EX-4.b.2

Milestone

Required Delivery Date

Payment Amount

Holdback
Amount

<Milestone 1>

<Milestone 2>

EX-4.B.2 2 d751483dex4b2.htm EX-4.B.2 EX-4.b.2

Exhibit 4.b.2


		Confidential Materials omitted and filed separately with the
		Securities and Exchange Commission. Double asterisks denote omissions.

AMENDMENT NUMBER ONE

AGREEMENT NO. 02026713

THIS AMENDMENT NUMBER ONE TO AGREEMENT NO. 02026713 (this “Amendment”) is made and entered by and between Amdocs Inc. (“Amdocs”) and SBC Services, Inc. (“SBC”), each of which may be referred to in the singular as “Party” or in the plural as “Parties”, as of the date the last Party signs.

W I T N E S S E T H

WHEREAS, SBC and Amdocs are parties to that certain Agreement No. 02026713 for Software and Professional Services, dated as of 7 August 2003 (the “Agreement”);

WHEREAS, SBC has issued a Request for Proposal RF2003000156 (the “RFP”) describing requirements for a complex ordering planning and strategy initiative (“COPS”);

WHEREAS, Amdocs desires to provide a solution for COPS consisting of certain core software to be customized by Amdocs to meet SBC’s requirements as described in the RFP, as such requirements may be further refined, modified, and/or extended from time to time;

WHEREAS, Amdocs Software Systems Limited and SBC have entered into that certain Agreement No. 03032360 pursuant to which SBC has the right to obtain a license to use Amdocs’ Order Management Software system (“OMS”);

WHEREAS, SBC may desire Amdocs to implement customizations to OMS pursuant to the terms and conditions of the Agreement as amended herein; and

WHEREAS, Amdocs desires to implement customizations to OMS pursuant to the terms and conditions of the Agreement as amended herein.

NOW, THEREFORE, In consideration of the mutual promises contained below, the parties amend the Agreement as follows:

1. Definitions. All terms used in this Amendment with initial capital letters shall have the meanings, if any, ascribed to such terms in the Agreement.

2. Definition of “COPS”. The following is added as a new Section 2.8A:

“COPS” means SBC’s Complex Ordering System initiative described in SBC’s Request for Proposal RF2003000156, as the same may be further refined, modified, and/or extended by SBC from time to time.

3. Amdocs Information. Section 3.13(B)(1) is deleted in its entirety and replaced with:

Any Information furnished to SBC by Supplier under this Agreement (“Supplier Information”) shall remain Supplier’s property. SBC shall use the same degree of care to prevent disclosure of the Supplier Information to others as SBC uses with respect to its own proprietary or confidential Information. Unless such Information (a) was previously known to SBC free of any obligation to keep it confidential, or (b) has been or is subsequently made public by Supplier or a third party, without violating a confidentiality obligation, or (c) is independently invented by SBC without reference to the Supplier Information, or (d) is required to be disclosed pursuant to law, regulation, judicial or administrative order, or governmental request by an entity authorized by law to make such request, the Supplier Information shall be kept confidential by SBC, shall be used only in accordance with this Agreement, and may not be used for other purposes, except as may be agreed upon between Supplier and SBC in writing. All copies of such Information, in written, graphic or other tangible form, excluding materials owned by or licensed to SBC, shall be destroyed or returned to Supplier upon the earlier of (i) Supplier’s request or (ii) upon Termination or expiration of this Agreement. All copies of such Information in intangible form, such as electronic records, including electronic mail but excluding materials owned by or licensed to SBC, shall be destroyed upon the earlier of (i) Supplier’s request or (ii) upon Termination, or expiration of this Agreement, and upon request SBC shall certify to Supplier the destruction of all intangible copies of such Information.

4. Infringement. The phrase “refund any charges paid by SBC, with a credit for use pro-rated based upon a five (5) year usable life” at the end of Section 3.14(A)(4) is replaced with “refund any charges paid by SBC, with a credit for use pro-rated based upon a usable life based on the historical use by SBC of similar Computer Programs, which refund shall be excluded from the limitations on liability set forth in Section 3.18(B)”.

5. Appendix 3.38. Annex 1 to this Amendment is added to the Agreement as Appendix 3.38.

6. COPS Orders. The following is added as a new Section 3.36(C):

C. Amdocs shall, upon SBC’s request from time to time, enter into Order(s) for Custom Software Development for COPS in the form attached to this Agreement as Appendix 3.38. The terms of Appendix 3.38 shall apply to all COPS Orders.

7. Extension of Acceptance Test Period. The final sentence of Section 5.3(B) is deleted and replaced with:

The Acceptance Test Period shall be extended by the greater of either (i) [**] during which [**] the Software, or (ii) when applicable, [**].

8. Deemed Acceptance. The final sentence of Section 5.3(C) is deleted and replaced with:

If SBC fails to send an Acceptance Letter, or to inform Amdocs of the rejection of the Software, within two (2) business days after the conclusion of the Acceptance Test Period, then Amdocs shall promptly notify SBC’s IT leadership of such failure via e-mail or other writing, with a copy to SBC’s Project Manager. If neither SBC’s IT leadership nor SBC’s Project Manager responds via e-mail or other writing within four (4) business days after such notice has been duly given, the Software shall be deemed to be Accepted as of the end of such Acceptance Test Period.

9. Training. The following is added at the end of Section 7.2:

The rates for types (b) and (c) training shall not exceed the rates for other work performed under the applicable Order. There shall be no charge for preparation (excluding reproduction costs, if applicable) of standard training materials for the core Software that is licensed to SBC by Amdocs pursuant to the Software Master Agreement No. 03032360 between the Parties dated December 16, 2003 (the “Software Master Agreement”), and all such standard training materials shall be deemed Documentation for the purposes of the Software Master Agreement.

10. Full Force and Effect. All provisions of the Agreement not specifically affected by this Amendment shall remain in full force and effect without alteration or modification.

IN WITNESS WHEREOF, the Parties have caused this Amendment to be executed, which may be in duplicate counterparts, each of which will be deemed to be an original instrument, as of the date the last Party signs.


Amdocs Inc.

By:		/s/ John L. Conlin



Printed Name:		John L. Conlin



Title:		Vice President

Date:


SBC Services, Inc.

By:		/s/ Ron Watt



Printed Name:		Ron Watt



Title:		Director – IT Strategic Sourcing

Date:		12-15-03

Annex 1 to Amendment Number 1

Appendix 3.38

Form of Qualified Custom Software Development Order for Custom Software

Development Associated with Software Master Agreement #

This Qualified Custom Software Development Order for Custom Software Development (this “Order”), effective upon execution by the parties (“Effective Date”), is by and between Amdocs Inc., a Delaware corporation (“Supplier” or “Amdocs”) and SBC Services, Inc., a Delaware corporation (“SBC”), and shall be governed pursuant to the provisions of Agreement Number 02026713 (the “Master Services Agreement”), which by this reference are incorporated as if fully set forth herein. Any special terms and conditions in this Order that add to, differ from, or modify the provisions of the Master Services Agreement shall apply to this Order only, and shall survive the Termination, or Expiration of the Master Services Agreement.

This Order is associated with Agreement # [To be filled in prior to signing] (the “Base Agreement”) under Software Master Agreement #03032360 (the “Software Master Agreement”) between Amdocs Software Systems Limited and SBC.

1.	Order Number:

2.	Term of Agreement:

3.	Project Name and Description: [Insert]

4.	The Custom Software and Program Material Ordered

This Order incorporates the Detailed Functional Specifications (Attachment 1).

5.	Third Party Software

6.	Additional Items Ordered

The following are a part of this order .

7.	Milestones

Amdocs shall deliver the Custom Software and Program Material as listed and described herein, on or before the Delivery Date(s) specified in the following table:

Milestone Schedule:

Liquidated Damages for Delay in Delivery:

Upon discovery of anything indicating a reasonable certainty that Software and/or Services will not be delivered by the scheduled Delivery Date, Amdocs shall notify SBC and provide the estimated length of delay. The Parties shall work jointly toward resolving the delayed delivery. If the Parties reach agreement on an extended Delivery Date and Amdocs fails to meet the extended Delivery Date, then SBC may (i) if such delay amounts to a material breach, exercise SBC’s termination rights under the Agreement with respect to this applicable Order, (ii) exercise its right to recover Liquidated Damages specified hereunder, and/or (iii) further extend the Delivery Date. No payments, progress or otherwise, made by SBC to Amdocs after any scheduled Delivery Date shall constitute a waiver of Liquidated Damages. Delivery Dates shall be extended as and to the extent Amdocs’ is unable to meet the original Delivery Date due to causes outside of Amdocs’ control. Such extension shall be proportionate to the delay caused by factors outside Amdocs’ control.

Notwithstanding anything to the contrary in the Agreement, in the event of Supplier’s failure to meet a Delivery Date above (as it may have been extended in accordance with the terms as set forth herein) SBC shall be entitled to Liquidated Damages according to the following schedule:


Days Late		Liquidated Damages
0-14		$0
15-44		10% of fees under this Order
45-74		10% of fees under this Order
75+		10% of fees under this Order

The foregoing Liquidated Damages shall be calculated cumulatively and shall be capped at a total of thirty percent (30%) of the fees under this Order. SBC’s taking of Liquidated Damages for failure to meet a Delivery Date shall not preclude SBC from claiming actual damages in excess of the Liquidated Damages; provided, however, that the amount of Liquidated Damages taken by SBC shall be deducted from any damages awarded to SBC. Liquidated Damages taken by SBC for failure to meet a Delivery Date shall be excluded from the limitations of liability set forth in Section 3.18(B) of the Agreement.

8.	Deliverables/Release Items

9.	Supplier Responsibilities

10.

SBC Responsibilities

11.

Management Oversight by:

12.

Party responsible for System Testing:

13.

Warranty: Applies/

All Custom Software and Program Material provided by Amdocs under this order shall be under a Warranty Period of [**] commencing on Acceptance by SBC.

14.

Compensation

All payments due under this Order shall be subject to a [**] of the amount that would otherwise be due hereunder. SBC shall pay to Amdocs all amounts so held back by SBC upon Acceptance by SBC of the final milestone under this Order.

The rate for [**] work under this Order shall be a [**].

The rate for [**] work shall be a [**].

Travel and living expenses will not be paid for resources working at their primary work location or in the same metropolitan area as their primary work location. International travel expenses shall be limited to the round-trip between the SBC on-site location and the resource’s point of entry into the United States.

Aggregate travel and living expenses under all COPS Order(s) shall be limited to no more than [**] of the aggregate amount paid by SBC under all COPS Orders.

All work will be based on actual time worked, subject to a not-to-exceed amount of: . [Amount to be based on final RFP Response proposed cost of work.]

15.

Project Managers

SBC:

Amdocs:

16.

Special Terms and Conditions

17.

Warranty, Maintenance, Service Levels and Liquidated Damages

The provisions of Section 3.34 and Article 5.0 of the Software Master Agreement are incorporated into this Order as if set forth herein, shall replace Section 3.34 (excluding Section 3.34(D)(2) of the Master Services Agreement) and Section 5.8 of the Master Services Agreement and shall apply to the Software.

In applying Article 5.0 to this Order, the Maintenance Fee will be, at SBC’s option: ([**] (2) pursuant to a mutually agreed dedicated team, which dedicated team will be billed for on a time and materials basis at the rates set forth in Section 14 of this Order. Maintenance charged under clause (1) will be invoiced on an annual basis in advance and if charged under clause (2) will be invoiced on a [**] basis in arrears. Alternatively, SBC may obtain support and maintenance for COPS Custom Software pursuant to Orders for OnGoing Support, in which case, the provisions of Article 5.0 of the Software Master Agreement will not apply to such Orders for OnGoing Support. In addition, SBC may choose not to obtain maintenance and support services from Amdocs.

Liquidated Damages applicable to an annual maintenance period arising from applying Section 5.4 of the Software Master Agreement to the Custom Software under the COPS Orders shall not exceed 20% of the Maintenance Fees paid by SBC to Amdocs during such annual maintenance period under all COPS Orders. Notwithstanding the foregoing, the cap on Liquidated Damages during the Warranty Period of a COPS Order arising from the application of the last sentence of Section 3.34 and Section 5.4 of the Software Master Agreement to the Custom Software under that COPS Order shall be limited to $120,000.

IN WITNESS WHEREOF, this Order has been executed by authorized representatives of the parties hereto, in duplicate, as of the date first set forth above.


Amdocs Inc.

By:



Print Name:



Title:

Date:


SBC Services, Inc.

By:



Print Name:



Title:

Date:

Amendment

No. 02026713-02

Between

Amdocs, Inc.

And

SBC Services, Inc.

AMENDMENT NUMBER TWO

AGREEMENT NO. 02026713

THIS AMENDMENT NUMBER TWO TO AGREEMENT NO. 02026713 (this “Amendment”) is made and entered by and between Amdocs Inc. (“Amdocs”) and SBC Services, Inc. (“SBC”), each of which may be referred to in the singular as “Party” or in the plural as “Parties”, as of the date the last Party signs.

W I T N E S S E T H

WHEREAS, SBC and Amdocs are parties to that certain Agreement No. 02026713 for Software and Professional Services, dated as of 7 August 2003 (the “Agreement”);

WHEREAS, Amdocs desires to provide software solutions for projects consisting of Amdocs core software that if purchased by SBC may be customized by Amdocs at SBC’s request to meet SBC’s requirements. Such requirements will be identified, refined, modified, and/or extended from time to time via Work Orders or Amendments to Work Orders;

WHEREAS, Amdocs Software Systems Limited and SBC have entered into that certain Agreement No. 03032360-1 pursuant to which SBC has the right to obtain a license to use Amdocs’ Software;

WHEREAS, SBC may desire Amdocs to implement customizations to such Software pursuant to the terms and conditions of the Agreement as amended herein; and WHEREAS, Amdocs desires to implement customizations to the Software pursuant to the terms and conditions of the Agreement as amended herein.

NOW, THEREFORE, In consideration of the mutual promises contained below, the parties amend the Agreement as follows:

1.	Definitions. All terms used in this Amendment with initial capital letters shall have the meanings, if any, ascribed to such terms in the Agreement.

2.	Appendix 3.39. Annex 1 to this Amendment (Work Order template) is added to the Agreement as Appendix 3.39.

3.	Orders. The following is added as a new Section 3.36(D):

D. Amdocs shall, upon SBC’s request from time to time, enter into Order(s) for Custom Software Development for projects in the form attached to this Agreement as Appendix 3.39. The terms of Appendix 3.39 shall apply to all project Orders.

4.	Credit for Software Orders. Amdocs agrees that SBC may apply any “Credit towards services for implementing each of the modules” as detailed in Amendment 1 to the Software Master Agreement # 03032360 to any services associated with the respective software products licensed thereunder.

5.	Full Force and Effect. All provisions of the Agreement not specifically affected by this Amendment shall remain in full force and effect without alteration or modification.

1/10/2005

IN WITNESS WHEREOF, the Parties have caused this Amendment to Agreement No. 02026713 to be executed, which may be in duplicate counterparts, each of which will be deemed to be an original instrument, as of the date the last Party signs.


Amdocs, Inc.



By:		/s/ John L. Conlin



Printed Name:		John L. Conlin



Title:		Vice President

Date:		1/11/05


SBC Services, Inc.

By:		/s/ Jayu Bishop



Printed Name:		Maureen Merkle



Title:		President – Procurement

Date:		30 December 2004

1/10/2005

Annex 1 to Amendment Number 1

Appendix 3.39

Form of Qualified Custom Software Development Order for Custom Software Development

Associated with Software Master Agreement # 03032360

This Order is associated with Software Master Agreement #03032360 (the “Software Master Agreement”) between Amdocs Software Systems Limited and SBC.

1.	Order Number:

2.	Term of Agreement:

3.	Project Name and Description: [Insert]

4.	The Custom Software and Program Material Ordered

This Order incorporates the Detailed Functional Specifications (Attachment 1).

5.	Third Party Software

6.	Additional Items Ordered

The following are a part of this order .

7.	Milestones

Amdocs shall deliver the Custom Software and Program Material as listed and described herein, on or before the Delivery Date(s) specified in the following table:

Milestone Schedule:

1/10/2005

Liquidated Damages for Delay in Delivery:

Notwithstanding anything to the contrary in the Agreement, in the event of Supplier’s failure to meet the Delivery Date for delivery to Acceptance Testing above (as it may have been extended in accordance with the terms as set forth herein) SBC shall be entitled to Liquidated Damages according to the following schedule:


Days Late		Liquidated Damages
0-14		$0
15-44		10% of fees under this Order
45-74		10% of fees under this Order
75+		10% of fees under this Order

8.	Deliverables/Release Items

9.	Supplier Responsibilities

10.

SBC Responsibilities

11.

Management Oversight by:

1/10/2005

12.

Party responsible for System Testing:

13.

Warranty: Applies

All Custom Software and Program Material provided by Amdocs under this order shall be under a Warranty Period of [**] commencing on Acceptance by SBC.

14.

Compensation

All payments due under this Order shall be subject to a holdback of [**] of the amount that would otherwise be due hereunder. SBC shall pay to Amdocs all amounts so held back by SBC upon Acceptance by SBC of the final milestone under this Order.

[For Services ordered on a fixed price basis under Orders executed within [**] of the execution date of Amendment Two, the following applies - The fixed price for each component of the project will be developed by applying a [**] rate of $[**].] This rate shall include [**] resources.

The rate for [**] Services under this Order shall be a [**]. This rate shall continue in effect for [**] from execution of this Amendment. This rate shall be applied for time & materials, and time and materials not to exceed Work Orders.

The rate for [**] work shall be a [**]. This rate shall continue in effect for 18 months from execution of this Amendment.

Aggregate travel and living expenses under all Order(s) executed pursuant to this Amendment shall be limited to no more than [**] of the aggregate amount paid by SBC under all such Orders.

At SBC’s option SBC Orders may be based on a time and materials not to exceed Work Order which shall be based on the time and materials rates set forth above.

15.

Project Managers

SBC:

Amdocs:

16.

Special Terms and Conditions

17.

Warranty, Maintenance, Service Levels and Liquidated Damages

1/10/2005

In applying Article 5.0 to this Order, in the event SBC elects to purchase maintenance for Custom Software, SBC may elect to purchase maintenance under either of the following maintenance fee options: [**]; or (2) pursuant to a mutually agreed dedicated team, which dedicated team will be billed for on a time and materials basis at the rates set forth in Section 14 of this Order. Maintenance charged under clause (1) will be invoiced on an annual basis in advance and if charged under clause (2) will be invoiced on a [**] basis in arrears. Alternatively, SBC may obtain support and maintenance for Custom Software pursuant to Orders for OnGoing Support, in which case, the provisions of Article 5.0 of the Software Master Agreement will not apply to such Orders for OnGoing Support. In addition, SBC may choose not to obtain maintenance and support services from Amdocs.

Liquidated Damages applicable to an annual maintenance period arising from applying Section 5.4 of the Software Master Agreement to the Custom Software under the Orders shall not exceed 20% of the Maintenance Fees paid by SBC to Amdocs during such annual maintenance period under all Orders executed pursuant to this Amendment. Notwithstanding the foregoing, the cap on Liquidated Damages during the Warranty Period of a Order arising from the application of the last sentence of Section 3.34 and Section 5.4 of the Software Master Agreement to the Custom Software under that Order shall be limited to $120,000.


By:



Print Name:		Appendix 3.39



Title:

Date:


By:



Print Name:		Appendix 3.39



Title:

Date:

1/10/2005

Amendment

No. 02026713-03

Between

Amdocs, Inc.

And

SBC Services, Inc.

Agreement Number 02026713-03

AMENDMENT NO. 3

AGREEMENT NO. 02026713

This Amendment No. 3, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier”) and SBC Services, Inc., a Delaware corporation (“SBC”), each of which may be referred to in the singular as “Party” or in the plural as “Parties.”

WITNESSETH

WHEREAS, SBC and Amdocs are parties to that certain Agreement No. 02026713 for Software and Professional Services, dated as of 7 August 2003, as amended by Amendment No. 1 effective December 19,2003, and as further amended by Amendment No. 2 effective January 10, 2005 (collectively, the “Agreement”); and

WHEREAS, Amdocs Software Systems Limited and SBC have entered into that certain Agreement No. 03032360-1 pursuant to which SBC has the right to obtain a license to use Amdocs’ Software;

WHEREAS, SBC may desire Amdocs to implement customizations to such Software pursuant to the terms and conditions of the Agreement as amended herein; and WHEREAS, Amdocs desires to implement customizations to the Software pursuant to the terms and conditions of the Agreement as amended herein.

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree as follows:

1.	ARTICLE VI - ONGOING SUPPORT SERVICES, Section 6.1 Allowable Expenses, is hereby deleted and replaced in its entirety with the following:

SBC is not responsible for any travel, meal or other business related expense incurred by Supplier whether or not incurred in its performance of its obligations under this Agreement, unless such expense complies with the requirements of SBC’s Vendor Expense Policy attached hereto and incorporated herein as Appendix 1.2(4), and is not otherwise restricted under the terms of this Agreement or any applicable Order. Upon request by SBC, Supplier shall use commercially reasonable efforts to provide in a timely manner supporting documentation for any unusual or out of the ordinary expenses or in instances when the applicable SBC approver cannot make a reasonable determination on the propriety of the transaction without such documentation. The Parties further agree that for the purpose of determining when an expense is “incurred” pursuant to Section 2.1 of the Vendor Expense Policy, Supplier shall be deemed to incur such expense when the invoice or expense voucher for such expense is submitted to Supplier’s Accounts Payable department for payment.

Proprietary Information

The information contained in this Agreement is not for use or disclosure outside SBC, Supplier, their Affiliates and their third party representatives, except under written agreement by the contracting Parties.

Agreement Number 02026713-03

2.	Appendix 1.2(4) Reimbursable Expenses

Amdocs and SBC agree to delete the Appendix 1.2(4) Reimbursable Expenses attached to the Agreement, in its entirety, and replace it with the revised Appendix 1.2(4) Vendor Expense Policy, attached herewith.

3.	ARTICLE VI - ONGOING SUPPORT SERVICES, Section 6.11 Third Party Administrative Services is hereby added in its entirety as follows:

Supplier acknowledges that a third party vendor will be performing certain administrative functions associated with this Agreement pursuant to a contract between SBC and the third party vendor. These administrative functions include, but are not limited to the following:

Tracking of certificates of insurance

Providing financial analysis

Verifying supplier diversity certification

Supplier profile information

Supplier agrees to cooperate with such third party vendor to facilitate its performance of these administrative functions, including Supplier’s provision of data reasonably requested from time to time by such third party vendor. Further, notwithstanding any other provision of this Agreement, Supplier agrees that SBC may provide to such third party vendor Confidential Information regarding Supplier, subject to such third party vendor’s execution of a written non-disclosure agreement with Suppler which provides Supplier with no less protection for such Confidential Information than that required of SBC under this Agreement. Supplier will execute a non-disclosure agreement with the third party vendor no later then December 31, 2005. Supplier agrees to pay the third party vendor an annual fee for the performance of these administrative functions, which annual fee shall not exceed [**] and a [**]. SBC agrees that Supplier shall have no liability to such vendor in excess of such amounts.

The terms and conditions of Agreement No. 02026713 in all other respects remain unmodified and in full force and effect.

Proprietary Information

Agreement Number 02026713-03

IN WITNESS WHEREOF, the Parties have caused this Amendment to Agreement No. 02026713 to be executed, which may be in duplicate counterparts, each of which will be deemed to be an original instrument, as of the date the last Party signs.


Amdocs, Inc.

By:		/s/ John J. Horgan



Printed Name:		John J. Horgan



Title:		President – Administrative Operations, North America

Date:		12/15/05


SBC Services, Inc.

By:		/s/ Beverly Madsen



Printed Name:		Beverly Madsen



Title:		Associate Director – Strategic Sourcing

Date:		Dec. 8, 2005

Proprietary Information

Agreement Number 02026713-03

Appendix 1.2(4) Vendor Expense Policy

1.0

GENERAL

SBC Vendor Expense Policy (VEP) provides guidelines to be followed by all vendors of SBC in requesting reimbursement for business travel, meals and other business related expense. Expenses outside this policy are not reimbursable.

The following principles apply to requests for expense reimbursement:

When spending money that is to be reimbursed, vendors must ensure that an SBC Company (“Company”) receives proper value in return. Prudent and proper judgment must be used in reporting and approving business expenses.

The concept that a vendor and its employees are ‘entitled’ to certain types or amounts of expenditures while conducting business with the Company is erroneous. Personal expenditures reported for reimbursement should be billed exactly as they were incurred. The use of averages for any type expenditure or combination of expenditures is not permitted except as specifically provided or documented in a contract.

Every vendor and SBC employee who certifies or approves the correctness of any voucher or bill should have reasonable knowledge that the expense and amounts are proper and reasonable. Nothing in these guidelines shall preclude adoption by a responsible SBC manager of a more restrictive policy or practice concerning the expenditure of Company funds by a vendor. In the absence of the adoption of such policy, or existing contractual agreements, these guidelines are considered the minimum requirements for requesting reimbursement of Company funds. These policies should be included in any new or renewed contract with a contractor or consultant.

Deviations from this VEP must be approved in writing by the sponsoring Senior Manager or Officer of an SBC company.

Employees should refer to the Section entitled “Payments” in the Schedule of Authorizations For Affiliates of SBC Communications, Inc. for appropriate vendor invoice authorization approval levels.

Receipts should be requested and reviewed for any unusual or out of the ordinary expenses or where the approver cannot make a reasonable determination on the propriety of the transaction without a receipt.

The origination of a given expenditure for business purposes is the responsibility of the vendor incurring the expense and the authorization of that expense is the responsibility of the appropriate level of SBC management in accordance with the Schedule of Authorizations For Affiliates of SBC Communications, Inc.

Proprietary Information

Agreement Number 02026713-03

1.1

Non-Reimbursable Expenses

The following expenses are considered non-reimbursable:

•

Airline club membership fees, dues, or upgrade coupons

•

Meals not consistent with SBC employee policy

•

Annual credit card fees

•

Entertainment expenses

•

Upgrades on airline fees

•

Excessive tips, i.e., in excess of 15% of cost of meal or services, excluding tax

•

PC, cell phone, and other vendor support expenses

•

Meals not directly required to do business on the SBC account (e.g. vendors cannot voucher lunch with each other simply to talk about SBC)

•

In-flight drinks

•

Magazines & newspapers

•

Expenses associated with spouses or other travel companions

•

Office expenses of vendors

•

Surcharges for providing fast service (not related to delivery charges such as Fedex, UPS, etc.). SBC expects all vendors to complete the terms of contracts in the shortest period practicable. Charges for shortening the timeframe in which contracts are fulfilled are not permissible.

•

Vendors may not submit expenses to cover meals or expenses for an SBC employee, whether in a home location or on official travel

•

Travel purchased with prepaid air passes.

•

Birthday cakes, lunches, balloons, and other personal celebration/recognition costs

•

Break-room supplies for the vendor, such as coffee, creamer, paper products, soft drinks, snack food

•

Water (bottled or dispensed by a vendor)

•

Clothing, personal care, and toiletries

•

Laundry (except when overnight travel is required for 7 or more consecutive nights)

•

Flight or rental car insurance

•

Flowers, cards and gifts

•

Hotel pay-per-view and/or mini bar items

•

High speed internet access in hotels

•

Lost luggage or parking tickets

•

Medical supplies

•

Membership fees to exercise facilities or social/country clubs

•

Movies purchased while on an airplane

•

Phone usage on airline unless business emergency

Failure to comply with the above mentioned restrictions will result in the Company refusing payment of charges or pursuing restitution from the vendor.

Proprietary Information

Agreement Number 02026713-03

2.0

RESPONSIBILITIES

2.1

Vendor’s Responsibility

SBC’s sponsoring client managers will ensure that vendors have been covered on this policy prior to incurring any expenditures. Vendors and their sponsoring client managers are responsible for clarifying any questions or uncertainties they may have relative to reimbursable business expenses.

It is mandatory that financial transactions are recorded in a timely manner. Out-of-pocket business expense(s) for vendors that are not submitted for reimbursement within [**] from the date incurred are considered non-reimbursable. Company managers who are responsible for approving reimbursable expenses of vendors should ensure they are submitted and approved in a timely manner.

2.2

SBC Sponsoring Management Responsibility

Prior to authorizing reimbursement to the vendor for expenditures, it is the responsibility of the SBC managers authorizing the payment to determine that:

•

The expenditure is reasonable and for a legitimate business purpose.

•

The expenditure complies with the policies contained in this document, the Code of Business Conduct, and other applicable Company practices.

•

All expenses are reviewed through Payment.Net or on form SBC-4472APA and those expenses are prepared in accordance with proper accounting details.

In addition, the sponsoring SBC managers are responsible for ensuring the Vendor Expense Policy has been communicated to each vendor.

3.0

TRAVEL POLICY

Vendors must first consider the feasibility of using videoconferencing or teleconferencing as an alternative to travel. Travel that is to be reimbursed by SBC should be incurred only as necessary.

SBC reserves the right to dispute any expense submittal and if not verifiable as valid may reject reimbursement. Reimbursements will be made to vendor only after expenses are verified as valid.

3.1

Travel Authorization

Travel requiring overnight stays must be approved by the sponsoring SBC senior manager (5^th level or above) and should be approved only if it is necessary for the vendor to travel to perform required work.

Proprietary Information

Agreement Number 02026713-03

3.2

Travel Reservations

Vendors are expected to procure the most cost efficient travel arrangements, preferably equivalent to the SBC discount rate. SBC does not reimburse for travel purchased with prepaid air passes.

3.3

Travel Expense Reimbursement

Vendor travel expenses incurred for company business are reimbursable only as specified in these guidelines. Travel expenses may include the following:

•

transportation (airfare or other commercial transportation, car rental, personal auto mileage, taxi and shuttle service)

•

meals and lodging

•

parking and tolls

•

tips/porter service (if necessary and reasonable)

Vendors who stay with friends or relatives or other vendor employees while on a Company business trip will NOT be reimbursed for lodging, nor will they be reimbursed for expenditures made to reciprocate their hospitality by buying groceries, being host at a restaurant, etc.

The expense must be ordinary and necessary, not lavish or extravagant, in the judgment of the SBC sponsoring management. Any reimbursement request must be for actual expenditures only.

3.4

Air Travel Arrangements

Vendors must select lowest logical airfare (fares available in the market at the time of booking, preferably well in advance of trip to attain lowest possible airfare). Vendors shall book coach class fares for all domestic travel at all times. First class bookings are not reimbursable. Vendors can request business class when a single segment of flight time (“in air time” excluding layovers or ground time) is greater than 5 hours, or when flights are intercontinental. See attached Addendum B for specific airfare rates.

3.5

Hotel Arrangements

SBC has established Market-Based Room Rate Guidelines for vendors to reference when making hotel reservations (see Addendum A). Vendors are expected to abide by these guidelines when making hotel arrangements. SBC will only reimburse vendors up to the established room rate guideline in each market, or for actual hotel lodging charges incurred, whichever is less.

Proprietary Information

Agreement Number 02026713-03

Note: Vendors must indicate the number of room nights on the transaction line when invoicing for reimbursement of hotel expenses. Copies of all hotel bills must be made available for any invoice containing lodging charges.

3.6

Ground Transportation

While away from their home location overnight, vendors are expected to utilize rapid transit or local shuttle service. If the hotel provides a complimentary shuttle, vendors are to use this service before paying for transportation. If complimentary service is not provided a taxi or other local transportation is reimbursable as a business expense.

A rental car is appropriate when the anticipated business cost is less than that of other available public transportation. Except to the extent necessary to accommodate several travelers and/or luggage requirements, vendors will not be reimbursed for automobile rentals other than economy or mid-sized/intermediate models.

“Loss Damage Waiver” and “Extended Liability Coverage” are not considered reimbursable. Prepaid fuel or refueling charges at the time of return are not reimbursable. Rental cars should be refueled before returning to the rental company, since gas purchased through the rental company carries an expensive refueling service charge.

3.7

Use of Personal Vehicle

When use of personal vehicle is required, the currently applicable IRS mileage rate for miles driven for the business portion of the trip should be the maximum used to determine the amount to be reimbursed.

3.8

Parking

If airport parking is necessary, vendors must use long term parking facilities. Additional costs for short term, valet or covered parking are not reimbursable.

3.9

Entertainment

Entertainment expense is not reimbursable to vendors. Entertainment includes meal expense involving SBC personnel, golf fees, tickets to events and related incidental expenses. Hotel charges for a pay-per-view movie, individual sightseeing tours, or other individual activities (i.e., golf, sporting event, movie, etc.) are not reimbursable.

3.10

Laundry and Cleaning

Reasonable laundry charges during business trips of seven or more consecutive nights are reimbursable based on actual expenses incurred.

Proprietary Information

Agreement Number 02026713-03

3.11

Communications

The actual costs of landline telephone calls for SBC business are reimbursable. The use of SBC products is required when available.

SBC will not reimburse vendors for cell phone bills. With prior consent of the sponsoring SBC Senior Manager, only individual calls that exceed a vendor’s rate plan that are necessary to conduct business for SBC may be reimbursed.

Charges for high speed internet access are not reimbursable.

3.12

Business Meals (Travel and Non-Travel)

Vendors are expected to find reasonably priced dining alternatives. As a general rule, vendors are expected to spend[**] inclusive of tax and gratuity. This includes all meals, beverages and refreshments purchased during the day. Requests for reimbursement should break out the amount for meals and list the related number of travel days. Vendors may not submit expenses to cover meals or expenses for an SBC employee, whether in a home location or on official travel.

SBC managers authorizing invoices will be held accountable for ensuring that vendors are following this policy and are spending Company funds economically.

3.13

Flowers, Greeting Cards, Gifts and Incentive Awards

The cost of gifts, flowers, birthday lunches, or greeting cards is considered a personal expense and is not reimbursable. For example, vendors making a donation or providing a gift for a fund-raiser for SBC may not submit such an expense to SBC for reimbursement.

3.14

Loss or Damage to Personal Property

The Company assumes no responsibility for loss or damage to a vendor’s personal property during business functions or hours.

3.15

Publications

Subscriptions to or purchases of magazines, newspapers and other publications are not reimbursable.

