces used by Provider Service Delivery to deliver agreed services for Customer. Chapters include description of services, scope, responsibility matrix, support requests, procedures, polices and guidelines and other relevant information needed by Provider to deliver the services.
a) Application Administration Account Details	Overview of services and interfaces related to Application Administration / Middleware Management
b) Asset Management Account Details	Overview of services and interfaces related to Asset Management
c) Availability Management Account Details	Overview of services and interfaces related to Availability Management
d) Backup and Restore Support Service Details	Overview of services and interfaces related to Backup and Restore Management
e) Capacity and Performance Management Account Details	Overview of services and interfaces related to Capacity and Performance Management.
f) Change / Release / Deployment Management Account Details	Overview of services and interfaces related to Change / Release / Deployment Management.
g) Console Operations Service Details	Overview of services and interfaces related to Console Operations Management.
h) Database Support Service Details	Overview of services and interfaces related to Database Management.
i) Disaster Recovery Account Details	Overview of services and interfaces related to Disaster Recovery Management.
j) Event Management Account Details	Overview of services and interfaces related to Event Management.
k) Identity and Access Management Account Details	Overview of services and interfaces related to Identity and Access Management.
l) Incident / Major Incident Support Service Details	Overview of services and interfaces related to Incident / Major Incident Management.
m) Infrastructure Support Service Details	Overview of services and interfaces related to Infrastructure Services Management.
n) Knowledge Management Account Details	Overview of services and interfaces related to Knowledge Management.
o) Network Support Service Details	Overview of services and interfaces related to Network Service Management.

MA-IB-00136-2018

Schedule 7

Confidential treatment requested by Juniper Networks, Inc.



Content	Brief Description
p) Problem Management Account Details	Overview of services and interfaces related to Problem Management.
q) Production Control Support Service Details	Overview of services and interfaces related to Production Control Management.
r) Request Fulfillment Account Details	Overview of services and interfaces related to Request Fulfillment Management.
s) Security Management Account Details	Overview of services and interfaces related to Security Management.
t) Service Level Management Account Details	Overview of services and interfaces related to Service Level Management
u) Storage Support Service Details	Overview of services and interfaces related to Storage Management
v) System Support Service Details	Overview of services and interfaces related to System Management
w) Remote site visit checklist	Checklist for observations, actions, and feedback upon completion of remote site review

MA-IB-00136-2018

Schedule 7

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 8

EMPLOYEE MATTERS

This is Schedule 8 (Employee Matters) (this “Schedule”) to the MSA by and between Juniper Networks, Inc. and International Business Machines Corp. Unless otherwise expressly defined in this Schedule, the capitalized terms used in this Schedule have the meaning assigned to them in the MSA.

1. INTRODUCTION


1.1	General

This Schedule 8 (Employee Matters) contains provisions affecting Provider’s offers of employment to the Affected Employees, terms and conditions of Provider’s employment of New Provider Employees on and after their Employment Effective Dates and the Provider employee benefits to be provided to the New Provider Employees upon commencement of their employment with Provider. Nothing in this Schedule is intended to create any right or cause of action in or on behalf of any Person other than Customer or Provider.

2. AFFECTED EMPLOYEES

(A)

For purposes of the Agreement, “Affected Employees” means all Customer Group personnel who would receive offers to transition to Provider and perform the in-scope information technology infrastructure activities. It is anticipated that the Affected Employees will include all Customer Group personnel in the following Customer information technology organization areas: (1) End User, (2) Infrastructure and (3) Applications.

(B)

Without limiting the foregoing, Exhibit A (Affected Employees) to this Schedule sets forth a list of known Affected Employees by name, title and information technology organization area. If an Affected Employee accepts the offer of employment made by Provider as described below in Article 3, such individual will become an employee of Provider or a Provider Agent engaged by Provider but only to the extent set forth in Section 2.2 (hereafter referred to as “New Provider Employee”) and will be deemed Provider Staff for purposes of the Agreement. Provider must meet the following criteria with respect to the offers of employment to the Affected Employees and for the transition and employment to New Provider Employees. The “Employment Effective Date” for each such New Provider Employee will be the effective date on which Provider actually employs such individual. Provider will bear all Provider costs incurred in complying with the provisions set forth in this Schedule.


2.2	Anticipated Timeline of Events

It is anticipated that the events described below will occur on or about their corresponding date:


•	Affected Employees will receive an offer of employment from Provider or a Provider Agent (in the case of Provider Agents, only with regard to countries other than the US or India) on the terms herein no later than March 1, 2019 (the date each such Affected Employee receives an offer of employment from Provider will be referred to herein as the “Offer Date”).

MA-IB-00136-2018

Schedule 8
1

Confidential treatment requested by Juniper Networks, Inc.


•	Affected Employees who accept Provider’s offer of employment will become New Provider Employees by May 1, 2019.

3. EMPLOYMENT OFFERS


3.1	Offers of Employment


(A)	Provider understands and acknowledges the importance to Customer that all employees of Customer Group who may be affected by this Agreement are (1) treated with respect and dignity and (2) given employment opportunities with Provider in connection with the Services provided to Customer Group for at least twelve (12) months, at which time Provider may provide other opportunities.

(B)

No later than March 1, 2019, Provider (or a Provider Agent to the extent permitted under Section 2.2) will offer written offers of employment to all Affected Employees (including those on leave of absence or disability so long as Customer provides each such Affected Employee’s written consent to be contacted by Provider). Templates of written offers for each country with Affected Employees are attached as Exhibit B (Template Offer).


(C)	Provider is solely responsible for making any hiring decisions regarding Affected Employees; provided, however, Provider will hire each Affected Employee who:


(1)	receives an employment offer from Provider (or a Provider Agent to the extent permitted under Section 2.2) consistent with the terms and conditions set forth herein;


(2)	accepts such offer of employment in accordance with the terms of the offer;


(3)	is actively employed by Customer as of the date of such offer is extended and continues acceptable performance with the Customer, as determined by Customer in its sole discretion, up to the Employment Effective Date;


(4)	passes the following Provider pre-employment screening requirements: criminal background, export regulation controls review/embargoed countries, proof of identity evaluation, work authorization/residence permit and denied parties list, Provider rehire eligibility, and a review of any applicable non-compete agreement that may prevent hiring; and


(5)	is not on a leave of absence or disability leave from Customer as of the Employment Effective Date; provided, however, Provider will offer to hire any such Affected Employee if he/she returns to a temporary or permanent position with the Customer within six (6) months from the Employment Effective Date.

(D)

Such offers of employment will be on terms and conditions substantially similar in the aggregate (with respect to position, base salary and wages, variable compensation, equity compensation, vacation, paid time off and employee benefits) to those in effect for such Affected Employees immediately prior to the Effective Date, but in no event will they be less than the terms set forth in this Schedule 8 (Employee Matters).

MA-IB-00136-2018

Schedule 8
2

Confidential treatment requested by Juniper Networks, Inc.


(E)	Each Affected Employee will have a seven (7) Business Day period following the Offer Date within which to accept any offer of employment from Provider;

(F)

Following the Employment Effective Date, the Affected Employees who accept the offer of employment will be deemed to be New Provider Employees and under the exclusive supervision and control of Provider, subject to Provider’s policies and procedures, and Customer Group will, except as otherwise provided for in this Schedule, have no further right to participate in or control the employment of such.


(G)	Notwithstanding the foregoing, Provider will have the responsibility to manage all New Provider Employees and Provider Staff as of the Service Commencement Date.

4. PROCEDURE FOR MEETINGS AND SPECIAL ACTIVITIES

(A)

Provider will coordinate with Customer, and obtain its approval which will not be unreasonably withheld, regarding plans and schedules for conducting “one-on-one sessions”, “town hall sessions”, and other informational meetings with all Affected Employees. A detailed description of all such events, including a proposed schedule and timeline for such events, will be set forth in the employee transition plan agreed upon by the Parties pursuant to Section 7 (Employee Transition). Provider will hold the first such informational meeting and/or program as soon as reasonably possible after the Effective Date of the Agreement and will hold additional events before and after the letters offering employment are received by the Affected Employees.


(B)	Provider may initiate special activities to generate goodwill with the Affected Employees with the prior written approval of such programs by Customer. These activities, including costs, are the responsibility of Provider. Customer will consider requests from Provider to assist in the roll-out and implementation of these activities.

5. EMPLOYMENT OF NEW PROVIDER EMPLOYEES


5.1	Comparable Positions

For one (1) year following the Employment Effective Date, Provider will provide or cause to be provided to the New Provider Employees base salary and wages, variable compensation (except with regard to variable compensation for fixed term hires), equity compensation, vacation, paid time off and employee benefits on terms and conditions substantially similar in the aggregate to those in effect for the New Provider Employees as of the Effective Date, and as set forth in Article 6 below. Provider will retain New Provider Employees for providing Services to Customer for at least one (1) year after the applicable Employment Effective Date. Provider will make every commercially reasonable effort to ensure that all Affected Employees are incentivized to remain employees through the Transition period. The foregoing requirement does not apply to a New Provider Employee who (A) voluntarily resigns from Provider, (B) is dismissed by Provider for misconduct (e.g., fraud, drug abuse, theft) or failure to perform duties and responsibilities, or (C) dies or is unable to work because of a disability. Any and all Affected Employees who decline the initial offer of employment from Provider will not be entitled to non-statutory or non-contractual severance payments from Provider, Customer or any Provider or Customer severance plan or arrangement.

MA-IB-00136-2018

Schedule 8
3

Confidential treatment requested by Juniper Networks, Inc.


5.2	Location

For a period of one (1) year, except as otherwise expressly agreed by Customer, the positions offered to the Affected Employees will add no more than thirty (30) miles to any such employee’s commute, compared to such employee’s commute to Customer immediately prior to the Effective Date. For example, if an Affected Employee resided thirty (30) miles from Customer immediately prior to the Effective Date, such employee’s offer from Provider must be for a position no more than sixty (60) miles from such employee’s residence. For locations outside of the United States, Provider acknowledges and agrees that average travel time between the Affected Employees’ current work location and the proposed Provider work location is no more than twenty (20) minutes, unless otherwise agreed upon in writing by the Parties or required in accordance with Provider facility standards; provided that where a facilities standards issue prevents Provider from placing an Affected Employee at a location no more than twenty (20) minutes away from the current work location the Parties agree to work together in good faith to agree on another acceptable location.


5.3	Status, Training and Long-Term Career Opportunities

New Provider Employees will have the same status, training and career opportunities as similarly situated Provider Staff. To the extent Provider considers years of service as it relates to employment, in determining eligibility or entitlement amounts for any benefits in Provider’s benefit programs or policies (such as employment, severance, paid time off), or in determining whether to minimize or eliminate any benefit eligibility periods under Provider’s employee benefit plans, Provider will recognize each New Provider Employee’s years of service with any and all members of Customer Group.

6. COMPENSATION AND BENEFITS


6.1	Wages

On the Employment Effective Date, Provider will pay to each New Provider Employee the same minimum rate of base compensation (whether an hourly rate of pay or annual salary, as applicable) that such New Provider Employee was receiving from Customer as of the Employment Effective Date. In addition, variable compensation will be taken into account as follows:

(A)

Unvested Customer Equity. For the first year following the Employment Effective Date, Provider will pay each New Provider Employee any previously granted but unvested equity as such equity vests, in accordance with Customer’s current vesting schedule, subject to Customer’s reimbursement to Provider of such amounts paid to each such New Provider Employee, in accordance with the invoicing and payment terms set forth in Section 12.1 (General) of the MSA.

(B)

Provider’s Replacement for Customer’s Equity Compensation. New Provider Employees will be eligible to participate in Provider’s employee equity program as of the Employment Effective Date to the same extent as similarly situated Provider employees. Additionally, for each New Provider Employee, Provider will include an amount in the Benefit Equalization Adjustment described in Section 6.3(B) equivalent to (1) if such New Provider Employee was employed by Customer for three (3) or more years, the average annual value of the equity such New Provider Employee received under the Customer equity program over the three (3) years from 2016 through 2018 that vested during such period; (2) if such New Provider Employee was employed by Customer for less than

MA-IB-00136-2018

Schedule 8
4

Confidential treatment requested by Juniper Networks, Inc.

three (3) years, the average annual value of the equity such New Provider Employee received under the Customer equity program during the period of time such New Provider Employee has been employed by Customer that vested during such period; and (3) if such New Provider Employee’s equity has not yet had its first vest at the time of the Employment Effective Date of such New Provider Employee, the value of the equity that such New Provider Employee would have received at first vest. For purposes of calculating the average annual value, the value of the vested equity will be determined using the price of Customer common stock as of market close on the applicable equity vesting date. For purposes of foregoing (3), for calculating the value of equity such New Provider Employee would have received at first vest, the value of the vested equity will be determined using the price of Customer common stock as of market close on the Effective Date.

(C)

Bonus. New Provider Employees will be eligible to participate in Provider’s established program designed to return a portion of revenue and pretax profit growth based on a predetermined model (“Growth Driven Profit Sharing Plan”) as of the Employment Effective Date to the same extent as similarly situated Provider employees. Additionally, for each New Provider Employee, Provider will include in the Benefit Equalization Adjustment described in Section 6.3(B) an amount equivalent to the difference between (1) Customer’s average annual bonus payout to the Affected Employees at the same salary grade as the New Provider Employee immediately prior to the Employment Effective Date, averaged for the calendar years 2015 through 2017, and (2) Provider’s average Growth Driven Profit Sharing Plan payout for the same period for non-executive employees in the same country as the New Provider Employee. Provider will pay each New Provider Employee any bonus amounts payable by Customer to such New Provider Employee covering the period between January 1, 2019 and April 30, 2019 as Customer notifies to Provider in writing, subject to Customer’s reimbursement to Provider of such amounts paid to each such New Provider Employee, in accordance with the invoicing and payment terms set forth in Section 12.1 (General) of the MSA.


6.2	Compensation Increases

New Provider Employees will be considered for annual performance-based merit increases, incentive compensation awards, increases in variable compensation, increases in equity compensation, and other compensation increases to the same extent as similarly situated Provider Staff. New Provider Employees will be given credit for years of service at Customer when determining these increases.


6.3	Benefits

(A)

Each New Provider Employee will be eligible as of his or her Employment Effective Date for participation in all Provider benefit plans in operation in that Provider entity and location and available to similarly situated employees, including health care coverage, dental, vision, employee assistance, tuition assistance, employee discount and stock purchase plan, life insurance, accidental death and dismemberment, short-term and long-term disability, flexible spending accounts, and 401(k), as well as vacation and sick leave in accordance with Provider’s time off policies.

MA-IB-00136-2018

Schedule 8
5

Confidential treatment requested by Juniper Networks, Inc.