Proprietary Information

Agreement Number 02026713-03

ADDENDUM A


City	2005 Room Rate Only Guidelines	City	2005 Room Rate Only Guidelines	City	2005 Room Rate Only Guidelines
Addison, TX (Dallas)	[**]	Las Vegas	[**]	Springfield, IL	[**]

Akron	[**]	Lisle, IL	[**]	Springfield, MO	[**]

Amarillo	[**]	Little Rock	[**]	St. Louis	[**]

Anaheim, CA	[**]	Livonia, Ml	[**]	Sterling, VA	[**]

Arlington. Hgts, IL	[**]	Lombard, (L (Chicago)	[**]	Stockton	[**]

Arlington, VA	[**]	Long Beach	[**]	Sunnyvale	[**]

Atlanta	[**]	Los Angeles	[**]	Tampa	[**]

Arcadia	[**]	Lubbock	[**]	Temecula	[**]

Auburn Hills, Ml (Detroit)	[**]	Madison	[**]	Tempe, AZ (Phoenix)	[**]

Austin	[**]	Maryland Heights. MO (St. Louis)	[**]	Toledo	[**]

Bakersfield	[**]	Mc Allen	[**]	Topeka	[**]

Baltimore	[**]	McLean, VA	[**]	Torrance, CA	[**]

Beaumont	[**]	Melbourne	[**]	Troy, Ml (Detroit)	[**]

Boston	[**]	Memphis	[**]	Tukwila. WA	[**]

Bridgeton, MO (St. Louis)	[**]	Meriden, CT (New Haven)	[**]	Tulsa	[**]

Brookfield, WI (Milwaukee)	[**]	Miami	[**]	Visalia	[**]

Burbank	[**]	Midland	[**]	Wallingford. CT (New Haven)	[**]

Burlingame, CA	[**]	Milwaukee	[**]	Walnut Creek, CA (San Francisco)	[**]

Charlotte	[**]	Minneapolis	[**]	Wait ham	[**]

Chesterfield, MO (St. Louis)	[**]	Modesto	[**]	Warren, Ml (Detroit)	[**]

Chicago	[**]	Monterey	[**]	Washington Dc	[**]

Chico	[**]	N Little Rock, AR (Little Rock)	[**]	Waterford. Ml (Detroit)	[**]

Cleveland	[**]	Nashville	[**]	Wausau	[**]

Collinsville, IL (St. Louis)	[**]	New Haven	[**]	West Dundee. IL (Chicago)	[**]

Columbus	[**]	New Orleans	[**]	Westford. MA	[**]

Concord, CA	[**]	New York	[**]	Westminster, CO (Denver)	[**]

Corpus Christi	[**]	Newark	[**]	White Plains	[**]

Creve Coeur, MO (St. Louis)	[**]	Norfolk	[**]	Wichita	[**]

Dallas	[**]	Oakbrook, IL (Chicago)	[**]	Windsor Locks, CT (Hartford)	[**]

Proprietary Information

Agreement Number 02026713-03


City	2005 Room Rate Only Guidelines	City	2005 Room Rate Only Guidelines	City	2005 Room Rate Only Guidelines
Dayton	[**]	Oakland	[**]

Dearborn, Ml	[**]	Oklahoma City	[**]

Denver	[**]	Ontario	[**]

Detroit	[**]	Orange County	[**]

Dublin, CA (San Francisco)	[**]	Orlando	[**]

Dublin, OH (Columbus)	[**]	Overland Park, KS	[**]

Dulles, VA	[**]	Pasadena	[**]

Earth City. MO (St. Louis)	[**]	Peoria	[**]

Eau Claire	[**]	Pewaukee, WI (Milwaukee)	[**]

El Paso	[**]	Philadelphia	[**]

Emeryville, CA (Oakland)	[**]	Phoenix	[**]

Englewood, CO (Denver)	[**]	Piscataway, NJ (Newark)	[**]

Eureka/Arcata	[**]	Piano. TX	[**]

Fairfax, Virginia	[**]	Pleasanton	[**]

Farmington Hills, Ml (Detroit)	[**]	Portland	[**]

Fayetteville	[**]	Raleigh	[**]

Fort Wayne	[**]	Reno	[**]

Fresno	[**]	Reston. VA	[**]

Ft Lauderdale	[**]	Richardson, TX	[**]

Ft. Worth, TX (Dallas)	[**]	Rockville, MD	[**]

Gaithersburg, MD	[**]	Rolling Meadows, IL (Chicago)	[**]

Grand Rapids	[**]	Rosemont, IL	[**]

Green Bay	[**]	Sacramento	[**]

Greenbelt, MD	[**]	Saginaw	[**]

Harlingen	[**]	Salt Lake City	[**]

Herndon, VA	[**]	San Antonio	[**]

Hartford	[**]	San Diego	[**]

Hoffman Estates	[**]	San Francisco	[**]

Houston	[**]	San Jose	[**]

Hudson. OH (Cleveland)	[**]	San Luis Obispo	[**]

Proprietary Information

Agreement Number 02026713-03


City	2005 Room Rate Only Guidelines	City	2005 Room Rate Only Guidelines	City	2005 Room Rate Only Guidelines
Huntsville	[**]	San Ramon	[**]

Independence, OH (Cleveland)	[**]	San Leandro, CA	[**]

Indianapolis	[**]	Santa Clara	[**]

Irving, TX	[**]	Santa Monica	[**]

Jacksonville	[**]	Santa Rosa	[**]

Kalamazoo	[**]	Sarasota	[**]

Kansas City	[**]	Schaumburg, IL	[**]

La Jolla	[**]	Scottsdale	[**]

Lansing	[**]	Seattle	[**]

Laredo	[**]	Southfield, Ml	[**]

Cities not listed on the Top City Hotel Room Rate Only Guideline Matrix, default to $[**] nightly rate.

Proprietary Information

Agreement Number 02026713-03

ADDENDUM B

International travel expenses shall be limited to the round-trip between the SBC on-site location and the resource’s point of entry into the United States.

SBC will provide Supplier with at least [**] day prior notice of all required travel to permit Supplier to obtain the lowest possible airfare. Travel costs for flights for which Supplier received [**] days notice will be calculated per the following table with the exception that, for international travel, flight costs will be charged at the rate of [**]. All other travel costs will be calculated in accordance with Section 3.4 above.

Aggregate travel and living expenses under all Work Order(s) shall be limited to no more than [**] of the aggregate amount paid by SBC under all Orders.

Destination

Dallas

St Louis

Bay Area

Chicago

Israel/Cyprus

Originating Location

Dallas

[**]

St Louis

[**]

Bay Area

[**]

Chicago

[**]

Israel /Cyprus

[**]

Proprietary Information

Amendment

No. 02026713.A.004

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Agreement Number 02026713.A.004

AMENDMENT NO. 4

AGREEMENT NO. 02026713

This Amendment No. 4, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier”) and AT&T Services, Inc., formerly known as SBC Services, Inc. (“SBC”), a Delaware corporation (“AT&T”), each of which may be referred to in the singular as “Party” or in the plural as “Parties.”

WITNESSETH

WHEREAS, Amdocs Software Systems Limited and AT&T have entered into that certain Agreement No. 03032360-1 pursuant to which AT&T has the right to obtain a license to use Amdocs’ Software;

WHEREAS, AT&T may desire Amdocs to implement customizations to such Software pursuant to the terms and conditions of the Agreement as amended herein; and

WHEREAS, Amdocs desires to implement customizations to the Software pursuant to the terms and conditions of the Agreement as amended herein.

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree as follows:

1.	TABLE OF CONTENTS, APPENDICES AND EXHIBITS is hereby amended to add the following:

Appendix 6.5 - Background Check

Exhibit F – Confidentiality and Invention Agreement

Exhibit G – Software/Technology Nondisclosure Agreement

Exhibit H – Disaster Recovery and Business Continuity Plan

Proprietary Information

The information contained in this Agreement is not for use or disclosure outside AT&T, Supplier, their Affiliates and their third party representatives, except under written agreement by the contracting Parties.

Agreement Number 02026713.A.004

2.	ARTICLE II - DEFINITIONS is hereby amended to include the following:

2.42

“AT&T Personal Data” means that portion of AT&T Data that is subject to any Privacy Laws and includes CPI (for example, under 47 U.S.C. § 222(b)) and CPNI.

2.43

“CPI” means Customer Proprietary Information.

2.44

“CPNI” “Customer Proprietary Network Information” or “CPNI” means (i)“customer proprietary network information” as defined under the Communications Act of 1934, as amended, including by the Telecommunications Act of 1996, and applicable Federal Communications Commission orders and regulations; (ii) any of the following information of any customer of AT&T, or any customer of any such customer, whether individual or aggregate, whether or not including identifying information: names, addresses, phone numbers, calling patterns, quantity, nature, technical configurations, locations, types, destinations or amount of use of telecommunications services received or calls received or made; (iii) information contained on the telephone bills of AT&T’s customers (including the customers of such customers) pertaining to telephone exchange service or telephone toll service received by a customer of AT&T or of any customer; (iv) unlisted customer numbers; (v) aggregate customer data with individual identifying information deleted; or (vi) information available to AT&T by virtue of AT&T’s relationship with its customers as a provider of telecommunications service, or by virtue of their customers’ relationships with their own customers as a provider(s) of telecommunications services.

2.45

“EAR Denied Persons List” shall mean the Export Administration Regulations denied persons list of the Bureau of Industry and Security of the United States Department of Commerce, as updated, or such other list of the United States that may replace, or be of similar subject matter to, the Export Administration Regulations denied persons list.

2.46

“Offshore Services” has the meaning given to it in Section 6.13.

2.47

“Privacy Laws” means Laws relating to data privacy, trans-border data flow or data protection.

2.48

“SDN Blocked Persons List” means the Specially Designated Nationals and Blocked Persons List of the Office of Foreign Assets Control of the United States Department of the Treasury, as it is updated, or such other list of the United States as may replace, or be of similar subject matter to, the Specially Designated Nationals and Blocked Persons list.

2.49

“Laws” means all national, federal, intergovernmental, regional, common, state and local laws, statutes, regulations, rules, executive orders, supervisory requirements,

Proprietary Information

Agreement Number 02026713.A.004

directives, circulars, opinions, orders, interpretive letters and other official releases of or by any government or quasi-governmental authority, or any authority, department or agency thereof, or any self-regulatory organization, anywhere in the world, including Privacy Laws.

3.	ARTICLE 3 - GENERAL TERMS Section 3.4 Compliance with Laws is hereby deleted and replaced in its entirety with the following:

3.4

Compliance with Laws:

Compliance with FCC Docket No. 96-115. Notwithstanding and without limiting any other provisions of this Agreement, Supplier represents and warrants that, with respect to the provision of the Services and the performance of its other legal and contractual obligations hereunder, it shall be in compliance with any Laws based on 47 U.S.C. § 222 (including the rules and orders issued from Federal Communications Commission’s CC Docket No. 96-115) and any Laws addressing similar subject matters, and shall remain in compliance with such Laws for the entire term of this Agreement, including identifying and procuring applicable permits, certificates, approvals and inspections required under such Laws.

Software, Equipment, Systems and Materials Compliance. Supplier warrants that, as of the Effective Date, the Software, Equipment, Systems and materials owned, provided or used by Supplier in providing the Services are in compliance with all applicable Laws, and Supplier covenants that they shall remain in compliance with all applicable Laws for the entire term of this Agreement and/or any applicable Order.

Compliance with Data Privacy Laws. Without limiting any other provisions of this Agreement, with respect to any AT&T Personal Data, Supplier shall comply with all Laws under applicable Privacy Laws (as well as Laws with respect to any CPNI or CPI). Supplier shall also provide AT&T with such assistance as AT&T may reasonably require to fulfill its responsibilities under the respective applicable Privacy Laws.

Compliance with Export Control Laws. The Parties expressly acknowledge their obligation to comply with all applicable Laws regarding export from the United States of computer hardware, Software, technical data or derivatives thereof, as such Laws may be modified from time to time. In their respective performance of the activities contemplated under this Agreement, neither party will directly or indirectly export (or re-export) any computer hardware, Software, technical data or derivatives of such hardware, Software or technical data, or permit the shipment of same: (a) into any country to which the United States has embargoed goods; (b) to anyone on the Denied Persons List, List of Specially Designated Terrorists or List of Specially Designated Narcotics Traffickers or (c) to any country or destination for which the United States government or a United States governmental agency requires an export license or other approval for export without first having obtained such license or other approval. Each Party will reasonably cooperate with the other and will provide to the other promptly upon request any end-user

Proprietary Information

Agreement Number 02026713.A.004

certificates, affidavits regarding re-export or other certificates or documents as are reasonably requested to obtain approvals, consents, licenses and/or permits required for any payment or any export or import of products or Services under this Agreement. To the extent within Supplier’ control, Supplier shall be responsible for, and shall coordinate and oversee, compliance with such export Laws in respect of such items exported or imported hereunder. This Section 3.4(i) shall not relieve Supplier of its obligation to perform the Services as provided herein, but such performance shall be undertaken in a manner complying with such Laws. Further, a change of any such Law shall not constitute a force majeure event pursuant to Section 3.10. The provisions of this Section 3.4(i) will survive the expiration or termination of this Agreement for any reason.

Executive Order Compliance. Supplier’s obligation to comply with all Laws includes the procurement of permits, certificates, approvals, inspections and licenses, when needed, in the performance of this Agreement. Supplier further agrees to comply with all applicable Executive and Federal regulations.

4.	ARTICLE 3 - GENERAL TERMS Section 3.9 Export Control is hereby deleted and replaced in its entirety with the following:

3.9

Export Control:

Export Laws. Supplier understands and agrees that any and all AT&T applications may not be exported or reexported to an embargoed country, or discussed, or reviewed by any citizen of the embargoed countries or entities (i.e., Cuba, Iran, Iraq, Libya, North Korea, and Syria). For all purposes, an embargoed country is considered both the geographic area containing the land mass and the citizens of that country, whether they are within the borders of the country or not. Additionally, Supplier understands and agrees that it will not allow access to any and all AT&T applications to any person from an embargoed country, even if living/working in another country. No one is authorized to work on this Work Order, if they are from an embargoed country.

5.	ARTICLE III - GENERAL TERMS Section 3.13 Information is hereby amended to add the following paragraph C Information – Customer.

Information - Customer:

For the purposes of this clause, “Information – Customer,” “Customer Information” includes, but is not limited to, customer name, address, phone number, information concerning a customer’s calling patterns, unlisted customer numbers, aggregate customer data with individual identifying information deleted, and Customer Proprietary Network Information (“CPNI”) which includes information available to AT&T by virtue of the AT&T’s relationship with its customers as a provider of telecommunications service and may include: the quantity, technical configuration, location, type, destination, amount of

Proprietary Information

Agreement Number 02026713.A.004

use of telecommunications service subscribed to, and information contained on the telephone bills of AT&T’s customers pertaining to telephone exchange service or telephone toll service received by a customer of AT&T. Except as provided herein, title to all Customer Information shall be in AT&T. Except as otherwise provided herein, no license or rights to any Customer Information are granted to Supplier hereunder.

Supplier acknowledges that Customer Information received may be subject to certain privacy laws and regulations and requirements of AT&T. Supplier shall consider Customer Information to be private, sensitive and confidential. Accordingly, with respect to Customer Information, Supplier shall comply with all applicable CPNI restrictions of the Telecommunications Act (47 U.S.C. § 222) and, for AT&T’s customers residing in California, the Constitution of California (Article I, § 1), the California Public Utilities Code (§§ 2891 – 2894), and General Order 107-B of the California Public Utilities Commission. Accordingly, Supplier shall:

not use any CPNI to market or otherwise sell products to AT&T’s customers;

make no disclosure of Customer Information to any party other than AT&T.

not incorporate any Customer Information into any database other than in a database maintained exclusively for the storage of AT&T’s Customer Information;

not incorporate any data from any of Supplier’s other customers, including Affiliates of AT&T, into AT&T’s customer database;

make no use whatsoever of any Customer Information for any purpose except to comply with the terms of this Agreement;

make no sale, license or lease of Customer Information to any other party;

restrict access to Customer Information to only those employees of Supplier that require access in order to perform Services under this Agreement;

implement and comply with a data security plan, approved in advance in writing by AT&T, and other procedures as may be agreed by AT&T and Supplier relative to the security of Customer Information at all times in performing Services hereunder;

prohibit access or use of Customer Information by any of Supplier’s other customers, Supplier’s Affiliates, or third parties except as may be agreed otherwise by AT&T; and

10.

promptly return all Customer Information to AT&T upon expiration, Termination or Cancellation of this Agreement or applicable schedule, unless expressly agreed or instructed otherwise by AT&T.

11.

comply with AT&T’s privacy policy, which can be found at privacy policies (which are available at http://att.sbc.com/gen/privacy-policy?pid=2506).; and

12.

immediately notify AT&T of any violation of this Subsection 5.C.

Proprietary Information

Agreement Number 02026713.A.004

6.	ARTICLE III - GENERAL TERMS Section 3.15 Insurance is hereby deleted and replaced in its entirety with the following:

With respect to Supplier’s performance under this Agreement, and in addition to Supplier’s obligation to indemnify, Supplier shall:

maintain the minimum insurance coverages and limits required by this Section and any additional insurance and/or bonds required by law.

at all times during the term of this Agreement and until completion of all Work associated with this Agreement, whichever is later; and

with respect to any coverage maintained in a “claims-made” policy, for two (2) years thereafter;

ii.

require each subcontractor that may perform Work under this Agreement or enter upon the Work site to maintain the same coverages and limits listed in this Section from the time when the subcontractor begins Work, throughout the term of the subcontractor’s Work and, with respect to any coverage maintained on a “claims-made” policy, for two (2) years thereafter;

iii.

procure the required insurance from an insurance company eligible to do business in the State where Work will be performed and having and maintaining a Financial Strength Rating of “A” or better and a Financial Size Category of “VIII” or better, as rated in the A.M. Best Key Rating Guide for Property and Casualty Insurance Companies, except that, in the case of Workers’ Compensation insurance, Supplier may procure insurance from the state fund of the state where Work is to be performed; and

iv.

deliver to AT&T certificates of insurance stating the types of insurance and policy limits, with a cancellation clause amended to read as follows: “The issuing company will endeavor to provide at least 30 days advance written notice of cancellation or non-renewal to AT&T”. Supplier shall deliver such certificates:

prior to commencement of any Work;

prior to expiration of any insurance policy required in this Section; and

for any coverage maintained on a “claims-made” policy, for two years following the term of this Agreement or completion of all Work associated with this Agreement, whichever is later.

The insurance coverage required by this Section includes:

Workers’ Compensation insurance with benefits afforded under the laws of the state in which the Work is to be performed and Employers Liability insurance with minimum limits of:

$1,000,000 for Bodily Injury – each accident

$1,000,000 for Bodily Injury be disease – policy limits

$1,000,000 for Bodily Injury by disease – each employee

To the fullest extent allowable by law, the policy must include a waiver of subrogation endorsed in favor of AT&T, its Affiliates, and their directors, officers and employees.

Proprietary Information

Agreement Number 02026713.A.004

ii.

Commercial General Liability insurance written on Insurance Services Office (ISO) Form CG 00 01 10 01 or later, with minimum limits of:

$2,000,000 General Aggregate limit

$1,000,000 each occurrence limit for all bodily injury or property damage incurred in any one (1) occurrence

$1,000,000 each occurrence limit for Personal Injury and Advertising Injury

$2,000,000 Products/Completed Operations Aggregate limit

$1,000,000 each occurrence limit for Products/Completed Operations

$1,000,000 Fire Legal Liability

The total limit may be met with any combination of primary and Umbrella/Excess Liability limits. The Commercial General Liability insurance policy must:

be endorsed to include AT&T, its Affiliates, and their directors, officers, and employees as Additional Insureds. Supplier shall provide a copy of the Additional Insured endorsement to AT&T prior to Work being performed. A copy of the Additional Insured endorsement must be provided at each Commercial General Liability policy renewal;

include a waiver of subrogation endorsed in favor of AT&T, its Affiliates, and their directors, officers and employees; and

be primary and non-contributory with respect to any insurance or self-insurance that is maintained by AT&T.

iii.

Automobile Liability insurance with minimum limits of $1,000,000 combined single limit per accident for bodily injury and property damage, extending to all owned, hired, and non-owned vehicles.

iv.

Professional Liability (Errors & Omissions) insurance with minimum limits of $1,000,000 each wrongful act.

Internet Liability and Network Protection (Cyberrisk) insurance with minimum limits of $1,000,000 each wrongful act.

vi.

Media Liability insurance with minimum limits of $1,000,000 each wrongful act.

7.	ARTICLE V – SPECIAL SOFTWARE TERMS, Section 5.4 Technology Standards is hereby amended to include the following paragraph C:

AT&T shall have final authority to promulgate its information technology architectures and standards (the “AT&T Standards”) and to modify or grant waivers from such AT&T Standards. Supplier shall comply with the AT&T Standards as set forth in this Agreement and subject to amendments to such Appendices through written amendment to this Agreement in its performance of the Services, subject to obtaining AT&T’s prior written approval for any deviations from such AT&T Standards.

Proprietary Information

Agreement Number 02026713.A.004

8.	ARTICLE VI - ONGOING SUPPORT SERVICES, Section 6.4 Access to AT&T Facilities is hereby amended to include the following:

Supplier’s employees include “foreign persons” within the meaning of the U.S. export control laws, and foreign persons employed by Supplier may, subject to Section 6.5, have access to AT&T computer or electronic data storage systems or networks in order to provide Services under this Agreement unless otherwise specifically set forth in a Work Order.

Online Access. If Supplier is given access, whether at AT&T’s premises or through remote facilities, to any AT&T computer or electronic data storage system in order for Supplier to perform the Services, Supplier shall limit such access and use solely to perform Services within the scope of the applicable Order(s) and will not attempt to access any AT&T computer system, electronic file, Software or other electronic services other than those specifically required to perform the Services specified in such Order (s). Supplier shall (i) limit such access to those Supplier personnel with an express requirement to have such access in connection with this Agreement and/or any Order and, in doing so, shall comply with Section 6.5, (ii) advise AT&T in writing of the name of each individual who will be granted such access, and (iii) strictly follow all AT&T security rules and procedures for use of AT&T’s electronic resources provided to Supplier from time to time. Upon AT&T’s request, Supplier shall provide the social security number or other personal identification of each of its representatives, including Supplier’s employees and subcontractors’ employees, who will need access to any AT&T system to perform Supplier’s obligations under this Agreement. All user identification numbers and passwords disclosed to Supplier and any information obtained by Supplier as a result of Supplier’s access to, and use of, AT&T’s computer and electronic storage systems shall be deemed to be, and shall be treated as, Information of AT&T pursuant to this Agreement hereof. Supplier shall cooperate with AT&T in the investigation of any apparent unauthorized access by Supplier to AT&T’s computer or electronic data storage systems or unauthorized release of Information of AT&T by Supplier or any Supplier personnel.

Network Access: Without limiting the foregoing, to the extent any Hardware provided or used by Supplier or Supplier Personnel is connected directly to the network(s) of AT&T, such Hardware shall be (i) subject to review and approval in advance by AT&T, (ii) in strict compliance with AT&T’s then-current security policies, architectures, standards, rules and procedures provided to Supplier in writing, and (iii) in strict compliance with AT&T’s then-current hardware and Software Specifications provided to Supplier in writing. Supplier shall not install or permit the installation of any other Software on such Hardware without AT&T’s prior approval.

Additionally, the presence of any Supplier Personnel on-site raises certain day-to-day practical issues as recognized in this Section, involving compliance with AT&T policies specified in the AT&T Code of Conduct as provided to Supplier in writing. AT&T will confirm that these rules incorporate site specific rules respecting access, security and similar matters. Supplier shall adhere to similar if not the same rules at Supplier’s location(s) from which Services and Materials are provided pursuant to this Agreement.

Proprietary Information

Agreement Number 02026713.A.004

Supplier Personnel working offshore can only access AT&T Systems/data while physically located in an AT&T approved Supplier facility as stated in the Work Order. Offshore Supplier Personnel may not at any time remotely access any AT&T System or data. Any exceptions must be submitted in writing to the OMO for approval.

As soon as reasonably possible after the execution of this Agreement and on [**] basis thereafter, Supplier will, [**], perform a security audit utilizing an independent auditor, as mutually agreed by the parties. Such security audit shall ensure that Supplier will strictly follow all AT&T security rules and procedures for use of AT&T’s electronic resources provided to Supplier and that Supplier will be in strict compliance with AT&T’s then-current security policies, architectures, standards, rules and procedures.

9.	ARTICLE VI - ONGOING SUPPORT SERVICES, Section 6.5 Background Check is hereby deleted in its entirety and replaced with the following:

6.5

Background Check:

Supplier shall comply with the requirements of Appendix 6.5 entitled Background Checks.

10.

ARTICLE VI - ONGOING SUPPORT SERVICES, Section 6.6 Confidentiality and Invention Agreement is hereby deleted and replaced in its entirety with the following:

6.6

Confidentiality and Invention Agreement and Non-Disclosure Agreement:

Prior to any employee or agent of Supplier or Supplier’s Sub-suppliers accessing any AT&T Software or Third Party Software provided by AT&T to Supplier, said employee or agent shall execute a copy of the Confidentiality and Invention Agreement, Exhibit F, as well as the Non-disclosure Agreement (“NDA”) attached hereto and G.

For existing employees or agents, Supplier will require any such employee or agent to execute the NDA and submit the originals to AT&T’s Offshore Management Office (“OMO”) as soon as possible.

For any such employee or agent subsequently assigned to perform Services on AT&T’s behalf, prior to said employee or agent having access to any such Software, including without limitation logging onto an AT&T’s network, Supplier will be required to ensure AT&T receives an executed NDA from each such employee or agent. In the event Supplier can not send the NDA to AT&T’s OMO for receipt prior to such access, Supplier will require such employee or agent to execute the NDA and Supplier will fax a copy of the NDA to AT&T’s OMO prior to such access and Supplier will immediately send the original to AT&T’s OMO.

Proprietary Information

Agreement Number 02026713.A.004

The address for AT&T’s OMO is:

[**]

Exhibits F and G are attached and incorporated hereby and becomes an integral part of this Agreement.

11.

ARTICLE VI - ONGOING SUPPORT SERVICES is hereby amended to add the following Sections:

6.11

Disaster Recovery and Business Continuity Plan:

Supplier will provide a Disaster Recovery and Business Continuity Plan at all times during the term of this Agreement for their offshore operations associated with each Project and or Application that is assigned to them by AT&T as set forth in Exhibit H, Disaster Recovery and Business Continuity Plan. Such Disaster Recovery and Business Continuity Plan shall be reviewed and mutually agreed upon with AT&T.

This should include, but not be limited to:

Demonstrate the existence of a recovery strategy, which is complimentary to AT&T that is exercised with documented conclusions and recommended improvements.

ii.

Ensure that failover processes and procedures are in place to support AT&T applications and these failover processes and procedures are exercised [**] (at a minimum).

iii.

Ensure that adequate communication documents, processes, and procedures are readily available and kept up to date.

6.12

Electronic Privacy Policy:

Supplier and all Supplier Personnel shall abide by the following policy AT&T has established for all electronic information systems:

AT&T electronic and computer resources are provided for the transaction of company business. The policy of AT&T with respect to information in electronic media (including but not limited to programs, databases, files, e-mail records) is no different from the policy concerning paper records. While AT&T at all times retains the right to inspect, record and/or remove all information made or kept by employees utilizing company resources, such inspection, recording, or removing takes place only on the basis of company need. Need includes but is not limited to management’s determination that reasonable cause exists for belief that laws, AT&T policies or management directives have been, are being, or may be broken or violated.

Proprietary Information

Agreement Number 02026713.A.004

Protection of AT&T systems/networks: Supplier and all Supplier Personnel shall follow all AT&T policies including AT&T Personal Data policies. Supplier shall provide AT&T with such assistance as AT&T may reasonably require in fulfilling its responsibilities under the respective applicable Privacy Laws.

AT&T Personal Data shall mean that portion of AT&T Data that is subject to any Privacy Laws. “Privacy Laws” shall mean Laws relating to data privacy, trans-border data flow or data protection such as the implementing legislation and regulations of the European Union member states under the European Union Directive 95/46/EC.

6.13

Offshore Transfer or Processing of AT&T Data:

Supplier represents and warrants that, to the extent that its performance of the Services includes the transfer, storage or processing outside of the United States of AT&T Data or other performance of the Services outside of the United States, such Services (the “Offshore Services”) will be (i) performed in accordance with the Agreement and Laws (including Privacy Laws) of the United States, European Union (if applicable) and any jurisdiction in which the Offshore Services are performed and (ii) performed such that Laws permit the transfer of the AT&T Data back into the United States, and future performance of the Services within the United States, without any additional cost to AT&T or authorization or permission of any Entity or government.

In the event that new Laws or changes in Laws (including as contemplated in Section a, Compliance with FCC Docket No. 96-115)): (i) require that any such Services be performed within the United States or any other jurisdiction; (ii) prohibit the performance of any Services as Offshore Services; or (iii) require that the AT&T Data used in connection with such Offshore Services be transferred back to the United States or restrict such AT&T Data from being transferred to or from, or processed in, stored in or accessed from any jurisdiction (collectively, “Offshore Impact”), and additional costs are required to be incurred in order to cause the Services to be performed in accordance with Laws, the Parties shall use commercially reasonable efforts to agree upon responsibility for such costs and any required modifications of the effected Work Order(s). In such event, and subject to the foregoing Supplier shall perform all necessary tasks in order to continue to perform the Services, including any Offshore Services, in compliance with Laws, including, as required by Laws, the performance of any or all Services within the United States. Upon the event of an Offshore Impact, the Parties will discuss and consider whether to allow Supplier to increase the number of resources working onsite, provided that AT&T will not be required to consent to any such increase. If the Parties are unable to agree upon responsibility for such costs and any required modifications of the effected Work Order(s) within [**] days of either Party’s request to do so, AT&T shall be entitled to Terminate the effected Work Order(s) for convenience in accordance with the Agreement.

Proprietary Information

Agreement Number 02026713.A.004

Supplier represents and warrants that, to the extent that Offshore Services are performed and to the extent that AT&T Data is transferred to, processed or stored outside, or accessed from outside of the United States and in addition to its other obligations under this Agreement, Supplier shall store and process AT&T Data and store and operate all Application Software in a secure environment designed, monitored and administered to prevent the violation of Laws or this Agreement. In addition, Supplier shall establish, and require all Supplier Personnel to comply with, stringent policies and rules regarding the removal of AT&T Data or Application Software from Supplier Facilities and otherwise requiring Supplier Personnel to act in accordance with this Agreement and Laws, and Supplier shall establish physical and logical measures to ensure that such policies and rules are followed. Under no circumstances shall AT&T Data or Application Software used in Offshore Services be removed from Supplier Facilities.

6.14

Service Facilities/Location:

The Services shall be provided at or from (i) an AT&T facility, (ii) service locations owned or leased by Supplier or (iii) an AT&T IT Sourcing approved Supplier’s offshore facility located in one of the approved locations listed below. Except to the extent set forth in this Agreement or otherwise solely agreed to by AT&T, Supplier shall provide the Services from within the continental United States or shall be limited to operations in Israel, Cyprus and India at all times during the term of this Agreement.

Approved Offshore Locations:

The Amdocs’ India resources will be located at the following address:

Cyber City Tower 2

6^th Floor

Magarpatta City

Hadapsar, Pune, India 411028

The Amdocs’ Israel resources will be located at the following addresses:


8 Hapnina St.	4 Hahrash St.	Shaar Hanegev
Ra’anana	Neve Neeman	Industrial Zone
43000	Hod Hasharon	Shderot
Israel	Israel	Israel

The Amdocs’ Cyprus resources will be located at the following address:

Cyprus Limassol

141, Omonia Avenue

The Maritime Center

P.O. Box 50483 3506 Limassol

Proprietary Information

Agreement Number 02026713.A.004

ii.

Establishing New Locations:

New Country/City:

In the event that an Offshore Supplier wants to start up business in a new country or city where AT&T work is to be performed:

•

The Offshore Supplier must notify the AT&T Offshore Management Office to seek a formal approval from the Executive Director of the AT&T Offshore Management Office.

New Building in Approved City:

In the event that an Offshore Supplier wants to begin providing services from a new building to perform AT&T work and it is within a city where they are currently working:

•

The Offshore Supplier must notify the AT&T Offshore Management Office to seek a formal approval from the Executive Director of the Offshore Management Office.

•

The Offshore Supplier must have the new address of the building audited by a reputable third party auditor.

•

The Offshore Supplier must give the most current version of AT&T’s Offshore Management Office External Audit Controls to the third party auditor to conduct the audit.

•

The audit must be conducted within [**] of the Offshore Personnel starting work in the new building.

6.15

Software and Hardware provided by AT&T to Supplier Personnel:

Supplier will provide standard desktop Hardware and Software required for the Project for offshore Supplier Personnel that Supplier would normally provide for Supplier’s own personnel working in a particular job title, while working from Supplier’s offshore service locations.

Supplier will bear the expense of any special accommodations or evaluations for Supplier’s own employees at an AT&T facility or an AT&T IT Sourcing approved facility.

Any Software licenses provided and / or purchased by AT&T for a Project for Use by Supplier Personnel, shall remain the property of AT&T and be returned to AT&T at end of the Term, Cancellation or Termination of the Work Order and / or this Agreement. Licenses will also be returned as any Supplier Personnel roll off any Project.

Any Hardware or memory upgrades provided and / or purchased by AT&T for a Project for Use by Supplier Personnel, shall remain the property of AT&T and be returned to AT&T at end of the Term, Cancellation or Termination of the Work Order and or this Agreement. Hardware and / or memory will also be returned as any Supplier Personnel roll off any Project.

Supplier will be responsible for tracking any Software licenses and or Hardware provided and or purchased by AT&T for a Project for use by the Supplier Personnel including the date received and the date returned to AT&T.

Proprietary Information

Agreement Number 02026713.A.004

The terms and conditions of Agreement No. 02026713 in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.

By:		/s/ John J. Horgan



Printed Name:		John J. Horgan



Title:		President - Administrative Operations, North America

Date:		September 27, 2006


AT&T Services, Inc.

By:		/s/ Beverly J. Madsen



Printed Name:		Beverly J. Madsen



Title:		Associate Director- Strategic Sourcing

Date:		September 27, 2006

Proprietary Information

Agreement Number 02026713.A.004

Appendix 6.5 – Background Check

Confidential Materials omitted and filed separately with the Securities and Exchange Commission. A total of 7 pages were omitted. [**]

Proprietary Information

Agreement Number 02026713.A.004

Exhibit F - Confidentiality and Invention Agreement

CONFIDENTIALITY AND INVENTION AGREEMENT

This Agreement (“Agreement”) dated is made by the individual named below (“I” or “me”), who is engaged to perform work at [Insert name of AT&T company that worker will be doing work for.] (“AT&T Company”), as a worker of (“Supplier”) under the terms and conditions of the agreement named below, between Supplier and <!AT&T!>.

I.	Background

I have been engaged by Supplier to provide services to AT&T Company. I may be hired by Supplier as a full or part-time employee, a temporary worker, or as an independent contractor

II.

Information. I agree and understand that the term “Information” means any technical, customer or business information in written, graphical, oral or other tangible or intangible forms, including but not limited to, specifications, records, data, computer programs, tax returns, tax workpapers, drawings, models and secrets which AT&T Company may have in its possession or be legally obligated to keep confidential. I understand that during the course of my work at AT&T Company, I may have access to Information that belongs to AT&T Company, its customers or other parties, or may be subject to privacy laws and laws regarding secrecy of communications, and that unauthorized disclosure of such Information may be harmful or prejudicial to the interests of AT&T Company. I agree not to disclose, copy, publish, or any way use, directly or indirectly, such Information for my purposes or the purposes of others, unless such disclosure or use is expressly authorized in writing by AT&T Company. I agree to keep such Information in a secure environment to prevent the inadvertent disclosure of such Information to others. I acknowledge and agree that all such Information remains the exclusive property of AT&T Company and I agree not to remove such Information from AT&T Company’s possession or premises by physical removal or electronic transmission unless I have written authorization from AT&T Company to do so.

III.

Innovations

I understand that during and incident to my work at AT&T Company, I may create inventions, discoveries, improvements, computer or other apparatus programs, and related documentation and other works of authorship (“Innovations”), whether or not patentable, copyrightable, or subject to other forms of legal protection. I assign to AT&T Company all of my rights, title and interest (including rights in copyright) in and to all Innovations I make, create or develop, either solely or jointly with others, during my work at AT&T Company for which Supplier was paid by AT&T Company for my work or for which I used AT&T Company’s materials or facilities. I agree that the above assignment is binding upon my estate, administrators, or other legal representatives or assigns.

I agree to promptly notify AT&T Company of all such Innovations. Whenever requested by AT&T Company, I shall promptly execute, without additional compensation, any and all instruments which AT&T Company may deem necessary to assign and convey to AT&T Company all of my rights, title and interest in and to all such Innovations. In addition, I agree to assist AT&T Company in preparing copyright or patent applications and to execute such applications and all documents required to obtain copyrights or patents for such Innovation, all at AT&T Company’s expense including compensation to me at the rates specified in the agreement named below. I agree that my obligation to execute such instruments shall continue after the expiration of my work with AT&T Company.

THIS AGREEMENT DOES NOT APPLY TO ANY INVENTION MADE IN THE STATE OF KANSAS FOR WHICH NO EQUIPMENT, SUPPLIES, FACILITIES OR TRADE SECRET INFORMATION OF AT&T COMPANY WAS USED AND WHICH WAS DEVELOPED ENTIRELEY ON MY OWN TIME, UNLESS (1) THE INVENTION RELATES TO THE BUSINESS OF THE AT&T COMPANY OR THE AT&T COMPANY’S ACTUAL OR DEMONSTRABLY ANTICIPATED RESEARCH OR DEVELOPMENT OR (2) THE INVENTION RESULTS FROM ANY WORK PERFORMED BY ME FOR AT&T COMPANY. THIS AGREEMENT DOES NOT APPLY TO AN INVENTION MADE IN CALIFORNIA WHICH QUALIFIES FULLY UNDER THE PROVISIONS OF CALIFORNIA LABOR CODE SECTION 2870. Section III, Paragraphs 1 and 2 do not apply to any Innovation which, under the provisions in the Agreement named below, is to be other than the sole and exclusive property of AT&T Company; the title provisions of said agreement apply to any such above Innovation.

IV.

Administrative Terms

This Agreement shall be effective as of the date executed below, and shall remain in effect notwithstanding my termination of employment with Supplier or termination of my work at AT&T Company.

In the event that any provision of this Agreement is held to be invalid or unenforceable, then such invalid or enforceable provisions shall be severed, and the remaining provisions shall remain in full force and effect to the fullest extent permitted by law.

I have read, understand and agree to abide by this Agreement.


By:						Date:



Print Name:						Social Security Number:

Address:



Agreement No. between Supplier and <!ATT!>:						Effective Date:

Proprietary Information

Agreement Number 02026713.A.004

Exhibit G - Non Disclosure Agreement Concerning

Encryption Software/Technology Exported from the United States

I, , enter into this nondisclosure agreement with Amdocs, Inc. (“Amdocs”), in connection with its work on behalf of AT&T Services, Inc., formerly known as SBC Services, Inc. (“SBC”), collectively (AT&T), and agree to be bound by the following:

I understand that I may be assigned to perform software development and maintenance work under a contract between Amdocs and AT&T.

I understand that under this contract I may have access to certain encryption software and technology. This software/technology may be exported from the United States in accordance with the U.S. Export Administration Regulations. Diversion contrary to U.S. law is prohibited.

I understand my employer Amdocs and AT&T have an agreement concerning the ownership of the intellectual property rights to any software and technology provided by either party under this contract referenced in paragraph 1, as well as any software and technology that may be developed pursuant to such contract, and that my access to and use of the software and technology is exclusively for the internal company use of AT&T, including development of new software, services or products for AT&T.

I will not re-export, re-transfer or otherwise disclose to any third party the software and technology provided to me by AT&T without the prior written consent of AT&T, including after the completion of my contractual duties.

I am not a citizen or lawful permanent resident of any country currently subject to Anti-Terrorism export controls under the U.S. Export Administration Regulations, which currently are designated in Country Group E:1 on the attached list.

Under the penalties of perjury provided by law, I declare that I have examined this document, and to the best of my knowledge and belief, it is true, correct, and complete. I understand that my commitments above are made for the benefit of AT&T, as well as Amdocs. I also understand that my failure to comply with my commitments above may result in my removal from all current and future work performed under contract with AT&T, as well as potential legal action by the US Government agencies charged with enforcing US export control laws.

Signature

Printed Name

Date

Proprietary Information

Agreement Number 02026713.A.004

Attachment A

U.S. Export Administration Regulations – Commerce Control Chart. See the pages following

Proprietary Information

Agreement Number 02026713.A.004

Exhibit H - Disaster Recovery and Business Continuity Plan

Amdocs BCP/DRP Summary

Amdocs is a global company with development centers located around the world. At Amdocs, we are totally committed to providing the best possible products and services to our customers, and our commitment includes the ability to continue providing those products and services in the event of a major catastrophe at one of our development centers.

Our global presence inherently supports the BCP concept. All BCP/DRP operations world-wide are coordinated by a dedicated corporate BCP/DRP team. Since all of our development centers are interconnected, in the event of a major catastrophe, employees from damaged locations can relocate to alternate Amdocs facilities—in the same region or another region, depending on the situation—to continue supporting customer operations.

Our DRP strategy is based on ongoing replication of data to other Amdocs facilities, allowing full recovery of data from damaged sites and ensuring our capability to fully restore the damaged environment. Amdocs data centers are remotely monitored 24 x 7 x 365 and supported by technical professionals spread across the globe. In addition to DRP preparations, backups are performed on a daily basis, and tapes are tested and shipped to off-site storage facilities on a regular basis.

Our BCP/DRP plans are regularly tested and updated as needed to comply with changes in technologies and business needs.

The size of the company and the level of expertise across sites allow Amdocs, in case of a catastrophic event, to send development, operational, and technical reinforcement teams to customer sites to provide support and resolve issues following a disaster. In addition, other professional groups can be sent to assist and reinforce disaster recovery personnel. This allows Amdocs to provide ongoing support to our customers in a disaster situation until normal operations can resume.

Below are the alternate BCP/DRP destinations for the Amdocs sites currently supporting AT&T.


Raanana	[**]
Hod Hasharon	[**]
Negev	[**]
Cyprus / Maritime	[**]	[**]
India / Magarpatta	[**]	[**]

Proprietary Information

Agreement Number 02026713.A.005

Amendment

No. 02026713.A.005

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.005

AMENDMENT NO. 5

AGREEMENT NO. 02026713

This Amendment No. 5, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”) and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties.”

WITNESSETH

WHEREAS, Amdocs Software Systems Limited and AT&T have entered into that certain Agreement No. 03032360-2 pursuant to which AT&T has the right to obtain a license to use Amdocs’ Software;

WHEREAS, AT&T may desire Amdocs to implement customizations to such Software and other Software previously licensed by Amdocs to AT&T, and to provide other Services relating to such Software pursuant to the terms and conditions of the Agreement as amended herein; and

WHEREAS, Amdocs desires to implement customizations to the Software and provide other Services relating to such Software pursuant to the terms and conditions of the Agreement as amended herein.

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree as follows:

1.	TABLE OF CONTENTS, APPENDICES AND EXHIBITS is hereby amended in accordance with the following:


Delete:		Exhibit G – Software/Technology Nondisclosure Agreement

Delete:		Appendix 6.5 Background Checks

Add:		Appendix 6.5(a) Background Checks – U.S., and Appendix 6.5(b) Background Checks – Non-U.S.

Add:		Appendix 7. 272 Compliance

Proprietary Information

Agreement Number 02026713.A.005

2.	ARTICLE III — GENERAL TERMS 3.1 Affiliate is hereby amended to add the following paragraphs:

For the avoidance of doubt, Services provided under the Electronic Bill Payment Program (EBPP) Software Licenses and Services, Agreement No. 20021218.4.C, dated April 28, 2003 between AT&T Corp. and Amdocs Software Systems Limited are hereby incorporated under this Agreement. The EBPP application consists of Amdocs’ Licensed Software known as Amdocs Corporate Self Care along with custom code that Amdocs has delivered to AT&T per Agreement Number 20021218.4.C.

Agreement Number 20021218.4.C was terminated as of December 31, 2006 per Notice of Termination effective March 7, 2007. Upon the effective date of this Amendment, this change shall apply retroactively to January 1, 2007. The Parties further agree to ratify all past actions taken between the above-referenced Termination of Agreement Number 20021218.4.C and the date when this Amendment is effective.

Additionally, for the avoidance of doubt, Services provided to AT&T Mobility, LLC, under the draft Work Orders entered into between the parties from July 27, 2007, to the date of this Amendment No. 5 are hereby incorporated under this Agreement. The Parties further agree to ratify all past actions taken under the draft Work Orders between July 27, 2007 and the date when this Amendment No. 5 is effective.

3.	ARTICLE III — GENERAL TERMS 3.1 Affiliate is hereby amended to delete the fifth sentence thereof and to replace it with the following:

The parties expressly agree, however, that [**] under this Agreement [**] between the Parties, or any amendments or restatements of such agreement.

4.	ARTICLE III — GENERAL TERMS 3.2 Amendments and Waivers, paragraph b is hereby amended to delete the following from this clause:

[**]

5.	ARTICLE III — GENERAL TERMS 3.33 Title to Work, is hereby amended to add paragraph g as follows:

For avoidance of doubt, the parties’ respective intellectual property rights in all Work provided by Supplier to AT&T Mobility, LLC, formerly known as [**] (“AT&T Mobility”) under all Work Orders and Statements of Work signed by Supplier and AT&T Mobility, all licenses to Software granted to AT&T Mobility, and all Maintenance Services ordered by AT&T Mobility prior to July 27, 2007, shall be governed by the terms and conditions of the Master Agreement between Supplier and

Proprietary Information

Agreement Number 02026713.A.005

AT&T [**] (including all applicable exhibits, annexes and amendments thereto). All such Software licenses shall apply only to [**]. In the event that [**] desires to order licenses to additional Software and/or additional Maintenance Services, the terms of such licenses and Maintenance Services shall be agreed to and specified in additional Orders under Agreement No. 03032360-2.

6.	ARTICLE III — GENERAL TERMS 3.8 Entire Agreement, first paragraph, last sentence is hereby amended to delete the following:

and (ii) the MASTER AGREEMENT for SOFTWARE AND SERVICES between AMDOCS, INC. and [**] to be executed after completion of this Agreement.

7.	ARTICLE III — GENERAL TERMS Section 3.15 Insurance is hereby deleted and replaced in its entirety with the following:

3.15

Insurance.

(a)

With respect to Amdocs’ performance under this Agreement, and in addition to Amdocs’ obligation to indemnify, Amdocs shall comply with this Section.

(b)

Amdocs shall maintain insurance coverages and limits required by this Section and any additional insurance and/or bonds required by law:

(i)

at all times during the term of this Agreement and until completion of all Services associated with this Agreement, whichever is later; and

(ii)

with respect to any coverage maintained in a “claims-made” policy, for two (2) years following the term of this Agreement or completion of all Services associated with this Agreement, whichever is later. If a “claims-made” policy is maintained, the retroactive date must precede the commencement of Services under this Agreement;

(c)

Amdocs shall require each Subcontractor that may perform Services under this Agreement or enter upon the AT&T Facilities or Amdocs facilities to maintain coverages, requirements, and limits at least as broad as those listed in this Section from the time when the subcontractor begins performance of Services, throughout the term of the Subcontractor’s performance of Services and, with respect to any coverage maintained on a “claims-made” policy, for two (2) years thereafter;

(d)

Amdocs shall procure the required insurance from an insurance company eligible to do business in the state or states where Services will be performed and having and maintaining a Financial Strength Rating of “A-” or better and a Financial Size Category of “VII” or better, as rated in the A.M. Best Key Rating Guide for Property and Casualty Insurance Companies, except that, in the case of Workers’ Compensation insurance, Amdocs may procure insurance from the state fund of the state where Services are to be performed; and

Proprietary Information

Agreement Number 02026713.A.005

(e)

Amdocs shall deliver to AT&T, certificates of insurance stating the types of insurance and policy limits, with a cancellation clause amended to read as follows: “The issuing company will endeavor to provide at least 30 days advance written notice of cancellation or non-renewal to AT&T”. Amdocs shall deliver such certificates:

(i)

prior to execution of this Agreement and prior to commencement of any Services;

(ii)

prior to expiration of any insurance policy required in this Section; and

(iii)

for any coverage maintained on a “claims-made” policy, for two (2) years following the term of this Agreement or completion of all Services associated with this Agreement, whichever is later.

(f)

The Parties agree:

(i)

the failure of AT&T to demand such certificate of insurance or failure of AT&T to identify a deficiency will not be construed as a waiver of Amdocs’ obligation to maintain the insurance required under this Agreement;

(ii)

that the insurance required under this Agreement does not represent that coverage and limits will necessarily be adequate to protect Amdocs, nor be deemed as a limitation on Amdocs’ liability to AT&T in this Agreement;

(iii)

Amdocs may meet the required insurance coverages and limits with any combination of primary and Umbrella/Excess liability insurance; and

(iv)

Amdocs is responsible for any deductible or self-insured retention.

(g)

The insurance coverage required of Amdocs by this Section shall include:

(i)

Workers’ Compensation insurance with benefits afforded under the laws of the state in which the Services are to be performed and Employers Liability insurance with minimum limits of:

$500,000 for Bodily Injury – each accident

$500,000 for Bodily Injury be disease – policy limits

$500,000 for Bodily Injury by disease – each employee

Proprietary Information

Agreement Number 02026713.A.005

To the fullest extent allowable by law, the policy must include a waiver of subrogation in favor of AT&T, its Affiliates, and their directors, officers and employees.

In states where Workers’ Compensation insurance is a monopolistic state-run system, Amdocs shall add Stop Gap Employers Liability with limits not less than $500,000 each accident or disease.

(ii)

Commercial General Liability insurance written on Insurance Services Office (ISO) Form CG 00 01 12 04 or a substitute form providing equivalent coverage, covering liability arising from premises, operations, personal injury, products/completed operations, and liability assumed under an insured contract (including the tort liability of another assumed in a business contract) with minimum limits of:

$2,000,000 General Aggregate limit

$1,000,000 each occurrence limit for all bodily injury or property damage incurred in any one (1) occurrence

$1,000,000 each occurrence limit for Personal Injury and Advertising Injury

$2,000,000 Products/Completed Operations Aggregate limit

$1,000,000 each occurrence limit for Products/Completed Operations

$1,000,000 Damage to Premises Rented to You (Fire Legal Liability)

(iii)

The Commercial General Liability insurance policy must:

(1)

include AT&T, its Affiliates, and their directors, officers, and employees as Additional Insured. Amdocs shall provide a copy of the Additional Insured endorsement to AT&T. The Additional Insured endorsement may either be specific to AT&T or may be “blanket” or “automatic” addressing any person or entity as required by contract. A copy of the Additional Insured endorsement must be provided within 60 days of execution of this Agreement and within 60 days of each Commercial General Liability policy renewal;

(2)

include a waiver of subrogation in favor of AT&T, its Affiliates, and their directors, officers and employees; and

(3)

be primary and non-contributory with respect to any insurance or self-insurance that is maintained by AT&T.

Proprietary Information

Agreement Number 02026713.A.005

(iv)

Business Automobile Liability insurance with minimum limits of $1,000,000 each accident for bodily injury and property damage, extending to all owned, hired, and non-owned vehicles.

(v)

Umbrella/Excess Liability insurance with limits of at least $1,000,000 each occurrence and in the aggregate with terms and conditions at least as broad as the underlying Commercial General Liability, Business Auto Liability, and Employers Liability policies. Umbrella/Excess Liability limits will be primary and non-contributory with respect to any insurance or self-insurance that is maintained by AT&T.

(vi)

Fidelity or Crime insurance covering employee dishonesty. Amdocs shall include a client coverage endorsement written for limits of $1,000,000 in the aggregate and shall include AT&T as Loss Payee.

(vii)

Professional Liability (Errors & Omissions) insurance with minimum limits of $1,000,000 each claim or wrongful act and in the aggregate.

(viii)

Internet Liability and Network Protection (Cyber risk) insurance with minimum limits of $1,000,000 each claim or wrongful act and in the aggregate.

(ix)

Media Liability insurance with minimum limits of $1,000,000 each claim or wrongful act and in the aggregate.

(x)

Property insurance with limits equal to the replacement cost of Amdocs’ Business Personal Property at the location where Services are to be performed under this Agreement. The Property insurance policy will include a waiver of subrogation in favor of AT&T, its Affiliates, and their directors, officers and employees.

8.	ARTICLE VI — ONGOING SUPPORT SERVICES, Section 6.1 Allowable Expenses, is hereby amended by adding the following to the end of the Section:

Additionally, the Parties agree as follows:

Travel and living expenses will not be paid for resources working at their primary work location or in the same metropolitan area as their primary work location.

Travel and living expenses for Telegence and Amdocs Charging (previously known as Enabler) Custom Software Development release Orders for AT&T Mobility:

The [**] aggregate travel and living expenses shall be limited to no more than [**] of the aggregate amount paid by AT&T for Work under all the Custom Software Development release Orders during the applicable [**] period. Specific Custom Software Development release Orders will be capped at [**] for Work under such Orders as long as the annual average of all the Custom Software Development release Orders will not exceed [**] under all of the Custom Software Development release Orders.

Proprietary Information

Agreement Number 02026713.A.005

Travel and living expenses for Lightspeed Custom Software Development release Orders:

The [**] aggregate travel and living expenses shall be limited to no more than [**] for Work under all the Custom Software Development release Orders during the applicable [**] period. Specific Custom Software Development release Orders will be [**] as long as the [**] average of all the Custom Software Development release Orders will [**].

The [**] travel and living expenses for Production Support Orders shall be limited to no more than [**].

Travel and living expenses for all other Orders shall be limited to no more than [**], unless agreed otherwise by the Parties in a specific Order as long as the [**] average of all the Orders will not exceed [**].

The [**] of travel and living expenses will occur each [**]. In the event that the total travel and living expenses exceed [**] Amdocs will provide AT&T a credit for the dollar amount that exceeds [**].

9.	ARTICLE VI — ONGOING SUPPORT SERVICES, Section 6.5 Background Check is hereby deleted in its entirety and replaced with the following:

6.5

Background Check/Drug Screening:

With respect to any Amdocs Personnel providing Services from locations in the United States, Amdocs shall comply with the requirements of Appendix 6.5(a) (Background Checks (U.S.)). With respect to any Amdocs Personnel who provide Services from locations outside of the United States, Amdocs shall comply with the requirements of Appendix 6.5 (b) (Background Checks — non-U.S.).

10.

ARTICLE VI — ONGOING SUPPORT SERVICES, Section 6.6 Confidentiality and Invention Agreement, reference to Exhibit G in paragraph a and paragraph e is hereby deleted. Paragraph f. Compliance with Export/Import Law and Foreign Trade Controls is hereby added in its entirety with the following:

f. Compliance with Export/Import Law and Foreign Trade Controls

1.1

Proprietary Information

Agreement Number 02026713.A.005

the European Union and other foreign trade control laws, rules and regulations restricting their transfer to certain countries and parties including but not limited to the US Export Administration Regulations and trade sanctions programs administered by the US Department of the Treasury. Supplier shall comply with all applicable export control and other foreign trade laws, rules and regulations in performance of its obligations hereunder, and shall not use, resell, export, transfer, distribute, dispose or otherwise deal with the AT&T applications or any technical data related thereto, directly or indirectly, except in full compliance with such laws, rules and regulations.

1.2.

Neither Party shall use, sell, export, re-export, distribute, transfer, dispose or otherwise deal with any such Material or any direct product thereof nor undertake any transaction or Service without first obtaining all necessary written consents, permits and authorizations and completing such formalities as may be required by any such laws or regulations.

1.3

Supplier shall be solely responsible for arranging export clearance, including applying for and obtaining any permits, licenses or other authorizations and complying with export clearance formalities, for all exports of Materials and Services made hereunder, including but not limited to exports by Supplier to its affiliates or subcontractors and exports from such affiliates or subcontractors to Supplier or to AT&T in the United States. AT&T agrees to use reasonable efforts to obtain and provide to Supplier in a timely manner any end-user, end-use and other documentation and certifications as may reasonably be requested by Supplier in support of any applications made to relevant government authorities in connection with such exports.

1.4.

AT&T shall not be responsible or otherwise assume any responsibility for the importation of articles into any country (including the United States). Supplier expressly agrees to be responsible for any and all importations.

1.5.

Supplier specifically represents and warrants that it shall not export/re-export or otherwise transfer the AT&T applications, Materials or Services to any country that is subject to US trade sanctions imposed from time to time (currently, Cuba, Iran, North Korea, Sudan and Syria), to any persons or entities located in or organized under the laws of such country, or who are owned or controlled by or acting on behalf of the governments of such countries, as well as to citizens of such countries, or to persons identified from time to time on applicable US government restricted party lists (the US Department of Commerce’s Denied Party List, Entity List, Unverified List; the US Department of the Treasury’s List of Specially Designated Nationals and Other Blocked Persons; the US Department of State’s various non-proliferation lists).]

Proprietary Information

Agreement Number 02026713.A.005

1.6

Supplier represents and warrants that it has in place compliance mechanisms sufficient to assure compliance with applicable export control and foreign trade control laws, rules and regulations. Supplier shall not do anything which would cause AT&T to be in breach of applicable export control or foreign trade control laws, rules and regulations, and shall protect, indemnify and hold harmless AT&T from any claim, damages, liability costs, fees and expenses incurred by AT&T as a result of the failure of omission of Supplier to comply with such laws, rules and regulations.

1.7

Failure by Supplier to comply with applicable export control and foreign trade control laws, rules and regulations shall constitute a material breach of this Agreement.

11.

ARTICLE VI — ONGOING SUPPORT SERVICES is hereby amended to add the following Section:

6.16. Amdocs shall comply with the requirements of Appendix 7 entitled 272 Compliance.

12.

Appendix 1.2(4) Reimbursable Expenses

Amdocs and AT&T agree to delete the Appendix 1.2(4) Reimbursable Expenses attached to the Agreement, in its entirety, and replace it with the revised Appendix 1.2(4) Vendor Expense Policy, attached herewith.

13.

Exhibit G — Software/Technology Nondisclosure Agreement

Amdocs and AT&T agree to delete the Exhibit G – Software/Technology Nondisclosure Agreement attached to the Agreement, in its entirety.

14.

Appendix 7. 272 Compliance

Amdocs and AT&T agree to add Appendix 7., 272 Compliance, which is attached to the Agreement, in its entirety.

15.

Appendix 3.39 Form of Qualified Custom Software Development Order for Custom Software Development Associated with Software Master Agreement # 03032360, Section 14. Compensation, with respect to [**] only is hereby amended as follows:

The first paragraph of Section 14 shall not apply to [**], and Mobility Custom Software Development Orders may include a final payment milestone and such provisions will be negotiated and mutually agreed to on an Order by Order basis.

Proprietary Information

Agreement Number 02026713.A.005

16.	ARTICLE III GENERAL TERMS Section 3.19 MBE/WBE/DVBE shall apply to Orders placed by [**] commencing on October 1, 2007.

Proprietary Information

Agreement Number 02026713.A.005

The terms and conditions of Agreement No. 02026713 in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.		AT&T Services, Inc.

By:	/s/ Thomas C. Drury	By:	/s/ Maureen Merkle



Printed Name:	Thomas C. Drury	Printed Name:	Maureen Merkle



Title:	President	Title:	President-Procurement

Date:	9-27-07	Date:	9-26-07

Proprietary Information

Agreement Number 02026713.A.005

Appendix 1.2(4)

Reimbursable Expenses

1.0 GENERAL

AT&T Vendor Expense Policy (VEP) provides guidelines to be followed by all vendors of AT&T in requesting reimbursement for business travel, meals and other business related expense. Expenses outside this policy are not reimbursable.

The following principles apply to requests for expense reimbursement:

When spending money that is to be reimbursed, vendors must ensure that an AT&T Company (“Company”) receives proper value in return. Prudent and proper judgment must be used in reporting and approving business expenses.

The concept that a vendor and their employees are ‘entitled’ to certain types or amounts of expenditures while conducting business with the Company is erroneous. Personal expenditures reported for reimbursement should be billed exactly as they were incurred. The use of averages for any type expenditure or combination of expenditures is not permitted except as specifically provided or documented in a contract.

Every vendor and AT&T employee who certifies or approves the correctness of any voucher or bill should have reasonable knowledge the expense and amounts are proper and reasonable. In the absence of the adoption of such policy, or existing contractual agreements, these guidelines are considered the minimum requirements for requesting reimbursement of Company funds. These policies should be included in any new or renewed contract with a contractor or consultant.

Deviations from this VEP must be approved in writing by the sponsoring Senior Manager or Officer of an AT&T company.

Employees should refer to the Section entitled “Payments” in the Schedule of Authorizations For Affiliates of AT&T, Inc. for appropriate vendor invoice authorization approval levels.

The origination of a given expenditure for business purposes is the responsibility of the vendor incurring the expense and the authorization of that expense is the responsibility of the appropriate level of AT&T management in accordance with the Schedule of Authorizations For Affiliates of AT&T, Inc.

Proprietary Information

Agreement Number 02026713.A.005

1.1 Non-Reimbursable Expenses

The following expenses are considered non-reimbursable:

•

Airline club membership fees, dues, or upgrade coupon

•

Meals not consistent with AT&T employee policy

•

Annual credit card fees

•

Barber/Hairstylist/Beautician Expenses

•

Car rental additional fees associated with high speed toll access programs

•

Car Washes

•

Entertainment expenses

•

Health Club and Fitness facilities

•

Hotel Safe rental

•

Upgrades on airline fees

•

Excessive tips, i.e., in excess of 15% of cost of meal or services, excluding tax

•

PC, cell phone, and other vendor support expenses

•

Meals not directly required to do business on the AT&T account (e.g. vendors cannot voucher lunch with each other simply to talk about AT&T)

•

In-flight drinks

•

Magazines & newspapers

•

Personal entertainment

•

Expenses associated with spouses or other travel companions

•

Office expenses of vendors

•

Surcharges for providing fast service (not related to delivery charges such as Fedex, UPS, etc.). AT&T expects all vendors to complete the terms of contracts in the shortest period practicable. Charges for shortening the timeframe in which contracts are fulfilled are not permissible.

•

Vendors may not submit expenses to cover meals or expenses for an AT&T employee, whether in a home location or on official travel

•

Travel purchased with prepaid air passes.

•

Birthday cakes, lunches, balloons, and other personal celebration/recognition costs

•

Break-room supplies for the vendor, such as coffee, creamer, paper products, soft drinks, snack food

•

Water (bottled or dispensed by a vendor)

•

Clothing, personal care, and toiletries

•

Laundry (except when overnight travel is required for 7 or more consecutive nights)

•

Flight or rental car insurance

•

Flowers, cards and gifts

•

Hotel pay-per-view movies, Video Games and/or mini bar items

•

High speed internet access in hotels (added to 3.5)

•

Lost luggage

•

Traffic or Parking Fines

•

Tobacco Products

•

Medical supplies

•

Membership fees to exercise facilities or social/country clubs

•

Movies purchased while on an airplane

•

Phone usage on airline unless business emergency

Proprietary Information

Agreement Number 02026713.A.005

Failure to comply with the above mentioned restrictions will result in the Company refusing payment of charges or pursuing restitution from the vendor.

2.0 RESPONSIBILITIES

2.1 Vendor’s Responsibility

AT&T’s sponsoring client managers will ensure that vendors have been covered on this policy prior to incurring any expenditures. Vendors and their sponsoring client managers are responsible for clarifying any questions or uncertainties they may have relative to reimbursable business expenses.

It is mandatory that financial transactions are recorded in a timely manner. Out-of-pocket business expense(s) for vendors that are not submitted for reimbursement within [**] from the date incurred are considered non-reimbursable. Company managers who are responsible for approving reimbursable expenses of vendors should ensure they are submitted and approved in a timely manner.

2.2 AT&T Sponsoring Management Responsibility

Prior to authorizing reimbursement to the vendor for expenditures, it is the responsibility of the AT&T managers authorizing the payment to determine that:

•

The expenditure is reasonable and for a legitimate business purpose.

•

The expenditure complies with the policies contained in this document, the Code of Business Conduct, and other applicable Company practices.

•

All expenses are reviewed through Payment.Net or on form AT&T-4472APA and that expenses are prepared in accordance with proper accounting details.

In addition, the sponsoring AT&T managers are responsible for ensuring the Vendor Expense Policy has been communicated to each vendor, and that the information contained herein is proprietary/confidential information and ensures its security and confidentiality. The Vendor must agree to maintain this information in confidence.

3.0 TRAVEL POLICY

Vendors must first consider the feasibility of using videoconferencing or teleconferencing as an alternative to travel. Travel that is to be reimbursed by AT&T should be incurred only as necessary.

AT&T reserves the right to dispute any expense submittal and if not verifiable as valid may reject reimbursement. Reimbursements will be made to vendor only after expenses are verified as valid.

3.1 Travel Authorization

Travel requiring overnight stays must be approved by the sponsoring AT&T senior manager (5^th level or above) and should be approved only if it is necessary for the vendor to travel to perform required work.

Proprietary Information

Agreement Number 02026713.A.005

3.2 Travel Reservations

Vendors are expected to procure the most cost efficient travel arrangements, preferably equivalent to the AT&T discount rate. AT&T does not reimburse for travel purchased with prepaid air passes.

3.3 Travel Expense Reimbursement

Vendor travel expenses incurred for company business are reimbursable only as specified in these guidelines. Travel expenses may include the following:

•

transportation (airfare or other commercial transportation, car rental, personal auto mileage, taxi and shuttle service)

•

meals and lodging

•

parking and tolls

•

tips/porter service (if necessary and reasonable)

The expense must be ordinary and necessary, not lavish or extravagant, in the judgment of the AT&T sponsoring management. Any reimbursement request must be for actual expenditures only.

3.4 Air Travel Arrangements

3.5 Hotel Arrangements

AT&T has established Market-Based Room Rate Guidelines for vendors to reference when making hotel reservations (see Addendum A). Vendors are expected to abide by these guidelines when making hotel arrangements. AT&T will only reimburse vendors up to the established room rate guideline in each market, or for actual hotel lodging charges incurred, whichever is less. There must be a strong business justification for incurring any cost for internet access, and a request for reimbursement must be accompanied by a detailed explanation regarding reason for charge.

Note: Vendors must indicate the number of room nights on the transaction line when invoicing for reimbursement of hotel expenses. Copies of all hotel bills must be made available for any invoice containing lodging charges.

3.6 Ground Transportation

Proprietary Information

Agreement Number 02026713.A.005

“Loss Damage Waiver” and “Extended Liability Coverage” are not considered reimbursable. Prepaid fuel or refueling charges at the time of return are not reimbursable.

Rental cars should be refueled before returning to the rental company, since gas purchased through the rental company carries an expensive refueling service charge.

3.7 Use of Personal Vehicle

3.8 Parking

If airport parking is necessary, vendors must use long term parking facilities. Additional costs for short term, valet or covered parking are not reimbursable.

3.9 Entertainment

Entertainment expense is not reimbursable to vendors. Entertainment includes meal expense involving AT&T personnel, golf fees, tickets to events and related incidental expenses. Hotel charges for a pay-per-view movie, individual sightseeing tours, or other individual activities (i.e., golf, sporting event, movie, etc.) are not reimbursable.

3.10 Laundry and Cleaning

Reasonable laundry charges during business trips of seven or more consecutive nights are reimbursable based on actual expenses incurred.

3.11 Communications

The actual cost of landline telephone calls for AT&T business are reimbursable. The use of AT&T products is required when available.

AT&T will not reimburse vendors for cell phone bills. With prior consent of the sponsoring AT&T Senior Manager, only individual calls that exceed a vendor’s rate plan that are necessary to conduct business for AT&T may be reimbursed.

Charges for high speed internet access are not reimbursable.

3.12 Business Meals (Travel and Non-Travel)

Vendors are expected to find reasonably priced dining alternatives. As a general rule, vendors are expected to spend [**] inclusive of tax and gratuity. This includes all meals, beverages and refreshments purchased during the day. Requests for reimbursement should break out the amount for meals and list the related number of travel days. If breakfast is offered as part of the hotel accommodation rate, no additional reimbursement will be permitted for breakfast. Vendors may not submit expenses to cover meals or expenses for an AT&T employee, whether in a home location or on official travel.

Proprietary Information

Agreement Number 02026713.A.005

AT&T managers authorizing invoices will be held accountable for ensuring that vendors are following this policy and are spending Company funds economically.

3.13 Flowers, Greeting Cards, Gifts and Incentive Awards

The cost of gifts, flowers, birthday lunches, or greeting cards is considered a personal expense and is not reimbursable. For example, vendors making a donation or providing a gift for a fund-raiser for AT&T may not submit such an expense to AT&T for reimbursement.

3.14 Loss or Damage to Personal Property

The Company assumes no responsibility for loss or damage to a vendor’s personal property during business functions or hours.

3.15 Publications

Subscriptions to or purchases of magazines, newspapers and other publications are not reimbursable.

Proprietary Information

Agreement Number 02026713.A.005

ADDENDUM A

AT&T 2007 Hotel Room Rate Only Guidelines

City

2007

Guideline

City

2007

Guideline

City

2007

Guideline

Anchorage

[**]

Downers Grove

[**]

Teaneck

[**]

Fairbanks

[**]

Hoffman Estates

[**]

Tinton Falls

[**]

Ketchikan

[**]

Joliet

[**]

Warren

[**]

Glennallen

[**]

Matteson

[**]

Whippany

[**]

Fayetteville

[**]

Oak Lawn

[**]

Pahrump

[**]

Hot Springs

[**]

Peoria

[**]

Reno

[**]

Little Rock

[**]

Rosemont

[**]

Buffalo

[**]

Mesa

[**]

Schaumburg

[**]

New York

[**]

Phoenix

[**]

Springfield

[**]

Syracuse

[**]

Tempe

[**]

Willowbrook

[**]

White Plains

[**]

Tucson

[**]

Columbus

[**]

Tarrytown

[**]

Anaheim

[**]

Indianapolis

[**]

Vestal

[**]

Arcadia

[**]

South Bend

[**]

Canton

[**]

Bakersfield

[**]

Overland Pk

[**]

Cleveland

[**]

Barstow

[**]

Shawnee

[**]

Columbus

[**]

Buena Park

[**]

Topeka

[**]

Dayton

[**]

Burbank

[**]

Wichita

[**]

Dublin

[**]

Burlingame

[**]

Boston

[**]

Hudson

[**]

Carson

[**]

Cambridge

[**]

Independence

[**]

Dublin

[**]

Tewksbury

[**]

Pinkerington

[**]

Eureka

[**]

Columbia

[**]

Reynoldburg

[**]

Fresno

[**]

Greenbelt

[**]

Richfield

[**]

Garden Grove

[**]

Hagerstown

[**]

Toledo

[**]

Hayward

[**]

Ann Arbor

[**]

Youngstown

[**]

Irvine

[**]

Deaborn

[**]

Oklahoma City

[**]

Long Beach

[**]

Detroit

[**]

Tulsa

[**]

Los Angeles

[**]

Grand Rapids

[**]

Pittsburg

[**]

Oakland

[**]

Grandville

[**]

Memphis

[**]

Pasadena

[**]

Lansing

[**]

Abilene

[**]

Pleasanton

[**]

Livonia

[**]

Amarillo

[**]

Rancho Cordova

[**]

Plymouth

[**]

Austin

[**]

Riverside

[**]

Saginaw

[**]

Beaumont

[**]

Sacramento

[**]

Southfield

[**]

Corpus Christi

[**]

San Diego

[**]

Troy

[**]

Dallas

[**]

San Francisco

[**]

Minneapolis

[**]

El Paso

[**]

San Gabriel

[**]

Chesterfield

[**]

Houston

[**]

San Jose

[**]

Earth City

[**]

Irving

[**]

San Leandro

[**]

Festus

[**]

Lubbock

[**]

San Luis Obispo

[**]

Jefferson City

[**]

Plano

[**]

San Ramon

[**]

Joplin

[**]

Richardson

[**]

Proprietary Information

Agreement Number 02026713.A.005

Santa Ana

[**]

Kansas City

[**]

San Antonio

[**]

Temucla

[**]

Maryland Heights

[**]

The Woodlands

[**]

Torrance

[**]

Poplar Bluff

[**]

Waco

[**]

Walnut Creek

[**]

St Josept

[**]

Chantilly

[**]

Denver

[**]

Saint Louis

[**]

Arlington

[**]

Colorodo Springs

[**]

Charlotte

[**]

Fairfax

[**]

Greenwood Village

[**]

Durham

[**]

Falls Church

[**]

Meriden

[**]

Triangle Park

[**]

Herndon

[**]

New Haven

[**]

BaskingRidge

[**]

Sandston

[**]

Washington

[**]

Bernardsville

[**]

Sterling

[**]

Wilmington

[**]

Bridgewater

[**]

Vienna

[**]

Ft. Lauderdale

[**]

Cranbury

[**]

Bellevue

[**]

Jacksonville

[**]

Edison

[**]

Seattle

[**]

Orlando

[**]

Iselin

[**]

Bellevue

[**]

Tampa

[**]

Morristown

[**]

Appleton

[**]

Alpharetta

[**]

Parsippany

[**]

Brookfield

[**]

Atlanta

[**]

Piscataway

[**]

Milwaukee

[**]

Augusta

[**]

Princeton

[**]

Madison

[**]

Lawrenceville

[**]

Red Bank

[**]

Oak Creek

[**]

Arlington Heights

[**]

Short Hills

[**]

Chicago

[**]

Somerset

[**]

Cities not listed on this Top City Hotel Room Rate Only Guideline Matrix, default to $[**] nightly rate

Proprietary Information

Agreement Number 02026713.A.005

Appendix 6.5(a)

Background Checks - U.S.

Background Check

Confidential Materials omitted and filed separately with the Securities and Exchange Commission. A total of 5 pages were omitted. [**]

Proprietary Information

Agreement Number 02026713.A.005

Appendix 6.5(b)

Background Checks – Non-U.S.

Confidential Materials omitted and filed separately with the Securities and Exchange Commission. A total of 10 pages were omitted. [**]

Proprietary Information

Agreement Number 02026713.A.005

Appendix 7

272 Compliance

Amdocs, Inc. (“Amdocs”) and AT&T Services, Inc. (“AT&T”) are parties Services under this Agreement for the benefit of AT&T’s Section 272-Restricted Separate Affiliates.

Pursuant to Section 15.10 (Compliance with Laws) of the Agreement, each Party must comply with Law, including the Federal Telecommunications Act of 1996 (the “Act”).

Section 272 of the Act conditions a Bell Operating Company’s (“BOC’s”) provision of certain in-region interLATA telecommunications services, among other things, on a Federal Communications Commission (“FCC”) finding that such BOC complies with the safeguards and requirements of Section 272 of the Act. The FCC adopted certain rules interpreting and implementing the requirements of Section 272. AT&T and its affiliates have compliance obligations under Section 272 and such FCC rules.