(B)

In the event that the aggregate premium costs for benefits described in this Section incurred by any New Provider Employee under Provider’s benefit plans are greater than such employee’s aggregate premium costs for such benefits under Customer’s benefit plans, Provider will pay a benefit equalization adjustment of such difference (a “Benefit Equalization Adjustment”) to supplement such New Provider Employee’s pay. This equalization benefit will cover a period of twelve (12) months from the Employment Effective Date and be paid on a schedule agreed upon by the Parties in writing no later than one (1) week prior to the Offer Date.

(C)

Benefit Equalization Adjustments will be calculated based on a mapping to each of Customer’s benefits referred to in Section 6.3(A) of this Schedule, including, in the case of health care coverage and dental coverage, Provider’s medical or dental plans by type (e.g., PPO, HMO). 401(k) employer match Benefit Equalization Adjustment will be based on contribution to Customer’s 401(k) plan as of January 1, 2019. Benefit Equalization Adjustments will be based on Customer’s tier level and benefits participation as of January 1, 2019, and will be calculated after actual election of benefits. Benefit Equalization Adjustments will be calculated in the aggregate based on New Provider Employee elections. If an Affected Employee goes through a Qualifying Event as defined by applicable provisions of the Employee Retirement Income Security Act of 1974 (“ERISA”) between January 1, 2019 and the Employment Effective Date, the Parties will agree to an equitable adjustment to any of the foregoing benefits as it relates to such Affected Employee.

7. EMPLOYEE TRANSITION


(A)	Employee Transition Plan

No later than seven (7) Business Days after the Effective Date of the Agreement, Provider will develop, and provide to Customer for its review, comment and approval, a detailed employee transition plan that will specify the schedule and timing of all informational meetings and programs as described in this Schedule, the duration and timing of the employee transition period, the procedures that will be followed and the date on which the Affected Employees who accept offers will start work with Provider. Such plan will include compliance with any applicable consultation or information procedures with employees or employee representative bodies. Such plan will include procedures to ensure that New Provider Employees are not adversely impacted with respect to personal cash flow or taxation by changes in the timing of payment of salaries during transfer. The following represents a tentative sequence and timing of events to which Provider will conform the employee transition plan:

MA-IB-00136-2018

Schedule 8
6

Confidential treatment requested by Juniper Networks, Inc.



Event/Activity	Timeframe
Initial informational meeting/program with all Affected Employees	Within two weeks of the Effective Date of Agreement
Additional informational meetings/activities with Affected Employees	Between the Effective Date and the Offer Date, and in any event no later than the Employment Effective Date Meetings will include: Career Discussions 1-on-1 meetings with IBM Functional Managers
Offer of employment to all Affected Employees	No later than March 1, 2019
Length of time that offers of employment will remain “open”	Seven (7) Business Days following receipt of offer or as otherwise provided in this Schedule

The employee transition plan will be agreed upon in a writing signed by Authorized Representatives of the Parties, and will upon agreement supersede and replace the above recommended schedule and will be incorporated by this reference into this Schedule. Unless and until the employee transition plan is agreed between the Parties and subject to applicable Law, the above recommended schedule (along with the other provisions of the MSA and this Schedule) will be the binding contractual document related to the transition of employees as set forth in this Section.

8. EMPLOYEE ELIGIBILITY

Provider will be responsible (including financial responsibility where Customer had financial responsibility prior to the Employment Effective Date) for managing the process of obtaining and completing any applications for work permits and visas required by any New Provider Employee identified in Exhibit A (Affected Employees) to this Schedule following the Employment Effective Date and maintaining work permits and visas in effect as of the Employment Effective Date. Provider will also be responsible (where required by Law) for completion of Forms I-9 for the New Provider Employees. Without limiting the foregoing, with regard to Affected Employees on L-1 visas, IBM will hold its offers of employment for such Affected Employees open for a period of six (6) months from the Offer Date regardless of whether such Affected Employees have obtained H-1B visas.

9. WARN

Provider will work with Customer regarding the timing of transition of the hired Affected Employees in an effort to assist Customer in avoiding a violation of the WARN Act.

10. INDEMNIFICATION

MA-IB-00136-2018

Schedule 8
7

Confidential treatment requested by Juniper Networks, Inc.


(A)	Customer will be responsible for all Claims asserted by Affected Employees arising out of their employment with Customer prior to the Employment Effective Date, but Provider will be responsible for all Claims asserted by Affected Employees arising out of their employment with Provider.

(B)

Customer will indemnify and hold Provider harmless from and against any and all Losses, including those incurred to enforce the terms of this Schedule, incurred or suffered by Provider relating to or resulting from third-party Claims arising out of (i) Customer’s employment of Affected Employees or (ii) the termination of such employment relationship by Customer with such Affected Employees, in each case, to the extent such Losses are caused by acts or omissions of Customer, including any of the following:


(1)	Claims alleging violations of federal, state, local, international, constitutional or other Laws or any common law protecting persons or members of a protected class or category, including, without limitation, Laws prohibiting discrimination or harassment on the basis of a protected characteristic;


(2)	Claims arising out of the California Labor Code, California’s Business & Professions Code, or any other Law relating to employment;


(3)	Claims alleging work-related injury, illness or death, except as may be covered by Customer’s workers’ compensation plan;

(4)

any claims, complaints or charges for wages, benefits, commissions, bonuses, compensation, penalties, interest, or damages and other payments (including but not limited to a claim for social contributions and/or government mandated payments into health and pension schemes) which are made against Provider by any Affected Employee or Affected Employee’s beneficiaries, successors or assigns or with respect to any Affected Employee by any tax or social security authorities and/or any other responsible authorities;


(5)	Claims for failure to provide severance or termination benefits;


(6)	Claims for workers or disability compensation or unemployment benefits; or


(7)	Claims arising out of a determination that any Affected Employee is an employee, co-employee or joint employee of Provider pursuant to any applicable Law, and/or otherwise;


(8)	any Claims in respect of the employment, treatment or termination of employment of any Affected Employee, including claims for unfair termination, wrongful termination, notice, redundancy and/or any claims for termination payments, discrimination, harassment or retaliation; and


(9)	Claims for accrued employee pension or welfare benefit obligations that arose under applicable Customer plans or policies.

MA-IB-00136-2018

Schedule 8
8

Confidential treatment requested by Juniper Networks, Inc.

(C)

Provider will indemnify and hold Customer Group harmless from and against any and all Losses, including those incurred to enforce the terms of this Schedule, incurred or suffered by Customer Group relating to or resulting from third-party Claims arising out of (i) Provider’s employment of Affected Employees or (ii) the termination of employment relationship by Provider with Affected Employees, in each case, to the extent such Losses are caused by acts or omissions of Provider in connection with Provider’s offers of employment or the acts or omissions of Provider from the Employment Effective Date of the Affected Employees, and including any of the following:


(1)	Claims alleging violations of federal, state, local, international, constitutional or other Laws or any common law protecting persons or members of a protected class or category, including Laws prohibiting discrimination or harassment on the basis of a protected characteristic.


(2)	Claims arising out of the California Labor Code, California’s Business & Professions Code, or any other Law relating to employment;


(3)	Claims alleging work-related injury, illness, or death, except as may be covered by Provider’s workers’ compensation plans;

(4)

any claims, complaints or charges for wages, benefits, commissions, bonuses, compensation, penalties, interest, or damages and other payments (including but not limited to a claim for social contributions and/or government mandated payments into health and pension schemes) which are made against Customer and/or any member of Customer Group by any Affected Employee or Affected Employee’s beneficiaries, successors or assigns or with respect to any Affected Employee by any tax or social security authorities and/or any other responsible authorities;


(5)	Claims for failure to provide severance or termination benefits;


(6)	Claims for workers or disability compensation or unemployment benefits; or


(7)	Claims arising out of a determination that any Affected Employee is an employee, co-employee or joint employee of Customer pursuant to any applicable Law and/or otherwise;


(8)	any Claims in respect of the employment, treatment or termination of employment of any Affected Employee, including claims for unfair termination, wrongful termination, notice, redundancy and/or any claims for termination payments, discrimination, harassment or retaliation; and


(9)	Claims for accrued employee welfare benefits that arose under applicable Provider plans or policies.

For clarity, Provider will have no liability with respect to Claims from Affected Employees for Customer retirement or pension benefits that may or may not have accrued prior to the Employment Effective Date.

MA-IB-00136-2018

Schedule 8
9

Confidential treatment requested by Juniper Networks, Inc.

11. INDIA

The following terms apply only to Affected Employees in India:


(A)	Provider will issue offers to Affected Employees in India for fixed-term contracts of employment of one (1) year only. At the end of this one-year period, their fixed-term contract of employment will cease/expire, and Provider will have no further liability or obligation towards such employees.

(B)

Customer will obtain resignations from Affected Employees in India after Provider issues offers of employment as set forth in Section 11(A) of this Schedule to such Affected Employees in India. In the event Customer does not obtain resignations from such Affected Employees or any such resignations are found to be ineffective under applicable Law in a final determination by a court or tribunal, Customer will indemnify Provider from and against any and all Losses relating to or resulting from third-party Claims arising out of Customer’s failure to obtain valid resignations.


(C)	Customer will make gratuity payments to all Affected Employees as prescribed under local Law, or in accordance with Customer policy. Customer agrees that such gratuity payments will also be made on a pro-rata basis to Affected Employees who have not yet completed any qualifying period of service under either local Law or Customer policy.

(D)

The Parties agree that the Affected Employees will join Provider on a “clean break” basis, and will not have any prior years of service recognized. No other liabilities or obligations that the Affected Employees were eligible for while employed with the Customer will transfer to their employment with Provider, including gratuity, superannuation, loan eligibility, leave accruals or entitlements, wages, bonuses, stocks and stock options, and any other entitlements or benefits whatsoever. Customer will settle all such benefits and entitlements directly with the Affected Employees.

(E)

The Parties will each provide additional amounts to be used as retention bonuses for New Provider Employees in India as follows. Provider’s and Customer’s respective contributions to the total funding amount from which retention bonuses will be paid to each such New Provider Employee (the “Retention Bonus Fund”) will each equal [***]. Each retention bonus payable to a New Provider Employee will be calculated based on fifteen (15) days’ salary per year of service at Customer (with the salary amount being determined as of the effective date of such employee’s resignation from Customer). The Parties will discuss and agree upon the timing of the notification of the retention bonus amounts to the Affected Employees in India. Provider will pay such amounts to the New Provider Employees in two equal lump sum payments on the following payment milestone dates: (1) six (6) months and (2) twelve (12) months after the Employment Effective Date of such New Provider Employees, provided the employee has not (a) voluntarily resigned from Provider or (b) been dismissed by Provider for misconduct (e.g., fraud, drug abuse, theft) or failure to perform duties and responsibilities prior to either payment milestone date (in which case the New Provider Employee would not be paid the applicable payment amount on such payment milestone date). In the case of any such resignation or dismissal event set forth in (a) or (b), the payment amount the New Provider Employee would have otherwise received will be deducted from the contribution amounts payable by the Parties to the Retention Bonus Fund set forth above, and the Parties’ respective contributions

MA-IB-00136-2018

Schedule 8
10

Confidential treatment requested by Juniper Networks, Inc.

will continue to be made on a [***] basis after such deduction. Customer will reimburse Provider for its [***] portion of such amounts actually paid to each such New Provider Employee on each of the six-month and twelve-month payment milestone dates, respectively, pursuant to an invoice issued by Provider after each such payment milestone date, which amounts actually paid in total by Provider will in no event exceed the Retention Bonus Fund, in accordance with the invoicing and payment terms set forth in Section 12.1 (General) of the MSA. For the avoidance of doubt, Provider’s financial records and supporting Documentation associated with the retention bonus payments described in this Section will be subject to Customer’s audit rights set forth in Article 14 (Audits) of the MSA.

12. OTHER COUNTRIES

The following terms in this Section 12 (Other Countries) apply only to Affected Employees in jurisdictions outside of the United States where the Transfer Legislation (defined below) applies, excluding India:

TRANSFER OF UNDERTAKING (TUPE)


(A)	No Transfer of Personnel


(1)	It is not intended that the contract of employment of any person (or any liability relating thereto) will transfer pursuant to the Transfer Legislation either on:


(a)	the commencement of any Services under a SOW, or


(b)	the cessation of all or part of any Services under a SOW,

Irrespective of whether Customer or a New Provider (as defined in Schedule 4 (Termination Assistance)) takes over all or part of such Services (or services similar to them) upon termination. “Transfer Legislation” means the Transfer of Undertakings (Protection of Employment) Regulations 2006, European Communities (Protection of Employees on Transfer of Undertakings Regulations 2003, the EU Acquired Rights Directive, or similar Law anywhere in the world which provides for the automatic transfer of workers in connection with the transfer of a business or change in service provider.


(B)	If the Transfer Legislation is deemed or held to apply in connection with the commencement of Services contemplated by a SOW (or part thereof):


(1)	Provider acknowledges that it will be liable for all liabilities resulting from the application of the Transfer Legislation;


(2)	Provider acknowledges that Customer has made no representation regarding the application of the Transfer Legislation and that Customer has not provided any warranty or indemnity of any nature regarding the application of the Transfer Legislation or otherwise;

MA-IB-00136-2018

Schedule 8
11

Confidential treatment requested by Juniper Networks, Inc.


(3)	Provider will comply with its statutory obligations under the Transfer Legislation; and

(4)

Provider will indemnify Customer Group from and against any and all Losses, including all Employment Liabilities resulting from, arising out of or relating to, any and all Claims arising out of the application of the Transfer Legislation. “Employment Liabilities” means all liabilities, compensation, awards, penalties, costs (including the cost of wages, salaries and other remuneration or benefits (including penalties and interest), social insurance, contributions, universal social charges, heath contributions, levies, losses, claims, demands, actions, fines, damages, and reasonable expenses (including reasonable legal costs), or other payments however arising which are connected with or arising from contract or all and any Laws, including directives, statutes, secondary legislation, orders, codes of practice and common law, whether of the European Community, the Republic of Ireland, the United Kingdom or any other jurisdiction, relating to or connected with the employment of employees or the engagement of other workers, including in each case their health and safety at work.


(C)	Where the Transfer Legislation applies in connection with the assignment, novation, suspension, expiration or termination of the Services contemplated by a SOW (or part thereof) then:


(1)	Provider will indemnify Customer Group from and against any and all Losses, including all Employment Liabilities resulting from, arising out of or relating to, any and all Claims arising out of:


(a)	any claim in connection with the termination of the employment of any of the Transferring Personnel by the Provider prior to the date of transfer of employment of the Transferring Personnel to Customer or any New Provider (as defined in Schedule 4 (Termination Assistance) (as the case may be);


(b)	any claim by any of the Transferring Personnel related to the period during which they were employed by the Provider up to and including the date of transfer of their employment to Customer or any New Provider (as the case may be); and/or


(c)	any failure by Provider to comply with its obligations under the Transfer Legislation.