In connection with such compliance obligations and FCC rules, Amdocs shall:

(i) furnish Amdocs Personnel providing support for, or Services to, AT&T’s Section 272-Restricted Separate Affiliates with a copy of “The Separate Affiliate Safeguards, Section 272 Compliance Obligations Applicable to InterLATA Telecommunications Services and Manufacturing Under the Federal Telecommunications Act of 1996”¹ (the “Section 272 Compliance Guide”, attached hereto in Schedule E.3, AT&T Rules),

(ii) require that each Amdocs Personnel (a) read and review the Section 272 Compliance Guide, and (b) provide written acknowledgment thereof to Amdocs (no later than [**] of each year of the Term), and

(iii) furnish to AT&T no later than [**] of each year of the Term a written acknowledgment in the form attached hereto as in Schedule E.3, AT&T Rules (the “Supplier’s Acknowledgment Form”).

More commonly referred to as the “Section 272 Compliance Guide for Temporary Workers and Independent Contractors.” With respect to Section 272, the guide provides (i) a glossary of key terms, (ii) describes the activities generally subject to the Section 272 affiliate safeguards, (iii) details the principal structural and transactional requirements, (iv) explains the nondiscrimination and accounting requirements, and (v) reviews certain joint marketing requirements.

Proprietary Information

Agreement Number 02026713.A.005

Section 272 Compliance Guide for Temporary Workers and Independent Contractors

AT&T Inc.

THE SEPARATE AFFILIATE SAFEGUARDS

SECTION 272 COMPLIANCE OBLIGATIONS

APPLICABLE TO INTERLATA TELECOMMUNICATIONS

SERVICES AND MANUFACTURING UNDER THE

FEDERAL TELECOMMUNICATIONS ACT OF 1996

October 2006

Section 272 Compliance Guide

for

Temporary Workers and Independent Contractors

The fact that you are reviewing Section 272 Compliance Information should not be construed as employee training. The contract between AT&T Inc. and your employer requires you to comply with all laws and regulations. Even though you are not an employee of AT&T Inc. your review today is required because your job function involves providing support for, or services to, AT&T Inc.’s Section 272-Restricted affiliates.

In the course of performing your job functions related to AT&T Inc.’s Section 272-Restricted affiliates your actions could have serious consequences for SBC. Section 272 compliance information will educate you about your responsibility to comply with Section 272 of the Federal Telecommunications Act of 1996 requirements and FCC rules and regulations. Section 272 governs the relationship between the AT&T BOCs/ILECs, the Advanced Services affiliates (ASI/AADS), and AT&T’s long distance affiliates.

Proprietary Information

Agreement Number 02026713.A.005

I. Introduction

In February 1996, the Federal Telecommunications Act of 1996 (the Act) became law. While the Act permitted each Bell Operating Company (BOC) (see Glossary of Key Terms for specific company names), or any affiliate of a BOC, to immediately provide interLATA telecommunications services that originate outside its in-region states, the Act conditioned a BOC’s provision of in-region interLATA telecommunications services (other than those services previously authorized or considered incidental interLATA services under the Act) upon approval from the Federal Communications Commission (FCC) to provide such services and meet certain conditions under Section 271 of the Act. Under Section 271, the FCC is required to find, among other things, that the BOC will comply with the safeguards and requirements stated in Section 272 of the Act.

Since the Act was passed, the FCC adopted certain rules interpreting and implementing the requirements of Section 272. The purpose of this employee guide is to provide an overview of compliance obligations under Section 272 and the FCC rules for AT&T Inc. and its affiliates. The guide addresses the BOC’s obligations relative to AT&T’s long distance affiliates (SBC Long Distance, LLC, AT&T Corp. and certain of its affiliates², and SNET America, Inc.) and AT&T’s advanced services affiliates (ASI and AADS.³) For purposes of this guide, SBC Long Distance, AT&T Corp. and certain of its affiliates, SNET America, Inc., and ASI/AADS are collectively referred to as the Section 272-Restricted Separate Affiliates. Questions about other portions of the Act should be directed to your supervisor or Legal Department.

This employee guide provides a Glossary of Key Terms (Section II), describes the activities generally subject to the affiliate safeguards (Section III), details the principal Section 272 structural and transactional requirements (Section IV), explains the nondiscrimination requirements (Section V) and accounting requirements (Section VI), and reviews certain Joint Marketing requirements (Section VII). The guide closes with a brief discussion to assist employees in obtaining answers to questions (Section VIII).

AT&T Inc. and its subsidiaries are committed to compliance with both the letter and the spirit of the Act, including Section 272. Each employee is responsible for knowing and understanding these requirements and acting in accordance with them when performing their job.

II. Glossary of Key Terms

Specific activities of the BOCs/ILECs and their affiliates are subject to separate affiliate safeguards and requirements of Section 272 of the Act and the FCC’s rules. The following definitions will assist you in understanding when these safeguards and requirements apply.

2.	For a complete list of the AT&T Corp. 272 affiliates, see end of 272 Compliance following Section VIII.

3.	The FCC, in its December 2002 ASI Forbearance Order, continued the 272-like obligations originally imposed under the SBC/Ameritech merger conditions on SBC’s Advanced Services affiliates (SBC Advanced Solutions, Inc. (ASI), and Ameritech Advanced Data Services (AADS)).

RESTRICTED – PROPRIETARY INFORMATION

The information contained herein is for use by authorized employees of AT&T, Amdocs and their Affiliated Companies only, and is not for general distribution within those companies or for distribution outside those companies except by written agreement.

Agreement Number 02026713.A.005

Advanced Services - wireline telecommunications services such as Frame and Cell Relay, ATM, and DSL that rely on packetized technology and support bi-directional speeds in excess of 56 kilobits per second.

Advanced Solutions, Inc. (ASI) / Ameritech Advanced Data Services (AADS) – affiliates, structurally separate from the former SBC BOCs and ILECs, that may provide interstate or intrastate advanced services. (Also known as Section 272-like Affiliates.)

AT&T Corp. (and all pre-merger affiliates) – the legal entity consisting of AT&T Corp. and its pre-merger subsidiaries that are structurally separate from the former SBC BOCs and ILECs and provide interLATA telecommunications services on both an in-region and out-of-region basis. For 272 compliance purposes, AT&T Corp. and all pre-merger affiliates will be considered Section 272 Separate Affiliates.

BOC – Bell Operating Company, which includes Illinois Bell Telephone Company, Indiana Bell Telephone Company, Inc., Michigan Bell Telephone Company, Nevada Bell Telephone Company, Pacific Bell Telephone Company, Southwestern Bell Telephone Company, The Ohio Bell Telephone Company, Wisconsin Bell, Inc. and any successor or assign of these companies that provide wireline telephone exchange service.

ILEC – Incumbent Local Exchange Carrier, which includes Southern New England Telephone Company and The Woodbury Telephone Company, and the BOCs listed above.

InterLATA telecommunications service - the offering of telecommunications for a fee directly to the public, between a point located in a local access and transport area (LATA) and a point located outside that LATA.

In-region interLATA telecommunications service of a BOC - interLATA telecommunication service of a BOC that originates in a state where a BOC is the incumbent provider of local exchange and exchange access services (i.e., in-region). SBC’s in-region states are Arkansas, California, Kansas, Missouri, Nevada, Oklahoma, Texas, Illinois, Ohio, Indiana, Michigan and Wisconsin. (Connecticut is deemed to be an out-of-region state for purposes of interLATA telecommunications services but in-region for purposes of advanced services.)

Information service - generally speaking, the offering of a capability for generating, acquiring, storing, transforming, processing, retrieving, utilizing or making available information via telecommunications. The term encompasses each service that the FCC previously considers to be an “enhanced service.”

InterLATA information service - any information service which incorporates as a necessary, bundled element an interLATA telecommunications transmission component, provided to the customer for a single charge.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.005

InterLATA information service of a BOC - an interLATA information service in which a BOC provides the interLATA telecommunications transmission component either over its own facilities or by reselling the interLATA telecommunications services of an interexchange carrier.

Manufacturing - the design, development, and fabrication of telecommunications equipment and customer premises equipment (CPE), including the development of firmware or software integral to the functioning of telecommunications equipment or CPE. This does not include design and development of applications software, or provision of generic requirements and functional specifications to manufacturers. It also does not include research related to manufacturing, close collaboration with manufacturers during the design and development phase, and entering into royalty agreements with manufacturers.

Section 272 Oversight Team – the internal interdepartmental team established to provide advice, counsel and direction for the BOCs and Section 272 affiliates in interpreting and implementing Section 272 of the Federal Telecommunications Act. This team provides employee training and reviews proposed product/service offerings, reorganizations, management changes and other activities impacting the BOCs/ILECs and the Section 272-Restricted Separate Affiliates.

Section 272-Restricted Separate Affiliates – refers collectively to SBCLD, AT&T Corp. and its affiliates, and ASI/AADS. These entities, along with the BOCs (and to a certain extent, the ILECs), are subject to Section 272 requirements as described herein.

SBC Long Distance, LLC. (SBCLD) - an affiliate, structurally separate from AT&T’s BOCs and ILECs, that provides interLATA telecommunications services on an in-region and out-of-region basis and local exchange services on an out-or-region basis. (Also known as a Section 272 Separate Affiliate).

III. Activities Subject to the Separate Affiliate Safeguards

With certain exceptions, a BOC may engage in the following activities only through one or more affiliates that are “separate” (as defined by Section 272) from the BOC:

•

provision of in-region interLATA telecommunications services,

•

provision of a service that permits a customer to store information in or retrieve information from BOC-owned (or BOC affiliate-owned) information storage facilities located in a LATA different than where the customer is located,

•

manufacturing of telecommunications equipment and CPE, and

•

provision of in-region intraLATA advanced services.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.005

The exceptions in which a BOC may provide an interLATA service, or engage in manufacturing-related activities, without a separate affiliate requirement are:

•

provision of interLATA information services (both in-region and out-of-region);

•

provision of interLATA telecommunications services (but not interLATA information services) previously authorized by the Modified Final Judgment (MFJ);

•

research related to manufacturing, close collaboration with manufacturers during the design and development phase, and entering into royalty agreements with manufacturers;

•

“incidental” interLATA services, including:

•

audio/video programming,

•

two-way interactive video or Internet services over dedicated facilities to elementary and secondary schools,

•

commercial mobile services,

•

alarm monitoring services,

•

information storage and retrieval services across LATA boundaries from company-owned database and information storage facilities,

•

provision of signaling information related to telephone exchange/exchange access services provided by a local exchange carrier, and

•

provision and receipt of interexchange carrier network control signaling information.

IV. Structural and Transactional Requirements

The Section 272-Restricted Separate Affiliates must be structurally and transactionally separate from any BOC with which they are affiliated. There are several aspects to this separation requirement:

First, the Section 272-Restricted Separate Affiliates must “operate independently” from a BOC/ILEC affiliate. The intent of this requirement is to prevent a BOC/ILEC from integrating its local exchange and exchange access operations with its Section 272-Restricted Separate Affiliates’ activities to such an extent that the affiliate could not reasonably be found to be operating independently and to be self-governing. Pursuant to this requirement, a BOC/ILEC and its Section 272-Restricted Separate Affiliate may not jointly own any transmission and switching facilities, nor the land or buildings where such facilities are located. Activities permitted under the “operate independently” requirement include:

•

A BOC/ILEC may perform operations, installation and maintenance (OI&M) functions, including network planning and engineering, associated with the facilities that the Section 272-Restricted Separate Affiliates owns or leases if done so on a non-discriminatory basis (that is, under the same price, terms and conditions) and subject to the FCC’s affiliate accounting rules.⁴ Before an OI&M service is provided to an affiliate, (1) the service request must be channeled through the Industry Markets Account Team, and (2) necessary revisions to the BOCs Cost Allocation Manual (CAM) must be made.

•

Likewise, the Section 272-Restricted Separate Affiliates may perform OI&M functions for a BOC subject to the BOC meeting a non-discriminatory procurement obligation. (See Section V for more information.)

Prior to March 31, 2004, SBC’s BOCs/ILECs were prohibited from providing operation, installation and maintenance (OI&M) functions for SBC LD. This prohibition was lifted pursuant to the FCC OI&M Relief Order that eliminated rules prohibiting the sharing of OI&M functions (including network planning and engineering) between the BOCs/ILECs and SBC LD.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.005

•

The Section 272-Restricted Separate Affiliates may negotiate with the BOC/ILEC on an arm’s length basis (subject to a nondiscrimination obligation imposed on the BOC) to obtain telecommunications services or transmission and switching facilities (e.g., unbundled elements) from the BOC.

•

A BOC may provide to, or obtain from, the Section 272-Restricted Separate Affiliates goods, services, facilities and information if done so on a non-discriminatory basis. (See Section V for more information.)

Second, the Section 272-Restricted Separate Affiliates must maintain books, records, and accounts that are separate from the books, records, and accounts of the BOC/ILEC.

Third, the Section 272-Restricted Separate Affiliates must have officers, directors, and employees that are separate from the officers, directors, and employees of the BOC/ILEC. This means that the same person may not simultaneously serve as an officer, director or employee, in any combination, of both a BOC/ILEC and its Section 272-Restricted Separate Affiliates.

Fourth, the Section 272-Restricted Separate Affiliates may not obtain credit under any arrangement that would permit a creditor, upon default by the Section 272-Restricted Separate Affiliate, to have recourse to the assets of the BOC/ILEC. No BOC/ILEC, parent of a BOC/ILEC, or any other affiliate of a BOC/ILEC may co-sign a contract or any other instrument with the Section 272-Restricted Separate Affiliates that would grant a creditor recourse to the BOC/ILEC’s assets in the event of default by the Section 272-Restricted Separate Affiliates.

Fifth, transactions between the Section 272-Restricted Separate Affiliates and a BOC/ILEC must be conducted on an arm’s length basis, priced according to affiliate transaction pricing rules,

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.005

reduced to writing, and made available for public inspection. Among other things, this means that a BOC/ILEC must not conduct business with its Section 272-Restricted Separate Affiliates without a written contract or tariff, and no service may be provided until the written contract is executed and signed by both parties. In addition, requests for any type of service to be provided by a BOC/ILEC to a 272 affiliate must be coordinated through the appropriate BOC Industry Markets account team as well as reviewed by the Section 272 Oversight Team. Finally, within [**] of a transaction, the Section 272-Restricted Separate Affiliates must provide, on AT&T’s external Internet home page, a detailed description of the transaction, including terms, conditions and pricing. The information must also be made available for public inspection at the BOC’s or ILEC’s principal place of business. (See Operating Practice 125 for affiliate transaction procedures and VI Accounting Requirements below.)

V. Nondiscrimination Requirements

Several nondiscrimination requirements are meant to ensure that a BOC treats all other entities in the same manner as it treats its Section 272-Restricted Separate Affiliates. These requirements are applicable to the ILECS (Southern New England Telephone Company and The Woodbury Telephone Company) only to the extent that they are dealing with the advanced services affiliates, ASI/AADS.

More specifically, outside a limited exception relating to the Joint Marketing of interLATA services⁵, a BOC may not discriminate in favor of its Section 272-Restricted Separate Affiliates regarding either the provision or procurement of “goods, services, facilities and information.” Accordingly, a BOC must provide to any other entity the same “goods, services, facilities and information” that it provides to its separate affiliate, at the same rates, terms and conditions. This quoted phrase is broadly interpreted. It encompasses, but is not limited to:

•

unbundled network elements,

•

collocation of equipment, facilities, or employees,

•

network information,

•

nonpublic information belonging to or about a BOC (does not include customer proprietary network information (CPNI)),

•

administrative and support services (e.g., human resources/accounting/tax/data processing/regulatory),

•

access to operational support systems,

•

transfers of ownership of facilities, and

•

development of new products or services.

For example, employees who have access to and use BOC non-public information, may not share that information with a Section 272-Restricted Separate Affiliate or use that information to

5	There is a limited exception for shared administrative floor space by ASI/AADS, the Section 272-like Affiliates.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.005

benefit a Section 272-Restricted Affiliate, unless the BOC makes the information available to third parties. These rules relating to information use and sharing apply whether the employee works for a BOC or another affiliate. In addition, if such an employee transfers to a Section 272-Restricted Separate Affiliate, no BOC information may be transferred or used in the new job.

Non-BOC affiliates, such as a shared services affiliate, may provide services to Section 272-Restricted Separate Affiliate absent a nondiscrimination obligation. However, if the shared services affiliate uses any BOC goods, services, facilities or information to provide services to the Section 272-Restricted Separate Affiliate, the BOC must make these “inputs” available on a nondiscriminatory basis. This situation is known as a chaining transaction, and must be properly recorded under the affiliate transaction procedures.

In order to ensure BOC non-public information is appropriately safeguarded by certain employees in shared services affiliates, company policy requires “siloing” or separation of employees who perform services for a Section 272-Restricted Separate Affiliate away from employees with access to BOC non-public information. Implementing this control, where there would otherwise be a risk of sharing BOC non-public information with employees performing services for a Section 272-Restricted Separate Affiliate, helps ensure compliance with the nondiscrimination obligation.

Protecting access to non-public BOC information is a matter of high importance. The Code of Business Conduct makes employees responsible for understanding and applying applicable laws and regulations, and for protecting proprietary information. It is important that proper safeguards are implemented to protect data and information in corporate databases and websites from inadvertent access by unauthorized employees. As a general rule, employees of the Section 272-Restricted Separate Affiliates as well as employees of shared services affiliates who are siloed to perform services for the Section 272-Restricted Separate Affiliates should not receive or have access to non-public BOC information. Exceptions to such rule must be approved in advance by the Section 272 Oversight Team and/or the Legal Department. Any inadvertent disclosure of non-public BOC information to the Section 272-Restricted Separate Affiliates is considered provision of such information and must be properly recorded as an affiliate transaction and made available to other entities on a non-discriminatory basis.

Although the nondiscrimination rules of Section 272 do not apply to customer proprietary network information (CPNI), there are specific rules that do apply to the use and sharing of CPNI. Employees must be familiar with those rules or check with a supervisor or the Legal Department before using CPNI on behalf of, or sharing CPNI with, any affiliate, including any Section 272-Restricted Separate Affiliate.

Under the nondiscriminatory procurement requirement, a BOC is subject to an unqualified prohibition against discriminating between its Section 272-Restricted Separate Affiliates and an

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.005

unaffiliated entity in the procurement of goods, services, facilities, or information. For example, a BOC may not purchase interLATA telecommunications services solely from its Section 272-Restricted Separate Affiliate, purchase equipment from its Section 272-Restricted Separate Affiliate at inflated prices, or give any preference to the Section 272-Restricted Separate Affiliate’s interLATA services in the procurement process.

In addition, a BOC also may not discriminate between its Section 272-Restricted Separate Affiliates and other entities in the establishment of standards. A BOC may not establish or adopt any standard – “industry-wide” or otherwise — that has the effect of favoring the separate affiliate and disadvantaging an unaffiliated entity. The FCC has indicated that, with respect to “industry-wide” standards, an open and nondiscriminatory public process in which all interested parties have an opportunity to participate (as required by Section 273), will be sufficient to satisfy this nondiscrimination requirement. However, standards established by a BOC in some other manner that have the effect of favoring the separate affiliate and disadvantaging an unaffiliated entity may be a violation of this nondiscrimination requirement.

Finally, there are several nondiscrimination requirements applicable to the “fulfillment of certain requests.” Under these requirements a BOC (or any affiliated ILEC):

•

must fulfill any unaffiliated entity’s request for telephone exchange service and exchange access within a response time no greater than the response time it provides to itself or its affiliates, and make available to unaffiliated entities information regarding the service intervals provided to themselves or their affiliates;

•

must not provide any facilities, services or information concerning its provision of exchange access to its Section 272-Restricted Separate Affiliates unless the facilities, services or information are made available to other providers of interLATA services in that market on the same terms and conditions;

•

must charge the Section 272-Restricted Separate Affiliates, or impute to itself, an amount for access to its telephone exchange service and exchange access that is no less than the amount charged to any unaffiliated interexchange carrier. A BOC’s volume and term discounts are subject to this requirement. A Section 272-Restricted Separate Affiliates’ purchase of telephone exchange service and exchange access at tariffed rates, or a BOC’s imputation of tariffed rates, would meet this requirement; and

•

may provide to its Section 272-Restricted Separate Affiliates any interLATA or intraLATA facilities or services which it is otherwise authorized to provide (e.g., the incidental interLATA services described above) if the facilities or services are made available to all carriers at the same rates and on the same terms and conditions, and so long as the costs are appropriately allocated.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.005

VI. Accounting Requirements

A BOC (or any affiliated ILEC) must account for all transactions with the Section 272-Restricted Separate Affiliates in accordance with the FCC’s accounting rules. Generally, these rules provide that:

•

Assets or services sold or transferred between a BOC (or any affiliated ILEC) and its Section 272-Restricted Separate Affiliates pursuant to a tariff must be recorded at the tariffed rate. Rates in publicly filed interconnection agreements or statements of generally available terms and conditions may be used if a tariff rate is not available.

•

Non-tariffed assets or services sold or transferred between a BOC (or any affiliated ILEC) and its Section 272-Restricted Separate Affiliates that qualify for a prevailing price must be recorded at the prevailing price. (Prevailing price has a specific meaning. Please consult your supervisor or the legal or regulatory departments if you need further information about the application of the prevailing price rule in transactions between a BOC and its Section 272-Restricted Separate Affiliates.)

•

All other assets sold or transferred by a BOC (or any affiliated ILEC) to its Section 272-Restricted Separate Affiliates must be recorded at the higher of fair market value (FMV) and net book cost. All other assets purchased by or transferred to a BOC (or any affiliated ILEC) from its Section 272-Restricted Separate Affiliates must be recorded at the lower of FMV and net book cost.

•

All other services provided by a BOC (or any affiliated ILEC) to its separate affiliate must be recorded at the higher of FMV and fully distributed cost (FDC). All other services provided by a Section 272-Restricted Separate Affiliates to a BOC (or any affiliated ILEC) must be recorded at the lower of FMV and FDC.

Employees may refer any questions regarding affiliate transaction rules and processes to the Affiliate Oversight Group, as outlined in Operating Practice 125.

Under an additional accounting safeguard, the Act requires that a BOC pay for audits that test compliance with the requirements of Section 272. An audit will be conducted every [**] by an independent auditor under the direction of federal and state regulators. Employees are expected to comply with requests for data and/or information from the independent auditor as deemed necessary to conduct and complete the audit engagement.

VII. Joint Marketing

A BOC may market and sell the interLATA services provided by its Section 272 Affiliates on an exclusive basis; however, the BOC must continue to advise new customers of their right to select their choice of interexchange carrier in compliance with the FCC’s equal access rules. Generally, the exclusive joint marketing functions are defined as customer ordering, inquiries, and sales activity. To the extent that the BOC allows its Section 272 Separate Affiliate to market and sell the BOC’s local telephone exchange services, the BOC must allow other unaffiliated entities to do the same.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.005

VIII. For More Information

Every effort has been made to ensure that this employee guide will answer any general questions you may have; however, there may be occasions where either no answer is provided to your specific question or the answer may be unclear even after you refer to this guide. Those questions should be directed through your organization’s Section 272 Compliance Coordinator and/or Legal department to the Section 272 Oversight Team as necessary.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.005

2006 ATT Inc. Affiliate List


BOCS	ILECS	Internet Service Providers (ISP)	272 Affiliates	272-Like Affiliates
[**]	[**]	[**]	[**]	[**]
[**]	[**]	[**]	[**]	[**]
[**]			[**]
[**]
[**]
[**]
[**]
[**]

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.005

Amdocs’ Acknowledgement Form

Section 272 Compliance Guide for Temporary Workers and Independent Contractors

Amdocs, Inc. (“Amdocs”) and AT&T Services, Inc. (“AT&T”) are parties to the Information Technology Services Agreement number 02026409 dated January 9, 2003 (the “Agreement”). Capitalized terms used but not otherwise defined herein have the meanings set forth in the Agreement.

In connection with certain Services provided by Amdocs under the Agreement, AT&T previously furnished Amdocs with the document entitled “The Separate Affiliate Safeguards, Section 272 Compliance Obligations Applicable to InterLATA Telecommunications Services and Manufacturing Under the Federal Telecommunications Act of 1996”⁶ (the “Section 272 Compliance Guide”).

Amdocs acknowledges that:

(i) Amdocs Personnel, while providing Services under the Agreement, must comply with certain regulatory requirements applicable to AT&T when such Amdocs Personnel job functions involve providing support for, or Services to, AT&T’s Section 272-Restricted Separate Affiliates (as defined in the Section 272 Compliance Guide),

(ii) Amdocs has furnished the Section 272 Compliance Guide to such Amdocs Personnel,

(iii) Amdocs requires such Amdocs Personnel to read and review the Section 272 Compliance Guide, and

(iv) Amdocs has used commercially reasonable efforts to obtain from each such Amdocs Personnel written acknowledgement that he or she has read the Section 272 Compliance Guide.


AMDOCS, INC

By


Name [typed or printed]
Title [typed or printed]
Date [typed or printed]

6	More commonly referred to as the “Section 272 Compliance Guide for Temporary Workers and Independent Contractors.”

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.007

Amendment

No. 02026713.A.007

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.007

AMENDMENT NO. 7

AGREEMENT NO. 02026713

This Amendment No. 7, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, Amdocs Software Systems Limited and AT&T have entered into that certain Agreement No. 03032360-2 pursuant to which AT&T has the right to obtain a license to use Amdocs’ Software;

WHEREAS, Amdocs desires to implement customizations to the Software and provide other Services relating to such Software pursuant to the terms and conditions of the Agreement as amended herein,

WHEREAS, the Agreement expired by its terms on November 5, 2008 (the “Prior Expiration Date”); and

WHEREAS, after such Prior Expiration Date, the Parties continued to perform under the Agreement as if it had not expired, and with the intention of extending its term; and

WHEREAS, AT&T and Supplier now desire to revive the Agreement; to extend its term; to formalize the validity and continuation of the Agreement since its Effective Date of August 7, 2003.

Proprietary Information

Agreement Number 02026713.A.007

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree as follows:

1.	The Agreement is revived; the term is extended as set forth below; and the Agreement shall be deemed to have been in effect continuously since the Agreement Effective Date. The Parties further ratify all actions taken between the Prior Expiration Date and the date when this Amendment is effective.

2.	For purposes of extending the term of this Agreement, Section 3.32. “Term of Agreement”, is deleted in its entirety and replaced with the following:

Section 3.32. Term of Agreement:

This Agreement is effective on the date the last Party signs and, unless Terminated or Canceled as provided in this Agreement, shall remain in effect for a term ending on January 15, 2009. The Parties may extend the term of this Agreement by agreement in writing.

3.	The TABLE OF CONTENTS, APPENDICES AND EXHIBITS is hereby amended in accordance with the following:

Delete: Appendix 7. 272 Compliance

Add: Appendix 8 AT&T Supplier Information Security Requirements (SISR)

Add: Appendix 9 Satisfaction Survey

Add: Appendix 10 Governance

Add: Appendix 11 Service Level Agreement Process and Measurement

4.	Section 3.10 Force Majeure of ARTICLE III - GENERAL TERMS is hereby deleted in its entirety and replaced as follows:

3.10

Force Majeure

A Party is excused from performing its obligations under this Agreement or any Order if, to the extent that, and for so long as:

such Party’s performance is prevented or delayed by an act or event (other than economic hardship, changes in market conditions or insufficiency of funds) that is beyond its reasonable control and could not have been prevented or avoided by its exercise of due diligence; and

ii.

such Party gives written notice to the other Party, as soon as practicable under the circumstances, of the act or event that so prevents such Party from performing its obligations.

By way of illustration, and not by way of limitation, acts or events that may prevent or delay performance (as contemplated by this Section) include: acts of God or the public enemy, acts of civil or military authority, terrorists acts, embargoes, epidemics, war, riots, insurrections, fires, explosions, earthquakes, floods, and labor disputes (even if AT&T is involved in a labor dispute). If Supplier is the Party whose performance is prevented or delayed, and if such event of Force Majeure continues for a period of [**] or more, at any point thereafter during the pendency of such Force Majeure event, AT&T may elect to:

Terminate, in whole or in part, the affected Orders, without any liability to Supplier, or

Proprietary Information

Agreement Number 02026713.A.007

suspend the affected Orders or any part thereof for the duration of the delay; and (at AT&T’s option) obtain Material and Services elsewhere and deduct from any commitment under such Order the quantity of the Material and Services obtained elsewhere or for which commitments have been made elsewhere; and resume performance under this Agreement or such Order when Supplier resumes its performance; and extend any affected Delivery Date or performance date up to the length of time Supplier’s performance was delayed or prevented.

5.	Paragraph A of Section 3.19 MBE/WBE/DVBE of ARTICLE III GENERAL TERMS is amended by adding the following:

The Parties agree to collaborate and amend this Section 3.19 by January 15, 2009.

6.	A new Section 3.37 Labor Disputes is hereby added to ARTICLE III – GENERAL TERMS of the Agreement as follows:

3.37

Labor Disputes

a. In the event of a labor dispute between AT&T and the union(s) representing AT&T’s employees, AT&T may exercise its right to modify the Scope of Work under the Order on immediate written notice, including postponing, reducing, or terminating the services to be provided under the Order and due to be performed after the commencement of a labor dispute, provided, however, that in the event of the termination of services pursuant to this paragraph, AT&T shall provide Amdocs with no less than [**] written notice of such termination and such termination shall be deemed a termination for convenience and subject to the payment of any applicable early termination fees under such terminated Order. AT&T acknowledges and agrees that the exercise of such right may result in a delay in the resumption of Services when requested by AT&T.

b. The rights and obligations of the Parties under this Section are in addition to, and not a limitation of, their respective rights under the Sections entitled “Amendments and Waivers” and “Force Majeure.”

Where AT&T modifies the Scope of Work to include a reduction, postponement or termination of the services to be provided, until reinstatement of such services, the terms of any Service Level Agreements applicable to such services shall be reasonably modified by the Parties to reflect such modification. In addition, no such modification shall relieve AT&T of its obligation to pay Amdocs for any services actually performed by Amdocs (whether before or after such modification) notwithstanding Amdocs’ failure or inability to achieve any payment milestone set forth in the applicable Order as a result of such modification.

Proprietary Information

Agreement Number 02026713.A.007

7.	A new Section 3.38 Satisfaction Surveys is hereby added to ARTICLE III – GENERAL TERMS of the Agreement as follows:

3.38

Satisfaction Surveys

Independent Surveys. Within [**] days after the Effective Date of this Amendment, Supplier shall identify and submit to AT&T for its approval the identity of an independent third party that will conduct a baseline customer satisfaction index survey of the Services to be provided under this Agreement in accordance with the survey protocols and procedures specified in Appendix 9. Within [**] days after AT&T’s approval of Supplier’s selection, such independent third party shall conduct the baseline customer satisfaction index survey and shall submit the results within [**] days to AT&T for its approval. Such baseline customer satisfaction index survey shall thereafter become the baseline for measuring performance improvements and conducting other satisfaction surveys hereunder. Thereafter, Supplier shall engage independent third parties (such third parties to be approved in advance by AT&T) to conduct satisfaction surveys at the intervals and in accordance with the survey protocols and procedures specified in Appendix 9 (and if not such intervals are provided therein, then at least on an annual basis beginning on the date of delivery of the initial baseline satisfaction survey). Supplier shall be responsible for the expenses of all such surveys conducted pursuant to this Section 3.38.

AT&T-Conducted Surveys. In addition to the satisfaction surveys to be conducted by an independent third party pursuant to Section 3.38, AT&T may survey End-User satisfaction with Supplier’s performance in connection with and as part of broader End-User satisfaction surveys periodically conducted by AT&T or such other party as AT&T may select. At AT&T’s request, Supplier shall cooperate and assist AT&T with the formulation of the survey questions, protocols and procedures and the execution and review of such surveys, including participating in any existing or future programs or processes addressing customer satisfaction and with which AT&T may be involved, participate in or perform, including the AT&T Quality Process or similar processes or programs.

Survey Follow-up. If the results of any satisfaction survey conducted pursuant to Section 3.38 indicate that the level of satisfaction with Supplier’s performance is less than the target level specified in Appendix 9, Supplier shall promptly: (i) analyze and report on the root cause of the management or End-User dissatisfaction; (ii) develop an action plan to address and improve the level of satisfaction; (iii) present such plan to AT&T for its review, comment and approval; and (iv) take action in accordance with the approved plan and as necessary to improve the level of satisfaction. AT&T and Supplier shall establish a schedule for completion of a Root Cause Analysis and the preparation and approval of the action plan which shall be reasonable and consistent with the severity and materiality of the problem; provided, that the time for completion of such tasks shall not exceed [**] from the date such user survey results are finalized and reported. Supplier’s action plan developed

Proprietary Information

Agreement Number 02026713.A.007

hereunder shall specify the specific measures to be taken by Supplier and the dates by which each such action shall be completed. Following implementation of such action plan, Supplier will conduct follow-up surveys with the affected AT&T users and management to confirm that the cause of any dissatisfaction has been addressed and that the level of satisfaction has improved.

8.	A new Section 3.39 AT&T Supplier Information Security Requirements is hereby added to ARTICLE III – GENERAL TERMS of the Agreement as follows:

3.39.

AT&T Supplier Information Security Requirements

Amdocs shall comply with AT&T Supplier Information Security Requirements as they pertain to Systems used to access AT&T’s network, Information or facilities under the Agreement. AT&T Supplier Information Security Requirements are specified in Appendix 8.

9.	A new Section 3.40 Governance is hereby added to ARTICLE III – GENERAL TERMS of the Agreement as follows:

3.40.

Governance

Governance for this Agreement is described in Appendix 10, Governance, and is focused on Committee Structure, Performance Indicators Scorecard and an Action Register.

10.	A new section 3.41 Original Signatures is hereby added to ARTICLE III – GENERAL TERMS of the Agreement as follows:

3.41.

Original Signatures

Original signatures transmitted and received via facsimile or other electronic transmission of a scanned document, (e.g., pdf or similar format) are true and valid signatures for all purposes hereunder and shall bind the parties to the same extent as that of an original signature. This Agreement may be executed in multiple counterparts, each of which shall be deemed to constitute an original but all of which together shall constitute only one document.

11.	A new Section 5.11 Service Level Agreement Process and Measurement is hereby added to ARTICLE V – SPECIAL SOFTWARE TERMS as follows:

5.11

Service Level Agreement Process and Measurements

Service Level Agreement Process and Measurements shall apply to Work Orders with Service Level Agreements (SLA) and Key Performance Indicators (KPI). This section will be defined by both Parties prior to the next amendment of this Agreement in January 2009.

12.

ARTICLE VI - ONGOING SUPPORT SERVICES is hereby amended to delete the following Section:

6.16. Amdocs shall comply with the requirements of Appendix 7 entitled 272 Compliance.

Proprietary Information

Agreement Number 02026713.A.007

13.

Section 6.11 Disaster Recovery and Business Continuity Plan of ARTICLE VI – ONGOING SUPPORT SERVICES is hereby renumbered as 6.16.

14.

Appendix 1.2(2) IT Professional Service Price(s)

The Parties agree to collaborate and amend Appendix 1.2(2) IT Professional Service Price(s) by January 15, 2009.

15.

Appendix 7. 272 Compliance

Appendix 7., 272 Compliance, is hereby deleted in its entirety.

16.

Appendix 8. AT&T Supplier Information Security Requirements

Appendix 8, Supplier Information Security Requirements, is hereby attached to the Agreement and made a part thereof by this reference.

17.

Appendix 9. Satisfaction Surveys

Appendix 9, Satisfaction Surveys, is hereby attached to the Agreement and made a part thereof by this reference.

18.

Appendix 10. Governance

Appendix 10., Governance, is hereby attached to the Agreement and made a part thereof by this reference.

Proprietary Information

Agreement Number 02026713.A.007

The terms and conditions of Agreement No. 02026713 in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.		AT&T Services, Inc.

By:	/s Thomas C. Drury	By:	/s/ A. David Garger



Printed Name:	Thomas C. Drury	Printed Name:	A. David Garger



Title:	President	Title:	Director – Global Strategic Sourcing Mass Market Software and Services

Date:	12/8/08	Date:	12/8/2008

Proprietary Information

Agreement Number 02026713.S.234

Appendix 8

AT&T Supplier Information Security Requirements

The following AT&T Supplier Information Security Requirements apply to the employees and/or temporary workers of Supplier and its suppliers, contractors, vendors and/or agents that perform services for, on behalf of, and/or through AT&T, which require access to AT&T’s infrastructure, systems or applications or handle, process, or store AT&T, AT&T Branded and/or AT&T Co-branded Information (for the purpose of this Section, each or all “Supplier”). Supplier represents and warrants that during the term of this Agreement and thereafter (as applicable with respect to Supplier’s obligations under the Survival of Obligations and Compliance with Laws clauses) Supplier is, and shall continue to be, in compliance with its obligations as set forth herein. AT&T’s failure to audit and/or exercise any of its rights under this Section shall not be construed or deemed to be a waiver of any rights under this Agreement, in equity or at law. In addition to all other remedies specified in the Agreement, Supplier agrees that AT&T shall be entitled to obtain an injunction and be [**] by Supplier to cease any breach of any obligation that survives Cancellation, Termination or expiration of this Agreement. The following provisions shall not be deemed to, and shall not, limit any more stringent security or other obligations contained within this Agreement.

Definitions:

Unless otherwise set forth or expanded herein, defined terms shall have the same meaning as set forth in the main body of the Agreement.

“AT&T Branded Information” means Information owned, labeled, marked, or collected, which contains any of AT&T’s or its affiliates’ identifying markings or trademarks.

“AT&T Co-branded Information” means AT&T Branded Information that is jointly marketed or shared under a co-branding arrangement with a supplier, irrespective of dominance or emphasis of the co-branding relationship.

“Information Resources” means any systems, applications, and network elements, and the information stored, transmitted, or processed with these resources in conjunction with supporting AT&T and/or utilized by Supplier in fulfillment of its obligations under this Agreement.

“Personally Identifiable Information” or “PII” means any information that could be used to uniquely identify, locate, or contact a single person (or potentially be exploited to steal the identity of an individual, commit fraud or perpetuate other crimes). Examples of PII include personal telephone numbers, social security numbers, national-, state- or province-issued identification numbers, drivers license numbers, dates of birth, bank account numbers, credit card numbers and expiration dates, and other credit related information, PINs, passwords, passcodes, password hint answers, Protected Health Information as defined by the Health Insurance Portability and Accountability Act (HIPAA), biometric data, digitized signatures, and background check details.

Proprietary Information

The information contained in this Agreement is not for use or disclosure outside AT&T, Supplier, their Affiliates and their third party representatives, except under written Agreement by the contracting Parties.

Agreement Number 02026713.S.234

In accordance with the foregoing, Supplier shall:

System Security

1.	Actively monitor industry resources (e.g., www.cert.org, pertinent software vendor mailing lists & websites) for timely notification of all applicable security alerts pertaining to Supplier networks and computers.

2.	Scan its externally-facing systems with applicable industry standard security vulnerability scanning software (including, but not limited to, network, server, & application scanning tools) [**]

3.	Scan its internal systems with applicable industry standard security vulnerability scanning software (including, but not limited to, network, server, application & database scanning tools) [**]

4.	Upon AT&T’s request, furnish to AT&T its most current scanning results for those resources used to support AT&T.

5.	Deploy an Intrusion Detection System(s) (IDS) in an active mode of operation.

6.	Remediate security vulnerabilities, including, but not limited to, those discovered through industry publications, vulnerability scanning, virus scanning, and the review of security logs, and apply applicable security patches in a timely manner, according to the following minimal guidelines: If:

•

A vulnerability exists and attack is underway: Supplier shall work on remediating/patching [**]

•

A vulnerability exists and attack is determined to be imminent: Supplier shall remediate/patch within [**]

•

A vulnerability exists and attack is determined to not be imminent: Supplier shall remediate/patch within [**]

All other security patches shall be applied within [**]

7.	Assign security administration responsibilities for configuring host operating systems to specific individuals.

8.	Ensure that its security staff has reasonable and necessary experience in information/network security.

9.	Ensure that all of Supplier’s systems are and remain ‘hardened’ including, but not limited to, removing or disabling unused network services (e.g., finger, rlogin, ftp, simple TCP/IP services) and installing a system firewall, TCP Wrappers or similar technology.

10.	Change all default account names and/or default passwords in accordance with password requirements as set forth within requirement number 35, below.

11.	Limit system administrator/root access to host operating systems only to individuals requiring high-level access in the performance of their jobs.

12.	Require system administrators to restrict access by users to only the commands, data and systems necessary to perform authorized functions.

Physical Security

13.	Ensure that all of Supplier’s networks and computers are located in secure physical facilities with access limited and restricted to authorized individuals only.

14.	Monitor and record, for audit purposes, access to the physical facilities containing networks and computers used in connection with Supplier’s performance of its obligations under this Agreement.

Proprietary Information

Agreement Number 02026713.S.234

Network Security

15.	Separate AT&T’s data from the Internet and the destination web servers with a perimeter security gateway (e.g., firewall). For additional clarification of this requirement, see diagram, however, the written requirements shall control with respect to the interpretation of this provision.

LOGO

16.	Upon AT&T’s request, provide to AT&T a logical network diagram detailing the Information Resources (including, but not limited to, firewalls, servers, etc.) that will support AT&T.

17.	Have a process and controls in place to detect and handle unauthorized attempts to access AT&T data.

18.	Utilize strong encryption technologies (minimum 256-bit encryption) for the transfer of AT&T Information outside AT&T-controlled facilities and network. This also applies to electronically transmitted email communications containing proprietary AT&T data or Information.

19.	Utilize strong authentication (e.g., two factor token or digital certificates) for remote access.

Information Security

20.

Not co-locate AT&T’s application/data on the same physical servers with other customers’ or Supplier’s own application/data unless approved in advance in writing by AT&T. If physical separation does not exist, documented controls must be in place and approved by AT&T to ensure separation of data and security of Information between customer, Supplier, and AT&T applications.

21.	Have a procedure approved in advance in writing by AT&T for the backup, secure transport and storage of AT&T Information.

22.	Maintain and furnish to AT&T a business continuity plan that ensures that Supplier can meet its contractual obligations under the Agreement, including the requirements of any applicable Statement of Work or Service Level Agreement.

Proprietary Information

Agreement Number 02026713.S.234

23.

Store sensitive AT&T data elements utilizing strong encryption technologies (minimum 256-bit encryption). Sensitive data elements include, but are not limited to, the following: social security number, national-, state- or province-issued identification number, drivers license number, date of birth, bank account number, credit card number and expiration date, and other credit related information, PINs, passwords, passcodes, password hint answers, Protected Health Information as defined by HIPAA, biometric data, digitized signature, and background check details.

24.	Limit access to AT&T Information, including paper hard copies, only to persons or systems authorized by AT&T under written agreement.

25.	Be compliant with any applicable government- and industry-mandated information security requirements including, but not limited to, the Payment Card Industry- Data Security Standards (PCI) and HIPAA.

26.

Retain records according to and in compliance with any applicable federal, state, local and foreign laws, ordinances, regulations and/or codes, and as otherwise directed by AT&T, for a period of no less than [**], or longer as may be set forth herein or as may be required pursuant to a court order or civil or regulatory proceeding.

27.

Return all AT&T Information, including electronic and hard copies within [**] days after the sooner of: (a) expiration, Cancellation or Termination of the Agreement; (b) AT&T’s request for the return of Information; or (c) when Supplier (or its suppliers or representatives) no longer needs the Information. In the event that AT&T approves destruction as an alternative to returning the Information, then Supplier shall certify the destruction (e.g., degaussing, overwriting, performing a secure erase, performing a chip erase, shredding, cutting, punching holes, breaking, etc.) in a manner approved in advance in writing by AT&T.

28.	Unless otherwise instructed by AT&T, when collecting, generating or creating Information for, through or on behalf of AT&T or the AT&T brand, Supplier shall utilize the following AT&T proprietary marking:

“AT&T Proprietary Information (Internal Use Only)

Not for use or disclosure outside the AT&T companies

except under written agreement”

Identification and Authentication

29.	Assign unique UserIDs to individual users.

30.

Have and utilize a documented UserID Lifecycle Management process including procedures for approved account creation, timely account removal, and account modification (e.g., changes to privileges, span of access, functions/roles) for all applications and across all environments (production, test, development, etc.).

31.	Enforce the rule of least privilege (i.e., limiting access to only the commands and Information necessary to perform authorized functions according to one’s job function).

32.

Limit failed login attempts to no more than [**] successive attempts and lock the user account upon reaching that limit. Access to the user account can subsequently be reactivated through a manual process requiring verification of the user’s identity or, where such capability exists, can be automatically reactivated after [**] from the last failed login attempt.

33.	Terminate interactive sessions that have been inactive for a designated period of time, not to [**]

34.	Require password expiration at regular intervals not to exceed [**] days unless approved in advance and in writing by AT&T.

Proprietary Information

Agreement Number 02026713.S.234

35.	Use an AT&T-approved authentication method based on sensitivity of Information. When passwords are used, they must meet these requirements:

•

Passwords must be a minimum of [**] characters in length.

•

Passwords must contain characters from at least [**] of these groupings: alpha, numeric, and special characters.

•

Password construction must be complex and not contain names, dictionary words, combinations of words, or words with substitutions of numbers for letters, e.g., s3cur1ty.

•

Passwords must not contain repeating or sequential characters or numbers.

•

Passwords must not contain sequences of three (3) or more characters from the USERID or system name.

•

The new password must not contain sequences of three (3) or more characters from any of the previous four (4) passwords.

•

Passwords must not contain a sequence of two (2) or more characters more than once, e.g., a12x12.

Note: (Applications housing Restricted Proprietary Information may require an authentication mechanism stronger than passwords and the authentication mechanism must be approved by AT&T in advance in writing. Examples of stronger authentication methods include tokens, digital certificates, passphrase, and biometrics.)

36.	Use a secure method for the conveyance of authentication credentials (e.g., passwords) and authentication mechanisms (e.g., tokens or smart cards).

Warning Banner

37.	Display a warning or “no-trespassing” banner on applicable login screens or pages when in Supplier’s environment and not an AT&T Branded product or service.

(example long version):

This is an <company name> system, restricted to authorized individuals. This system is subject to monitoring. Unauthorized users, access, and/or modification will be prosecuted.

(example short version):

<company name> authorized use ONLY, subject to monitoring. All other use prohibited.

For AT&T Branded products or services or for software developed for AT&T, the Supplier shall display a warning banner on login screens or pages as provided by AT&T.

Software and Data Integrity

38.	Scan for and promptly remove viruses.

39.	Separate non-production systems and data from production systems and data.

40.	Have a documented software change control process including back out procedures.

41.	Have database transaction logging features enabled and retain database transaction logs for a minimum of [**].

42.	Regarding software developed, used or furnished and/or supported under this Agreement, review code for which Supplier has or is permitted access to find and remediate security vulnerabilities.

43.	Perform quality assurance testing for the application functionality and security components (e.g., testing of authentication, authorization, and accounting functions, as well as any other activity designed to validate the security architecture).

Proprietary Information

Agreement Number 02026713.S.234

Privacy Issues

44.	NOT publicly disclose, sell, rent, lend, trade or lease any AT&T Information (including Information obtained on AT&T’s behalf).

45.	Restrict access to any Personally Identifiable Information to authorized individuals.

Monitoring and Auditing Controls

46.	Restrict access to security logs to authorized individuals.

47.	Regularly review security logs for anomalies and document and resolve all logged security problems in a timely manner.

48.	Keep security logs for a minimum of [**].

49.

Provide, and hereby provides, to AT&T audit rights to verify Supplier’s compliance with its contractual obligations in connection with these AT&T Supplier Information Security Requirements. Upon AT&T’s request for audit, Supplier shall schedule an audit to commence within [**] days from such request. In the event that AT&T, in its sole discretion, deems that a security breach has occurred, Supplier shall schedule the audit to commence within [**] requiring an audit. This provision shall not be deemed to, and shall not, limit any more stringent audit obligations permitting the examination of Supplier’s records contained in this Agreement.

50.

Provide AT&T, [**] days from the publication of the audit report identifying any noncompliance with the contractual security requirements, a written report of completed or proposed corrective actions and implementation timeframes, unless otherwise stipulated herein, as soon as possible, but [**] days, addressing each noncompliance found within the audit. Supplier shall provide periodic, [**], updates to AT&T on the implementation of the corrective action plan in order to track the work to completion.

Reporting Violations

51.

Have and utilize a documented procedure to follow when an unauthorized intrusion or other security violation, including, but not limited to, a physical security or computer security incident (e.g., hacker or attempted hacker activity or the introduction or attempted introduction of a virus or malicious code), is suspected which includes immediate notification to the AT&T Computer Security Incident Response Team (ACSIRT).

ACSIRT 24 hour contact information:

[**]

52.

In addition to providing AT&T with immediate notice of any security incident, provide AT&T with regular status updates including but not limited to actions taken to resolve such incident at [**] for the duration of the incident, and, [**] of the closure of the incident, a written report describing the incident, actions taken by the Supplier during its response and the Supplier’s plans for future actions to prevent a similar incident from occurring in the future.

Software Development and Implementation

53.	Ensure, prior to furnishing or development of software, that such software incorporates applicable AT&T security requirements.

Proprietary Information

Agreement Number 02026713.S.234

Interconnectivity

54.	Use only the AT&T Chief Security Office (CSO) approved facilities and connection methodologies to interconnect AT&T’s data facilities with Supplier’s data facilities and to provide access to the data for each connection.

55.	NOT establish interconnection to endpoint resources other than in the United States. Interconnections to endpoint resources other than in the United States require the express prior written consent of AT&T.

56.	Permit limited access to Information Resources and the transmission of Information only to those individuals necessary to carry out the intent and purpose of the Agreement.

57.	Maintain logs of user sessions (including application to application sessions) involving access to AT&T. These logs must include: login identification, user request records, system configuration, and timestamps and/or duration of access. These logs must be retained for [**].

58.	Provide AT&T access to any Supplier facilities during normal business hours for the maintenance and support of any AT&T equipment (e.g., router) used for the transmission of Information under this Agreement.

59.	Use any AT&T equipment provided under this Agreement only for the furnishing of those services explicitly defined in this Agreement.

60.

Consent and hereby consents to AT&T’s gathering of information relating to Supplier’s access to AT&T networks, processing systems and applications. This information may be collected, retained and analyzed by AT&T to identify potential security risks without further notice. This information may include trace files, statistics, network addresses, and the actual data or screens accessed or transferred.

61.	Ensure that all Supplier interconnections to AT&T pass through the designated AT&T perimeter security gateway (e.g., firewall).

62.	Ensure that Supplier interconnections to AT&T must terminate at a perimeter security gateway (e.g., firewall) at the Supplier end of the connection.

63.

Consent and hereby provides advance consent to AT&T’s immediately suspending or terminating any interconnection if AT&T, in its sole discretion, believes there has been a breach of security or unauthorized access to or misuse of AT&T data facilities or Information. Notwithstanding the foregoing, AT&T does not require Supplier’s consent to terminate in whole or in part any connection if AT&T believes, in its sole discretion, that disconnection is warranted.

Security Policies and Procedures

64.

Ensure that all personnel, subcontractors or representatives performing work on any AT&T resources or the resources used to interconnect to AT&T resources or the resources used to house AT&T or AT&T Branded Information under this Agreement are in compliance with these Information Security Requirements.

65.	Notify AT&T of any policy changes that could impact the security controls put in place to secure AT&T’s data.

66.	Periodically review these Information Security Requirements to ensure that Supplier is in compliance with the requirements.

67.

Return all AT&T owned or provided access devices (including SecurID tokens, information storage devices, software, and/or computer equipment) as soon as practicable, but in no event more than [**] after the sooner of: (a) expiration, Cancellation or Termination of the Agreement; (b) AT&T’s request for the return of such property; or (c) when Supplier (or its suppliers or representatives) no longer needs such property.

Proprietary Information

Agreement Number 02026713.S.234

Appendix 9

Satisfaction Surveys

This is Appendix 9 of the Agreement. Capitalized terms not defined in this Appendix have the meaning given in the Agreement. Any capitalized term not defined has its generally understood meaning in the context in which it is used in the IT industry for the provision of Services.

At AT&T’s request, Amdocs will identify and submit to AT&T for its approval the identity of an independent third party to conduct baseline End User satisfaction surveys of the Services. Amdocs will be responsible for all costs associated with the surveys. Thereafter, Amdocs shall engage independent third parties approved in advance by AT&T to conduct satisfaction surveys annually or, if requested by AT&T, more frequently if previous survey results are deemed less than acceptable by the Governance team set forth in Appendix 10.

AT&T may also conduct internal surveys of End User satisfaction with Amdocs’ performance in connection with and as part of broader End User satisfaction surveys periodically conducted by AT&T or such other party as AT&T may select. At AT&T’s request, Amdocs shall cooperate and assist AT&T with the formulation of the survey questions, protocols and procedures and the execution and review of such surveys.

Survey Construction

Surveys will be developed to measure AT&T Personnel satisfaction with 1) Services, 2) End User Support and 3) Governance.

The surveys will be designed in compliance with provisions outlined in this document and distributed to selected AT&T personnel (as identified by AT&T) for the purpose of evaluating Amdocs performance to key satisfaction indicators.

Survey Objectives

The baseline surveys will be designed by AT&T, Amdocs and any retained third party using other AT&T and Amdocs surveys as a starting point.

As part of the baseline survey development process, the Governance team will

•

provide information on the specific services to be evaluated (related to key drivers of management and user satisfaction);

•

identify target groups with the most meaningful insight into the level of satisfaction; and

•

use initial results to set baselines and parameters to indicate the desired amount of ongoing improvement.

Proprietary Information

Agreement Number 02026713.S.234

The surveys will be designed with interchangeable evaluation criteria components that can be used (as appropriate) across all survey types. The following table indicates survey components and applicability.


Survey Criteria Components	Services	End User Support	Governance
Culture / Work Environment			—
Impact of New Implementations	—	—	—
Impact on Respondents Work	—	—	—
Problem Solving Process	—	—	—
Professionalism	—	—	—
Relationship Management			—
Support Availability	—	—	—
Support Expertise	—	—	—
Support Responsiveness	—	—	—
System Functionality	—	—	—
System Performance	—	—	—
System Quality	—	—	—

Surveys will be repeated on a regularly scheduled basis to provide year-over-year or period-over-period result comparisons. The Governance team will be responsible for on-going review and approval of Amdocs’ improvement action plans (associated with survey results) as well as associated progress against those plans. Results, improvement action plans, issue progress and resolution will be shared with respondents.

Structure and Logistics

This section provides guidelines on how the survey should be structured, administered and analyzed.

•

Each survey should contain at least one question to evaluate whether the prospective respondent is familiar with Amdocs and the Amdocs’ Services to weed out irrelevant responses.

•

Survey questions will evaluate efficiency and effectiveness of Amdocs’ Services.

•

A survey should take no more than [**] minutes to complete.

•

Each survey question will cover four evaluation points for the Service:

•

Screened

•

Question to identify relevant respondent.

•

Example: Is online availability important to you? Yes or No

•

Weighted

•

Questions to identify how important or relevant service is to respondent.

•

Example: How important is this functionality? 1-7 response

•

Rated

•

Questions to determine core effectiveness of the Amdocs’ Service.

•

Example: How satisfied are you with online availability? 1-7 response

•

Justified

•

Open-ended questions to provide opportunity for feedback/comments.

•

Example: What improvement would increase your satisfaction with online availability? Free-form comment section

Proprietary Information

Agreement Number 02026713.S.234

•

With respect to each Survey Criteria Component, respondents will be asked to rate

•

the relative importance

•

respondent’s satisfaction

•

recommendations for improvement

•

Demographics are required to review responses for trends based on location, organization, etc.

•

Prior to administering the pending survey, the purpose of and process for the survey will need to be well communicated to the client community.

•

Random sample size will be targeted to provide a [**]% confidence level.

•

Resulting data must be validated and normalized.

•

Result analysis will reflect overall satisfaction issues ranked by priority and evaluated for diverging needs.

•

The composite score of each response will combine the importance to and satisfaction of the respondent across each criteria point.

Target Groups

The purpose of the Services and End User Support surveys is to provide focused, anonymous feedback to Amdocs and the Governance team related to Amdocs’ Services. These surveys will be administered to a random sample of End Users.

The purpose of the Governance survey is to gather feedback on the Amdocs/AT&T relationship, in addition to the same performance information solicited from End Users. The Governance survey will be completed by all AT&T members of the Governance team, and by targeted AT&T IT employees.

AT&T will be responsible for identifying survey recipient candidates for all surveys.

Action Plans

Amdocs will

•

analyze and report on the root cause of AT&T management or End User dissatisfaction

•

develop an action plan to address and improve the level of satisfaction

•

present such plan to AT&T Governance for its review, comment and approval

•

take action in accordance with the approved plan and as necessary to improve the level of satisfaction.

AT&T and Amdocs will establish a schedule for completion of a Root Cause Analysis and the preparation and approval of the action plan which shall be reasonable and consistent with the severity and materiality of the problem, [**] from the date such survey results are finalized and reported.

Amdocs’ action plan developed hereunder shall specify the specific measures to be taken by Amdocs and the dates by which each such action shall be completed. Following implementation of such action plan, follow-up surveys will be conducted with the affected AT&T users and management to confirm that the cause of any dissatisfaction has been addressed and that the level of satisfaction has improved. They will also need to be presented to the Governance team to obtain their sign-off prior to enactment.

Proprietary Information

Agreement Number 02026713.S.234

Core Customer Satisfaction Survey Questions

The following questions should be incorporated into satisfaction surveys, as appropriate:

Quality

1. How would you rate the overall quality of the Supplier’s work products?

Timeliness

2. How would you rate the Supplier’s overall timeliness of product delivery? (adherence to agreed upon due dates)?

Responsiveness

3. How would you rate the Supplier’s overall responsiveness to questions, issues, and problem resolution?

Supplier Skills

4. How would you rate the overall technical competence of Supplier’s personnel?

Change Management

5. How would you rate the Supplier on communicating effectively and following applicable guidelines when managing system changes?

Overall Satisfaction

6. Considering every thing about the Supplier’s products and their customer service, how would you rate their performance overall?

Future Orientation and Innovation (optional question)

7. How would you rate the Supplier on developing service offerings that help AT&T be an industry leader?

Proprietary Information

Agreement Number 02026713.S.234

Appendix 10

Governance Model

Table of Contents


1.0 General Information			21
1.1 Introduction			21
1.2 Governance Functions			21
2.0 Committee Structure			22
2.1 Introduction			22
2.2 Executive Committee			22
2.3 Steering Committee			23
2.4 Functional Committee			23
3.0 Service Performance Review			24
4.0 Transition			25
4.1 Transitional Process			25
4.2 Functional Committee Metrics & Reporting Template			26
4.3 Sample Functional Committee Action Register			26
APPENDIX 1
Committee Members			27

Proprietary Information

Agreement Number 02026713.S.234

1.0

General Information

1.1

Introduction

The mission of this Governance Model is to ensure the seamless delivery of quality information technology services, to protect the contracting parties’ interests and to mitigate risk to AT&T’s business as it pertains to Amdocs’ delivery of the Services.

The Governance Process is a disciplined approach for AT&T and its suppliers to resolve issues and efficiently manage the AT&T/Amdocs relationship within functional teams, who report out to a Steering Committee and an Executive Committee.

The Governance Model will consist of two (2) components: Contract Management Office and Service Management Office. The AT&T Contract and Service Management Offices provide an integration point for delivery of Services provided to AT&T. The Contract Management Office (CMO) and Service Management Office (SMO) ensure that Services provided align with AT&T expectations and comply with all executed agreement terms and conditions.

AT&T and Amdocs will jointly participate in all committees to provide governance, utilizing the model described herein, for Amdocs service delivery to AT&T business and to mitigate associated risks.

The CMO manages the contract by providing the governing structures and processes that define the relationship between AT&T and other entities participating in the Service delivery model. The CMO ensures contractual compliance, approves contract changes, manages transition and contract deliverables, and validates Supplier contract performance.

The SMO manages the day-to-day operational delivery of Services of the Supplier. The SMO resolves operational issues, manages the prioritization and authorization of projects, validates Suppliers service performance, supports Supplier employees and manages the invoice process.

No committee or office shall have the ability to alter the terms of the agreement or any Order, which changes shall only be made in a writing executed by authorized representatives of each party.

1.2

Governance Model Functions & Responsibilities

The CMO will contain the following roles and responsibilities:

CMO Executive – Responsible and Accountable for the Supplier’s compliance with the Agreement and the Supplier relationship associated with the Agreement consisting of contract compliance, contract administration, Supplier management, policy administration, benchmarking, Supplier governance processes, and Supplier related financial management.

Responsibilities:

Managing the relationship with Supplier

Proprietary Information

Agreement Number 02026713.S.234

Managing Service Levels, Balanced Scorecard and customer satisfaction compliance with Supplier Working with SMO Executive, Amdocs Project Executive and Amdocs Delivery Project Executive to monitor progress in meeting the goals and objectives of the Agreement

Serving as primary interface between AT&T and the Supplier for dispute resolution

Ensuring Supplier compliance with contract requirements

Overseeing competitive benchmarking of the Agreement and support for business case attainment and benefits realization

Managing Supplier contract audits as required

Participating in resolution of escalated issues in accordance with the governance escalation procedures

Contractor Sponsorship - Responsible for handling operational administration of Supplier contractor on-boarding and access to appropriate service activations, buildings and other resources requiring AT&T employee initiation and approval.

Responsibilities:

Providing all contractor sponsorship activities for Supplier

Coordinating establishment of necessary accounts, permissions and services during operational phases of contract.

Coordinating completion of Supplier activities set forth in the Agreement, e.g., background checks, drug screenings

2.0

Committee Structure

2.1

Introduction

The following governance forums will provide the overall operating structure and guiding principles by which AT&T and Amdocs will function:

•

Executive Committee

•

Steering Committee

•

Functional Committee

A standardized functional committee, steering committee, and executive committee structure will eliminate redundant efforts and ensure the appropriate team member participation at all levels of the relationship.

2.2

Executive Committee

The Executive Committee meets [**] based on the needs of the relationship and the performance of Amdocs. Senior Leadership Review will be presented by the Steering Committee.

Responsibilities:

•

Reviews SLAs, KPIs, and prioritized action register as presented by the Steering Committee

Proprietary Information

Agreement Number 02026713.S.234

•

Reviews the overall performance of Amdocs relationship.

•

Reviews the SLAs, KPIs, and their targets

•

Reviews significant improvement opportunities requiring their advisement and/or assistance.

•

Assists the Steering Committee when needed

Members of the Executive Committee include the following from AT&T and Amdocs:

•

AT&T CMO Executive(s)

•

AT&T SMO Executive(s)

•

Amdocs Customer Business Executive(s)

2.3

Steering Committee

The Steering Committee meets [**] based on the needs of the relationship and performance of Amdocs. The Steering Committee reviews overall SLAs and KPIs, reviews subcommittee action registers, and prioritizes efforts with conflicting resources.

Responsibilities:

•

Reviews the overall performance of the Amdocs relationship

•

Reviews key service indicators and prioritized action register as presented by the Functional Committee

•

Manages critical or escalated action register items

•

Reports on SLAs, KPIs, prioritized action register items and presents data to the Executive Committee

•

Assists the Functional Committee as needed

Members of the Steering Committee include the following from AT&T and Amdocs:

•

AT&T CMO Service Level Manager

•

AT&T SMO Service Level Manager

•

AT&T CMO Finance Manager

•

AT&T SMO Finance Manager

•

AT&T SMO Data Manager

•

Amdocs Service Level Manager(s)

•

Amdocs Finance Director(s)

•

Amdocs Project Manager(s)

2.4

Functional Committee

The Functional Committee will meet on a schedule based on the needs of the relationship and performance of Amdocs. The Functional Committee owns and manages the SLAs and KPIs, targets and reports along with identifying, prioritizing and escalating action items.

Proprietary Information

Agreement Number 02026713.S.234

The Functional Committee could include but is not limited to:

•

Development Leads

•

Test Leads

•

Production Support Leads

•

PMO Management

•

URD

•

Architectural Support

•

IT Sourcing

•

Global Strategic Sourcing

Responsibilities:

•

Chaired by a PMO Team Lead

•

Own the SLAs, KPIs, and their targets

•

Maintain one prioritized action register

•

Report on SLAs and KPIs, prioritized action register items, and present data to the Steering Committee

Members of the Functional Committee include the following from AT&T and Amdocs:

•

AT&T CMO Service Level Lead

•

AT&T SMO Service Level Lead

•

AT&T CMO Finance Lead

•

AT&T SMO Finance Lead

•

AT&T SMO Data Lead

•

Amdocs Service Level Lead(s)

•

Amdocs Finance Managers(s)

•

Amdocs Group Lead(s)

3.0

Service Performance Review

Supplier will conduct [**] service performance review sessions. Attendees will include key contacts from AT&T and Supplier. During this review Supplier will present the following information:

•

[**] Service Level Agreement (SLA) performance statistics

•

Year-to-date SLA performance

•

Historical trending of the SLA metrics and benchmarks

•

Performance and process improvement plans

•

Status of project improvement plans from previous [**]

•

Status on strategic projects and programs (planned, just completed, or in progress)

•

Current challenges to service delivery

•

Recommendations for the next [**]

Proprietary Information

Agreement Number 02026713.S.234

•

Status of business and technical strategic initiatives

•

Balanced Scorecard results as applicable

•

[**] financial results

•

Issue escalations

•

Proposed changes to the agreement, as required

Reporting

Supplier will provide service reports via an online delivery mechanism that is approved by AT&T. This mechanism will serve as the cornerstone of reporting, feedback, and action. The reports will blend input from the Supplier, direct feedback from AT&T through client surveys and automated measurements to create a management-level view of the Supplier’s performance.

General Service Conditions

Report shall be inclusive of all SLAs and KPIs for which the Supplier is responsible, as defined in addendum A.

4.0

TRANSITION

4.1

Transition Process

The Functional Committee will be responsible for:

•

Identifying committee members for the Functional team

•

Key Measures

•

Identifying the most important Key Measures and their Targets.

•

Operational Definitions

•

Writing definitions for each Key Measure with an explanation of each measure

•

Identifying the data source. If there is not a current data source, identify how the data will be obtained.

•

Action Register, Meetings and Reports

•

Setting Functional Team meeting dates

•

Identifying all Action Registers, Meetings and Reports currently used

•

Reducing, combining or eliminating current meetings, action registers and reports as needed. Tracking these efforts in a Summary of actions taken that can be provided to the Steering Committee.

•

Implementing the Standardized Action Register

•

Reporting Action Register progression to Steering Committee

•

Implementing any Action Items for the specific Organizations that represent the Functional Committee

Proprietary Information

Agreement Number 02026713.S.234

4.2

Functional Committee Metrics and Reporting Template

Each Functional Committee is responsible for certain Key Measurements. The agreed upon Key Measurements are shown in the table below. It will be the responsibility of the Functional Committees as a whole to establish a standardized, integrated means of reporting that will be provided to the Steering Committee.

4.3

Sample Functional Committee Action Register

Each Functional Committee is responsible for maintaining one action register that will include all action items and product platforms associated with a particular supplier. The Functional Committee action registers will be combined into ONE action register which will contain High and Medium issues which will be escalated to the Steering Committee. Functional committees should use the action item format as shown below.

Issue

Issue ID

Priority

Status

Functional
Committee

AT&T
Owner

Amdocs
Owner

Open
Date

Target
Date

Closed
Date

RYG
Date

This is to be clear and concise, define who has the problem, indicate where the problem is occurring, explain how the issue affects performance, and explain to what extent time and /or threat a factor?

Each functional committee will have their own ID.

High,
Medium,
or
Low

Proprietary Information

Agreement Number 02026713.S.234

ADDENDUM 1 - SAMPLE TEMPLATE

Executive Committee

AT&T

Amdocs

Name*

Title

Telephone

E-Mail

Name

Title

Telephone

E-Mail

Each area will provide a participant in committee

Steering Committee

AT&T

Amdocs

Name*

Title

Telephone

E-Mail

Name

Title

Telephone

E-Mail

Each area will provide a participant in committee

Functional Committee

AT&T

Amdocs

Name*

Title

Telephone

E-Mail

Name

Title

Telephone

E-Mail

Each area will provide a participant in committee

Proprietary Information

Agreement Number 02026713.A.009

Amendment

No. 02026713.A.009

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.009

AMENDMENT NO. 9

AGREEMENT NO. 02026713

This Amendment No. 9, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, Amdocs Software Systems Limited and AT&T have entered into that certain Agreement No. 03032360.A.003 pursuant to which AT&T has the right to obtain a license to use Amdocs’ Software;

WHEREAS, the Agreement expired by its terms on March 15, 2009 (the “Prior Expiration Date”); and

WHEREAS, after such Prior Expiration Date, the Parties continued to perform under the Agreement as if it had not expired, and with the intention of extending its term; and

WHEREAS, AT&T and Supplier now desire to revive the Agreement; to extend its term; to formalize the validity and continuation of the Agreement since its Effective Date of August 7, 2003; to amend Appendix 1.2(2) IT Professional Service Price(s), to replace 3.19 MBE/WBE/DVBE (and Exhibits), to replace Appendix 1.2(4), Reimbursable Expenses and to add Appendix 11, Service Level Agreement Process and Measurement;

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

The Agreement is revived; the term is extended as set forth below; and the Agreement shall be deemed to have been in effect continuously since the Agreement Effective Date. The Parties further ratify all actions taken under the Agreement between the Prior Expiration Date and the date when this Amendment is effective.

Proprietary Information

Agreement Number 02026713.A.009

2.	For purposes of extending the term of this Agreement, Section 3.32. “Term of Agreement”, is deleted in its entirety and replaced with the following:

Section 3.32. Term of Agreement:

This Agreement, with an Effective Date of August 7, 2003, shall remain in effect for a term ending on June 30, 2009, unless earlier Terminated or Canceled as provided in this Agreement. The Parties may extend the term of this Agreement by agreement in writing.

3.	Section 3.19 MBE/WBE/DVBE of ARTICLE III GENERAL TERMS is deleted and replaced as follows:

3.19

MBE/WBE/DVBE (and Exhibits)

AT&T seeks to give minority-, women- and Disabled Veteran-owned businesses the maximum opportunity to participate in the performance of its contracts; current goals are MBE-15%, WBE-5%, and DVBE-1.5%. Within twelve (12) months of the Execution Date of this Agreement, and for each year thereafter, Amdocs commits to making good faith efforts to achieve goals for the participation of MBE/WBE and DVBE firms (as defined in section 3.20 below entitled “MBE/WBE/DVBE Termination”). Amdocs will make good faith efforts to meet or exceed the target of twelve percent (12%) for 2009. Targets for 2010 and thereafter will be agreed to prior to the commencement of the applicable calendar year.

For the avoidance of doubt, these goals apply to all annual expenditures by any AT&T entity with Amdocs. This includes all expenditures under all existing agreements between AT&T and Amdocs. Amdocs agrees to meet in good faith to evaluate with AT&T on annual basis whether Amdocs can increase participation over the life of the Agreement.

Attached hereto and incorporated herein as Exhibit A is Supplier’s completed Participation Plan outlining its MBE/WBE/DVBE goals and specific and detailed plans to achieve those goals. Supplier will submit an updated Participation Plan annually by the first week in January. Supplier will submit MBE/WBE/DVBE Results Reports quarterly by the end of the first week following the close of each quarter, using the form attached hereto and incorporated herein as Exhibit B. Participation Plans and Results Reports will be submitted to the Prime Supplier Program Manager.

Proprietary Information

Agreement Number 02026713.A.009

4.	Section 5.11 Service Level Agreement Process and Measurement of ARTICLE V – SPECIAL SOFTWARE TERMS is hereby deleted and replaced as follows:

5.11

Service Level Agreement Process and Measurements

Service Level Agreement Process and Measurements shall apply to Work Orders with Service Level Agreements (SLA) and Key Performance Indicators (KPI) as set forth in the attached Appendix 11.

5.	Appendix 1.2(2) IT Professional Service Price(s) is amended to include the following:

The fixed price for software development work [**]

6.	Appendix 1.2(4) Reimbursable Expenses:

Appendix 1.2(4), Reimbursable Expenses, attached to the Agreement, is deleted in its entirety, and replaced with the revised Appendix 1.2(4) Vendor Expense Policy, attached herewith.

The terms and conditions of Agreement No. 02026713 in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.

By:		/s/ Thomas C. Drury



Printed Name:		Thomas C. Drury



Title:		President

Date:		3-28-09


AT&T Services, Inc.

By:		/s/ A. David Garger



Printed Name:		A. David Garger



Title:		Director - GSS- Mass Markets Software and Services

Date:		3/27/2009

Proprietary Information

Agreement Number 02026713.A.009

Appendix 1.2(4)

AT&T Vendor Expense Policy

AT&T Inc. and Participating Companies

(Updated 2/1/09)

1.0 General

The AT&T Vendor Expense Policy (VEP) provides guidelines to be followed by all vendors of AT&T in requesting reimbursement for business travel, meals and other business related expense. Expenses outside this policy are not reimbursable.

The following principles apply to requests for expense reimbursement:

When spending money that is to be reimbursed, vendors must ensure that an AT&T Company (“Company”) receives proper value in return.

Deviations from this VEP must be approved in writing by the sponsoring Senior Manager or Officer of an AT&T Company.

Employees should refer to the Section entitled “Payments” in the Schedule of Authorizations for Affiliates of AT&T Communications, Inc. for appropriate supplier invoice authorization approval levels.