“Transferring Personnel” means those employees of Provider whose employment is deemed to transfer under the Transfer Legislation to Customer or any New Provider.

(D)

Stand-Still Period. “Stand-Still Period” means (1) where any notice is given terminating this Agreement and/or a SOW prior to the date on which it would otherwise expire, the period commencing on the date of such notice and ending on the date on which this Agreement or the SOW expires pursuant to the terms of such notice or such later date on which Provider ceases to provide the Services; or (2) where no such notice has been given, the date which falls three months before the date on

MA-IB-00136-2018

Schedule 8
12

Confidential treatment requested by Juniper Networks, Inc.

which this Agreement or the SOW would ordinarily expire. Provider agrees that during the Stand-Still Period it will:


(1)	not materially initiate or make any changes in the composition or identities of the personnel engaged in providing the Services without the prior written consent of Customer except where Provider is required to do so by applicable Law;


(2)	not materially amend or vary (or promise to amend or vary) the terms and conditions of employment (including for the avoidance of doubt, pay) of the personnel engaged in providing the Services without the prior written consent of Customer except where Provider is required to do so by applicable Law; and/or


(3)	make no commitments to personnel engaged in providing the Services whether under its information and consultation obligations under the Transfer Legislation or otherwise without Customer’s prior written consent.

MA-IB-00136-2018

Schedule 8
13

Confidential treatment requested by Juniper Networks, Inc.

EXHIBIT A

AFFECTED EMPLOYEES

[To be determined]

MA-IB-00136-2018

Schedule 8
14

Confidential treatment requested by Juniper Networks, Inc.

EXHIBIT B

TEMPLATE OFFER

[To be determined]

MA-IB-00136-2018

Schedule 8
15

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 9

INFORMATION AND SYSTEM SECURITY REQUIREMENTS

1. PURPOSE

1.1

This Information and System Security Requirements schedule sets forth the minimum requirements (“Security Requirements Schedule”) for Provider with respect to the Services provided for by Provider in this Agreement, and is incorporated in, and subject to, the Master Services Agreement, dated December 31, 2018 (the “Agreement”). These Security Requirements (“Requirements”) supplement Provider’s obligations under the Agreement and in no way reduces or limits Provider’s obligations under the Agreement.


1.2	Unless otherwise noted, terms used are defined in the Definitions section of the Master Services Agreement.

1.3

These Requirements are intended to protect the confidentiality of all Customer Confidential Information and Customer Data accessed, processed or transmitted (or otherwise available for same) by Provider, and the integrity and reliability of all Customer Systems, accessed, maintained, or managed by Provider and for which Provider has responsibility under the applicable Statement of Work, and for Provider Systems used to provide Services pursuant to the Agreement.

2. SCOPE


2.1	These Requirements shall govern the protection of Customer Confidential Information, Customer Data, and Systems (to the extent applicable) including, but not limited to:


(A)	Access to, and use of, Customer Confidential Information, Customer Data, and Systems;


(B)	Return and disposal of Customer Confidential Information and Customer Data;


(C)	Access to, maintenance, use, and return or disposal of Information Systems used to support the provision of Services; and


(D)	Access to, maintenance, and use of Information Systems or any off premises extensions of those systems and assets.


2.2	Provider agrees to comply with these Requirements at each Service Location (including, e.g., hosting, data center, or co-location facility of provider) used in the performance of the Services


2.3	Provider is responsible for ensuring that all subcontractors and vendors of Provider, and other Provider Agents comply with these Requirements to the extent applicable to providing services and products associated with the performance of this Agreement.

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.

3. STANDARD


3.1	The security measures described in this document apply without prejudice to any other specific statutory requirements for technical and organizational measures that may be applicable.

3.2

Provider shall ensure that all Systems, applications, processes, and personnel, comply with current Customer Information Security Policies at the time of execution of this Agreement. Customer may, from time to time, amend its Information Security Policies; if such amendments result in changes to the security requirements and controls to Systems, such changes shall be implemented through the Change Control Procedures; upon notice of such Change, Provider and Customer will agree on the timeframe for compliance with amended Customer Information Security Polices.


3.3	The Requirements described in this Information and Systems Security Requirements Schedule are based on and consistent with the security program and controls found in NIST SP 800-53 Rev. 4. Such Requirements are required to the extent applicable to the Systems, personnel, and services, and other activity used to perform the Services under the Agreement.

4. SECURITY REQUIREMENTS

4.1

Provider shall develop, implement, maintain, and monitor a comprehensive, written information security program that contains administrative, technical and physical safeguards to protect against anticipated threats or hazards to the security, confidentiality, integrity and availability of Customer Confidential Information and Customer Data, and Systems with measures that meet or exceed prevailing industry standards, as well as mandatory security requirements under Provider Laws, and other applicable laws as specified by Customer. Provider shall further ensure that its information security program covers all networks, systems, servers, computers, notebooks, laptops, PDAs, mobile phones, and other devices that process or handle Customer Confidential Information and Customer Data or allow access to Customer Systems.

During Transition, Provider shall prepare a draft Customer Security Document based on these Requirements which will describe such comprehensive information security program (“Customer Security Document” or “CSD”) taking into account the scope of Services being performed by Provider under the applicable SOW and describing the respective responsibilities of Provider and Customer. Provider shall review such draft CSD with Customer and taking into account Customer’s input, the Parties will work together to finalize and agreed upon the final Customer Security Document. Customer will provide such assistance, cooperation, information and input required to complete the CSD as reasonably requested by Provider. The CSD will be updated periodically during the term of the applicable SOW.4.2

Provider shall maintain written policies and procedures to implement and enforce the following controls, security safeguards and related activities and procedures provided however that with respect to Customer Systems for which Provider has responsibility under an applicable Statement of Work, Provider shall continue to implement and enforce such existing controls, security safeguards and related activities and procedures as Customer has implemented and is enforcing as of the Effective Date (“Existing Customer Security Controls”) unless otherwise provided in the Customer Security Document:

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(A)	Access Control


(1)	Account Management Policy: Maintain written access control policies and procedures that –


(a)	Define and document the types of system accounts allowed for each system required for the business function;


(b)	Assign account managers for system accounts;


(c)	Authorize access to the system based on


(i)	A valid access authorization;


(ii)	Intended system usage; and


(iii)	On a need-to-know basis as required by the organization or based on the users’ business functions;

(d)

Establish conditions for group and role membership; determine access authorizations (i.e., privileges) and other attributes (as required) for each account; require approvals for requests to create system accounts; establish criteria for creating, enabling, modifying, disabling accounts, particularly when users are terminated or transferred, or when individual system usage or need-to-know changes for an individual; and


(e)	Monitor the use of system accounts.


(2)	Access Enforcement: Enforce approved authorizations for access to information and system resources in accordance with applicable access control policies.


(3)	Principle of Least Privilege: Allow only authorized accesses for users which are necessary to accomplish assigned tasks in accordance with business functions.


(4)	Unsuccessful Login Attempts: Enforce a limit on the consecutive number of invalid logon attempts by a user, and automatically locks the account when the maximum number of unsuccessful attempts is exceeded.


(5)	System Use Notification: Display a banner to users before granting access to the system that provides privacy and security notices consistent with applicable laws.


(6)	Remote Access: Establish and document usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed; authorize remote access to the system prior to allowing such connections; and implement cryptographic mechanisms to protect the confidentiality and integrity of remote access sessions.

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(7)	Wireless Access: Establish usage restrictions, configuration/connection requirements, and implementation guidance for wireless access; and authorize wireless access to the system prior to allowing such connections.


(8)	Access Control for Mobile Devices: Establish usage restrictions, configuration requirements, connection requirements, and implementation guidance for managed mobile devices; and authorize the connection of mobile devices to systems.


(B)	Awareness and Training


(1)	Provide annual security and privacy awareness training to system users (including managers, senior executives, and contractors), including


(a)	Onboarding and initial training for new system users;


(b)	Specific role-based system security and privacy training, as appropriate;


(c)	Notifying personnel of changes to security and privacy policies and procedures;


(d)	Retaining individual training records.


(2)	Publicly Accessible Content: Designate individuals authorized to post information onto a publicly accessible system; train authorized individuals to ensure that publicly accessible information does not contain nonpublic information; and review the content on the publicly accessible system for nonpublic information and remove such information, if discovered.


(C)	Application Software Security

For all software and applications developed in-house or procured from third party developers ensure software is developed and tested secure software development lifecycle practices pursuant to a documented development processes that explicitly addresses security requirements and identifies the standards and tools used in the development process.


(D)	Audit and Accountability

(1)

Specify Audit Events: Verify that the systems can audit specified events and logs are enabled and/or available for such events; coordinate the security audit function with other organizational entities requiring audit-related information to guide the selection of auditable event types; and assess the auditable events to ensure adequacy of audits for response and investigation of security and privacy incidents.


(2)	Content of Audit Records: For those events and systems for which audit capabilities are specified ensure that the system generates audit records containing information that establishes what type of event occurred, when the event occurred (through time stamps based on internal system clocks set to consistent time zone standards), where the event

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.

occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.


(3)	Audit Storage and Retention:


(a)	Retain audit records for specified periods of time including to provide support investigations of security and privacy incidents and to meet regulatory and organizational information retention requirements.


(b)	Protect audit information and audit tools from unauthorized access, modification, and deletion.


(4)	Response to Audit Processing Failures: Establish processes to alert security personnel in the event of an audit processing failure and for responding to such failures.


(5)	Audit Review, Analysis, and Reporting: Periodically review and analyze system audit records for indications of suspicious or inappropriate activity, and adjust the level of audit review, analysis, and reporting for systems when there is a change in risk based on law enforcement information, intelligence information, or other credible sources of information.


(E)	Assessment, Authorization, and Monitoring


(1)	Assessments: Assess the security and privacy controls of identified systems and their environments of operation on an annual basis to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting established security and privacy requirements.


(2)	Plan: Develop a security and privacy assessment plan that describes the scope of the assessment including:


(a)	Security and privacy controls and control enhancements under assessment;


(b)	Assessment procedures to be used to determine control effectiveness;


(c)	Assessment environment, assessment team, and assessment roles and responsibilities; and


(d)	Ensure the assessment plan is reviewed and approved by the authorizing official or designated representative prior to conducting the assessment;

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(3)	System Interconnections: Authorize connections from the system to other systems using interconnection agreements and document, for each interconnection, the interface characteristics, security and privacy requirements, and the nature of the information communicated.

(4)

Plan of Action and Milestones: Develop a plan of action and milestones for systems to document the planned remedial actions of the organization to correct weaknesses or deficiencies noted during the assessment of the controls and to reduce or eliminate known vulnerabilities in the system; and updating existing plans based on findings from control assessments, impact analyses, and continuous monitoring activities.


(5)	Authorization: Assign a manager as the authorizing manager for the system and for any common controls inherited by the system; ensure that the authorizing manager, before commencing operations: (1) authorizes the system for processing; and (2) authorizes the common controls inherited by the system; and ensure regular updates to authorizations.


(6)	Continuous Monitoring: Develop a security and privacy continuous monitoring strategy and implement security and privacy continuous monitoring programs in accordance with specified metrics and for ongoing assessment of security and privacy control effectiveness.


(7)	Internal System Connections: Authorize internal connections to systems used to support Customer Services, and document, for each internal connection, the interface characteristics, security and privacy requirements, and the nature of the information communicated.


(F)	Configuration Management


(1)	Baseline Configuration: Develop, document, and maintain under configuration control, a current baseline configuration of the system; and review and update the baseline configuration of the system when system components are installed or upgraded.


(2)	Configuration Change Control:


(a)	Determine the types of changes to the system that are configuration-controlled;


(b)	Review proposed configuration-controlled changes to the system and approve or disapprove such changes with explicit consideration for security impact analyses;


(c)	Document configuration change decisions associated with the system;

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(d)	Implement approved configuration-controlled changes to the system;


(e)	Retain records of configuration-controlled changes to the system; and


(f)	Monitor and review activities associated with configuration-controlled changes to the system.


(3)	Access Restrictions for Change: Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.

(4)

Configuration Settings: Establish and document configuration settings for components employed within the system that reflect the most restrictive mode consistent with operational requirements; implement the configuration settings; identify, document, and approve any deviations from established configuration settings; and monitor and control changes to the configuration settings in accordance with organizational policies and procedures.


(5)	Least Functionality: Configure systems to provide only essential capabilities, and prohibit or restrict the use of specific functions, ports, protocols, and/or services.


(6)	System Component Inventory: Develop and document an inventory of system components.

(7)

Software Usage Restrictions: Use software and associated documentation in accordance with contract agreements and copyright laws; track the use of software and associated documentation protected by quantity licenses to control copying and distribution; and control and document the use of peer-to-peer file sharing technology to ensure that this capability is not used for the unauthorized distribution, display, performance, or reproduction of copyrighted work.


(8)	User Installed Software: Maintain policies governing the installation of software by users and restrict unauthorized software installation; monitor and enforce policy compliance.


(G)	Business Continuity and Contingency Planning


(1)	Contingency Plan: Develop a contingency plan for the system that --


(a)	Identifies essential missions and business functions and associated contingency requirements;


(b)	Provides recovery objectives, restoration priorities, and metrics;


(c)	Addresses contingency roles, responsibilities, assigned individuals with contact information;

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(d)	Addresses maintaining essential missions and business functions despite a system disruption, compromise, or failure;


(e)	Addresses eventual, full system restoration without deterioration of the security and privacy controls originally planned and implemented;


(f)	Is reviewed and approved by appropriate senior management personnel in key business functions;


(g)	Distributes copies of the contingency plan and communicates changes to the plan to key contingency plan personnel and business functions;


(h)	Coordinates contingency planning activities with incident handling activities;


(i)	Review and update the contingency plan to address changes to the organization, system, or environment of operation and problems encountered during contingency plan implementation, execution, or testing;


(j)	Protects the contingency plan from unauthorized disclosure and modification.


(2)	Contingency Training: Provide contingency training to system users consistent with assigned roles and responsibilities.


(3)	Contingency Plan Testing: Test the contingency plan to determine the effectiveness of the plan and the organizational readiness to execute the plan; review the contingency plan test results; and initiate corrective actions, if needed.


(4)	System Backup: Conduct backups of user-level information contained in systems; conduct backups of system-level information contained in the system; conduct backups of system documentation including security-related documentation; and protect the confidentiality, integrity, and availability of backup information at storage locations.


(5)	System Recovery and Reconstitution: Provide for the recovery and reconstitution of the system to a known state after a disruption, compromise, or failure within defined time periods consistent with recovery time and recovery point objectives.


(H)	Identification and Authentication


(1)	Identification and Authentication Policy: Maintain written identification and authentication policies and procedures to facilitate the implementation of identification and authentication controls:

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(a)	Uniquely identify and authenticate organizational users or processes acting on behalf of organizational users.


(b)	Uniquely identify and authenticate devices before establishing a network connection.


(c)	Manage system identifiers by receiving authorization from management to assign an individual, group, role, or device identifier; selecting an identifier that identifies an individual, group, role, or device; assigning the identifier to the intended individual, group, role, or device; and preventing reuse of identifiers for a defined period of time.


(d)	Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.


(2)	Strong Authentication:


(a)	To the extent implemented under Existing Customer Security Controls, multi-factor authentication (“MFA”) shall be used to restrict access to Customer Confidential Information, Customer Data, and Customer Systems.

(b)

Where MFA is not an Existing Customer Security Control, Provider shall use authentication mechanisms and authentication methodologies described in the CSD, or if not described in the CSD, shall maintain the mechanism and methodologies in place for Customer Systems as of the Effective Date, subject to the Change Control Procedures if Customer subsequently requests a different mechanism or methodology.


(c)	Provider shall use strong authentication mechanisms and authentication methodologies that meet or exceed prevailing industry standards for similar systems as well as mandatory security requirements under applicable Provider Laws to restrict access to Provider Systems used to collect, store, or otherwise process Customer Confidential Information and Customer Data.


(I)	Incident Response


(1)	Incident Response Planning: Maintain a written incident response plan and policies that


(a)	Implement an incident handling capability for all and privacy incidents that includes preparation, detection and analysis, containment, eradication, and recovery;

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(b)	Clearly designates responsibilities for incident response and maintenance of the incident response plan;


(c)	Provides the organization with a roadmap for implementing its incident response capability;


(d)	Describes the structure and organization of the incident response capability, and roles and responsibilities;


(e)	Identifies reportable incidents within scope of the incident response plan;


(f)	Is reviewed and approved by executive management;


(g)	Is updated to address system and organizational changes or problems encountered during plan implementation, execution, or testing;


(h)	Coordinates incident handling activities with contingency planning activities;


(i)	Incorporate lessons learned from ongoing incident handling activities into incident response procedures, training, and testing, and implement the resulting changes accordingly;


(j)	Test incident response capabilities and effectiveness;


(k)	Provide incident response training and awareness across the organization, as appropriate;


(l)	Track and document system security and privacy incidents; and


(m)	Require personnel to report suspected security, privacy and product incidents to clearly identified organizational incident response teams through defined channels.


(J)	Maintenance

With respect to Provider Systems, maintain written maintenance policies and procedures to facilitate the implementation of system maintenance controls:


(1)	Schedule, document, and review records of maintenance, repair, or replacement on system components in accordance with manufacturer or vendor specifications and/or organizational requirements;


(2)	Approve and monitor all maintenance activities, whether performed on site or remotely and whether the system or system components are serviced on site or removed to another location;

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(3)	Require explicit approval for the removal of the system or system components from organizational facilities for off-site maintenance, repair, or replacement;


(4)	Sanitize equipment to remove all information from associated media prior to removal from organizational facilities for off-site maintenance, repair, or replacement;


(5)	Check all potentially impacted security and privacy controls to verify that the controls are still functioning properly following maintenance, repair, or replacement actions;


(6)	Maintain maintenance records.


(K)	Media, End User Devices, Encryption, and Information Transmission

(1)

Customer Confidential Information and Customer Data shall not be stored or transmitted on non-managed external devices, removable media, remote and mobile devices, including but not limited to flash/USB/thumb drives, CDs, DVDs, external hard drives and smart phones, laptops, and tablets by Provider, and Provider will prohibit or disable the use of such non-managed external and removable media and devices to the extent such restrictions are implement under Existing Customer Security Controls, and monitor their use.


(2)	Personally Identifiable Information provided or accessed as part of Provider's Services, Controlled Unclassified Information and other information as specifically labelled to exclude such storage shall not be stored in any email systems.


(3)	Cryptographic Protection, and Key Management with respect to Customer Systems: If and to the extent encryption is implemented under Existing Customer Security Controls,


(a)	Encrypt the transfer of Customer Confidential Information and Customer Data, including backups, over external networks.


(b)	Encrypt Customer Confidential Information and Customer Data when transferred via physical media.


(c)	Encrypt Customer Confidential Information and Customer Data, including backups, at rest.


(d)	Full-disk encryption must be implemented for all laptops, desktops and removable media.


(e)	Authentication credentials must be protected by encryption during transmission.


(4)	Cryptographic Protection and Key Management with Respect to Provider Systems:

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(a)	Encrypt the transfer of Customer Confidential Information and Customer Data, including backups, over external networks.


(b)	Encrypt Customer Confidential Information and Customer Data when transferred via physical media.


(c)	Encrypt Customer Confidential Information and Customer Data, including backups, at rest.


(d)	Full-disk encryption must be implemented for all laptops, desktops and removable media.


(e)	Authentication credentials must be protected by encryption during transmission.


(5)	Collaborative Computing Devices and Applications: Provider will prohibit remote activation of collaborative computing devices and applications unless otherwise excepted, and provide an explicit indication of use to users physically present at the devices.


(6)	Provider will transfer Confidential Information and Customer Data only in accordance with and by means of specified sharing platforms and practices, including encryption protocols, as directed by Customer and to the extent implemented under Existing Customer Security Controls.


(7)	Provider will maintain written media protection policies and procedures to facilitate the implementation of media protection controls:


(a)	Restrict access to and secure digital and system media to personnel based on defined roles.


(b)	Sanitize digital media prior to disposal, release out of organizational control, or release for reuse using, and employ sanitization mechanisms with the strength and integrity commensurate with the security category or classification of the information.


(L)	Physical and Environmental Protection

(1)

Physical Access Authorizations: Develop, approve, and maintain a list of individuals with authorized access to Provider Service Locations and Juniper facilities where Provider controls access to such facilities; issue authorization credentials for such access; review the access list detailing authorized facility access by individuals; remove individuals from the facility access list when access is no longer required.


(2)	Physical Access Control: Enforce physical access authorizations by verifying individual access authorizations before granting access to the facility; controlling ingress and egress to the facility using access control systems; maintain and review physical access audit logs

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.

and visitor access records; escort visitors and monitor visitor activity; and secure, inventory, and change physical access keys/badges when such keys/badges are lost, compromised, or individuals are terminated or transferred.


(a)	Monitor Physical Access: Monitor physical access to facilities through video camera and monitoring to detect and respond to physical security incidents.


(b)	Physical Environmental Controls:


(i)	Protect power equipment and power cabling for the system from damage and destruction.


(ii)	Provide the capability of shutting off power to the system or individual system components in emergency situations and protect emergency power shutoff capability from unauthorized activation.


(iii)	Provide a short-term uninterruptible power supply in the event of a primary power source loss.


(iv)	Employ and maintain automatic emergency lighting for the system that activates in the event of a power outage or disruption and that covers emergency exits and evacuation routes within the facility.


(v)	Employ and maintain fire suppression and detection devices/systems for the system that are supported by an independent energy source.


(vi)	Maintain and monitor temperature and humidity levels within the facility where systems reside.


(vii)	Protect systems from damage resulting from water leakage by providing master shutoff or isolation valves that are accessible, working properly, and known to key personnel.


(viii)	Authorize, monitor, and control deliveries entering and exiting the facility.


(M)	Personnel Security


(1)	Establish screening criteria based on risk for individuals filling positions, and screen individuals prior to authorizing access to specified systems;

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(2)	Develop and document access agreements for organizational systems, and verify that individuals requiring access to organizational information and systems: (1) Sign appropriate access agreements prior to being granted access; and (2) Re-sign access agreements to maintain access to organizational systems when access agreements have been updated.

(3)

Establish termination procedures that include disabling system access to immediately upon termination of employment or change in employment responsibilities or positions; terminate or revoke any authenticators and credentials associated with the individual; conducting exit interviews that include a discussion of obligations with respect to confidentiality and information ownership; retrieve all security-related organizational system-related property and devices.


(4)	Review and confirm ongoing operational need for current logical and physical access authorizations to systems and facilities when individuals are reassigned or transferred to other positions within the organization.

(5)

Establish personnel security requirements including security roles and responsibilities for external providers; require external providers to comply with documented personnel security policies and procedures established by the organization; and require external providers to notify Human Resources immediately of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges, or who have system privilege.


(6)	Employ a formal disciplinary process for individuals failing to comply with established information security policies and procedures.


(N)	Risk Assessment

With respect to Provider Systems:


(1)	Risk Assessment Policy: Maintain written risk assessment policies and procedures to facilitate the implementation of risk assessment controls.


(2)	Security Categorization: Categorize the Provider Systems and information it processes, stores, and transmits; document the security categorization results including supporting rationale, in the security plan for such system; and verify that an authorized manager approves the security categorization decision.


(3)	Risk Assessment: Conduct a risk assessment, including the likelihood and magnitude of harm, from the unauthorized access, use, disclosure, disruption, modification, or destruction of the Provider Systems, the information it processes, stores, or transmits, and any related information; integrate risk assessment results and risk management decisions from the

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.

organization and missions/business process perspectives with system-level risk assessments; and document risk assessment results.

(4)

Vulnerability Scanning and Penetration Testing (Pentest): perform vulnerability scans or pentests on Provider Systems in accordance with documented processes and schedules, and when new vulnerabilities potentially affecting the Provider Systems are identified and reported; assess vulnerability impact; analyze vulnerability scan or pentest reports and results from control assessments; and remediate legitimate vulnerabilities.


(5)	Risk Response: Respond to findings from security and privacy assessments, monitoring, and audits.


(O)	Systems and Services Acquisition and Procurement


(1)	Allocation of Resources: Determine information security and privacy requirements for the Provider Systems in mission and business process planning, and ensure and establish mechanisms to incorporate information and privacy considerations are included in organization programming and budget planning.

(2)

System Development Lifecycle: Manage the Provider Systems incorporating information security and privacy considerations; define and document information security and privacy roles and responsibilities throughout the system development life cycle; and identify individuals having information security and privacy roles and responsibilities; and integrate the organizational information security and privacy risk management process into system development life cycle activities.


(3)	Acquisition Process: Established processes for including security and privacy, and functional requirements, descriptions, and criteria, explicitly or by reference, in the acquisition contract for Provider Systems.


(4)	System Documentation: With respect to Provider Systems,


(a)	Obtain administrator documentation for the system, system component, or system service that describes secure configuration, installation, and operation of the system, component, or service; use and maintenance of security and privacy functions and mechanisms; and known vulnerabilities regarding configuration and use of administrative or privileged functions.

(b)

Obtain user documentation for the system, system component, or system service that describes user-accessible security and privacy functions and mechanisms and how to effectively use those functions and mechanisms; methods for user interaction, which enables individuals to use the system, component, or service in a more secure manner and protect individual privacy; and user responsibilities in maintaining the security of the system, component, or service and privacy of individuals.

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(c)	Document attempts to obtain system, system component, or system service documentation when such documentation is either unavailable or nonexistent, and actions taken in response.


(d)	Protect documentation.


(5)	Supply Chain Risk Management: Establish a plan for managing supply chain risks associated with the development, acquisition, maintenance, and disposal of Provider Systems; implement the supply chain risk management plan consistently across the organization; and review and update the supply chain risk management plan to address development changes.


(6)	Unsupported System Components: Replace system components for Provider Systems when support for the components is no longer available from the developer, vendor, or manufacturer.


(P)	System and Communications Protection with respect to Provider Systems


(1)	Denial of Service Protection: Protect against or limit the effects of known types of denial of service events.


(2)	Boundary Protection: Monitor and control communications at the external boundary of the system and at key internal boundaries within the system; implement subnetworks for publicly accessible system components that are logically separated from internal organizational networks; and connect to external networks or systems only through managed interfaces consisting of boundary protection devices.


(3)	Provider employs current, industry-standard protection tools and techniques, including firewalls, antivirus, network monitoring, and intrusion detection systems: employs blacklisting or whitelisting to block known malicious IP connections; and retains audit records of logs for event analysis.


(4)	Provider agrees to use reasonable best practices to monitor, detect and assess unauthorized access, malicious code, suspicious exfiltration of data, and other anomalous network and system activity in a timely manner.


(5)	Secure Name/Address Resolution


(a)	Provide additional data origin authentication and integrity verification artifacts along with the authoritative name resolution data the system returns in response to external name/address resolution queries;


(b)	Request and perform data origin authentication and data integrity verification on the name/address resolution responses the system receives from authoritative sources.

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.


(Q)	System and Information Integrity with respect to Provider Systems


(1)	System and Information Integrity Policy: Maintain written systems and information integrity policies and procedures to facilitate the implementation of system and information integrity controls.


(2)	Flaw Remediation (Patching): Identify, report, and correct system flaws; test software and firmware updates related to flaw remediation for effectiveness and potential side effects before installation; install security-relevant software and firmware updates promptly upon release of the updates; and incorporate flaw remediation into the organizational configuration management process.

(3)

Malicious Code Protection: Implement malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; automatically update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures; configure malicious code protection mechanisms to perform periodic scans and real-time scans of files from external sources as the files are downloaded, opened, or executed in accordance with organizational policy; and quarantine malicious code in response to malicious code detection.


(4)	System Monitoring: Monitor the system to detect attacks and indicators of potential attacks; unauthorized local, network, and remote connections; and unauthorized use of systems.


(5)	Security Alerts, Advisories, and Directives: Receive system security alerts, advisories, and directives on an ongoing basis, and implement protective measures in response to security alerts and directives.


(R)	Controlled Unclassified Data

To the extent implemented under Existing Customer Security Controls Provider will comply with all security controls described in NIST 800-171 as it applies to all data labeled as Controlled Unclassified Information (CUI) and systems and media, including mobile media, used to store, transmit, transport, or process CUI data.

MA-IB-00136-2018

Schedule 9

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 10

BACKGROUND CHECKS

For purposes of these Background Check Guidelines and Adjudication Guidelines, Provider is referred to as the “Vendor/Supplier” and Customer is referred to as “Juniper” or “Juniper Networks”.