Receipts will be requested and reviewed for any unusual or out of the ordinary expenses or where the approver cannot make a reasonable determination of the propriety of the invoice without a receipt.

The origination of a given expenditure for business purposes is the responsibility of the vendor incurring the expense and the authorization of that expense is the responsibility of the appropriate level of AT&T management in accordance with the Schedule of Authorizations for Affiliates of AT&T Inc.

Proprietary Information

Agreement Number 02026713.A.009

1.1 Non-Reimbursable Expenses

The following is a list, although not all inclusive, of expenses considered not reimbursable:

•

Airline club membership fees, dues, or upgrade coupon

•

Barber/Hairstylist/Beautician Expenses

•

Birthday cakes, lunches, balloons, and other personal celebration/recognition costs

•

Break-room supplies for the supplier, such as coffee, creamer, paper products, soft drinks, snack food

•

Car rental additional fees associated with high speed toll access programs and GPS devices

•

Car Washes

•

Clothing, personal care items, and toiletries

•

Credit card fees

•

Entertainment expenses

•

Expenses associated with spouses or other travel companions

•

Expenses to cover meals or expenses for an AT&T employee, whether in a home location or on official travel

•

Flowers, cards and gifts

•

Health Club and Fitness facilities

•

Hotel pay-per-view movies, Video Games and/or mini bar items

•

Insurance for rental car and or flight

•

Internet access in hotels (added to 3.5)

•

Laundry (except when overnight travel is required for 7 or more consecutive nights)

•

Lost luggage

•

Magazines & newspapers

•

Meals not consistent with AT&T’s Global Employee Expense Policy and or meals not directly required for doing business on the AT&T account (e.g. suppliers cannot voucher lunch with each other simply to talk about AT&T)

•

Medical supplies

•

Membership fees to exercise facilities or social/country clubs

•

Movies purchased while on an airplane

•

Office expenses of suppliers

•

PC, cell phone, and other supplier support expenses (unless specifically authorized in the agreement)

•

Personal entertainment

•

Phone usage on airline unless AT&T business emergency

•

Safe rentals during a hotel stay

•

Surcharges for providing fast service (not related to delivery charges such as Fedex, UPS, etc.). AT&T expects all suppliers to complete the terms of contracts in the shortest period practicable. Charges for shortening the timeframe in which contracts are fulfilled are not permissible.

•

Tips for housekeeping and excessive tips, i.e., in excess of 15% to 18% of cost of meal or services, excluding tax

•

Tobacco Products

Proprietary Information

Agreement Number 02026713.A.009

•

Traffic or Parking Fines

•

Travel purchased with prepaid air passes.

•

Upgrades on airline, hotel, or car rental fees

•

Water (bottled or dispensed by a supplier), (unless authorized for specific countries where it is recommended that bottled water is used)

The failure to comply with the above mentioned restrictions will result in the Company refusing payment of charges or pursuing restitution from the vendor.

2.0 Responsibilities

2.1 Vendor’s Responsibility

AT&T’s sponsoring managers will ensure that vendors have been covered on this policy prior to incurring any expenditure. Vendors and their sponsoring AT&T managers are responsible for clarifying any questions or uncertainties they may have relative to reimbursable business expenses.

It is mandatory that financial transactions are recorded in a timely manner. Out-of-pocket business expense(s) for vendors that are not submitted for reimbursement within [**] from the date incurred are considered non-reimbursable. Company managers who are responsible for approving reimbursable expenses of vendors should ensure they are submitted and approved in a timely manner.

3.0 Travel Policy

Vendors must first consider the feasibility of using videoconferencing or teleconferencing as an alternative to travel. Travel that is to be reimbursed by AT&T should be incurred only as necessary and pre-approved by AT&T (unless otherwise authorized in the agreement).

AT&T reserves the right to dispute any expense submittal and if not verifiable as valid may reject reimbursement. Reimbursements will be made to vendor only after expenses are verified as valid.

3.1 Travel Authorization

Travel requiring overnight stays must be pre-approved by the sponsoring AT&T Senior Manager (5^th Level or above) and should be approved only if it is necessary for the vendor to travel to perform required work.

3.2 Travel Reservations

Vendors are expected to procure the most cost efficient travel arrangements, preferably equivalent to the AT&T discount rate. AT&T does not reimburse for travel purchased with prepaid air passes.

Proprietary Information

Agreement Number 02026713.A.009

3.3 Travel Expense Reimbursement

Vendor travel expenses incurred for company business are reimbursable only as specified in these guidelines. Travel expenses may include the following:

•

Transportation (airfare or other commercial transportation, car rental, personal auto mileage, taxi and shuttle service)

•

Meals and lodging

•

Parking and tolls

•

Tips/porter service (if necessary and reasonable)

•

The expense must be ordinary and necessary, not lavish or extravagant, in the judgment of the AT&T sponsoring management. Any reimbursement request must be for actual expenditures only.

3.4 Air Travel Arrangements

Vendors must select lowest logical airfare (fares available in the market at the time of booking, preferably well in advance of trip to attain lowest possible airfare). Vendors shall book coach class fares for all travel at all times. First class bookings are not reimbursable. Vendors can request business class when a single segment of flight time (“in air time” excluding stops, layovers and ground time) is greater than 8 hours providing the relevant manager pre-approves.

3.5 Hotel Arrangements

AT&T has established Market-Based Room Rate Guidelines for vendors to reference when making hotel reservations in the United States (see Addendum A). U.S. vendors traveling outside the U.S. should reference the GSA, Government Per Diem as a guide: http://aoprals.state.gov/web920/per_diem.asp. Non-US vendors may use these dollar per diems as a guide, but any locally specified per diems will take precedence. Vendors are expected to abide by these guidelines when making hotel arrangements or use specified AT&T preferred hotels/maximum location rates or reasonably priced hotels outside of the U.S.. The AT&T supplier manager can advise which hotel/max rate to use if there is a hotel in the location concerned. AT&T will only reimburse vendors up to the established room rate guideline/AT&T preferred hotel rate in each market, or for actual hotel lodging charges incurred, whichever is less.

There must be a strong business justification for incurring any cost for internet access, and a request for reimbursement must be accompanied by a detailed explanation regarding reason for charge.

Proprietary Information

Agreement Number 02026713.A.009

3.6 Ground Transportation

“Loss Damage Waiver” and “Extended Liability Coverage” are not considered reimbursable in the US. Prepaid fuel or refueling charges at the time of return are not reimbursable.

Rental cars should be refueled before returning to the rental company, since gas purchased through the rental company carries an expensive refueling service charge.

3.7 Use of Personal Vehicle

When use of personal vehicle is required, the current locally approved mileage rate for miles driven for the business portion of the trip should be the maximum used to determine the amount to be reimbursed.

3.8 Parking

If airport parking is necessary, vendors must use long term parking facilities. Additional costs for short term, valet or covered parking are not reimbursable.

3.9 Entertainment

3.10 Laundry and Cleaning

Reasonable laundry charges during business trips of seven or more consecutive nights are reimbursable based on actual expenses incurred.

3.11 Communications

•

The actual cost of landline telephone calls for AT&T business is reimbursable. The use of AT&T products is required when available.

Proprietary Information

Agreement Number 02026713.A.009

•

AT&T will not reimburse vendors for cell phone bills unless approved under the contract. With prior consent of the sponsoring AT&T Senior Manager, only individual calls that exceed a vendor’s rate plan that are necessary to conduct business for AT&T may be reimbursed.

•

Charges for high speed internet access are not reimbursable unless specifically approved in the contract.

3.12 Business Meals (Travel and Non-Travel)

Vendors are expected to find reasonably priced dining alternatives. As a general rule, vendors are expected to spend [**] (or local currency equivalent) inclusive of tax and gratuity or to abide by the legally specified per diem applicable in the Vendor’s country. This includes all meals, beverages and refreshments purchased during the day. Requests for reimbursement should break out the amount for meals and list the related number of travel days. If breakfast is offered as part of the hotel accommodation rate, no additional reimbursement will be permitted for breakfast. Vendors may not submit expenses to cover meals or expenses for an AT&T employee, whether in a home location or on official travel.

AT&T managers authorizing invoices will be held accountable for ensuring that vendors are following this policy and are spending Company funds economically.

3.13 Flowers, Greeting Cards, Gifts and Incentive Awards

The cost of gifts, flowers, birthday lunches, or greeting cards is considered a personal expense and is not reimbursable. For example, vendors making a donation or providing a gift for a fund-raiser for AT&T may not submit such an expense to AT&T for reimbursement.

3.14 Loss or Damage to Personal Property

The Company assumes no responsibility for loss or damage to a vendor’s personal property during business functions or hours.

3.15 Publications

Subscriptions to or purchases of magazines, newspapers and other publications are not reimbursable.

Proprietary Information

Agreement Number 02026713.A.009


AT&T U.S. 2009 Hotel Room Rate Only Guidelines Addendum A		AT&T U.S. 2009 Hotel Room

Rate Only Guidelines

This Chart applies to the U.S. locations. For Travel outside of the U.S., travelers should exercise prudent judgment and select reasonably priced hotels, based on local market conditions. Employees traveling outside the U.S. should reference the GSA, Government Per Diems as a guide http://aoprals.state.gov/web920/per_diem.asp. U.S. Cities not listed on this Hotel Room Rate Only Guideline Matrix, default to $[**] nightly rate. On occasion an AT&T Preferred Property may exceed the rate guideline for a season (s) or particular city, but has been added due to demand within the market. However, if an alternate Preferred Property within the guideline is offered it should be accepted when available. You may select the Preferred Property that is over the Guideline if it is the option that is available, selecting the appropriate reason code.

City

2009
Guideline

City

2009
Guideline

City

2009
Guideline

City

2009
Guideline

Anchorage

[**]

Boulder

[**]

South Bend

[**]

Rockville Center

[**]

Fairbanks

[**]

Colorado Springs

[**]

Merriam

[**]

Syracuse

[**]

Glennallen

[**]

Denver

[**]

Overland Park

[**]

Vestal

[**]

Ketchikan

[**]

Englewood

[**]

Shawnee

[**]

White Plains

[**]

Kodiak

[**]

Greenwood Village

[**]

Topeka

[**]

Woodbury

[**]

Birmingham

[**]

Glastonbury

[**]

Covington

[**]

Tarrytown

[**]

Decatur

[**]

Hartford

[**]

Louisville

[**]

Beachwood

[**]

Hoover

[**]

Meriden

[**]

Covington

[**]

Boardman

[**]

Huntsville

[**]

New Haven

[**]

Metairie

[**]

Centerville

[**]

Montgomery

[**]

New London

[**]

Monroe

[**]

Cleveland

[**]

Mobile

[**]

Rocky Hill

[**]

New Orleans

[**]

Columbus

[**]

Tuscaloosa

[**]

Stamford

[**]

Vidalia

[**]

Dublin

[**]

Bryant

[**]

Washington

[**]

Boston

[**]

Fairborn

[**]

El Dorado

[**]

Wilmington

[**]

Burlington

[**]

Mayfield Village

[**]

Fayetteville

[**]

Altamonte Springs

[**]

Cambridge

[**]

Niles

[**]

Fort Smith

[**]

Boynton Beach

[**]

Dedham

[**]

North Olmsted

[**]

Hardy

[**]

Dania Beach

[**]

Framingham

[**]

Orange Village

[**]

Little Rock

[**]

Fort Lauderdale

[**]

Lowell

[**]

Perrysburg

[**]

Mountain Home

[**]

Jacksonville

[**]

Marlborough

[**]

Reynoldsburg

[**]

North Littlerock

[**]

Kendall

[**]

Natick

[**]

Richfield

[**]

Pine Bluff

[**]

Key Largo/Tavernier

[**]

Stoughton

[**]

Moore

[**]

Rogers

[**]

Key West

[**]

Baltimore

[**]

Oklahoma City

[**]

Russellville

[**]

Lake City

[**]

Columbia

[**]

Owasso

[**]

Springdale

[**]

Lake Mary

[**]

Greenbelt

[**]

Ponca City

[**]

VanBuren

[**]

Lakeland

[**]

Linthicum Heights

[**]

Coos Bay

[**]

Chandler

[**]

Marathon

[**]

Portland

[**]

Portland

[**]

Proprietary Information

Agreement Number 02026713.A.009

City

2009
Guideline

City

2009
Guideline

City

2009
Guideline

City

2009
Guideline

Mesa

[**]

Maitland

[**]

Battlecreek

[**]

Tigard

[**]

Phoenix

[**]

Miami

[**]

Canton

[**]

Allentown

[**]

Rio Rico

[**]

Miami Beach

[**]

Dearborn

[**]

Audubon

[**]

Scottsdale

[**]

Orlando

[**]

Detroit

[**]

Bensalem

[**]

Tempe

[**]

Palm Beach

[**]

Farmington Hills

[**]

Coraopolis

[**]

Tucson

[**]

Plantation

[**]

Holland

[**]

Essington

[**]

Yuma

[**]

Saint Augustine

[**]

Livonia

[**]

Glen Mills

[**]

Anaheim

[**]

Sunrise

[**]

Marquette

[**]

Harrisburg

[**]

Buena Park

[**]

Tallahassee

[**]

Novi

[**]

King of Prussia

[**]

Burbank

[**]

Tamarac

[**]

Port Huron

[**]

Philadelphia

[**]

Burlingame

[**]

Tampa

[**]

Saginaw

[**]

Pittsburgh

[**]

Cerritos

[**]

West Palm Beach

[**]

Southfield

[**]

Wayne

[**]

Chico

[**]

Albany

[**]

Walker

[**]

Anderson

[**]

City of Industry

[**]

Alpharetta

[**]

Warren

[**]

Charleston

[**]

Clovis

[**]

Athens

[**]

Baxter

[**]

Duncan

[**]

Concord

[**]

Atlanta

[**]

Bloomington

[**]

Florence

[**]

Coronado

[**]

Augusta

[**]

Deluth

[**]

Myrtle Beach

[**]

Costa Mesa

[**]

Brunswick

[**]

Minneapolis

[**]

Brentwood

[**]

Cupertino

[**]

Carrollton

[**]

St. Paul

[**]

Crossville

[**]

Del Mar

[**]

Columbus

[**]

Bridgeton

[**]

Knoxville

[**]

Dublin

[**]

Dublin

[**]

Columbia

[**]

Franklin

[**]

El Segundo

[**]

Duluth

[**]

Earth City

[**]

Memphis

[**]

Emeryville

[**]

Dunwoody

[**]

Fenton

[**]

Johnson City

[**]

Escondido

[**]

Griffin

[**]

Festus

[**]

Knoxville

[**]

Eureka

[**]

Lawrenceville

[**]

Jefferson City

[**]

Memphis

[**]

Garden Grove

[**]

Lithia Springs

[**]

Joplin

[**]

Nashville

[**]

North Glendale

[**]

Macon

[**]

Kansas City

[**]

Abilene

[**]

Hayward

[**]

Newnan

[**]

Kirkwood

[**]

Addison

[**]

Hollywood

[**]

Norcross

[**]

Lees Summit

[**]

Arlington

[**]

Irvine

[**]

Peachtree City

[**]

Maryland Heights

[**]

Austin

[**]

La Jolla

[**]

Savannah

[**]

Saint Charles

[**]

Beaumont

[**]

Livermore

[**]

Roswell

[**]

Saint Louis

[**]

Corpus Christi

[**]

Long Beach

[**]

Tifton

[**]

Springfield

[**]

Dallas

[**]

Los Angeles

[**]

Warner Robins

[**]

Jackson

[**]

Frisco

[**]

Merced

[**]

Honolulu

[**]

McComb

[**]

Houston

[**]

Milpitas

[**]

Kailua Kona

[**]

Natchez

[**]

Irving

[**]

Modesto

[**]

Kihei

[**]

Ocean Springs

[**]

Lubbock

[**]

Proprietary Information

Agreement Number 02026713.A.009

City

2009
Guideline

City

2009
Guideline

City

2009
Guideline

City

2009
Guideline

Montebello

[**]

Waikoloa

[**]

Tupelo

[**]

Mcallen

[**]

Napa

[**]

Desmoines

[**]

Asheville

[**]

Midland

[**]

Ontario

[**]

Johnston

[**]

Carolina Beach

[**]

Plano

[**]

Orange

[**]

Urbandale

[**]

Charlotte

[**]

Richardson

[**]

Pasadena

[**]

Ammon

[**]

Durham

[**]

San Antonio

[**]

Petaluma

[**]

Alsip

[**]

Gastonia

[**]

Texarkana

[**]

Pleasanton

[**]

Arlington Heights

[**]

Goldsboro

[**]

Tyler

[**]

Rancho Cordova

[**]

Barrington

[**]

Morrisville

[**]

Waxahachie

[**]

Riverside

[**]

Bedford Park

[**]

Omaha

[**]

The Woodlands

[**]

Rocklin

[**]

Bourbonnais

[**]

Basking Ridge

[**]

Salt Lake City

[**]

Rosemead

[**]

Champaign

[**]

Bernardsville

[**]

Arlington

[**]

Sacramento

[**]

Chicago

[**]

Bridgewater

[**]

Chantilly

[**]

Salinas

[**]

Danville

[**]

Cranbury

[**]

Chester

[**]

San Carlos

[**]

Danville

[**]

Eatontown

[**]

Dulles

[**]

San Diego

[**]

Downers Grove

[**]

Edison

[**]

Fairfax

[**]

San Francisco

[**]

Elmhurst

[**]

Elizabeth

[**]

Falls Church

[**]

San Gabriel

[**]

Fairview Heights

[**]

Fair Lawn

[**]

Glen Allen

[**]

San Jose

[**]

Glenview

[**]

Florham Park

[**]

Hampton

[**]

San Luis Obispo

[**]

Gurnee

[**]

Iselin

[**]

Herndon

[**]

San Mateo

[**]

Hoffman Estates

[**]

Mahwah

[**]

Norfolk

[**]

San Rafael

[**]

Lincolnshire

[**]

Morristown

[**]

Richmond

[**]

San Ramon

[**]

Lisle

[**]

Newark

[**]

Sandston

[**]

Santa Ana

[**]

Naperville

[**]

Paramus

[**]

Sterling

[**]

Santa Clara

[**]

Northbrook

[**]

Parsippany

[**]

Tysons Corner

[**]

Santa Monica

[**]

Ofallon

[**]

Piscataway

[**]

Vienna

[**]

South San Francisco

[**]

Palatine

[**]

Princeton

[**]

Bellevue

[**]

Stevenson Ranch

[**]

Peoria

[**]

Ramsey

[**]

Bothell

[**]

Stockton

[**]

Rockford

[**]

Red Bank

[**]

Kirkland

[**]

Susanville

[**]

Rolling Meadows

[**]

Saddle Brook

[**]

Lynnwood

[**]

Temecula

[**]

Rosemont

[**]

Saddle River

[**]

Redmond

[**]

Torrance

[**]

Schaumburg

[**]

Short Hills

[**]

Seattle

[**]

Ukiah

[**]

Springfield

[**]

Somerset

[**]

Spokane

[**]

Universal City

[**]

Vernon Hills

[**]

Teaneck

[**]

Tacoma

[**]

Valencia

[**]

Westmont

[**]

Tinton Falls

[**]

Tukwila

[**]

Van Nuys

[**]

Willowbrook

[**]

Warren

[**]

Woodinville

[**]

Proprietary Information

Agreement Number 02026713.A.009

City

2009
Guideline

City

2009
Guideline

City

2009
Guideline

City

2009
Guideline

Walnut Creek

[**]

Bloomington

[**]

Whippany

[**]

Green Bay

[**]

Watsonville

[**]

Carmel

[**]

Woodcliff Lake

[**]

Kenosha

[**]

West Sacramento

[**]

Columbus

[**]

Henderson

[**]

Kimberly

[**]

Willits

[**]

Fishers

[**]

Las Vegas

[**]

Madison

[**]

Woodland

[**]

Indianaplis

[**]

Pahrump

[**]

Mukwonago

[**]

Yorba Linda

[**]

Muncie

[**]

Reno

[**]

Oshkosh

[**]

Albany

[**]

Pewaukee

[**]

Cheektowaga

[**]

Waukesha

[**]

Fishkill

[**]

Wauwatosa

[**]

Jamaica

[**]

Beckley

[**]

New York

[**]

Charleston

[**]

Plainview

[**]

Hurricane

[**]

Rochester

[**]

Proprietary Information

Agreement Number 02026713.A.009

Appendix 11

Service Level Agreement Process and Measurements

This Appendix 11, Service Level Agreement Process and Measurements, shall apply to any Work Orders that specifically include Service Level Agreements (“SLAs”) and Key Performance Indicators (“KPIs”).

The objective of this Service Level model is to provide efficient measurement of the quality of the information technology services provided by Amdocs to AT&T.

The Service Levels consist of two components: Service Level Agreements (SLAs) and Key Performance Indicators (KPIs).

The Service Levels, together with the applicable service level credits (“Service Level Credits”) and target definitions (“Service Level Targets”), will be specified in individual Work Orders. This Appendix defines the process to make additions, changes or deletions to service levels definitions, in the Work Orders that specify applicable SLAs and/or KPIs, as well as other provisions generally applicable to Work Orders that include Service Levels.

Service Levels will be measured using a “Green-Yellow-Red” traffic light mechanism (the “GYR State”), with “Green” representing the “Expected Level” of performance and “Red” representing performance below the “Minimum Level”.

1.	Additions, Deletions and Modifications of Service Levels

New SLAs and KPIs may be added, deleted or modified per written agreement between AT&T and Amdocs. The changes may include the movement of SLAs to KPIs or KPIs to SLAs, or modifications to individual SLA targets or credit allocations.

Additions or substitutions may occur in conjunction with changes to the environment and the introduction of new equipment or software or means of service delivery.

Additions, deletions and modifications to Service Levels may only be proposed thru the “Functional Committee” (as defined in the Governance Model) for evaluation and consideration of AT&T and Amdocs. Either party may propose changes to the service levels.

Both Parties will jointly analyze the impact of the proposed Service Level change, if any, to AT&T’s business, the financial / cost impacts to Amdocs and AT&T of such change, the impact to environment infrastructure and other relevant impacts. On the basis of the results of such analysis, the Parties may agree to make appropriate changes by written amendment to the terms and conditions of the applicable Work Order.

The effective date for any Service Level change will be as determined per written agreement.

Proprietary Information

Agreement Number 02026713.A.009

2.	Process for Additions, Modifications and Deletions of SLAs

This process for setting Service Level Targets is applicable for new SLA and KPIs added to Work Orders per agreement, as well for the SLAs and KPIs defined in the Work Orders that may not have defined Service Level Targets as of the applicable effective date.

2.1.

Additions

For those Service Levels that do not have established Service Level Targets:

2.1.1.

The Parties shall attempt in good faith to agree during a [**] day period on an Expected Service Level and a Minimum Service Level using, as appropriate, industry standard measures or third-party advisory services (e.g., Gartner Group, Yankee Group) or other AT&T groups performing similar application development and maintenance.

2.1.2.

In the event that the Parties have been unable to agree pursuant to paragraph 2.1.1 above, then, where at least [**] of service measurements exist for a particular Service, in a comparable environment and operating model, the [**] monthly service measurements for the [**] measurement period shall be excluded; the Expected Service Level shall then be defined as the average of the remaining [**] monthly service measurements; and the Minimum Service Level shall be defined as the average of the lowest [**] of the remaining [**] monthly service measurements; or for Release based service measurements will be based on historical data for [**].

2.1.3.

Where no measurements exist for a particular Service (pursuant to paragraph 2.1.2), and the Parties fail to agree on an Expected Service Level and a Minimum Service Level using industry standard measures as described above, the Parties shall do the following:

2.1.3.1.

Amdocs shall begin providing [**] measurements within [**] days for [**] measurements and at the completion of the next release for release based measurements after Amdocs’ receipt of AT&T’s written request and subject to agreement on such measurements in accordance with the Change Management Procedures.

2.1.3.2.

After [**] actual Service Level attainments for monthly measurements and [**] for release based measurements have been measured, or should have been measured AT&T may at any time in writing request that Expected Service Levels and Minimum Service Levels be put into effect based on paragraph 2.1.2 above.

(i)

If Amdocs is responsible for measuring actual Service Level attainments and fails to provide [**] measurements during the measurement period measurements shall be constructed according to

Proprietary Information

Agreement Number 02026713.A.009

the following: if [**] measurement is missing, the missing measurement shall be constructed by using the highest of the [**] actual measurements; or

(ii)

if [**] or more measurements are missing, the first missing measurement shall be constructed by using the highest of the actual measurements and adding to that measurement [**]of the difference between that measurement and [**] and each of the remaining missing measurements shall be constructed by using the highest of the actual measurements and adding to that measurement [**] of the difference between that measurement and [**].

(By way of example, if there were [**] measurements for a particular Service available, and the highest of [**] was [**], then the measurements for the missing [**] would be deemed to [**].)

Notwithstanding the foregoing, in the case of a Service Level attainment measure for which there is no activity for one or more months, [**] measurement period may be extended for up to [**] for the collection of performance measurements (whether or not in consecutive [**]), and

(i)

if there shall be [**] of measurements available, the calculation shall be as described in paragraph 2.1.2; and

(ii)

if there shall be [**] of measurements available (but not [**], the calculation shall be consistent with the procedures in paragraph 2.1.2, but without the removal of highest and lowest measures.

NOTE: Certain SLAs and KPIs may not be measured against an objective of [**], respectively, are the appropriate objectives. The calculations described in this Appendix will be modified as appropriate to reflect these objectives. For example, if the SLA or KPI involved failures in lines of code where [**]”

2.2.

Promotions and Demotions

AT&T and Amdocs may agree in writing to designate existing SLAs as KPIs and promote existing KPIs to SLAs. The parties may agree in writing to make changes to the Service Level Credit allocations for any SLA including changes in connection with the addition or deletion of SLAs or KPIs. A KPI that is subject to the foregoing plan requirement and is promoted to be a SLA will not be subject to Service Level Credits until agreed to by both Parties.

2.3.

Deletions

AT&T and Amdocs may delete SLAs per written agreement. Both Parties will jointly revise the service credit allocations across the remaining SLAs.

Proprietary Information

Agreement Number 02026713.A.009

2.4.

Impact of Additions, Modifications and Deletions of SLAs on Service Level Credit Allocations

When adding, modifying or deleting a SLA, the Service Level Credit allocation for the SLAs may be modified. If a SLA is added but is not assigned a Service Level Credit, then the Service Level credit percentage for such added SLA shall be [**] until such time as Service Level Credit is assigned.

3.	Additions and Deletions of KPIs

AT&T and Amdocs may jointly agree to add or delete KPIs as follows:

3.1.

Additions

Expected Service Levels and Minimum Service Levels associated with added KPIs will be computed as follows:

3.1.1.

The Parties shall attempt in good faith to agree during a [**] on an Expected Service Level using, as appropriate, industry standard measures or third-party advisory services [**] or other AT&T groups performing similar application development and maintenance.

3.1.2.

In the event the Parties have been unable to agree pursuant to paragraph 3.1.1 above, then, [**] of service exist for a particular Service, in a comparable environment and operating model, the [**] monthly service measurements for the [**] measurement period shall be excluded, the Expected Service Level shall then be defined as the average of the [**] service measurements and the shall be defined as the average of the [**] service measurements; or for release based service measurements will be based on historical data for [**].

3.1.3.

Where the Parties fail to agree (pursuant to paragraph 3.1.1) and no measurements exist for a particular Service (pursuant to paragraph 3.1.2), the Parties shall do the following:

3.1.4.

Amdocs shall begin providing [**] measurements within [**] for monthly measurements and at the completion of the next release for release based measurements after Amdocs’ receipt of AT&T’s written request and subject to agreement on such measurements in accordance with the Change Management Procedures.

3.1.5.

[**] actual Service Level attainments for [**] measurements and [**] based measurements have been measured, or should have been measured, AT&T may at any time in writing request that Expected Service Levels be put into effect based on paragraph 3.1.2 above.

Proprietary Information

Agreement Number 02026713.A.009

3.1.6.

If Amdocs is responsible for measuring actual Service Level attainments and fails to provide [**] during the measurement period, measurements shall be constructed according to the following:

(i)

if [**] is missing, the missing measurement shall be constructed by using the highest of the [**]; or

(ii)

if [**] are missing, the first missing measurement shall be constructed by using the [**] and adding to that measurement [**].

(By way of example, if there were [**] for a particular Service, and the [**].)

Notwithstanding the foregoing, in the case of a Service Level attainment measure for which there is no activity for [**], at AT&T’s election such [**] may be extended for [**] for the collection of performance measurements (whether or not in consecutive months), and

(i)

if there shall be [**] of measurements available, the calculation shall be as described in paragraph 3.1.2; and

(ii)

if there shall [**] of measurements available (but not [**] the calculation shall be consistent with the procedures in paragraph 3.1.2, but without the removal of highest and lowest measures.

3.2.

Deletions

AT&T and Amdocs may delete KPIs per written agreement.

4.	Problem Analysis

If Amdocs fails to provide Services in accordance with the Service Levels and this Agreement, Amdocs shall (after restoring service or otherwise resolving any immediate problem):

(i)

promptly investigate and report on the causes of the problem;

(ii)

provide an analysis of the root cause of such failure (“Root Cause Analysis”) as soon as practicable, after such failure or AT&T’s request;

(iii)

use all commercially reasonable efforts to implement remedial action and begin meeting the Service Levels as soon as practicable;

(iv)

advise AT&T of the status of remedial efforts being undertaken with respect to such problem; and

(v)

demonstrate to AT&T’s reasonable satisfaction that the causes of such problem have been or will be corrected on a permanent basis

To the extent that such failure to meet Service Levels results in a violation of laws or regulatory action, Amdocs shall, in addition to its other obligations under the applicable Work Order, participate in any required related hearing, audit or other corrective action or review required by a

Proprietary Information

Agreement Number 02026713.A.009

governmental body or regulatory agency and the parties shall in good faith discuss the allocation of any associated costs. Amdocs shall use all commercially reasonable efforts to complete the Root Cause Analysis within [**]; provided that, if it is not capable of being completed within [**] using reasonable diligence, Amdocs shall complete such Root Cause Analysis as quickly as possible and shall notify AT&T prior to the end of the initial [**] as to the status of the Root Cause Analysis and the estimated completion date.

5.	Exceptions

Amdocs shall only be responsible for a Service Level Credit for (i) failure to meet a Service Level to the extent that such failure is attributable to a root cause under Amdocs’ responsibility, or (ii) to the extent that such failure is not directly attributable to any of the following:

Problems resulting from components (e.g., hardware, software, network, maintenance), including facility, application software other than the Application Software and User-controlled problems, for which AT&T is operationally responsible to the extent of such responsibility.

AT&T’s reprioritization of tasks to be performed by Amdocs where Amdocs has notified AT&T in advance that such reprioritization will cause Amdocs to miss such Service Level notwithstanding Amdocs’ reasonable efforts to continue performance.

Circumstances that excuse performance in connection with a force majeure event as specified in this Agreement.

Execution of a business continuity plan or disaster recovery and business continuity plan, in support of an AT&T declared disaster. The acts or omissions of any third party supplier, vendor, or other contractor of AT&T unless they are operating as a subcontractor of Amdocs or under Amdocs’ instruction.

AT&T’s refusal to implement additional hardware and/or software for which AT&T is financially and operationally responsible in accordance with the applicable Work Order, of which Amdocs has provided AT&T notice during the planning process (including Amdocs’ inability to meet Service Levels), and has provided AT&T enough time to comply.

Any situation which may constitute an exception or escalation will be handled using the escalation procedures defined in the Governance process.

6.	Impact to Multiple SLAs

Except in the case of SLAs which encompass common activities, if a single incident (other than Amdocs’s failure to perform in a manner meeting the SLAs) impacts multiple SLAs and results in multiple Service Level Credits otherwise being available within a single Measurement Period, AT&T shall have the right to select any one of such multiple Service Level Credits, but shall not be entitled to all such Service Level Credits.

Proprietary Information

Agreement Number 02026713.A.009

Amendment

No. 02026713.A.010

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.010

AMENDMENT NO. 10

AGREEMENT NO. 02026713

This Amendment No. 10, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, Amdocs Software Systems Limited and AT&T have entered into that certain Agreement No. 03032360.A.003 pursuant to which AT&T has the right to obtain a license to use Amdocs’ Software;

WHEREAS, the Agreement expired by its terms on June 30, 2009 (the “Prior Expiration Date”); and

WHEREAS, after such Prior Expiration Date, the Parties continued to perform under the Agreement as if it had not expired, and with the intention of extending its term; and

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

Proprietary Information

Agreement Number 02026713.A.010

2.	For purposes of extending the term of this Agreement, Section 3.32. “Term of Agreement”, is deleted in its entirety and replaced with the following:

3.32. Term of Agreement

This Agreement, with an Effective Date of August 7, 2003, shall remain in effect for a term ending on February 28, 2010, unless earlier Terminated or Canceled as provided in this Agreement. The Parties may extend the term of this Agreement by agreement in writing.

3.	The term “Leadership Council” and all references thereto are deleted throughout the Agreement and associated Amendments, and where the Parties so agree in an applicable Work Order , is replaced by Section 3.40 and Appendix 10, “Governance”.

4.	A new Section 2.50, “Subcontractor,” is hereby added to ARTICLE II - DEFINITIONS as follows:

2.50

“Subcontractor” means any person or entity supplying labor or materials to perform all or any part of Supplier’s obligations under this Agreement. “Subcontractor” shall include any person or entity at any tier of subcontractors, and shall not be limited to those persons or entities with a direct relationship with Supplier.

5.	Section 3.3, “Termination,” of ARTICLE III - GENERAL TERMS is hereby amended to include the following:

F.	Insolvency

(a) Right to Terminate. In the event that any Party (a) files for bankruptcy, (b) becomes or is declared insolvent, or is the subject of any proceedings related to its liquidation, insolvency or the appointment of a receiver or similar officer for it, (c) makes an assignment for the benefit of all or substantially all of its creditors or (d) enters into an agreement for the composition, extension, or readjustment of substantially all of its obligations, then the other Party may terminate this Agreement as of a date specified in a termination notice; provided, however, that Amdocs will not have the right to exercise such termination under this Section 3.3(F) so long as AT&T pays for the Services to be received hereunder in advance on a month-to-month basis. If any Party elects to terminate this Agreement due to the insolvency of the other Party, such termination will be deemed to be a termination for cause hereunder.

Proprietary Information

Agreement Number 02026713.A.010

licensees and sublicensees under Section 365(n) of the Bankruptcy Code; and (iii) to the extent any rights of AT&T under this Agreement which arise after the termination or expiration of this Agreement are determined by a bankruptcy court to not be “intellectual property rights” for purposes of Section 365(n), all of such rights shall remain vested in and fully retained by AT&T after any Bankruptcy Rejection as though this Agreement were terminated or expired. AT&T shall under no circumstances be required to terminate this Agreement after a Bankruptcy Rejection in order to enjoy or acquire any of its rights under this Agreement.

(c) AT&T Rights Upon Amdocs’ Bankruptcy. In the event of Amdocs’ bankruptcy or of the filing of any petition under the federal bankruptcy laws affecting the rights of Amdocs which is not stayed or dismissed within thirty (30) days of filing, in addition to the other rights and remedies set forth herein, to the maximum extent permitted by Law, AT&T will have the immediate right to retain and take possession for safekeeping all AT&T Information, AT&T Proprietary Information, AT&T licensed Third Party Software, AT&T owned Equipment, AT&T owned Materials, AT&T owned Custom Software, and all other Software, Equipment, Systems or Materials to which AT&T is or would be entitled during the term of this Agreement or upon the expiration or termination of this Agreement. Amdocs shall cooperate fully with AT&T and assist AT&T in identifying and taking possession of the items listed in the preceding sentence. AT&T will have the right to hold such AT&T Information, Proprietary Information, Software, Equipment, Systems and Materials until such time as the trustee or receiver in bankruptcy or other appropriate court officer can provide adequate assurances and evidence to AT&T that they will be protected from sale, release, inspection, publication or inclusion in any publicly accessible record, document, material or filing. Amdocs and AT&T agree that without this material provision, AT&T would not have entered into this Agreement or provided any right to the possession or use of AT&T Information, AT&T Proprietary Information or AT&T Software covered by this Agreement.

(d) Rights To Assume In Bankruptcy. In the event of commencement of bankruptcy proceedings by or against AT&T, AT&T or its trustee in bankruptcy shall be entitled to assume this Agreement and shall be entitled to retain all of AT&T’s license rights hereunder.