VENDOR/SUPPLIER BACKGROUND CHECK GUIDELINES AND

CERTIFICATION OF BACKGROUND CHECK FOR NON-EMPLOYEES

Guidelines for Background Check

The attached Juniper Networks Adjudication Guidelines are used by Juniper in conducting internal background checks on potential Juniper employee hires. These Adjudication Guidelines are supplied in order to assist the Vendor/Supplier in identifying the factors to be reviewed when considering restrictions on employment, access to Juniper premises and/or access to Juniper’s network. Vendors/Suppliers should use this after conducting background checks on their employees who are based at/on a Juniper facility/project. Vendors/Suppliers are responsible for verifying identity, credentials, and reviewing the relevant factors for any Vendor/Supplier employee or agent who may work on Juniper Networks premises and/or access Juniper’s network. Vendors/Suppliers are responsible for evaluating whether that individual should be permitted to work on Juniper Networks premises and/or access Juniper’s network.

Certification of Background Check

Vendor/Supplier Name (company employing/subcontracting individual): ___________________

Individual’s Full Name: ________________________________________________________

Date the background check was completed: __________________ (report date must be within the last two years).

Name of Company who performed the background check: ____________________________

By completing this form, the Vendor/Supplier certifies it has reviewed the background check results, which comply with applicable state laws for the above-named individual. The Vendor/Supplier certifies that it has considered all factors identified by Juniper in the background adjudication guidelines as restrictions to access to Juniper premises and/or network. The Vendor/Supplier has concluded, based on these considerations, that there is no reason the individual identified above should be excluded from access to Juniper premises or network.

MA-IB-00136-2018

Schedule 10

Confidential treatment requested by Juniper Networks, Inc.

Note: The individual’s HR department or other authorized representative should complete this certification form. The individual cannot certify himself or herself.

CERTIFIED ON BEHALF OF [Insert Vendor/Supplier Name] BY

____________________ _____________________________

Name (Print) Name (Sign)

____________________ _____________________________

Title (Print) Date

MA-IB-00136-2018

Schedule 10

Confidential treatment requested by Juniper Networks, Inc.

JUNIPER NETWORKS ADJUDICATION GUIDELINES

[Attachment to Vendor/Supplier Certification]

The attached Juniper Networks Adjudication Guidelines are provided in order to assist the Vendor/Supplier in identifying the factors that Juniper expects Vendor/Supplier to review for those individuals who will be provided by Vendor/Supplier, and given access to Juniper premises and/or access to Juniper’s network. Vendors/Suppliers should use this after conducting background checks on such individuals to determine whether they are acceptable candidates for providing work to Juniper.



Adjudication Request Status	Explanation
MEETS STANDARDS (RECOMMENDED)	The individual’s background check results do not trigger any of the defined adjudication criteria, allowing the placement process to continue
DOES NOT MEET STANDARDS (NOT RECOMMENDED)	The individual’s background check results have triggered the defined criteria for exclusion from Juniper projects.

Meets Company Standards Classification

If an individual is classified as “Meets Company Standards,” the placement process may proceed with no delay.

Does Not Meet Standards Classification

If an applicant is classified as “Does Not Meet Standards” the Vendor/Supplier should review the nature of the discrepancy, the time elapsed, and the nature of the job for which the applicant is being considered. However, if the Vendor/Supplier has found that the individual’s background check results have triggered the defined criteria for exclusion from Juniper projects, the individual should not be permitted to work on Juniper Networks premises and/or access Juniper’s network. The Vendor/Supplier will assume any risk with placement.

Social Security Number Trace (SSN) and Validation



1	Valid SSN Trace (SSN has been issued by the SSA)	Meets Standards
2	SSN has not been issued (no data), belongs to deceased individual or invalid trace	Does Not Meet Standards

MA-IB-00136-2018

Schedule 10

Confidential treatment requested by Juniper Networks, Inc.

Criminal Records



1	No Record Found or clear record	Meets Standards
2 2a	Traffic or vehicle code violation More than one DUI/DWI within the past three years	Meets Standards (refer to MVR if included) Does Not Meet Standards
3	Misdemeanor convictions; except for the following: crimes involving weapons, violence, theft, robbery, burglary, embezzlement, dishonesty, misappropriation, fraud, or sex crimes	Meets Standards
4	Possession/Conviction of a controlled substance (Conviction for drug related crimes)	Does Not Meet Standards
5	Unresolved, active bench warrant	Does Not Meet Standards
6	Any felony or misdemeanor pending court disposition	Does Not Meet Standards
7	Any felony conviction involving: weapons, violence, theft (includes petty theft), robbery, burglary, larceny, embezzlement, dishonesty, misappropriation, fraud, or forgery, and sex crime	Does Not Meet Standards
8	Any “serious” misdemeanor conviction involving: weapons, violence, theft (includes petty theft), robbery, burglary, larceny, embezzlement, dishonesty, misappropriation, fraud, or forgery, and sex crime	Does Not Meet Standards
9	Three or more misdemeanor convictions (except excluded convictions in Item 6)	Does Not Meet Standards
10	Mob action (AKA gang activity) or Computer crimes	Does Not Meet Standards

MA-IB-00136-2018

Schedule 10

Confidential treatment requested by Juniper Networks, Inc.

Note: Criminal convictions within the past 7 years from date of conviction, release from prison, or end of probation, whichever occurred last (maximum time used to determine status).

Note: Criminal Note: Any Court Records that are a “Possible” match because all information could not be precisely verified; will be adjudicated as to be reviewed by vendor.

Compliance Prohibited Parties [Department of Treasury OFAC Specially Designated Nationals and Blocked Persons list]



1	No data is found	Meets Standards
2	Match is found	Does Not Meet Standards

MA-IB-00136-2018

Schedule 10

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 11

PROVIDER AFFILIATES

[***]

MA-IB-00136-2018

Schedule 11

Confidential treatment requested by Juniper Networks, Inc.

[***]

MA-IB-00136-2018

Schedule 11

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 12

DISASTER RECOVERY AND BUSINESS CONTINUITY REQUIREMENTS

This is Schedule 12 (Disaster Recovery and Business Continuity Requirements) (this “Schedule”), to the MSA by and between Juniper Networks, Inc. and International Business Machines Corporation. Unless otherwise expressly defined in this Schedule, the capitalized terms used in this Schedule have the meaning assigned to them in the MSA.

1. SCOPE

The scope of Provider’s obligations described under this Schedule is limited to the Customer Systems managed by Provider and/or under Provider’s control, and Provider Systems used by Provider or Provider Agents, in the performance or provision of Services as described in the Agreement.

2. MAINTAINING, UPDATING AND IMPLEMENTING PROVIDER PLANS

2.1

In addition to Provider’s performance of any and all disaster recovery and business continuity responsibilities set forth in an SOW, with effect from the Effective Date and maintained for the duration of the Term, Provider will have in place Provider DR Plans, and with respect to all Customer Systems supported by Provider, Provider will maintain the disaster recovery and business continuity plans for such Customer Systems to the extent Customer has disaster recovery and business continuity plans in place for such Customer Systems as of May 1, 2019 (“Customer DR Plans”) and carry out Provider’s responsibilities under such Customer DR Plans if a disaster occurs.


2.2	All Provider DR Plans will, taking into account any and all relevant principles, including those set out below, at a minimum:


(A)	include content and principles no less robust and protective of Customer than Customer’s own business continuity and disaster recovery plans for its applications and/or IT environment so as not to degrade in any manner the Services and/or Customer’s applications and/or IT environment;


(B)	define the disaster against which Provider DR Plans are required, which definition will include, at a minimum, an event that causes material harm, loss or damage to a facility, its people or operations;


(C)	detail the steps that Provider will take, both on an ongoing basis throughout the Term (in anticipation of the possibility of a disaster occurring) and on the occurrence of a disaster, so as to:


(1)	prevent any loss of, destruction to or unavailability of Provider Systems, data (including Customer Data), or Service Locations;


(2)	minimize any disruption to Provider’s performance of its obligations under this Agreement that may be caused by the onset or continuance of a disaster;

MA-IB-00136-2018

Schedule 12

Confidential treatment requested by Juniper Networks, Inc.


(3)	restore the Services and the availability of Provider Systems, data (including Customer Data), or Service Locations which have been affected by a disaster within defined Service Levels where appropriate and describe how, when and where restoration will occur as well as the persons involved in restoring the Services;


(4)	provide a detailed plan with respect to the procedures to be used in order to return the affected Service, Provider System, or other items to their original location after the effects of the disaster have diminished to a satisfactory level as agreed by both Parties; and


(5)	describe how and when Provider will test Provider DR Plans.


2.3	With respect to Customer DR Plans governing each of the Customer Systems within scope of the Agreement,


(A)	Customer confirms such Customer DR Plans will:


(1)	identify essential missions and business functions and associated contingency requirements;


(2)	provide recovery objectives, restoration priorities, and metrics;


(3)	address disaster recovery/contingency roles and responsibilities, and identify assigned individuals with contact information;


(4)	address maintaining essential missions and business functions despite a Customer System disruption, compromise, or failure;


(5)	provide for the recovery and reconstitution of the Customer System to a known state after a disruption, compromise, or failure within defined time periods consistent with recovery time and recovery point objectives; and


(6)	address eventual, full Customer System restoration without deterioration of the security and privacy controls originally planned and implemented.

(B)

If and to the extent described in a Statement of Work, Provider will conduct backups of user-level information contained in Customer Systems; conduct backups of system-level information contained in Customer Systems; conduct backups of system documentation including security-related documentation; and protect the confidentiality, integrity, and availability of backup information at storage locations.

2.4

Provider will review, update and test Provider DR Plans at such intervals as Provider considers appropriate in its reasonable opinion (but will do so at least once annually), taking into account any changes in the way that Provider provides or proposes to provide the Services or the way that Customer receives or proposes to receive the Services, and will throughout the Term update and revise Provider DR Plans as appropriate to take into account any newly identified threats to the provision of the Services or Customer Group’s interests (including where any changes are contemplated to the manner in which Provider provides the Services or in which Provider interacts with Provider Agents, Provider Staff or Customer Agents or the way that Customer

MA-IB-00136-2018

Schedule 12

Confidential treatment requested by Juniper Networks, Inc.

receives the Services). If Customer so requests, Provider will allow Customer’s Authorized Representatives to be present at and/or participate in such testing. Such requirements are without limitation of Customer’s audit rights set forth in Sections 14.1 (Service Audits) and 17.14(B) (Inspection and Audit Rights) of the MSA.

2.5

Provider will comply with and take all steps set out in Provider DR Plans and, with regard to Customer Systems supported by Provider, subject to the following sentence, will comply with and take all steps set out as Provider’s responsibilities under Customer DR Plans as well as those disaster recovery steps set forth in an SOW, including in each case steps that are required to be taken in the absence of and on the occurrence of a disaster. Upon the occurrence of a disaster triggering the implementation of a Customer DR Plan, Provider will notify Customer in writing prior to taking such steps set out in the applicable Customer DR Plan and Provider must obtain Customer’s prior written approval of any restoration of Services pursuant to such Customer DR Plan. Provider will reinstate the Services within the defined recovery time periods, which time periods for Provider Systems at Service Locations will be equal to or less than seventy-two (72) hours (three (3) days) unless otherwise set forth in an SOW or agreed in writing by the Parties and which time periods, if any, for Customer Systems supported by Provider will be as set forth in an SOW unless otherwise agreed in writing by the Parties.

3. CUSTOMER REVIEWS

3.1

The Customer DR Plans under this Agreement will be the most recently dated Customer DR Plans as of May 1, 2019. For any new Service Locations from which Provider will deliver Services, Provider will have an appropriate Provider DR Plan in place prior to the Effective Date relating to such Service Locations. If a Provider DR Plan relates to a location used only for providing services to Customer, the Provider DR Plans for such location (“Dedicated Provider DR Plans”) will also be submitted for approval.


3.2	Provider will take into account any reasonable comments made by any member of Customer Group regarding Dedicated Provider DR Plans, but the Parties acknowledge that Provider ultimately retains control of the content of its DR Plans subject to Section 3.4 hereof and Provider’s adherence to the minimum requirements set forth in this Schedule.

3.3

The obligations of Provider under this Schedule do not affect Provider’s other obligations under this Agreement (including its obligations as part of the Services), except that no obligation of Provider under this Agreement will be suspended under Section 10.2 (Force Majeure) or excused under Section 3.19 (Excuse from Performance) of the main body of this Agreement if Provider would have been able to perform that obligation had it performed its obligations under this Schedule. Notwithstanding Section 3.2, if Provider chooses not to implement any changes to its Provider DR Plans despite comments by members of Customer Group to the effect that changes to its Provider DR Plans may be required, Provider will not be excused under Section 10.2 (Force Majeure) or under Section 3.19 (Excuse from Performance) of the main body of this Agreement or any other provision of this Agreement from any failure to perform any of its obligations under this Agreement by reason of the occurrence or continuation of an event or circumstances, the consequences of which would have been avoided had Provider implemented such changes.

MA-IB-00136-2018

Schedule 12

Confidential treatment requested by Juniper Networks, Inc.


3.4	Customer will have the right to audit all Provider DR Plans. In the event any changes need to be made to a Provider DR Plan, Provider will implement the changes agreed with Customer into the relevant Provider DR Plan, within such timeframes as agreed upon between Customer and Provider in accordance with the applicable Change Control Procedure.

4. FURTHER PROVIDER’S RESPONSIBILITIES


4.1	Provider will ensure that:


(A)	its activities relating to business continuity and disaster recovery form an integral part of the technology selection, elimination and decision-making process of Provider;


(B)	its activities relating to business continuity and disaster recovery are included in the development life cycle of each Provider System and in accordance with the Change Control Procedures for all the Services;


(C)	its activities relating to business continuity and disaster recovery include an adequate assessment of technology related risks in connection with the Services and an assessment of impact by those risks on the overall continuity risk for Customer;


(D)	its activities relating to business continuity and disaster recovery are organized in such a manner as to ensure the functionality of its DR Plans and contain appropriate technology solutions required to support business functions;


(E)	Provider’s DR Plans are documented and contain clear definitions of Provider’s responsibilities for technology continuity, including responsibilities for the ownership of Provider DR Plans, test co-ordination and the initiation and co-ordination of real-life continuity efforts;


(F)	Provider DR Plans are addressed as part of development life cycle of each Provider Service Location;


(G)	Provider DR Plans are regularly maintained in a ready state that accurately reflects changes in Provider Systems’ requirements, procedures, organizational support structures;


(H)	in the event any changes to technology continuity solutions are required in connection with the changes set out under Section 4.1(D) above, Provider’s DR Plans are promptly amended in order to reflect such changes in accordance with the Change Control Procedures;


(I)	Provider DR Plans are tested as part of pre-production testing relating to any and all enhancements and on an annual basis in connection with the Service Locations.

MA-IB-00136-2018

Schedule 12

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 13

IBM COMPETITORS

IBM Competitors are the following companies and their affiliates:


1.	[***]


2.	[***]


3.	[***]


4.	[***]


5.	[***]


6.	[***]


7.	[***]


8.	[***]


9.	[***]


10.	[***]


11.	[***]


12.	[***]


13.	[***]


14.	[***]


15.	[***]


16.	[***]


17.	[***]


18.	[***]


19.	[***]


20.	[***]


21.	[***]


22.	[***]


23.	[***]


24.	[***]


25.	[***]


26.	[***]


27.	[***]


28.	[***]


29.	[***]


30.	[***]


31.	[***]


32.	[***]

In the event other vendors become direct competitors with Provider’s outsourcing business, Provider and Customer may use the Change Control Procedures to update this list to include other similar competitors.

MA-IB-00136-2018

Schedule 13

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 14

DATA PROCESSING AGREEMENT

To the extent the Services involve the Processing of Customer Personal Data (each as defined below) by Provider, this Data Processing Agreement will apply. Part B of this Data Processing Agreement will apply only where, and to the extent that: (i) the Customer Personal Data relates to individuals located in the EEA (as defined below), UK or Switzerland; (ii) Customer (acting as a Controller or Processor (each as defined below)) is established in the EEA, UK or Switzerland; or (iii) Customer (acting as a Processor) is not established in the EEA, UK or Switzerland but has entered into an agreement with the Controller which is subject to EU Data Protection Laws (as defined below).

1. DEFINITIONS


1.1	“Controller” means an entity which, alone or jointly with others, determines the purposes and means of the Processing of personal data.


1.2	“Customer Personal Data” means the “personal data” (meaning information about or relating to an identified or identifiable individual) described in Annex 2 and any other personal data or Personally Identified Information that Provider processes on behalf of Customer in connection with Provider’s provision of the Services.


1.3	“EU Data Protection Laws" means the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council ("GDPR"), any applicable national legislation implementing or supplementing the GDPR, including in each case as amended, replaced or superseded from time to time.


1.4	“European Economic Area” or “EEA” means the Member States of the European Union together with Iceland, Norway, and Liechtenstein.

1.5

“Processing” means any operation or set of operations which is performed on personal data such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, and “process” will be interpreted accordingly.


1.6	“Processor” means an entity which Processes personal data on behalf of a Controller.

1.7

“Standard Contractual Clauses” means the Standard Contractual Clauses (processors) approved by European Commission Decision C(2010)593 set out in Annex 1 to this Data Processing Agreement or any subsequent version thereof released by the European Commission (which will automatically apply), and which includes Annex 2 (Details of the Processing and Transfer) and Annex 3 (Technical and Organisational Measures) to this Data Processing Agreement.


1.8	"Subprocessor" means any Processor engaged by Provider who agrees to receive from Provider Customer Personal Data.


1.9	“Supervisory Authority” has the meaning given in the EU Data Protection Laws.

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.

PART A

2. GENERAL


2.1	If applicable data protection laws and corresponding obligations for Customer or its Affiliates change, Provider will support Customer and its Affiliates and execute additional written agreements as reasonably required by the circumstances, in good faith.

2.2

This Data Processing Agreement and any commercial agreement between Customer and Provider will not create any third-party beneficiary rights for any individual regarding their personal data unless otherwise specified herein. With respect to Customer Personal Data, this Data Processing Agreement will take precedence over any conflicting terms in any other commercial agreements entered into between Customer and Provider.


2.3	This Data Processing Agreement will apply in addition to, not in lieu of, any other terms and conditions agreed with Customer, except as specifically and expressly agreed in writing with explicit reference to this Agreement.

3. SCOPE AND ROLES


3.1	This Data Processing Agreement applies where Customer Personal Data is Processed by Provider. In this context, Provider will act as Processor to Customer who may act either as Controller or Processor with respect to Customer Personal Data.

4. DATA PROCESSING

4.1

Provider may not Process in any manner any Customer Personal Data, except (a) on behalf of Customer, and (b) as directed by authorized personnel of Customer in writing. Without limiting the generality of the foregoing, Provider may not make Customer Personal Data accessible to any subcontractors or relocate Customer Personal Data to new locations, except as set forth in written agreements with, or written instructions from Customer. Customer is not providing Provider with Customer Personal Data for any consideration for any service and any service Provider provides to Customer is not consideration for Customer providing Provider with Customer Personal Data.

5. DATA SECURITY, AUDITS AND BREACH NOTIFICATIONS

5.1

Provider must implement and maintain organizational and technical security safeguards, and at a minimum, Provider must comply with Customer’s Information and System Security Requirements (Schedule 9 of the Agreement), Disaster Recovery and Business Continuity Management requirements (Schedule 12 of the Agreement), and Customer Information Security Policies provided in advance in writing, unless Customer has expressly approved Provider’s own information security policy in writing as an alternative (in which case Provider must comply with the approved version of Provider’s own policy, refrain from making any changes that reduce the level of security, and provide 30 days’ prior written notice to Customer of any significant changes to Provider’s own information security policy). If Provider adheres to SSAE 16 or similar or successor

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.

standards, Provider must comply with Provider’s SSAE 16 or similar or successor standards and provide Customer copies of any audit reports as well as 30 days’ notice of any changes.


5.2	Provider must allow for and contribute to reasonable data security and privacy compliance audits by Customer and/or, at Customer’s request, by an independent third party, to verify compliance with applicable Law, this Data Processing Agreement and any other applicable contractual undertakings to the extent set forth in the Agreement.


5.3	If Provider becomes aware of, or suspects that, a Security Incident has occurred, Provider must notify Customer without undue delay, consult and cooperate with investigations and potentially required notices, and provide any information reasonably requested by Customer.

6. COOPERATION AND ASSISTANCE

6.1

At Customer’s reasonable request, Provider must (a) promptly cooperate with Customer to permit Customer to meet its obligations under applicable data protection and privacy laws including providing Customer with information necessary to demonstrate compliance and Customer Personal Data in a readily useable format within 30 days of Customer’s request, and (b) contractually agree to comply with the California Consumer Privacy Act, as well as similar and other frameworks, if and to the extent such frameworks apply to any Customer Personal Data that Provider comes into contact with in its provision of the Services, with any Change necessitated by such request handled through the Change Control Procedures. Where Provider indicates it is unwilling or unable to comply with the foregoing Customer request as it relates to California Consumer Privacy Act, as well as similar and other frameworks, in such law’s applicable to Customer Personal Data that Provider comes into contact with in its provision of the Services, Customer may terminate the affected Service Tower or SOW under which Provider has access to such Customer Personal Data, subject to a proportionate refund of any prepaid fees, offering Termination Assistance Services as set forth in the Agreement.

PART B

This Part B (comprised of clauses 7 to 12) will apply only to the extent that: (i) Customer Personal Data relates to individuals located in the EEA, UK or Switzerland; (ii) the Customer (acting as Controller or Processor) is established in the EEA, UK or Switzerland; or (iii) the Customer (acting as a Processor) is not established in the EEA, UK or Switzerland but has entered into an agreement with the Controller which is subject to EU Data Protection Laws.

7. TRANSFER OF PERSONAL DATA


7.1	Provider will not permit, allow or otherwise facilitate Subprocessors to Process Customer Personal Data without the Customer’s prior written consent. Customer agrees that Provider may use the following as Subprocessors to Process Customer Personal Data: Provider Affiliates set forth in Schedule 11 (Provider Affiliates).


7.2	In respect of each Subprocessor, Provider will:

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.


(A)	enter into a written agreement with the Subprocessor which imposes equivalent obligations on the Subprocessor with regard to its Processing of Customer Personal Data, as are imposed on Provider under this Data Processing Agreement; and


(B)	at all times remain responsible for compliance with its obligations under this Data Processing Agreement and will be liable to Customer for the acts and omissions of any Subprocessor as if they were Provider’s acts and omissions.

7.3

International Transfers of Customer Personal Data. To the extent that the Processing of Customer Personal Data by Provider takes place in a country or territory outside the EEA, Switzerland or the UK, other than in a country or territory ensuring an adequate level of protection for the rights and freedoms of data subjects in relation to the Processing of personal data as determined by the European Commission, such Processing will be governed by the Standard Contractual Clauses. In the event of a conflict between any terms in the Standard Contractual Clauses, this Data Processing Agreement and the remainder of the Agreement, the Standard Contractual Clauses will prevail.

8. PROVIDER EMPLOYEES AND PERSONNEL


8.1	Provider will treat the Customer Personal Data as confidential, and will ensure that its employees or other personnel have agreed in writing (electronically or in any other manner) to protect the confidentiality and security of Customer Personal Data.

9. DATA SUBJECT RIGHTS

9.1

Where applicable, and taking into account the nature of the Processing, Provider will use reasonable endeavors to assist Customer by implementing technical and organizational measures in accordance with section 5.1 of this Data Processing Agreement insofar as this is possible, for the fulfilment of Customer’s obligation to respond to requests for exercising data subject rights laid down in the EU Data Protection Laws.

10. DATA PROTECTION IMPACT ASSESSMENT AND PRIOR CONSULTATION

10.1

To the extent required under the EU Data Protection Laws, Provider will provide reasonable assistance to the Customer with any data protection impact assessments and with any prior consultations to any Supervisory Authority of Customer, in each case solely in relation to processing of Customer Personal Data and taking into account the nature of the Processing and information available to Provider.

11. TERMINATION


11.1	Deletion of data. Subject to Section 11.2 below, Provider will, at Customer’s election and within [***] days of the date of termination of the Agreement:


(A)	return to, or make available for retrieval by, the Customer, all Customer Personal Data Processed by Provider (and securely delete all other copies of Customer Personal Data Processed by Provider); or

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.


(B)	securely delete the Customer Personal Data Processed by Provider.

11.2

Provider and its Subprocessors may retain Customer Personal Data to the extent required by applicable Laws and only to the extent and for such period as required by applicable Laws and always provided that Provider will ensure the confidentiality of all such Customer Personal Data and will ensure that such Customer Personal Data is only Processed as necessary for the purpose(s) specified in the applicable laws requiring its storage and for no other purpose.

12. GOVERNING LAW


12.1	This Data Processing Agreement will be governed by, and construed in accordance with, the Law of the Member State in which the Controller is established.

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.

ANNEX 1

STANDARD CONTRACTUAL CLAUSES FOR PROCESSORS

For the purposes of this Annex 1, references to “data exporter” and “data importer” will be to Customer and Provider respectively.

Clause 1

Definitions

For the purposes of the Clauses:

(a)

“personal data”, “special categories of data”, “process/processing”, “controller”, “processor”, “data subject” and “supervisory authority” will have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;


(b)	“the data exporter” means the controller or processor who transfers the personal data;


(c)	“the data importer” means the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country's system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC;

(d)

“the sub-processor” means any processor engaged by the data importer or by any other sub-processor of the data importer who agrees to receive from the data importer or from any other sub-processor of the data importer personal data exclusively intended for processing activities to be carried out on behalf of the data exporter after the transfer in accordance with his instructions, the terms of the Clauses and the terms of the written subcontract;


(e)	“the applicable data protection law” means the legislation protecting the fundamental rights and freedoms of individuals and, in particular, their right to privacy with respect to the processing of personal data applicable to a data controller in the Member State in which the data exporter is established;


(f)	“technical and organisational security measures” means those measures aimed at protecting personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Clause 2

Details of the transfer

The details of the transfer and in particular the special categories of personal data where applicable are specified in Annex 2 which forms an integral part of the Clauses.

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.

Clause 3

Third-party beneficiary clause


1.	The data subject can enforce against the data exporter this Clause, Clause 4(b) to (i), Clause 5(a) to (e), and (g) to (j), Clause 6(1) and (2), Clause 7, Clause 8(2), and Clauses 9 to 12 as third-party beneficiary.

The data subject can enforce against the data importer this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where the data exporter has factually disappeared or has ceased to exist in law unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law, as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity.

The data subject can enforce against the sub-processor this Clause, Clause 5(a) to (e) and (g), Clause 6, Clause 7, Clause 8(2), and Clauses 9 to 12, in cases where both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, unless any successor entity has assumed the entire legal obligations of the data exporter by contract or by operation of law as a result of which it takes on the rights and obligations of the data exporter, in which case the data subject can enforce them against such entity. Such third-party liability of the sub-processor will be limited to its own processing operations under the Clauses.


4.	The parties do not object to a data subject being represented by an association or other body if the data subject so expressly wishes and if permitted by national law.

Clause 4

Obligations of the data exporter

The data exporter agrees and warrants:


(a)	that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State;


(b)	that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses;


(c)	that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Annex 3 to this contract;

(d)

that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation;


(e)	that it will ensure compliance with the security measures;

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.


(f)	that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC;


(g)	to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;


(h)	to make available to the data subjects upon request a copy of the Clauses, with the exception of Annex 3, and a summary description of the security measures, as well as a copy of any contract for subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information;


(i)	that, in the event of subprocessing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and


(j)	that it will ensure compliance with Clause 4(a) to (i).

Clause 5

Obligations of the data importer

The data importer agrees and warrants:


(a)	to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;

(b)

that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract;


(c)	that it has implemented the technical and organisational security measures specified in Annex 3 before processing the personal data transferred;


(d)	that it will promptly notify the data exporter about:


(i)	any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation,


(ii)	any accidental or unauthorised access, and


(iii)	any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so;

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.


(e)	to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred;

(f)

at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which will be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority;

(g)

to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Annex 3 which will be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter;


(h)	that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent;


(i)	that the processing services by the sub-processor will be carried out in accordance with Clause 11;


(j)	to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.

Clause 6

Liability


1.	The parties agree that any data subject, who has suffered damage as a result of any breach of the obligations referred to in Clause 3 or in Clause 11 by any party or sub-processor is entitled to receive compensation from the data exporter for the damage suffered.

If a data subject is not able to bring a claim for compensation in accordance with paragraph 1 against the data exporter, arising out of a breach by the data importer or his sub-processor of any of their obligations referred to in Clause 3 or in Clause 11, because the data exporter has factually disappeared or ceased to exist in law or has become insolvent, the data importer agrees that the data subject may issue a claim against the data importer as if it were the data exporter, unless any successor entity has assumed the entire legal obligations of the data exporter by contract of by operation of law, in which case the data subject can enforce its rights against such entity.

The data importer may not rely on a breach by a sub-processor of its obligations in order to avoid its own liabilities.

If a data subject is not able to bring a claim against the data exporter or the data importer referred to in paragraphs 1 and 2, arising out of a breach by the sub-processor of any of their obligations referred to in Clause 3 or in Clause 11 because both the data exporter and the data importer have factually disappeared or ceased to exist in law or have become insolvent, the sub-processor agrees that the data subject may issue a claim against the data sub-processor with regard to its own processing operations under the Clauses as if it were the data exporter or the data importer, unless any successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law, in which case the data subject can enforce its rights against such entity. The liability of the sub-processor will be limited to its own processing operations under the Clauses.