6.	Section 3.19, “MBE/WBE/DVBE,” of ARTICLE III GENERAL TERMS is deleted and replaced as follows:

3.19

MBE/WBE/DVBE (and Exhibits)

AT&T seeks to give minority-, women- and Disabled Veteran-owned businesses the maximum opportunity to participate in the performance of its contracts; current goals are MBE-15%, WBE-5%, and DVBE-1.5%. Amdocs commits to making good faith efforts to achieve goals for the participation of MBE/WBE and DVBE firms (as defined in section 3.20 below entitled “MBE/WBE/DVBE Termination”).

Proprietary Information

Agreement Number 02026713.A.010

Amdocs will make good faith efforts to meet or exceed the target of twelve percent (12%) for 2009. In addition, Amdocs agrees that it shall meet the following MBE/WBE/DVBE Diversity Commitment Objectives (“DCO”) in 2010 and through the term of this Agreement using any combination of Amdocs expenditures with MBE, WBE and/or DVBE suppliers of first, second or third tier subcontractors provided Amdocs furnishes appropriate documentation and support of such expenditures and such suppliers qualify as MBE/WBE/DVBE through an AT&T recognized certifying agency:


12/31/2010	12/31/2011	12/31/2012	12/31/2013
12% of total AT&T expenditures with Amdocs for calendar year 2010	15% of total AT&T expenditures with Amdocs for calendar year 2011	15% of total AT&T expenditures with Amdocs for calendar year 2012	15% of total AT&T expenditures with Amdocs for calendar year 2013

In the event Amdocs Diversity subcontracting results cannot be met by Amdocs due to significant legal, regulatory or business relationship changes that have a direct and substantive negative impact on the attainment of the Diversity commitments herein, AT&T and Amdocs will jointly review the results and known causes of the diversity subcontracting shortfall in order to reach a mutually acceptable Diversity subcontracting target. In the event the Parties cannot resolve the Diversity subcontracting targets, then the issue will be escalated as required through the following levels:


Level	Amdocs	AT&T
Level 1	Amdocs AT&T Division President	AVP-Global Business & Operations Sourcing (IT)
Level 2	President – Amdocs Customer Business Unit	President-Supply Chain & Fleet Operations

Proprietary Information

Agreement Number 02026713.A.010

7.	Section 3.29, “Subcontracting,” of ARTICLE III – GENERAL TERMS is hereby amended to include the following:

Temporary Workers. Amdocs may, in the ordinary course of business, subcontract (i) for third party services or products that are not exclusively dedicated to AT&T and that do not include regular direct contact with AT&T or AT&T Affiliate personnel or the performance of services at AT&T sites or (ii) with temporary personnel firms for the provision of temporary contract labor (collectively, “Temporary Workers”); provided, that such Temporary Workers possess the training and experience, competence and skill to perform the work in a skilled and professional manner AT&T shall have no approval right with respect to such Temporary Workers. If, however, AT&T expresses dissatisfaction with the services of a Temporary Worker, Amdocs shall work in good faith to resolve AT&T’s concerns on a mutually acceptable basis and, at AT&T’s request, replace such Temporary Worker. at no additional cost to AT&T.

8.	Section 3.23, “AT&T Supplier Information Security Requirements,” of ARTICLE III – GENERAL TERMS is hereby deleted and replaced as follows:

3.39.

AT&T Rules and Supplier Information Security Requirements

Amdocs shall comply with AT&T Rules and Supplier Information Security Requirements as they pertain to Systems used to access AT&T’s network, Information or facilities under the Agreement. AT&T Rules and Supplier Information Security Requirements are specified in Appendix 8.

9.	Section 4.7, “Dispute Resolution,” of ARTICLE IV – LEADERSHIP COUNCIL, PROJECT MANAGEMENT is hereby deleted and replaced as follows:

4.7

Dispute Resolution

(A)

Informal Dispute Resolution.

Prior to the initiation of formal dispute resolution procedures with respect to any dispute, other than as provided in this Section 4.7, the Parties shall first attempt to resolve such dispute informally, as follows:

(a)

Initial Effort. The Parties agree that they shall attempt in good faith to resolve all disputes in accordance with Appendix 10 - Governance. In the event of a dispute that is not resolved or resolvable in accordance with Appendix 10 - Governance, either Party may refer the dispute for resolution to the senior corporate executives specified in Section 4.7(A)(e) below upon written notice to the other Party.

(b)

Escalation. [**] of a notice under Section 4.7(A)(a) above referring a dispute for

Proprietary Information

Agreement Number 02026713.A.010

resolution by senior corporate executives, the AT&T Contract Office and the Amdocs Account Office will each prepare and provide to an Amdocs Division President and the AT&T Chief Information Officer, respectively, summaries of the relevant information and background of the dispute, along with any appropriate supporting documentation, for their review. The designated senior corporate executives will confer as often as they deem reasonably necessary in order to gather and furnish to the other all information with respect to the matter in issue which the parties believe to be appropriate and germane in connection with its resolution. The designated senior corporate executives shall discuss the problem and negotiate in good faith in an effort to resolve the dispute without the necessity of any formal proceeding. The specific format for the discussions will be left to the discretion of the designated senior corporate executives, but may include the preparation of agreed-upon statements of fact or written statements of position.

(c)

Provision of Information. During the course of negotiations under Section 4.7, all reasonable requests made by one Party to another for non-privileged information, reasonably related to the dispute, will be honored in order that each of the Parties may be fully advised of the other’s position. All negotiation shall be strictly confidential and used solely for the purposes of settlement. Any materials prepared by one Party for these proceedings shall not be used as evidence by the other Party in any subsequent arbitration or litigation; provided, however, the underlying facts supporting such materials may be subject to discovery.

(d)

Prerequisite to Formal Proceedings. Formal proceedings for the resolution of a dispute may not be commenced until the earlier of: (i) the designated senior corporate executives under Section 4.7(A)(a) above concluding in good faith that amicable resolution through continued negotiation of the matter does not appear likely; or (ii) [**] after the notice under Section 4.7(A)(a) above referring the dispute to designated senior corporate executives. The time periods specified in this Section 4.7(A) shall not be construed to prevent a Party from instituting, and a Party is authorized to institute, formal proceedings earlier to (A) avoid the expiration of any applicable limitations period, (B) preserve a superior position with respect to other creditors, or (C) address a dispute to the extent subject to equitable or injunctive relief.

(e)

Additional Escalation. In addition to the dispute resolution provisions contained in this Section 4.7(A), in connection with any exercise of its termination rights under Section 3.3(A), AT&T will, [**] to the effective date of such termination, but without extending any applicable time frames specified in the Agreement, provide Amdocs with the right to have its Chief Executive Officer address the relevant issues with AT&T’s Chief Operating Officer.

Proprietary Information

Agreement Number 02026713.A.010

(B)

Arbitration.

(a) Any controversy or claim arising out of or relating to this Agreement, or any breach thereof, which cannot be resolved using the procedures set forth above in Section 4.7(A) shall be finally resolved under the Commercial Arbitration Rules of the American Arbitration Association then in effect.

(b) The Arbitration shall take place in New York, New York, and shall apply the law of the State of Texas. The decision of the arbitrators shall be final and binding and judgment on the award may be entered in any court of competent jurisdiction. The arbitrators shall be instructed to state the reasons for their decisions in writing, including findings of fact and law. The arbitrators shall be bound by the warranties, limitations of liability and other provisions of this Agreement. Except with respect to the provisions of this Agreement that provide for injunctive relief rights, such arbitration shall be a precondition to any application by either Party to any court of competent jurisdiction.

(c) [**] after delivery of written notice (“Notice of Dispute”) by one Party to the other in accordance with this Section, the Parties each shall use good faith efforts to mutually agree upon one (1) arbitrator. If the Parties are not able to agree upon one (1) arbitrator within such period of time, the Parties each shall [**]: (i) appoint one (1) arbitrator who has at no time ever represented or acted on behalf of either of the Parties, and is not otherwise affiliated with or interested in either of the Parties and (ii) deliver written notice of the identity of such arbitrator and a copy of his or her written acceptance of such appointment to the other Party. If either Party fails or refuses to appoint an arbitrator within such [**], the single arbitrator appointed by the other Party shall decide alone the issues set out in the Notice of Dispute. [**] after such appointment and notice, such arbitrators shall appoint a third arbitrator. In the event that the two arbitrators fail to appoint a third arbitrator within [**] of the appointment of the second arbitrator, either arbitrator or either Party may apply for the appointment of a third arbitrator to the American Arbitration Association.

(d) All arbitrators selected pursuant to this Section shall be practicing attorneys with [**] applicable to the Services. Any such appointment shall be binding upon the Parties. The Parties shall use best efforts to set the arbitration within [**] after selection of the arbitrator or arbitrators, as applicable, but in no event shall the arbitration be set more than [**] after selection of the arbitrator or arbitrators, as applicable. Discovery as permitted by the Federal Rules of Civil Procedure then in effect will be allowed in connection with arbitration to the extent consistent with the purpose of the arbitration and as allowed by the arbitrator or arbitrators, as applicable. The decision or award of the arbitrator or the majority of the three arbitrators, as applicable, shall be rendered within [**] after the conclusion of the hearing, shall be in writing, shall set forth the basis therefore, and shall be final, binding and nonappealable upon the Parties and may be enforced and executed upon in any court having jurisdiction over the Party against whom the enforcement of such decision or award is sought. [**]; provided, however, the arbitrator or arbitrators, as applicable, may modify the allocation of fees, costs and expenses in the award in those cases where fairness dictates other than such allocation between the Parties.

Proprietary Information

Agreement Number 02026713.A.010

10.

Section 6.9, “Work Done By Others,” of ARTICLE VI - ONGOING SUPPORT SERVICES is hereby deleted and replaced as follows:

6.9

Work Done by Others

If any part of Amdocs’s work is dependent upon work performed by others or subcontracted consistent with the terms herein, Amdocs shall inspect such other work and promptly report to AT&T any known or discovered defect that renders such other work unsuitable for Amdocs’s proper performance. Amdocs’s silence shall constitute approval of such other work as fit, proper and suitable for Amdocs’s performance of its work except with respect to latent defects.

11.

Appendix 1.2(2) IT Professional Service Price(s) is amended to include the following:

Mobility Software Development

The [**], with the following exception:

[**].

Production Support

[**].

Requirements/Consulting

[**].

Testing

[**]. This rate is conditional upon maintaining the current level or volume of testing services provided to AT&T upon signature of this Amendment. [**].

12.

Appendix 8 AT&T Supplier Information Security Requirements, attached to the Agreement, is deleted in its entirety, and replaced with the revised Appendix 8 AT&T Rules and Supplier Information Security Requirements, attached herewith.

13.

Appendix 10 Governance, attached to the Agreement, is deleted in its entirety, and replaced with the revised Appendix 10 Governance, attached herewith.

Proprietary Information

Agreement Number 02026713.A.010

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.		AT&T Services, Inc.

By:	/s/ Kelley Basta	By:	/s/ Beverly J. Madson



Printed Name:	Kelley Basta	Printed Name:	Beverly J. Madson



Title:	Director of Finance	Title:	Senior Contract Manager

Date:	8/7/09	Date:	8-7-2009

Proprietary Information

Agreement Number 02026713.A.010

Appendix 8

A&T Rules and Supplier Information Security Requirements

1.	Work Policies and Rules

a.	During the performance of Services, representatives of Amdocs, including its employees and subcontractors (“Amdocs Representatives”), shall adhere to AT&T work rules and policies, including but not limited to those specified in the AT&T Code Of Business Conduct, as amended from time to time.

Without limiting the Amdocs obligation in clause (a), Amdocs shall ensure that the personal conduct and comments in the workplace of Amdocs Representatives support a professional environment which is free of inappropriate behavior, language, jokes or actions which could be perceived as sexual harassment or as biased, demeaning, offensive, or derogatory to others based upon race, color, religion, national origin, sex, age, sexual orientation, marital status, veteran’s status or disability. Amdocs further agrees that Amdocs Representatives will refrain from words or conduct that is threatening and/or disrespectful of others.

Without limiting Amdocs’ obligation in clauses (a) or (b), if AT&T provides Amdocs Representatives access to its computer systems, Amdocs agrees (i) to use such systems in a professional manner, (ii) to use such systems only for business purposes and solely for the purposes of performing under the Agreement, (iii) to use such systems in compliance with AT&T’s applicable standards and guidelines for computer systems use, as outlined in AT&T Supplier Information Security Requirements, and (iv) to use password devices, if applicable and if requested by AT&T. Without limiting the foregoing, any access provided by AT&T, or by virtue of the presence of Amdocs Representatives at AT&T locations, including but not limited to access to intranet and internet services, shall not be used for personal purposes or for any purpose which is not directly related to the Services. Amdocs agrees that Amdocs Representatives must have a valid AT&T business reason to access the intranet and/or the internet from within AT&T’s private corporate network.

2.	Access

When appropriate, Amdocs shall have reasonable access to AT&T’s premises to enable Amdocs to perform its obligations under the Agreement. Amdocs shall coordinate such access with AT&T’s designated representative prior to visiting such premises. Amdocs will ensure that only employees or subcontractors of Amdocs will be allowed to enter AT&T’s premises. If AT&T requests Amdocs to discontinue furnishing any person provided by Amdocs from performing Services on AT&T’s premises, in accordance with the terms and conditions of the Agreement, Amdocs shall immediately comply with such request. Such person shall leave AT&T’s premises immediately and Amdocs shall not furnish such person again to perform Services on AT&T’s premises without AT&T’s written consent.

b.	AT&T may require Amdocs or its Amdocs Representatives to exhibit identification credentials, which AT&T may issue, to gain access to AT&T’s premises for the performance

Proprietary Information

Agreement Number 02026713.A.010

of Services. If, for any reason, any Amdocs Representative is no longer performing such Services, Amdocs shall immediately inform AT&T and promptly deliver to AT&T such person’s identification credentials, if issued by AT&T. Amdocs agrees to comply with AT&T’s corporate policy requiring Amdocs Representatives to exhibit their company photo identification in addition to the AT&T issued photo identification when on AT&T’s premises.

Amdocs shall ensure that Amdocs Representatives, while on or off AT&T’s premises, will perform (i) Services which protect AT&T-owned Materials, buildings and structures, (ii) which do not interfere with AT&T’s business operations, and (iii) with care and due regard for the safety, convenience and protection of AT&T, its employees, and property and in full conformance with the policies specified in the AT&T Code of Business Conduct, which prohibits the possession of a weapon or an implement which can be used as a weapon (a copy of the AT&T Code of Business Conduct is available upon request).

d.	Amdocs shall ensure that all persons furnished by Amdocs work harmoniously with all others when on AT&T’s premises.

3.	Security Requirements for System or Network Access

Supplier shall comply with these security requirements (“Requirements”) to have access to AT&T’s computers, computer peripherals, computer communications networks, computer systems/applications/software, network elements and their support systems, and the information stored, transmitted, or processed using these resources (“Information Resources”). “User” means any individual performing services under the Agreement, whether as an employee, approved subcontractor, or agent of Supplier. “AT&T Sponsor” means the AT&T management employee responsible for the oversight of the services provided by Supplier.

These Requirements apply to Suppliers and Users performing services on AT&T premises or remotely accessing AT&T infrastructure, systems or applications using AT&T-provisioned client-VPN and to those providing services to AT&T that are hosted external to AT&T premises.

Information Security Program

Supplier shall adhere to the security requirements described in Exhibit 1. Security requirements apply to all “Supplier system components” which are defined as any network component or server or application included or directly connected to the AT&T customer cardholder data environment. Network components include, but are not limited to, firewalls, switches, routers, wireless access points, network appliances, or other appliances. Servers include, but are not limited to, web database, authentication, and DNS mail proxy. Applications include all purchased and custom applications including internal and external web applications.

Proprietary Information

Agreement Number 02026713.A.010

Supplier expressly warrants that it will not store any AT&T customer cardholder data on any Supplier-owned system component. Supplier expressly warrants that it will not transmit any AT&T customer cardholder data across open public networks.

In the event that Supplier causes harm due to material breach of such warranties or Supplier’s other obligations hereunder that causes an AT&T customer’s cardholder information to be compromised, it shall be liable for all penalties or expenses incurred as a result of such a compromise.

Proprietary Information

Agreement Number 02026713.A.010

Exhibit 1

AT&T Supplier Information Security Requirements

The following AT&T Supplier Information Security Requirements (“Security Requirements”) apply to Supplier, its subcontractors, and each of their employees and/or temporary workers, contractors, vendors and/or agents (for the purpose of this Appendix, each or all “Supplier”) that perform Services for, on behalf of, and/or through AT&T that include any of the following:

1. Supplier’s performance of Services that involve the collection, storage or handling of AT&T confidential Information;

2. Supplier-offered or -supported AT&T branded services using non-AT&T network and computing resources;

3. Connectivity to AT&T non-public networks and computing resources;

4. Custom software development or software implementation; and

5. Website hosting and development for AT&T and/or AT&T’s customers.

Supplier shall be fully compliant with these Security Requirements prior to the performance of any such Services.

Definitions:

Unless otherwise set forth or expanded herein, defined terms shall have the same meaning as set forth in the main body of the Agreement.

“Information Resources” means any systems, applications, and network elements, and the information stored, transmitted, or processed with these resources in conjunction with supporting AT&T and/or used by Supplier in fulfillment of its obligations under this Agreement.

“Personally Identifiable Information” or “PII” means any information that could be used to uniquely identify, locate, or contact a single person (or potentially be exploited to steal the identity of an individual, commit fraud or perpetuate other crimes). Examples of PII include, but are not limited to, personal telephone numbers, social security numbers, national, state or province issued identification number, drivers license number, date of birth, bank account numbers, credit card numbers, and other credit-related information, PINs, passwords, passcodes,

Proprietary Information

Agreement Number 02026713.A.010

password hint answers, Protected Health Information as defined by the Health Insurance Portability and Accountability Act (HIPAA), biometric data, digitized signatures, and background check details.

In accordance with the foregoing, Supplier shall:

System Security

1.	Actively monitor industry resources (e.g., www.cert.org, pertinent software vendor mailing lists & websites) for timely notification of all applicable security alerts pertaining to Supplier networks and computers.

2.	Scan externally-facing systems with applicable industry standard security vulnerability scanning software (including, but not limited to, network, server, & application scanning tools) [**]

3.	Scan internal systems with applicable industry standard security vulnerability scanning software (including, but not limited to, network, server, application & database scanning tools) [**]

4.	Upon AT&T’s request, furnish to AT&T its most current scanning results for those resources used to support AT&T.

5.	Deploy an Intrusion Detection System(s) (IDS) in an active mode of operation.

6.	Remediate security vulnerabilities, including, but not limited to, those discovered through industry publications, vulnerability scanning, virus scanning, and the review of security logs, and apply applicable security patches in a timely manner, according to the following minimal guidelines: If:

•

A vulnerability exists and attack is underway: Supplier shall work on remediating/patching [**]

•

A vulnerability exists and attack is determined to be imminent: Supplier shall remediate/patch within [**].

•

A vulnerability exists and attack is determined to not be imminent: Supplier shall remediate/patch within [**].

All other security remediations/patches shall be applied [**]

7.	Assign security administration responsibilities for configuring host operating systems to specific individuals.

8.	Ensure its security staff has reasonable and necessary experience in information/network security.

9.	Ensure that all of Supplier’s systems are and remain ‘hardened’ including, but not limited to, removing or disabling unused network services (e.g., finger, rlogin, ftp, simple TCP/IP services) and installing a system firewall, TCP Wrappers or similar technology.

10.	Change all default account names and/or default passwords in accordance with password requirements as set forth within requirement number 34, below; except that the Administrator account name only in Windows and Root account name only in UNIX systems will continue unchanged.

11.	Limit system administrator/root (or privileged, super user, or the like) access to host operating systems only to individuals requiring such high-level access in the performance of their jobs.

12.	Require system administrators to restrict access by users to only the commands, data and systems necessary to perform authorized functions.

Physical Security

13.	Ensure that all of Supplier’s networks and computers are located in secure physical facilities with limited and restricted access by authorized individuals only.

Proprietary Information

Agreement Number 02026713.A.010

14.	Monitor and record, for audit purposes, access to the physical facilities containing networks and computers used in connection with Supplier’s performance of its obligations under the Agreement.

Network Security

15.	Separate AT&T’s Information from the Internet and the destination web servers with a perimeter security gateway (e.g., firewall). For additional clarification of this requirement, see diagram, however, the written requirements shall control with respect to the interpretation of this provision.

LOGO

16.	Upon AT&T’s request, provide to AT&T a logical network diagram detailing the Information Resources (including, but not limited to, firewalls, servers, etc.) that will support AT&T.

17.	Have a documented process and controls in place to detect and handle unauthorized attempts to access AT&T Information.

18.	Use the strongest commercially available encryption technologies (minimum 256-bit encryption) for the transfer of AT&T Information outside AT&T controlled facilities and network. This also applies to electronically transmitted email communications containing AT&T Information.

19.	Use strong authentication (e.g., two factor token or digital certificates) for remote access.

Information Security

20.	Not co-locate AT&T’s application/Information on the same physical servers with any other customer’s or Supplier’s own application/data.

Proprietary Information

Agreement Number 02026713.A.010

21.	Have a documented procedure for the secure backup, transport and storage of AT&T Information and provide it upon AT&T’s request.

22.	Maintain and, upon AT&T’s request, furnish to AT&T a business continuity plan that ensures that Supplier can meet its contractual obligations under the Agreement, including the requirements of any applicable Statement of Work or Service Level Agreement.

23.	Store sensitive AT&T data elements using the strongest commercially available encryption technologies (minimum 256-bit encryption). Sensitive data elements include, but are not limited to, Personally Identifiable Information.

24.	Limit access to AT&T Information, including, but not limited to paper hard copies, only to persons or systems authorized by AT&T under written agreement.

25.	Be compliant with any applicable government- and industry-mandated information security standards including, but not limited to, the Payment Card Industry - Data Security Standards (PCI), National Automated Clearing House Associates (NACHA) Rules, Electronic Data Interchange (EDI), and HIPAA.

26.

Return all AT&T Information, including electronic and hard copies, within [**] - after the sooner of: (a) expiration or Termination or Cancellation of the Agreement; (b) AT&T’s request for the return of Information; or (c) when Supplier (or its suppliers or representatives) no longer needs the Information. In the event that AT&T approves the destruction as an alternative to returning the Information, then Supplier shall certify the destruction (e.g., degaussing, overwriting, performing a secure erase, performing a chip erase, shredding, cutting, punching holes, breaking, etc.) as rendering the Information non-retrievable

27.	Unless otherwise instructed by AT&T, when collecting, generating or creating Information for, through or on behalf of AT&T or under the AT&T brand, Supplier shall use the following AT&T proprietary marking:

“AT&T Proprietary Information (Internal Use Only)

Not for use or disclosure outside the AT&T companies

except under written agreement”

Identification and Authentication

28.	Assign unique userIDs to individual users.

29.

Have and use a documented UserID Lifecycle Management process including, but not limited to, procedures for approved account creation, timely account removal, and account modification (e.g., changes to privileges, span of access, functions/roles) for all applications and across all environments (e.g., production, test, development, etc.).

30.	Enforce the rule of least privilege (i.e., limiting access to only the commands and Information necessary to perform authorized functions according to one’s job function).

31.

32.	Terminate interactive sessions that have been inactive for a designated period of time, not to [**]

Proprietary Information

Agreement Number 02026713.A.010

33.	Require password expiration at regular intervals not to exceed [**].

34.	Use an AT&T-approved authentication method based on sensitivity of Information. When passwords are used, they must meet these requirements:

•

Passwords must be a minimum of [**] characters in length.

•

Passwords must contain characters from at least [**] of these groupings: alpha, numeric, and special characters.

•

Password construction must be complex and not contain names, dictionary words, combinations of words, or words with substitutions of numbers for letters, e.g., s3cur1ty.

•

Passwords must differ from the USERID by at least three positions. The new password must differ from the previous password by at least two positions.

•

The same character must not occur in three consecutive positions in the password.

Note: Applications housing more sensitive Information, as identified by AT&T, may require an authentication mechanism stronger than passwords and the authentication mechanism must be approved by AT&T in advance in writing. Examples of stronger authentication methods include tokens, digital certificates, passphrases, and biometrics.

35.	Use a secure method for the conveyance of authentication credentials (e.g., passwords) and authentication mechanisms (e.g., tokens or smart cards).

Warning Banner

36.	Display a warning or “no-trespassing” banner on applicable login screens or pages when in Supplier’s environment and not an AT&T branded product or service.

(example long version):

This is an <company name> system, restricted to authorized individuals. This system is subject to monitoring. Unauthorized users, access, and/or modification will be prosecuted.

(example short version):

<company name> authorized use ONLY, subject to monitoring. All other use prohibited.

For AT&T branded products or services or for software developed for AT&T, Supplier shall display a warning banner on login screens or pages provided by AT&T.

Software and Data Integrity

37.	Have current antivirus software installed and running to scan for and promptly remove viruses.

38.	Separate non-production systems and data from production systems and data.

39.	Have a documented software change control process including back out procedures.

40.	Have database transaction logging features enabled and retain database transaction logs for a minimum of [**].

41.	For all software developed, used or furnished and/or supported under this Agreement, review such software to find and remediate security vulnerabilities during initial implementation and upon any modifications and updates.

42.

Perform quality assurance testing for the application functionality and security components (e.g., testing of authentication, authorization, and accounting functions, as well as any other activity designed to validate the security architecture) during initial implementation and upon any modifications and updates.

Proprietary Information

Agreement Number 02026713.A.010

Privacy Issues

43. Restrict access to any Personally Identifiable Information to authorized individuals.

Monitoring and Auditing Controls

44. Restrict access to security logs to authorized individuals.

45. Manually review security logs [**] for anomalies and document and resolve all logged security problems in a timely manner. Amdocs logging runs continuously. Alerting is done [**]. Areas of concern are addressed and exceptions eliminated in a time mannerly. Security Operations investigates if necessary.

46. Supplier shall retain complete and accurate records relating to its performance of its obligations arising out of these Security Requirements and Supplier’s compliance herewith in a format that will permit audit for a period of [**], or longer as may be required pursuant to a court order or civil or regulatory proceeding. Notwithstanding the foregoing, Supplier shall only be required to maintain security logs for a [**]. In the event Supplier is provided connectivity to AT&T, Supplier shall maintain logs of user sessions (including application to application sessions) relating to such connectivity. These session logs must include: login identification, user request records, system configuration, and timestamps and/or duration of access. These session logs must be retained for a [**].

47. Upon AT&T’s request for audit, Supplier shall schedule a security audit to commence [**] from such request. In the event that AT&T, in its sole discretion, deems a security breach has occurred, Supplier shall schedule the audit to commence [**] of AT&T’s notice requiring an audit. This provision shall not be deemed to, and shall not, limit any more stringent audit obligations permitting the examination of Supplier’s records contained in this Agreement.

48. Provide AT&T, [**] from the publication of the audit report identifying any noncompliance with these Security Requirements, a written report of completed or proposed corrective actions addressing each noncompliance found within the audit and implementation timeframes (which timeframes must be as soon as possible, but, in any event, [**]). Supplier shall provide periodic, [**], written updates in a format acceptable to AT&T, regarding the status of the implementation of the corrective action plan in order to track the work to completion.

Reporting Violations

49. Have and use a documented procedure to follow in the event of an actual or suspected unauthorized intrusion or other security violation, including but not limited to, a physical security or computer security incident (e.g., hacker or attempted hacker activity or the introduction or attempted introduction of a virus or malicious code), which includes immediate notification to the AT&T Computer Security Incident Response Team (ACSIRT).

ACSIRT 24 hour contact information:

[**]

50. Provide AT&T with regular status on any actual or suspected unauthorized intrusion or other security violation updates including, but not limited to, actions taken to resolve such incident, [**] for the duration of the incident, and, [**] of the closure of the incident, a written report describing the incident, actions taken by the Supplier during its response and Supplier’s plans for future actions to prevent a similar incident from occurring.

Proprietary Information

Agreement Number 02026713.A.010

Software Development and Implementation

51. Ensure, prior to furnishing or development of custom software, that such software incorporates applicable AT&T security requirements as provided by AT&T.

Security Policies and Procedures

52 Ensure that all personnel, subcontractors or representatives performing work on any AT&T Information Resources or the resources used to interconnect to AT&T resources or the resources used to house AT&T Information under this Agreement are in compliance with these Security Requirements.

53. Notify AT&T of any policy changes that could impact the security controls put in place to secure AT&T’s Information.

54. At a minimum annually, review these Security Requirements to ensure that Supplier is in compliance with the requirements.

55. Return all AT&T owned or provided access devices (including, but not limited to, SecurID tokens, information storage devices, software, and/or computer equipment), as soon as practicable, but in no event more than [**] upon the sooner of: (a) expiration or Termination or Cancellation of the Agreement; (b) AT&T’s request for the return of such property; or (c) when Supplier (or its suppliers or representatives) no longer need such property.

Connectivity Requirements

In the event Supplier has, or will be provided connectivity (e.g., access to AT&T’s or its customer’s network) in conjunction with this Agreement, then in addition to the foregoing, the following Security Requirements shall apply to Supplier:

In the event a data connection agreement, such as a “Master Data Connection Agreement,” “Data Connection Agreement,” and/or “Connection Supplement” (“DCA”) exists between the Parties, and incorporates this Agreement by reference, or is otherwise integrated with, or used to govern the Parties’ connectivity obligations under, this Agreement, such DCA is hereby superseded by the terms of the Security Requirements, effective as of the date these Security Requirements become effective under the Agreement, and the terms of such DCA are amended to require that the Security Requirements and not the DCA are controlling in the Agreement (as well as any agreements subordinate to this Agreement). Notwithstanding the foregoing, the DCA remains in full force and effect for all other agreements between the Parties to which it applies.

Supplier shall:

Use only the AT&T Chief Security Office (CSO) approved facilities and connection methodologies to interconnect AT&T’s data facilities with Supplier’s data facilities and to provide access to the data for each connection.

NOT establish interconnection to endpoint resources other than in the United States. Interconnections to endpoint resources other than in the United States require the express prior written consent of AT&T.

Proprietary Information

Agreement Number 02026713.A.010

Provide AT&T access to any Supplier facilities during normal business hours for the maintenance and support of any AT&T equipment (e.g., router) used for the transmission of Information under this Agreement.

Use any AT&T equipment provided under this Agreement only for the furnishing of those Services or functionalities explicitly defined in this Agreement.

Ensure that all Supplier interconnections to AT&T pass through the designated AT&T perimeter security gateway (e.g., firewall).

Ensure that Supplier interconnections to AT&T terminate at a perimeter security gateway (e.g., firewall) at Supplier end of the connection.

In addition to other rights set forth herein, AT&T shall have the right to:

Gather information relating to access, including Supplier’s access, to AT&T networks, processing systems and applications. This information may be collected, retained and analyzed by AT&T to identify potential security risks without further notice. This information may include trace files, statistics, network addresses, and the actual data or screens accessed or transferred.

Immediately suspend or terminate any interconnection if AT&T, in its sole discretion, believes there has been a breach of security or unauthorized access to or misuse of AT&T data facilities or Information.

Limited Offshore Remote Access

To the extent approved by AT&T’s Executive Director of the Offshore Management Office, Amdocs Offshore Personnel may perform Services and access AT&T Data on an as-needed basis (e.g., to perform after-hours work) from their home location with specifically designated and approved computers provided by Amdocs (“Remote Access Computer”), subject to the following:

•

Access to AT&T Data by Offshore Personnel will be done only by:

•

First, accessing the Amdocs network

•

Second, from the Amdocs network, accessing the AT&T network through a “Virtual Workstation”

•

Connection from the Amdocs network to the AT&T network is defined by AT&T. Currently this is done through a dedicated Business to Business (B2B) network connection.

•

Each Remote Access Computer will have Amdocs-provided anti-virus and firewall Software installed and operating in accordance with the Agreement.

•

Each Remote Access Computer will only access AT&T Data through an Amdocs-provided VPN tunnel that is authenticated using a strong two-factor token solution.

•

Amdocs will implement and enforce commercially reasonable password complexity requirements that are not less strict than those required under this Agreement.

•

Amdocs Personnel using Remote Access Computers will only be able to connect to the Virtual Workstation or Citrix server in an AT&T facility from the Amdocs network using

Proprietary Information

Agreement Number 02026713.A.010

Microsoft Remote Desktop Connection or Citrix ICA protocol. Only domain accounts will be allowed to connect to such computers and those domain accounts will be configured by Amdocs on the target computers (i.e., the AT&T facility computer) as having permission to connect. Local accounts on that computer shall not be configured or allowed. Only accounts under the security control of the Windows domain will be permitted.

•

All traffic over the public internet shall be highly encrypted (i.e., at least 128 byte encryption).

•

Session timeouts shall be enabled by Amdocs, per AT&T guidelines.

•

Security audit logs will be maintained by Amdocs to track system events, including login attempts, user sessions, logoffs, configuration changes, and other pertinent events and data.

•

Virtual Workstations will be configured such that Offshore Amdocs Personnel will be unable to download or copy AT&T Data to their local devices such as disk drives, USB drives, writeable CDs, etc. Such configuration settings will be controlled centrally and editable only by authorized administrators.

•

Amdocs will be responsible for all costs associated with setting up the offshore remote access solution, as described above.

Proprietary Information

Agreement Number 02026713.A.010

Appendix 10

Governance

Table of Contents


1.0	INTRODUCTION		24

2.0	ROLES AND RESPONSIBILITIES OF KEY GOVERNANCE TEAM MEMBERS		25

	2.1	AT&T	25

	2.2	AMDOCS	31

3.0	COMMITTEES AND TEAMS		34

	3.1	EXECUTIVE STEERING COMMITTEE	34

	3.2	MANAGEMENT COMMITTEE	36

	3.3	SERVICE DELIVERY COMMITTEE	38

	3.4	TECHNICAL STEERING COMMITTEE	40

	3.5	PROGRAM STEERING COUNCIL	41

	3.6	PROGRAM TEAM	42

4.0	ISSUE ESCALATION PROCEDURES		44

Proprietary Information

Agreement Number 02026713.A.010

This Governance procedure will be applicable to Services provided under this Agreement when the Parties so agree in an applicable Work Order. Capitalized terms not defined in this Schedule have the meaning given in the Agreement. Any capitalized term not defined has its generally understood meaning in the context in which it is used in the IT industry.

1.0

INTRODUCTION

This Schedule sets out the Governance structure for the Agreement, the roles and responsibilities of both Parties to maintain a working relationship, and the type, content and frequency of the status meetings that will be held. AT&T’s Contract Executive, Contract Manager, Contract Administrator, Quality Assurance Program Manager, Business Unit Coordinator, Finance Manager, Transition Manager, Service Level Managers, Technology Architecture Program Managers and AT&T Retained and Vendor Employee Support Manager comprise the “AT&T Governance Team.” Amdocs’ Account Executive, Account Manager, Transition Manager, Architecture Manager, Service Delivery Managers, Resourcing Manager, Service Control Manager, Finance Manager, and Human Resource Director comprise the “Amdocs Governance Team.” Amdocs shall replace any member of Amdocs’ Governance Team upon reasonable request by AT&T to Amdocs. The AT&T Governance Team and the Amdocs Governance Team are collectively referred to in this Agreement as the “Governance Team.” Costs for Amdocs activities associated with the Governance Team and committees shall be paid by Amdocs and not be billed to AT&T.

Upon notice to the other Party, each Party reserves the right to replace or substitute members of its own Governance Team in accordance with this Agreement and change the titles and responsibilities of members of its Governance Team (with members that have equivalent decision-making authority). Notwithstanding anything in this Agreement to the contrary, representatives from any AT&T Affiliate shall have the opportunity to attend and participate in Governance Team meetings as requested by AT&T.

A Party may fill multiple positions in its Governance Team with the same individual; provided, however, that the Amdocs Account Executive and the Amdocs Account Manager shall be separate individuals. At the reasonable request of AT&T (whether in connection with the addition of or other Change to the Services), Governance Team positions may be increased or decreased to address areas or issues in the scope of Services or other obligations of the Parties under the Agreement.

With respect to meetings under this Agreement, such meetings may be held by teleconference or videoconference, unless AT&T reasonably requests that such meetings be held in person at a location designated by AT&T.

If the two Parties cannot agree to what is reasonable, the Governance Escalation process will be followed. Each Party shall bear its own expenses (travel or otherwise) in connection with the meetings.

Proprietary Information

Agreement Number 02026713.A.010

2.0

ROLES AND RESPONSIBILITIES OF KEY GOVERNANCE TEAM MEMBERS

2.1

AT&T

2.1.1

AT&T Contract Executive

AT&T’s Contract Executive’s responsibilities include:

Managing the overall relationship with Amdocs under this Agreement.

Providing leadership and guidance to the AT&T Governance organization.