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.

Clause 7

Mediation and jurisdiction


1.	The data importer agrees that if the data subject invokes against it third-party beneficiary rights and/or claims compensation for damages under the Clauses, the data importer will accept the decision of the data subject:


(a)	to refer the dispute to mediation, by an independent person or, where applicable, by the supervisory authority;


(b)	to refer the dispute to the courts in the Member State in which the data exporter is established.


2.	The parties agree that the choice made by the data subject will not prejudice its substantive or procedural rights to seek remedies in accordance with other provisions of national or international law.

Clause 8

Cooperation with supervisory authorities


1.	The data exporter agrees to deposit a copy of this contract with the supervisory authority if it so requests or if such deposit is required under the applicable data protection law.


2.	The parties agree that the supervisory authority has the right to conduct an audit of the data importer, and of any sub-processor, which has the same scope and is subject to the same conditions as would apply to an audit of the data exporter under the applicable data protection law.


3.	The data importer will promptly inform the data exporter about the existence of legislation applicable to it or any sub-processor preventing the conduct of an audit of the data importer, or any sub-processor, pursuant to paragraph 2. In such a case the data exporter will be entitled to take the measures foreseen in Clause 5 (b).

Clause 9

Governing Law

The Clauses will be governed by the law of the Member State in which the data exporter is established.

Clause 10

Variation of the contract

The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.

Clause 11

Subprocessing

The data importer will not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it will do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer will remain fully liable to the data exporter for the performance of the sub-processor's obligations under such agreement.

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.

The prior written contract between the data importer and the sub-processor will also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor will be limited to its own processing operations under the Clauses.


3.	The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 will be governed by the law of the Member State in which the data exporter is established.


4.	The data exporter will keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which will be updated at least once a year. The list will be available to the data exporter's data protection supervisory authority.

Clause 12

Obligation after the termination of personal data processing services

The parties agree that on the termination of the provision of data processing services, the data importer and the sub-processor will, at the choice of the data exporter, return all the personal data transferred and the copies thereof to the data exporter or will destroy all the personal data and certify to the data exporter that it has done so, unless legislation imposed upon the data importer prevents it from returning or destroying all or part of the personal data transferred. In that case, the data importer warrants that it will guarantee the confidentiality of the personal data transferred and will not actively process the personal data transferred anymore.


2.	The data importer and the sub-processor warrant that upon request of the data exporter and/or of the supervisory authority, it will submit its data processing facilities for an audit of the measures referred to in paragraph 1.

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.

ANNEX 2

DETAILS OF THE PROCESSING AND TRANSFER OF CUSTOMER PERSONAL DATA

Data Exporter

Customer (The Customer Group)

Data Importer

Provider (International Business Machines, Corp.)

Data subjects

The personal data transferred concern the following categories of data subjects (please specify): [***]

Categories of data

[***]

Special categories of data (if appropriate)

[***]

Processing operations

The personal data transferred will be subject to the following basic processing activities: [***]

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.

ANNEX 3

TECHNICAL AND ORGANISATIONAL SECURITY MEASURES

The measures set forth Schedule 9 (Information and System Security Requirements) will govern.

MA-IB-00136-2018

Schedule 14

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 15

CUSTOMER COMPETITORS

Customer Competitors include the following companies and their affiliates:


1.	[***]


2.	[***]


3.	[***]


4.	[***]


5.	[***]


6.	[***]


7.	[***]


8.	[***]


9.	[***]


10.	[***]


11.	[***]


12.	[***]


13.	[***]


14.	[***]


15.	[***]


16.	[***]


17.	[***]


18.	[***]


19.	[***]


20.	[***]


21.	[***]


22.	[***]


23.	[***]


24.	[***]


25.	[***]

In the event other companies become direct competitors with Customer’s business, Provider and Customer may use the Change Control Procedures to update this list to include other similar competitors.

MA-IB-00136-2018

Schedule 15

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 16

CUSTOMER CODE OF CONDUCT

For purposes of this Customer Code of Conduct, Provider is referred to as a “Juniper business partner” or “business partner” and Customer is referred to as “Juniper” or “Juniper Networks”.

Juniper Networks’ identity and success is built on a foundation of integrity, honesty, and ethical conduct. This foundation depends on our alignment on these values with business partners who share a strong commitment to ethical business practices.

This Business Partner Code of Conduct (the “Code”) articulates a shared vision and set of expectations for Juniper and our business partners. By this Code, Juniper expresses its support for the Code of Conduct established by the Electronic Industry Citizenship Coalition (EICC) and the Ten Principles of the United Nations Global Compact.

Applicability

The Code applies to all Juniper business partners including, but not limited to, distributors, resellers, service providers or other vendors, or service, alliance, or education partners. It is applicable to the partner entity and their personnel in all activities related to Juniper’s business relationship globally. The English-language version of this Code will govern.

Relationship of the Parties

Juniper and their business partners are independent contractors and neither party will be considered the agent of the other party for any purpose whatsoever. Nothing in this Business Partner Code of Conduct will be construed as establishing a partnership or joint venture between the parties.

Certification

Where required, each business partner covered by the Business Partner Code of Conduct will have an authorized representative certify that they have read and understood the Code and that the Juniper business partner and its personnel are committed to complying with the principles of these standards.

Integrity and Compliance with Laws

Anti-Bribery Compliance

Juniper is committed to conducting its business free from extortion, bribery, and all unlawful, unethical or fraudulent activity.

Juniper business partners must not, directly or indirectly, make, offer, or authorize the payment of any money, gift, bribe, kickback, or anything of value to any customer, any government official or government employee, any Juniper employee, or any other Person to improperly influence any action or decision.

MA-IB-00136-2018

Schedule 16

Confidential treatment requested by Juniper Networks, Inc.

Juniper business partners will use any Juniper assets or funds paid to or entrusted with them (such as non-standard discount, rebates or MDF) only for the specific purpose authorized or intended.

Juniper business partners must comply with all applicable local and international anti-bribery laws.

Financial Integrity and Accounting

Juniper business partners will keep complete and accurate books and records regarding sales of Juniper products and any and all transactions or other expenditures with respect to any Juniper-related business. Juniper business partners must not engage in false and/or misleading accounting practices, including but not limited to creating “slush funds” or other improper financial practices.

Honest and Accurate Dealings

Juniper business partners must not make any false representations in connection with any Juniper transactions, including, but not limited to, oral misrepresentations of fact, the promotion or utilization of false Documentation such as non-genuine customer purchase orders, fraudulent or forged contracts, or other false or inaccurate records.

Fair Competition

Juniper’s business partners must not:

agree with other partners or companies to coordinate or fix prices,

agree with other companies to boycott suppliers or customers,

agree with other companies to divide or allocate markets or customers, or

propose or enter into an agreement or understanding restricting resale price of Juniper products.

Conflicts of Interest

Juniper business partners must not engage in any activity that may involve an inappropriate conflict or the appearance of a conflict with their contractual responsibilities owed to Juniper. Juniper business partners must not offer or provide excessive gifts, hospitality, or entertainment to any Juniper employee or their family members. Juniper business partners acknowledge that Juniper employees and their family members may not hold any significant economic interest in any entity that does business with Juniper, and Juniper business partners will avoid such relationships with Juniper employees.

Insider Trading and Improper Commercial Advantage

Juniper business partners will ensure that non-public information entrusted to them by Juniper in the course of their relationship with Juniper is not used for the personal benefit of the partner, their employees, or other Persons.

MA-IB-00136-2018

Schedule 16

Confidential treatment requested by Juniper Networks, Inc.

Protection of Confidential Information

Juniper business partners will protect confidential and any other proprietary information that is obtained in the course of the business relationship with Juniper or joint customers. Juniper business partners must not misuse this information for their own purposes or disclose such information to unauthorized third parties. Juniper business partners will observe applicable data privacy and information security requirements when handling Juniper or joint customer information.

Intellectual Property

Juniper business partners must not infringe Juniper’s trademarks and other intellectual property rights. Juniper business partners must not infringe on the intellectual property rights of joint customers or other third parties in any manner relevant to their relationship with Juniper.

Government Sector Sales

In addition to the Anti-Bribery Compliance requirements outlined above, certain additional restrictions may apply to Juniper business partners engaged directly or indirectly in government sector sales. Juniper business partners will observe all laws, regulations, and contract clauses that relate to sales to government entities.

Export Compliance

Juniper business partners are expected to have and follow a documented export control program designed to assure compliance with U.S. and all other applicable export and import laws and regulations when handling or distributing export-controlled materials or product. Juniper product and services often contains sensitive technology that is highly regulated and may only be distributed to end users and always in compliance with any trade embargoes and sanctions. For questions regarding export compliance, contact compliance_helpdesk@juniper.net.

Responsible Business Partner Conduct

Juniper business partner personnel will conduct themselves in a professional manner while representing Juniper products and services in the marketplace. This means treating all Persons with dignity and respect in a business-like manner while marketing, selling, or supporting Juniper products and services.

Responsible Sourcing of Minerals

Juniper business partners are expected to comply with any affirmative obligations imposed by law to reasonably assure business partners that tantalum, tin, tungsten and gold that may be contained in the products they manufacture do not directly or indirectly finance or benefit armed groups that are perpetrators of serious human rights offenses in conflict-affected and high-risk regions, such as the Democratic Republic of Congo or an adjoining country. Juniper business partners are expected to exercise due diligence on the ethical source and chain of custody of these minerals and make their due diligence measures available to Juniper upon request.

MA-IB-00136-2018

Schedule 16

Confidential treatment requested by Juniper Networks, Inc.

Labor Standards

Juniper business partners are expected to treat their employees fairly and in accordance with applicable laws and regulations regarding labor and employment and to pursue the following principles.

Freely Chosen Employment

Employment with Juniper business partners must be an expression of free choice and there should be no forced, bonded or involuntary labor, or slavery or trafficking of Persons. Juniper business partners should allow workers to discontinue employment upon reasonable notice. Juniper business partners should not hold or otherwise destroy, conceal, confiscate, or deny access by employees to their identity or immigration documents, such as government-issued identification, passports or work permits, unless such actions are required by law.

Child Labor Avoidance and Working Hours

Juniper business partners must not use child labor and Juniper business partners are expected to adopt procedures to verify and maintain Documentation that no child labor is used. Juniper business partners must follow all applicable local laws, regulations and standards concerning working hours, conditions and wage rate for all workers. Workers under the age of 18 (Young Workers) will not perform work that is likely to jeopardize their health or safety.

Lawful Employment

Juniper business partners must, prior to employing any worker, validate and review all relevant Documentation to ensure that such worker has the legal right to work in that jurisdiction.

Non-Discrimination

Juniper business partners must not unlawfully discriminate on the basis of race, color, age, gender, sexual orientation, gender identity or expression, ethnicity or national origin, disability, pregnancy, religion, veteran status, or marital status.

Freedom of Association

Juniper business partners must respect the legal rights of employees to join or to refrain from joining worker organizations, including trade unions. Juniper business partners have the right to establish favorable employment conditions and to maintain effective employee communication programs as a means of promoting positive employee relations that make employees view third-party representation as unnecessary.

Safe Conditions

Juniper business partners must provide a safe and hygienic working environment for workers and are expected to provide appropriate safety equipment and training.

MA-IB-00136-2018

Schedule 16

Confidential treatment requested by Juniper Networks, Inc.

Wage and Benefits

Juniper business partners must provide wages, benefits, and overtime pay required by all local wage and hour laws and regulations including those relating to minimum wages, overtime hours, piece rates, and other elements of compensation, and provide legally mandated benefits.

Environmental Standards

Juniper business partners must comply with all applicable laws and regulations relating to the impact of their business on the environment. Compliance with environmental law includes any international or applicable local laws affecting the source of materials and processes used to manufacture or deliver products and services.

Pollution Prevention and Resource Conservation

Juniper business partners are expected to take steps to ensure conservation of resources and reduction of waste generation of all types, including water, energy, and air emissions, by elimination or reduction at the source or by practices such as recycling and re-using materials, materials substitution, and modification of processes. Juniper business partners are expected to avoid undue and unnecessary use of packaging materials and utilize recycled materials whenever appropriate.

Hazardous Substances

Juniper business partners are expected to adhere to all applicable laws and regulations regarding prohibition or restriction of specific substances in products and manufacturing. Chemicals and other materials posing a hazard if released to the environment should be identified and managed to ensure their safe handling, movement, storage, use, and disposal.

Energy Consumption

Juniper business partners are expected to look for cost-effective methods to improve energy efficiency and to minimize their energy consumption and greenhouse gas emissions.

Monitoring and Compliance

Juniper may audit or request information to confirm compliance with this Code or appoint a third party to conduct an audit. Any violations will be reported to the Juniper business partner’s management for their attention and, if appropriate, corrective action will be taken. It is the intention of Juniper to terminate its relationship with any business partner who does not comply with this Code or, upon discovery of noncompliance, does not commit to a specific plan to achieve compliance.

Juniper business partners and other stakeholders may report suspected violations (confidentially and anonymously when allowed by law) to the Juniper Integrity and Compliance Group by calling the Juniper Integrity Hotline at 1-888-475-8388 (U.S. Toll Free) or reporting online to Integrity@Juniper.net or at www.juniper.ethicspoint.com.

MA-IB-00136-2018

Schedule 16

Confidential treatment requested by Juniper Networks, Inc.

SCHEDULE 17

EXTENDED PAYMENT PLAN

This is Schedule 17 (Extended Payment Plan) (this “Schedule”), to the MSA by and between Juniper Networks, Inc. and International Business Machines Corporation. Unless otherwise expressly defined in this Schedule, the capitalized terms used in this Schedule have the meaning assigned to them in the MSA.


1.	INTRODUCTION


1.1	This Schedule 17 (Extended Payment Plan) sets forth the terms and conditions governing an extended payment plan available to Customer (“Extended Payment Plan”).


(A)	Effective Date. As of the Effective Date, Customer Permitted Entities (defined below) have elected to pay the amounts invoiced under the Agreement in accordance with the extended payment terms and conditions as set forth more particularly below.


(B)	Customer Permitted Entities. The Extended Payment Plan applies only to the Customer and the following Customer Affiliates (“Customer Permitted Entities”) and does not extend to any other Customer Affiliate unless specifically agreed in writing by Provider or Provider Affiliate:



Customer Permitted Entities	Address
Juniper Networks, Inc.	1133 Innovation Way Sunnyvale, California 94089

JUNIPER NETWORKS INDIA PRIVATE LIMITED*	Plot# 65/2, 3rd Floor, Bagmane Tridib Bagmane Tech Park, C.V.Raman Nagar Bangalore, 560093 India

*While Provider has provisionally included Juniper Networks India Private Limited (“Juniper India”) above as a Customer Permitted Entity, Provider and Customer will work in good faith to extend the EPP to the Local Services Agreement executed for Juniper India, and Customer will provide a parent guarantee in form and substance for satisfactory to the Parties for amounts owed by Juniper India, and other Customer Permitted Entities that may be agreed to be added in the future. Upon Provider’s approval of Juniper India as a Customer Permitted Entity, it shall provide written notice of such approval to Customer. In the event of the failure of the parties to agree to extend EPP terms into the Local Services Agreement, Juniper India’s payments will be due in accordance with the thirty- (30-) day payment terms in Section 12.1 of the MSA.


(C)	Order of Precedence. Notwithstanding Section 3.1(H) of the MSA or any other provision in the Agreement or any other document to the contrary, provided the Extended Payment Plan set forth herein remain in effect or Undisputed EPP Fees (as defined in Section 3.A. of this Schedule 17)

MA-IB-00136-2018

Schedule 17

Confidential treatment requested by Juniper Networks, Inc.

remain due and payable, then solely as to Undisputed EPP Fees paid or Undisputed EPP Fees to be paid by Customer pursuant to the Extended Payment Plan, the terms of the Extended Payment Plan set forth herein shall take precedence over any other provision of the Agreement (including, over any other schedules, attachments, exhibits or subsequent modifications and amendments thereto) or any other inconsistent terms that permit Customer Permitted Entities to delay payment, setoff or withhold any Undisputed EPP Fee solely for the purposes of the Extended Payment Plan and no other purpose.


(D)	EPP Definitions.

“EPP Fees” means the Fees payable by Customer Permitted Entities as set forth in the Agreement. For the purposes of the extended payment plan as set forth in this Schedule 17 (Extended Payment Plan), EPP Fees shall also include any applicable taxes for which Customer Permitted Entity is responsible as set forth on an invoice under the Extended Payment Plan.


2.	INVOICING AND PAYMENT

2.1

Invoicing. Notwithstanding the provisions of Section 12.1 (Fees and Payments) of the MSA, Provider or Provider Affiliate shall invoice a Customer Permitted Entity for the fixed amounts due under the Agreement on a monthly basis on or before the [***]day of each month for Services to be provided for that month, adjusted for any variable amounts due or credits owing from the previous month (including credits related to variable unit pricing (e.g., RRCs) under the applicable Statement of Work). For those amounts that a Customer Permitted Entity has determined are Undisputed EPP Fees in accordance with Section 3.B. (Undisputed EPP Fees) of this Schedule 17 (Extended Payment Plan), such Customer Permitted Entity shall pay the invoice amount in two equal payment installments, the first payment installment is due on the [***] day of the [***] month and the second payment installment is due on the [***] day of the [***] month, following the month in which the original invoice is issued (for example, if the invoice is issued on [***], the first payment installment is due on or before [***] and the second payment installment is due on or before [***]). The Extended Payment Plan shall be valid only if Customer maintains a Moody’s Credit Rating of a minimum Ba3 Senior Unsecured Rating or higher. In the event the rating falls below the defined level, then the Extended Payment Plan terms for Customer shall not apply and Customer shall instead pay Provider in accordance with Article 12 (Fees and Payments) of the MSA.

2.2

Payments. If any Customer Permitted Entity fails to pay any Undisputed EPP Fees within [***] Business Days following notice from Provider or Provider Affiliate that such payments are overdue, then Provider or Provider Affiliate reserves the right for such Customer Permitted Entity to: (1) charge interest at the rate of [***]% per [***] days calculated from the date the amount was due until the date of payment by such Customer Permitted Entity; (2) terminate the Extended Payment Plan and all outstanding amounts for Undisputed EPP Fees shall become immediately due and payable; and (3) any new invoices for Undisputed EPP Fees shall be payable to Provider or Provider Affiliate in accordance with Article 12 (Fees and Payments) of the MSA. Notwithstanding the foregoing, in the event of: (i) any petition or proceeding is filed by or against any Customer Permitted Entity under any bankruptcy, insolvency, receivership or similar law; (ii) any Customer Permitted Entity admits in writing its insolvency or inability to pay its debts as they come due; or (iii) any Customer Permitted Entity or its directors or stockholders takes any action in connection with its dissolution, liquidation or the winding up of its affairs, including, without limitation, ceases doing business, or sells or disposes of all or substantially all its assets, then, the Extended Payment Plan terms set forth in Section 2.A. (Invoicing) of

MA-IB-00136-2018

Schedule 17

Confidential treatment requested by Juniper Networks, Inc.

this Schedule 17, shall not apply and such Customer Permitted Entity shall instead pay to Provider or Provider Affiliate the Undisputed EPP Fees in accordance with Article 12 (Fees and Payments) of the MSA and any outstanding Undisputed EPP Fees will be payable immediately.


2.3	Accounting Clause. Neither Provider, nor any other Provider organization or Affiliate makes any representation whatsoever regarding Customer Permitted Entity’s accounting treatment applicable to the Extended Payment Plan. Provider accounts for the Extended Payment Plan receivables as a financing receivable for US reporting purposes.


3.	DISPUTED EPP FEES AND UNDISPUTED EPP FEES.

3.1

Disputed EPP Fees. An amount shall be considered disputed if, on or prior to the last Business Day of the month in which the invoice was issued (“Dispute Period”), Provider or Provider Affiliate receives a written notice (“Dispute Notice”), from an authorized representative of a Customer Permitted Entity containing the following information: (i) the invoice number; (ii) the specific dollar amount of the Fees, that are not disputed (“Undisputed EPP Fees(s)”); (iii) the specific dollar amount of the disputed EPP Fees (“Disputed EPP Fees(s)”); and (iv) a description in reasonable detail of the basis of the dispute. Any such Disputed EPP Fees shall be handled in accordance with and subject to Section 12.3 (Disputed Fees and Right to Offset) and Schedule 5 (Governance) of the MSA and are not eligible for the Extended Payment Plan.

3.2

Undisputed EPP Fees: All Fees not disputed as specified in Section 3.A. (Disputed EPP Fees) of this Schedule 17, shall be an Undisputed EPP Fee and such Fees and Services shall be deemed accepted by a Customer Permitted Entity solely for the purposes of the Extended Payment Plan and no other purpose. Such Customer Permitted Entity’s obligation to pay the Undisputed EPP Fees in full and in accordance with the Extended Payment Plan shall be absolute and unconditional, notwithstanding any and all rights such Customer Permitted Entity may have to withhold, dispute, recoup or setoff against any Fees due or assert any Claim or counterclaim of any kind (including performance disputes, Claims against Provider or Provider Affiliate or any early termination rights that may be provided to such Customer Permitted Entity in the Agreement or at Law). The Extended Payment Plan terms have been established in order for Provider or Provider Affiliate to finance the Undisputed EPP Fees and, for the avoidance of doubt, neither this absolute and unconditional payment obligation nor any other term or condition of this Schedule 17 (Extended Payment Plan) will prejudice Customer Permitted Entity’s ability to separately exercise any other rights to make any Claim against Provider or Provider Affiliate in accordance with the terms of the Agreement or at Law. For the avoidance of doubt, nothing in this Schedule 17 (Extended Payment Plan) shall prohibit a Customer Permitted Entity from requiring Provider or Provider Affiliate to apply credits issued in accordance with this Agreement on subsequent invoices resulting from Claims related to Services previously invoiced, paid for or deemed accepted by a Customer Permitted Entity.


4.	REFUNDABLE ITEMS AND SET-OFFS

MA-IB-00136-2018

Schedule 17

Confidential treatment requested by Juniper Networks, Inc.


4.1	Refunds and Credits. Notwithstanding any other provision in the Agreement, including Section 7.4 (Performance Credits), Section 7.5 (Deliverable Credits), and Section 12.3 (Disputed Fees and Right to Offset) of the MSA, set-offs, refunds, credits (including Performance or Deliverable Credits) or other rebates may not be applied to any payments due for Undisputed EPP Fees.


5.	CONFIDENTIALITY

5.1

Confidentiality Obligations. Nothing in the Agreement, including Article 17 (Confidentiality and Customer Data) of the MSA, shall prohibit Provider or Provider Affiliate from disclosing this Schedule 17 (Extended Payment Plan), or descriptions thereof, or any Attachment and documents related thereto to any assignee of Undisputed EPP Payments that agrees with Provider or Provider Affiliate to confidentiality terms that are no less restrictive than the confidentiality terms set forth in the Agreement.


6.	TERMINATION

6.1

Termination. Notwithstanding any other termination rights set forth in the Agreement, including the termination rights provided in Article 19 (Termination) of the MSA, (i) in the event of any termination of the Agreement for any reason or the termination of any SOW other than termination as set forth in Section 19.1 (Termination for Convenience), all outstanding Undisputed EPP Fees are due and payable on the earlier of the Extended Payment Plan due date or the termination date of the Agreement or terminated SOW or (ii) in the event of any termination of a Local Services Agreement, all outstanding Undisputed EPP Fees for the terminated Local Services Agreement are due and payable on the earlier of the Extended Payment Plan due date or the termination date of the Local Services Agreement or (iii) in any event of termination of an SOW as set forth in Article 19.1 (Termination for Convenience), all outstanding Undisputed EPP Fees for the terminated SOW are due and payable on the Extended Payment Plan due date. Upon notification of a termination pursuant to (i) or (ii) above or notice of termination by Provider pursuant to Section 19.7, Provider or Provider Affiliate will no longer offer the Extended Payment Plan terms for future Undisputed EPP Fees. Any new invoices for Undisputed EPP Fees shall instead be payable to Provider or Provider Affiliate in accordance with Section 12 (Fees and Payments) of the MSA. Termination Fees, if any, are not eligible for the Extended Payment Plan.


7.	FORCE MAJEURE


7.1	Force Majeure. Notwithstanding Section 10.2 (Force Majeure) of the MSA, a Force Majeure Event does not excuse, limit or otherwise effect a Customer Permitted Entity’s obligation to pay Undisputed EPP Fees in accordance with this Schedule 17 (Extended Payment Plan).


8.	ASSIGNMENT

8.1

Assignment. Notwithstanding the assignment provisions specified in Section 25.1 (Assignment) of the MSA, Provider or Provider Affiliate shall be permitted to assign, and intends to assign, all or a portion of its rights to receive the Undisputed EPP Fees hereunder to IBM Credit LLC or to a third party with such Customer Permitted Entities prior consent (which consent shall not be unreasonably withheld or denied). No such assignee shall be deemed a third-party beneficiary of the Agreement, except to the extent necessary to collect

MA-IB-00136-2018

Schedule 17

Confidential treatment requested by Juniper Networks, Inc.

payment of the Undisputed EPP Fees. After any such assignment, Customer Permitted Entities shall deal exclusively with Provider or Provider Affiliate except for matters related to the Extended Payment Plan. To the extent that Provider or Provider Affiliate assigns its right to receive such payment as provided above, such Customer Permitted Entity agrees not to assert against any assignee any set-offs, recoupment, counterclaims or defenses such Customer Permitted Entity may have against Provider or Provider Affiliate under the Agreement with respect to such Fees. If an assignment or transfer by Customer occurs pursuant to Section 25.1(ii) of the Agreement, assignment of Customer's rights or obligations under this Extended Payment Plan shall require prior written approval of Provider except in the event that, (a) the assignee or transferee has a Moody’s Senior Unsecured rating equal to Ba3 or higher, and (b) the assignee or transferee is not in default under any agreement with Provider after giving effect to such assignment or transfer. Upon Provider’s knowledge of such assignment or transfer, Provider will provide Customer prompt written notice if the foregoing conditions are not satisfied and that payments will be due in accordance with the thirty- (30-) day payment terms in Section 12.1 of the MSA.


9.	OTHER


9.1	Acquisitions and Divestitures. Notwithstanding Section 3.5 (Changes to Customer Group) of the MSA, the Extended Payment Plan terms shall not apply to any Acquired Entity, Divested Entity or New Entity unless approved by Provider or Provider Affiliate in writing.


9.2	Survival. Notwithstanding Section 25.9 (Survival) of the MSA, all Extended Payment Plan terms survive any termination or expiration of the Agreement or Local Services Agreement until satisfied in full.

MA-IB-00136-2018

Schedule 17

Confidential treatment requested by Juniper Networks, Inc.

AMENDMENT NO. 1

MASTER SERVICES AGREEMENT

This AMENDMENT NO. 1 (this “Amendment”), dated January 4, 2019 (“Amendment Effective Date”), is between Juniper Networks, Inc., a Delaware corporation with a principal place of business at 1133 Innovation Way, Sunnyvale, California 94089 (“Customer”), and International Business Machines Corporation, a New York corporation with a principal place of business at One New Orchard Road, Armonk, New York 10504 (“Provider”) (each a “Party” and collectively the “Parties”).

WHEREAS, the Parties entered into a Master Services Agreement on December 31, 2018 (the “MSA”); and

WHEREAS, the Parties desire to amend the MSA as set forth below;

NOW, THEREFORE, the Parties agree as follows:


1.	Capitalized Terms. Capitalized terms not otherwise defined in this Amendment shall have the meaning assigned to such term in either Schedule 1 (Definitions) to the MSA or Appendix 1 (Technical Definitions) to Schedule 3 (Cross-Functional Service Terms), as applicable.


2.	Amendment. Section 1.4 (Related to Joint Verification) is hereby added as follows:

Section 1.4 (Related to Joint Verification)

With regard to the joint verification process described in Section 3.19(B) of the MSA, Provider will provide a written request describing the Verifiable Information with respect to Managed Contracts and Affected Employees that it would like to verify no later than [***]. Customer agrees to respond to Provider's request within no more than [***] Business Days of receiving such request. In the event Customer is delayed in providing such Verifiable Information to Provider beyond such [***] Business Day period, then the Joint Verification Period will be extended by the number of days by which Customer is delayed in providing such Verifiable Information to Provider.


3.	Except as expressly modified by this Amendment, all of the terms and conditions of the Agreement remain in full force and effect.

[Signatures on Following Page.]

[Remainder of Page Intentionally Left Blank.]

MA-IB-00136-2018

Schedule 3

Confidential treatment requested by Juniper Networks, Inc.

IN WITNESS WHEREOF, the Parties have caused this Amendment to be executed by their respective authorized representatives and made effective as of the Amendment Effective Date.

Juniper Networks, Inc.

By: ______________________________

Name: Brian M. Martin

Title: SVP, General Counsel and Secretary

Date:

International Business Machines Corporation

By: ______________________________

Name: Scott Anderson

Title: Client Partner Executive

Date:

MA-IB-00136-2018

Schedule 3