Working with the Amdocs Account Executive and Amdocs Account Manager to progress the goals and objectives of the arrangement.

Resolving escalated issues in accordance with the Governance escalation procedures.

Providing liaison activities and guidance with Amdocs’s corporate executive leadership in regard to the strategic needs of AT&T.

Serving as the primary interface to AT&T IT senior management.

Providing overall oversight of the Agreement including services, technical and financial oversight.

Providing input to Long Range IT Planning activities and the disaster/business continuity strategy.

2.1.2

AT&T Contract Manager

AT&T’s Contract Manager has primary operational responsibility for the Agreement and monitoring Amdocs deliverables and commitments. The Contract Manager’s responsibilities include:

Monitoring Amdocs and AT&T compliance with the obligations of the Agreement.

Monitoring Amdocs Agreement level deliverable commitments.

Tracking fulfillment of Amdocs deliverables.

Managing benchmarking activities, according to the Agreement.

Managing the AT&T Governance organization including committee establishment and oversight.

Resolving escalated issues according to the Governance escalation procedures.

Approving or declining all work requests that are in excess of pre-established expenditure amounts or circumstances, including New Services.

Managing service level base-lining activities as defined in Schedule F.

Evaluating Service Level Credits and approving any action plans resulting from critical Service Level Failures.

Approving, authorizing and overseeing all Agreement related policies and procedures.

Proprietary Information

Agreement Number 02026713.A.010

Authorizing Amendments to the Agreement.

Coordination of AT&T third party matters including contract management, leases, and license management, except to the extent the Agreement expressly requires Amdocs to provide such coordination (e.g., Managed Third Parties).

Coordination with the Amdocs Contract Manager concerning operational activities associated with all Amdocs Personnel including onsite and offshore resources.

Providing contractor sponsorship.

Developing and providing metric reporting for AT&T IT leadership.

2.1.3

AT&T Contract Administrator

AT&T’s Contract Administrator has primary administrative responsibility for the Agreement including the management of all reporting and updates to the Agreement. The Contract Administrator’s responsibilities include:

Ensuring receipt and review of all Amdocs reports required by the Agreement.

Serving as the single point of contact for all requests and communications originating from Amdocs with respect to the Agreement. Except for [**] communications for which alternative procedures are described elsewhere in the Agreement, Amdocs shall direct all requests and communications required by, permitted under or made in connection with the Agreement to the AT&T Contract Administrator.

Developing standard reporting and communication requirements between Amdocs and various staff and organizations within AT&T.

Developing and assisting with negotiations and dispute resolution related to all addendums and updates to the Agreement that are required during the Term.

Assisting with interpretation and intent of the Parties in regard to the terms and conditions of the Agreement.

Assuring ability to audit Amdocs processes.

Oversight of Agreement Amendment process.

Managing the dispute resolution process as needed for the Agreement.

Administration of Policy and Procedure Manual changes.

Serving as a single point of contact for any document retention notices, tax surveys, insurance surveys and general data calls.

Performing facilities management to ensure appropriate facilities are available to Amdocs with the required environmental equipment services.

Proprietary Information

Agreement Number 02026713.A.010

2.1.4

AT&T Quality Assurance Program Manager

AT&T’s Quality Assurance (QA) Program Manager has the overall responsibility for tracking the quality of Amdocs’ software development processes and deliverables. The Quality Assurance Program Manager’s responsibilities include:

Developing and implementing processes and procedures to monitor, measure and report quality, reliability and performance of Amdocs’ deliverables, and their conformance to requirements (business and technical).

Verifying, monitoring and reporting to AT&T Amdocs’ compliance against:

IT Unified Process (ITUP), ITS Quality System standards and SEI CMM Level 2/3 processes.

Amdocs’ Software Quality Assurance (SQA) plans and activities.

Amdocs’ Software Configuration Management (SCM) plans and activities.

Amdocs’ test plans, test activities and test performance.

Conducting scheduled QA reviews and audits to verify that the Amdocs Project activities and Services are following the AT&T Strategic Decisions, standards and communicating results to the Service Delivery Committee.

Conducting post-Project reviews to identify Amdocs processes and activities that worked well, along with areas of improvement.

Monitoring Amdocs defect resolutions and Root Cause Analysis of problems.

2.1.5

AT&T Business Unit Coordinator

AT&T’s Business Unit Coordinator has the overall responsibility for AT&T’s customer relationship with Amdocs and fulfilling AT&T’s obligations under the Transition Plan. The Business Unit Coordinator’s responsibilities include:

Providing advice and counsel to AT&T business units regarding the terms and conditions of the Agreement.

Providing support to AT&T business units in regard to questions and issues arising from the delivery of Services.

Acting as the primary interface between Amdocs’ organization and the AT&T business unit in regards to issue management and problem escalation.

Assisting AT&T’s client facing organization with documenting, reviewing, and tracking Change Requests, Work Requests and Service issues (problems/defects).

Identifying and escalating service issues related to specific business units until resolved.

Facilitating the project approval process and work authorization in accordance with the processes described in the Policy and Procedures Manual.

Proprietary Information

Agreement Number 02026713.A.010

Overseeing Projects and their status for the AT&T business unit.

Reviewing and approving or rejecting the AT&T business units’ User Acceptance Testing activities.

Oversight of Amdocs customer satisfaction survey activities.

Managing AT&T’s obligations and service.

Approving or rejecting the Transition Plan.

Monitoring the implementation of Amdocs’ service delivery plan.

Monitoring all service delivery processes and tracking that the Service Level reporting mechanisms are established and operational to AT&T’s satisfaction.

Monitoring all service delivery processes and deliverables to ensure Amdocs’ compliance with regulatory requirements.

Establishing and coordinating Amdocs demarcation with AT&T’s business-operating environment for the entire account.

Oversight of any Amdocs End User training activities.

2.1.6

AT&T Finance Manager

AT&T’s Finance Manager oversees all financial activities related to the Agreement and the delivery of Services. The Finance Manager’s responsibilities include:

Assisting the AT&T Area Financial Manager in establishing and managing the overall budget in connection with the Agreement.

Performing any required research and analysis required in connection with the verifications contemplated in any Work Order.

Monitoring that savings objectives for the Agreement are being met.

Assisting the AT&T Area Financial Manager in reviewing and approving or rejecting financial analysis for all Amdocs sponsored initiatives to ensure financial viability.

Assisting in and supporting, as needed, the review of [**] charges to assure the accuracy of Amdocs charges, AT&T Service Level Credits, AT&T retained costs and pass-through expenses.

Ensuring that anticipated and agreed-upon Amdocs financial responsibilities are not converted to AT&T retained or pass-through expenses, except as provided under the Agreement.

Establishing and maintaining the AT&T charge back process and systems.

Performing AT&T cost management activities, including affiliate allocations and capitalization forecasting and tracking.

Providing oversight of asset management operations.

Proprietary Information

Agreement Number 02026713.A.010

2.1.7

AT&T Service Level Manager

AT&T’s Service Level Manager oversees all Service Level management activities related to the Agreement and the delivery of Services. The Service Level Manager’s responsibilities include:

Analyzing [**] Service Level reports prepared by Amdocs, reviewing anomalies and trends in performance and continuous improvement.

Coordinating and communicating [**] Service delivery issues.

Addressing, co-coordinating and prioritizing the issues affecting the provision of the Services to AT&T.

Reviewing and escalating operational problems and issues to the Management Committee in accordance with the Policies and Procedures Manual.

Determining Service Level Credits where appropriate.

Reviewing root cause analysis and action plans resulting from a Critical Service Level Failure.

Rebaselining performance targets on an annual basis to account for continuous improvement contractual requirements.

Developing semi-annual inventory of Service Level additions, deletions and modifications.

Ensuring receipt and review of all Amdocs reports required by the Agreement.

Reviewing and adjusting the following, as directed by the Management Committee:

Continuous improvement and quality assurance measures.

Customer satisfaction surveys.

Audits.

Benchmarking results.

2.1.8

AT&T Transition Manager

AT&T Transition Manager has overall AT&T responsibility for activities associated with the transition of the Transitioned Personnel and Subcontractors to Amdocs. The Transition Manager’s responsibilities include:

Coordinating the transition of AT&T’s Transitioned Personnel, Subcontractors and Equipment to Amdocs under the applicable Transition Plan.

Monitoring Amdocs’ strategies for the transition of the infrastructure necessary to operate the account including all financial, human resources, security, facilities and communication.

Proprietary Information

Agreement Number 02026713.A.010

Assist Amdocs in developing and implementing each detailed Transition Plan.

Establishing an interim transition organization and assisting the AT&T Contract Manager in developing the Governance Organization.

Providing guidance to Amdocs related to the Policy and Procedures Manual development.

2.1.9

AT&T IT Architecture Program Managers

AT&T’s IT Architecture Program Managers will have the primary responsibilities to review technical and architecture standards compliance. The IT Architecture Program Managers’ responsibilities include:

Developing processes and procedures to track that Amdocs’ services are in alignment with the AT&T business and AT&T IT architecture strategies.

Coordinating the IT architectural standards of AT&T and working with AT&T and Amdocs to develop the Long Range IT Plan, as described in Schedule D, Part 1.

Reviewing and approving or rejecting Amdocs’ solution approach, including but not limited to:

Technical architecture designs at a level of detail that provides AT&T appropriate visibility into the application design to evaluate compliance with AT&T standards.

Logical and physical data models.

Data access methods and call patterns.

Reviewing and approving specific Project plans and Change Requests to comply with the Long Term IT Plan.

Reviewing designs/architecture/approval data models.

Ensuring Amdocs’ compliance with AT&T IT software and hardware currency requirements.

Providing oversight of Amdocs activities associated with Disaster Recovery and planning.

2.1.10

AT&T Retained and Vendor Employee Support Manager

AT&T’s Retained and Vendor Employee Support Manager will have the primary responsibility of coordinating service requests. The Support Managers’ responsibilities include:

Coordinating customer service requests related to AT&T Facilities and Equipment for Amdocs Personnel at AT&T Facilities.

Proprietary Information

Agreement Number 02026713.A.010

2.2

Amdocs

2.2.1

Amdocs Account Executive

Amdocs’ Account Executive has complete authority and responsibility to deliver all Services from Amdocs to AT&T. The Account Executive’s responsibilities include:

Managing the overall relationship regarding Amdocs and AT&T under this Agreement.

Ensuring that Amdocs fulfills all of its obligations under the Agreement.

Working with the AT&T Governance Team to establish, manage, and meet commitments, requirements, and expectations.

Working with AT&T executives and business unit managers after approval from AT&T to align the delivery of Services with the strategic needs of AT&T; such activities will be performed with the approval and in conjunction with the AT&T Contract Manager.

Informing AT&T about new corporate capabilities and developments within Amdocs’ organization; proposing ideas and solutions that will provide ongoing benefit to AT&T.

Responding, or ensuring the response by Amdocs’ subject matter experts, to all requests for strategic or relationship-wide questions or requests from AT&T.

Assisting with interpretation and intent of the Parties in regard to the terms and conditions of the Agreement.

2.2.2

Amdocs Account Manager

Amdocs’ Account Manager will have primary business operating performance responsibility for the account and will ensure that all delivery commitments and deliverables required under the Agreement are provided to AT&T. The Account Manager’s responsibilities include:

Working with the AT&T Contract Manager to manage and meet commitments, requirements and expectations.

Ensuring that all Service Levels are met.

Ensuring that Amdocs’ performance requirements as they relate to AT&T business requirements and business objectives are satisfied.

Ensuring operational compliance with the Agreement and ensuring that Amdocs fulfills its obligations under the Agreement, including all obligations relating to Deliverables.

Establishing and executing the account management disciplines, business management processes, and associated reporting.

Ensuring prompt identification and resolution of service delivery issues.

Ensuring that Amdocs’ performance requirements as they relate to the AT&T strategic business planning (i.e., business and architecture, strategic options, business assessment, business operating plans) requirements are met.

Proprietary Information

Agreement Number 02026713.A.010

Staffing and leading the Amdocs management team and project staff.

Accepting requests for new Projects from AT&T and ensuring that such requests are handled pursuant to the Change Management Procedures set forth in Section 9.6 of the Agreement, applicable Schedules and the Policy and Procedures Manual.

Ensuring the delivery to AT&T of all data that Amdocs is obligated to provide to AT&T under the Agreement as well as all data reasonably requested by AT&T.

Coordination with the AT&T Contract Manager concerning operational activities associated with all Amdocs Personnel including onsite and offshore resources

2.2.3

Amdocs Transition Manager

Amdocs’ Transition Manager has the overall responsibility for the successful transition of the Transitioned Employees and applicable subcontractors to the Amdocs account team while ensuring that Service Levels and AT&T satisfaction are maintained. The Transition Manager’s responsibilities include:

Establishing the account infrastructure necessary to operate the account including all financial, human resources, security, facilities and communication functions.

Developing and implementing the service delivery plan.

Installing all service delivery processes and ensuring that the Service Level reporting mechanisms are established and operational.

Transitioning all of AT&T’s applicable personnel and subcontractors seamlessly to Amdocs.

Establishing the business-operating environment for the entire account.

Responding to all AT&T reasonable requests for information related to the Transition Services.

2.2.4

Amdocs Architecture Manager

Amdocs’ Architecture Manager will be responsible for liaison with the AT&T IT architecture team and ensure that architectural initiatives and decisions are fully supported and executed. The Amdocs Architecture Manager’s responsibilities include:

Interfacing with and fully supporting the AT&T IT architecture team.

Ensuring compliance with the Long Range IT Plan.

Coordinating and facilitating sharing of architectural information between AT&T and Amdocs.

2.2.5

Amdocs Service Delivery Managers

Amdocs’ Service Delivery Managers will have the primary responsibility to deliver the Services. The Service Delivery Managers’ responsibilities include:

Managing all Service Levels and Agreement commitments.

Proprietary Information

Agreement Number 02026713.A.010

Staffing all Service delivery with the appropriate level of trained personnel.

Forecasting resource requirements and managing resourcing requirements.

Ensuring that AT&T’s IT architectural standards are met and working with AT&T to develop the Long Range IT Plan.

Providing support to AT&T and End Users in accordance with the problem management process.

Implementing Amdocs’ development methodology as tailored to meet AT&T development standards.

Providing all Service Level reporting to AT&T and the service control function.

Implementing and meeting the requirements of the AT&T business continuity plans.

2.2.6

Amdocs Resourcing Manager

Amdocs’ Resourcing Manager will be responsible to manage and execute resource allocation strategies applicable to this Agreement. The Resourcing Manager’s responsibilities include:

Managing transition of assigned subcontractors.

Managing Amdocs relationships.

Managing selection of Subcontractors (e.g., permitted offshore subcontractors).

Managing shared resource centers within the AT&T account.

Managing overall resource levels in accordance with AT&T resource requirements.

2.2.7

Amdocs Service Control Manager

Amdocs’ Service Control Manager will be responsible for delivering the metrics program for the account and overseeing the implementation of the account system development methodology. The Service Control Manager’s responsibilities include:

Interfacing as needed with AT&T.

Establishing Amdocs’ metrics program.

Providing direction for the account program office function.

Constructing the performance reports and managing the [**] reporting.

Establishing Amdocs benchmarking methodology in accordance with the Agreement.

Introducing Amdocs’ methodology on the account, modifying it to meet AT&T development standards, and ensuring that this methodology is implemented on the account.

Providing training as required by the Agreement.

Providing process ownership for service delivery processes.

Providing Amdocs’ quality assurance function.

Implementing a client satisfaction survey for the account, according to the Agreement.

Proprietary Information

Agreement Number 02026713.A.010

2.2.8

Amdocs Finance Manager

Amdocs’ Finance Manager will be responsible for all financial, billing, Agreement compliance and new business management functions. The Finance Manager’s responsibilities include:

Providing the [**] invoice and all account billing and reporting functions.

Implementing and managing Amdocs’ financial system including time recording, labor reporting, billing, budgeting, forecasting, and annual planning.

Acting as the primary Amdocs focus for new service establishment for AT&T.

Managing other administrative functions including physical and logical security, facilities and contracts.

Providing financial reporting in accordance with the Agreement.

2.2.9

Amdocs Human Resource Director

Amdocs’ Human Resource Director will be responsible for personnel policies or process administration. The Human Resource Director’s responsibilities include:

Establishing all personnel administration policies for the AT&T account.

Providing the Human Resource management function for the AT&T account.

Providing the recruitment and placement function for the AT&T account.

Providing the communication forms for the AT&T account.

Interfacing with the AT&T Contract Manager on personnel issues.

Submitting the quarterly resource roster to the AT&T Contract Administrator and informing AT&T with reasonable advance notice of any changes to the then current roster.

3.0

COMMITTEES AND TEAMS

3.1

Executive Steering Committee

The Parties will form and name members of an Executive Steering Committee. The Executive Steering Committee will have executive management responsibility for the Agreement and for the relationship between the Parties and shall provide business oversight and ensure the alignment of the Long Range IT Plan and Service delivery objectives. This committee will also assist the AT&T Contract Manager and the Amdocs Account Manager in decisions that directly affect the Agreement. AT&T’s Contract Manager and an Amdocs Account Manager will be appointed by each respective Party to liaise with the Executive Steering Committee and to monitor and resolve where possible any issues raised by the AT&T Service Level Manager and the Amdocs Service Delivery Managers. The AT&T Service Level Manager and Amdocs Service Delivery Managers will carry out the [**] coordination of Service delivery, and include other AT&T representatives as required.

Proprietary Information

Agreement Number 02026713.A.010

AT&T and Amdocs will jointly develop and implement agreed performance management and business assurance processes.

Amdocs will deploy the performance management and business assurance processes at the Sites to ensure the stable start-up and efficient delivery of the Services.

3.1.1

Members

The Executive Steering Committee will be chaired by the AT&T Contract Manager and will be comprised of the following individuals:

AT&T Contract Executive.

AT&T Contract Manager.

Amdocs Account Executive.

Amdocs Account Manager.

Other AT&T and Amdocs Personnel as required.

3.1.2

Key Responsibilities

The Executive Steering Committee’s responsibilities include the following:

Ensuring business alignment between the Parties, analysis of AT&T and Amdocs business plans, and oversight of new or modified Services during the Term.

Developing strategic requirements and plans associated with the Services during the Term.

Ensuring that the annual technology plan is in accordance with and supports the Long Range IT Plan.

Agreeing to and periodically reviewing the authority of the committees and makeup of the individual members of the Management Committee and the Service Delivery Committee.

Approving the Management Committee report and recommendations, including review of the following:

Transition Plan implementation, including progress and achievement of Critical Deliverables and key activities.

Service Level reports and modifications.

Continuous improvement and quality assurance measures.

Reset of Critical Service Levels.

Financial issues and performance.

Approving the Management Committee report and recommendations, including review and approval of the following:

Customer satisfaction surveys, according to the Agreement.

Proprietary Information

Agreement Number 02026713.A.010

Audit results.

Benchmarking results according to the Agreement.

Attempting to resolve issues escalated by the Management Committee.

Resource plans according to the Agreement.

Escalated issue resolution.

3.1.3

Meetings

The Executive Committee will meet upon the request of either Party, no less than [**] but no more than [**] without the consent of both Parties. The Party requesting the meeting shall prepare and distribute a written agenda at least [**] prior to the meeting. Amdocs shall keep minutes of each meeting and shall distribute the minutes to AT&T within [**] after each meeting.

3.2

Management Committee

Prior to the Commencement Date, the Parties will establish a Management Committee. The names and titles of the representatives serving on the initial Management Committee are attached to this Schedule.

3.2.1

Members

The Management Committee will be chaired by AT&T’s Contract Manager and will be comprised of the following individuals:

AT&T Contract Manager.

AT&T Contract Administrator.

AT&T Finance Manager.

Amdocs Account Manager.

Amdocs Finance Manager.

Other AT&T and Amdocs Personnel as required.

3.2.2

Authority

Subject to direction and approval from the Executive Steering Committee and to the authority derived from the Change Management Procedures set forth in the Agreement, the Management Committee will have general authority and responsibility regarding:

Approving changes to the Agreement.

Adding, modifying, and/or removing Services covered by the Agreement.

Operational, technical, financial, and general management oversight of the Agreement.

Resolving issues escalated by the Service Delivery Committee.

Proprietary Information

Agreement Number 02026713.A.010

Notwithstanding the foregoing, any addition to, removal from or modification of the Services shall require the written consent of the AT&T Contract Executive and the AT&T Contract Manager. Any change or amendment to the Agreement shall not take effect unless such change or amendment is in writing and signed by an authorized representative of each Party authorized to make such changes.

3.2.3

Key Responsibilities

The Management Committee’s responsibilities include:

Managing the performance of the Parties’ respective roles and responsibilities under the Agreement.

Implementing the Agreement.

Managing risks and opportunities for improvement.

Monitoring Service delivery and transition activities based on reporting and coordination with the Service Delivery Committee.

Considering and approving, where possible, operational and technical changes in accordance with the Change Management Procedures.

Considering and approving, where possible, changes to the Agreement and to the Services in accordance with the Change Management Procedures set forth in the Agreement.

Seeking to resolve any issues escalated by the Service Delivery Committee.

Escalating any issues not resolved by the Management Committee to the Executive Steering Committee.

Producing Management Committee summary reports and submitting them for Executive Steering Committee review.

Monitoring the following and reporting, as required, to the Executive Steering Committee with respect to:

Service Levels, Service Level Credits and Earn Back.

Continuous improvement and quality assurance measures.

Proposals for reset of Service Levels.

Review of financial performance.

Pricing.

Approving the following and reporting, as required, to the Executive Steering Committee with respect to:

Customer satisfaction surveys, according to the Agreement.

Audit results.

Benchmarking results according to the Agreement.

Proprietary Information

Agreement Number 02026713.A.010

Monitoring and reviewing the ongoing status of third party contracts as appropriate and according to the Agreement.

Initiating the recommendations and suggestions made by the Executive Steering Committee relating to the Services and the Agreement.

Ensuring the implementation of process/infrastructure, financial and resource plans.

Recommending changes to the Policy and Procedures Manual submitted to AT&T for approval.

Reviewing business and technical proposals submitted by AT&T business sponsors or Amdocs Personnel.

Recommending new proposals to the Executive Steering Committee.

Providing advice and direction to the Service Delivery Committee for performance improvement.

Preparing the following reports:

Summary Executive Reports.

Global Management Report.

Service Level Reporting.

Transition Reports.

Delegating any powers it considers appropriate to the Service Delivery Committee.

3.2.4

Meetings

The Management Committee will meet, at a minimum, [**], and at other times as agreed between the Parties, to review:

Management of the Agreement.

Service delivery.

Transition management.

Change management.

Technical planning.

Either Party may include items on a written agenda that Amdocs shall distribute at least [**] prior to the meeting. Amdocs shall keep minutes of each meeting and shall distribute the minutes to AT&T within [**] after each meeting.

3.3

Service Delivery Committee

Prior to the Commencement Date, the Parties will establish a Service Delivery Committee. The names and titles of the representatives serving on the initial Service Delivery Committee are attached to this Schedule.

Proprietary Information

Agreement Number 02026713.A.010

3.3.1

Members

The Service Delivery Committee will be comprised of the following individuals:

AT&T Service Level Manager.

AT&T Business Unit Coordinator.

Amdocs Service Delivery Managers.

Other AT&T and Amdocs Personnel as required.

3.3.2

Authority

The Service Delivery Committee will have authority regarding:

Review and approval, where possible, of the short-term and long-term plans and activities in regard to the delivery of the Services.

Resolution of Service delivery problems.

Upward notification of all issues that might result in the addition to, deletion from, or modification of the Services, or the terms of the Agreement, irrespective of the initiating Party.

Agreement of Service delivery initiatives.

3.3.3

Key Responsibilities

The Service Delivery Committee’s responsibilities will be determined and delegated in each case by the Management Committee and may include matters within the relevant region including:

Implementing the Transition Plan and monitoring Service delivery.

Monitoring Critical Deliverables and Service Levels.

Coordinating and communicating [**] Service delivery issues; addressing, co-coordinating and prioritizing the issues affecting the provision of the Services to AT&T.

Reviewing and escalating operational problems and issues to the Management Committee and in accordance with the Policy and Procedures Manual.

Reviewing and scheduling change requests in accordance with the Change Management Procedures.

Ensuring efficient flow of documentation as required by the Agreement.

Handling disputes within the authority of the AT&T and Amdocs representatives, and referring others to the Management Committee.

Submitting issues concerning the relationship between the Parties to the Management Committee for its guidance and recommendations.

Submitting reports to the Management Committee.

Proprietary Information

Agreement Number 02026713.A.010

Advising the Management Committee of new opportunities and proposals.

Identifying and referring matters outside the authority of AT&T and Amdocs representatives to the Management Committee.

Reviewing and presenting recommendations and suggestions made by AT&T representatives and Amdocs representatives relating to the Services and initiating appropriate actions.

Identifying issues that may have an impact outside the relevant Sites and referring these to the Management Committee and to other Sites as required.

Monitoring and reviewing the ongoing status of third party contracts.

Reviewing and adjusting the following, as directed by the Management Committee:

Service Levels.

Continuous improvement and quality assurance measures.

Customer satisfaction surveys, according to the Agreement.

Audits, according to the Agreement.

Benchmarking results, according to the Agreement.

Preparing the following reports:

Management reports.

Service Levels and Service delivery results, as required.

Minutes.

3.3.4

Meetings

The Service Delivery Committee will meet, at a minimum, [**], and at other times as directed by the Management Committee, to review:

Agreement issues.

Service Delivery.

Transition management.

Projects.

Amdocs shall keep minutes of each meeting and shall distribute the minutes to AT&T within [**] after each meeting.

3.4

Technical Steering Committee

Within [**] days following the Effective Date, a Technical Steering Committee will be established by the Parties to focus on the development of the annual and Long Range IT Plans. The Technical Steering Committee will meet [**], and at other times as agreed between the Parties.

Proprietary Information

Agreement Number 02026713.A.010

3.4.1

Members

The Technical Steering Committee will be chaired and the agenda set by the AT&T IT Architecture Manager and will be comprised of the following individuals:

AT&T Contract Manager or their nominated deputy.

AT&T IT Architecture Manager.

AT&T ADM Manager.

AT&T infrastructure and maintenance Manager

AT&T Business Unit Coordinator.

Amdocs Account Manager.

Amdocs assigned Chief Technology Officer for AT&T.

AT&T and Amdocs subject matter experts.

3.4.2

Key Responsibilities

The Technical Steering Committee’s responsibilities include:

Reviewing Amdocs’ input for the Long Range IT Plan.

Using management reports and any other appropriate sources to research, develop, review and approve technical initiatives to address business problems and opportunities as agreed by the Executive Steering Committee and the Management Committee.

Providing advice and guidance to the Management Committee for technical improvement and making recommendations directly to AT&T and Amdocs on issues affecting the technical infrastructure that supports the AT&T business operations.

Reviewing technical policy standards and making recommendations to the Management Committee.

Reviewing Amdocs’ migration plan to ensure compliance with AT&T standards.

Reviewing any proposals for reductions in the costs of the Services driven by new technology.

AT&T shall keep minutes of each Technical Steering Committee meeting and shall distribute the minutes within [**] after each meeting.

3.5

Program Steering Council

A Program Steering Council (PSC) and Program Team (PT) will be established for any major Program initiated by the business or IT. The PSC is focused on guidance and resource allocation for Projects within a specific business area. The PSC directs the PT and provides go/no-go and redirect decisions. PSC meetings will be conducted at a minimum of once every [**] using the conference call format and should be limited to [**] where possible and follow a standard sequence of events per

Proprietary Information

Agreement Number 02026713.A.010

a predetermined agenda. At a minimum, the standard agenda will include a report out of the current status and metrics of the program and a discussion of open issues that need to be addressed by the PSC. The program coordinator will facilitate the PSC status calls and capture/document/distribute action items and minutes from each call.

3.5.1

Members

The PSC will be chaired by the AT&T program sponsor and will be comprised of the following individuals:

AT&T Contract Manager or their nominated deputy.

AT&T Business Unit Coordinator.

AT&T IT Architecture Manager.

AT&T ADM manager.

AT&T infrastructure and maintenance manager.

AT&T Business Representatives.

Amdocs Account Manager.

Amdocs assigned Chief Technology Officer for AT&T.

AT&T and Amdocs subject matter experts.

3.5.2

Key Responsibilities

The PSC responsibilities include:

Charter the project team that will implement the project.

Assign individuals to lead and approve membership in the PT.

Make “go,” “no-go,” or “redirect” decisions for projects at decision point meetings.

Establish priorities and make decisions on personnel and financial resource allocation for projects at each phase of the process.

Review status of the project on an on-going basis and make adjustments to resources, activities and/or priorities as necessary.

Report progress and escalate issues as appropriate to the senior leadership team (SLT).

3.6

Program Team

The PSC and PT will be established for any major program initiated by the business or IT.

The PT reports to the PSC and is a decision making body made up of AT&T business personnel and IT leaders who are responsible for the successful delivery of business capabilities. This team is responsible for the delivery of end-to-end business solutions, including both the IT and business components. PT membership may be modified from phase to phase to ensure that necessary disciplines are represented.

Proprietary Information

Agreement Number 02026713.A.010

AT&T business personnel appoint the Program Team (PT) leader. The PT leader is responsible for ongoing communications with the SLT. Membership in the PT is split evenly between the business and IT. PT meetings will be conducted at a minimum of [**] using the conference call format and should be limited to [**] where possible and follow a standard sequence of events per a predetermined agenda. At a minimum, the standard agenda will include a report out of the current status and a discussion of open issues that need to be addressed by the PT.

The PT has the responsibility to:

Make decisions on behalf of their representative functional area/organization.

Ensure the timeliness and quality of Project deliverables.

Communicate project information to stakeholders and supporting team members in their respective functional area/organization.

Ensure consensus on all agreed schedules, work estimates and priorities by those performing the work.

Coordinate the direction and efforts of the Project with other Projects in the program.

Assign individuals to lead and approve membership in the project team.

Charter the Project team that will implement the Project.

Make “go/no-go” decisions for the Project at key milestones.

Establish priorities and make decisions on personnel and financial resource allocation at each phase of the Project.

10.

Resolve issues that cannot be handled by the Project team.

11.

Report progress and escalate issues that cannot be resolved to the PSC.

12.

Review status of the Project on an on-going basis and make adjustments to resources, activities and/or priorities as necessary.

3.6.1

Members

The PT will be chaired by the AT&T Program Team leader and will be comprised of the following individuals:

AT&T IT personnel representing the following areas: architecture, infrastructure, project management, implementation, and quality assurance.

Amdocs personnel representing the following areas: software development, implementation, quality assurance, and infrastructure.

AT&T business personnel representing the appropriate functional areas including training.

Proprietary Information

Agreement Number 02026713.A.010

4.0

ISSUE ESCALATION PROCEDURES

From time to time, issues will arise that cannot be resolved at the various levels of management within the AT&T and Amdocs teams. Issues that cannot be resolved will be escalated as follows:

Notification: Either Party may decide that escalation is desirable when resolution of an issue appears unachievable at the current management level. The Party desiring escalation will provide written notice of its intention to the members of the other Party currently involved in the dispute. At either Party’s request, the members currently engaged in attempting to resolve the issue shall meet again to attempt resolution of the issue prior to escalation to the next level. If the issue cannot be resolved at the current management level, the issue will then be escalated after good faith attempts by both Parties to resolve the issue at the current level.

Documentation: Both Parties will jointly develop a short briefing document for escalation that describes the issue, relevant impact and positions of both Parties.

Request for Assistance: A meeting will be scheduled with appropriate individuals. The brief will be sent in advance to the participants.

Issues will be escalated for review and resolution to the next level of management as follows:

The Amdocs Service Delivery Manager and the appropriate AT&T Governance team member. If unresolved, escalate to:

The AT&T Contract Manager and the Amdocs Account Manager. If unresolved, escalate to:

The Executive Steering Committee. If unresolved, escalate to:

The AT&T IT Vice President and the equivalent Amdocs executive. If unresolved, escalate to:

AT&T’s CIO and Amdocs’ Senior Vice President.

If the matter remains unresolved after escalation under this Section 4.0, it shall be resolved by arbitration in accordance with Section 4.7(B) of the Agreement.

Proprietary Information

Agreement Number 02026713.A.011

Amendment

No. 02026713.A.011

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.011

AMENDMENT NO. 11

AGREEMENT NO. 02026713

This Amendment No. 11, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, Amdocs Software Systems Limited and AT&T have entered into that certain Agreement No. 03032360.A.003 pursuant to which AT&T has the right to obtain a license to use Amdocs’ Software;

WHEREAS, the Agreement expired by its terms on February 28, 2010 (the “Prior Expiration Date”); and

WHEREAS, after such Prior Expiration Date, the Parties continued to perform under the Agreement as if it had not expired, and with the intention of extending its term; and

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

Proprietary Information

Agreement Number 02026713.A.011

2.	For purposes of extending the term of this Agreement, Section 3.32. “Term of Agreement”, is deleted in its entirety and replaced with the following:

3.32. Term of Agreement

This Agreement, with an Effective Date of August 7, 2003, shall remain in effect for a term ending on July 31, 2010, unless earlier Terminated or Canceled as provided in this Agreement. The Parties may extend the term of this Agreement by agreement in writing.

3.	Section 3.15, “Insurance”, of ARTICLE III GENERAL TERMS is hereby deleted and replaced with the following Section 3.15, Insurance, which shall apply to all existing agreements between AT&T and Amdocs:

3.15

Insurance

With respect to Amdocs’ performance under this Agreement, and in addition to Amdocs’ obligation to indemnify, Amdocs shall comply with this section, at its sole cost and expense.

Amdocs shall maintain insurance coverages and limits required by this Section and any additional insurance and/or bonds required by law:

at all times during the term of this Agreement and until completion of all Services associated with this Agreement, whichever is later; and

Amdocs shall require each Subcontractor that may perform Services under this Agreement or enter upon the AT&T Facilities or Amdocs facilities to maintain coverages, requirements, and limits at least as broad as those listed in this Section from the time when the Subcontractor begins performance of Services, throughout the term of the Subcontractor’s performance of Services and, with respect to any coverage maintained on a “claims-made” policy, for two (2) years thereafter.

Amdocs shall deliver to AT&T certificates of insurance stating the types of insurance and policy limits. Amdocs shall provide or will endeavor to have the issuing insurance company provide at least thirty (30) days advance written notice of cancellation, non-renewal, or reduction in coverage, terms, or limits to AT&T. Amdocs shall deliver such certificates:

prior to execution of this Agreement and prior to commencement of any Services;

Proprietary Information

Agreement Number 02026713.A.011

prior to expiration of any insurance policy required in this Section; and

for any coverage maintained on a “claims-made” policy, for two (2) years following the term of this Agreement or completion of all Services associated with this Agreement, whichever is later.

The Parties agree that:

the insurance required under this Agreement does not represent that coverage and limits will necessarily be adequate to protect Amdocs, nor will it be deemed as a limitation on Amdocs’ liability to AT&T in this Agreement;

Amdocs may meet the required insurance coverages and limits with any combination of primary and Umbrella/Excess liability insurance; and

Amdocs is responsible for any deductible or self-insured retention.

The insurance coverage required of Amdocs by this Section shall include:

Workers’ Compensation insurance with benefits afforded under the laws of the state in which the Services are to be performed and Employers Liability insurance with limits of at least:

$500,000 for Bodily Injury – each accident

$500,000 for Bodily Injury be disease – policy limits

$500,000 for Bodily Injury by disease – each employee

To the fullest extent allowable by Law, the policy must include a waiver of subrogation in favor of AT&T, its Affiliates, and their directors, officers and employees.

In states where Workers’ Compensation insurance is a monopolistic state-run system, Amdocs shall add Stop Gap Employers Liability with limits not less than $500,000 each accident or disease.

$2,000,000 General Aggregate limit

$1,000,000 each occurrence limit for all bodily injury or property damage incurred in any one (1) occurrence

$1,000,000 each occurrence limit for Personal Injury and Advertising Injury

$2,000,000 Products/Completed Operations Aggregate limit

$1,000,000 each occurrence limit for Products/Completed Operations

$1,000,000 Damage to Premises Rented to You (Fire Legal Liability)

Proprietary Information

Agreement Number 02026713.A.011

The Commercial General Liability insurance policy must:

include AT&T, its Affiliates, and their directors, officers, and employees as Additional Insureds. Amdocs shall provide a copy of the Additional Insured endorsement to AT&T. The Additional Insured endorsement may either be specific to AT&T or may be “blanket” or “automatic” addressing any person or entity as required by contract. A copy of the Additional Insured endorsement must be provided within sixty (60) days of execution of this Agreement and within sixty (60) days of each Commercial General Liability policy renewal;

ii.

include a waiver of subrogation in favor of AT&T, its Affiliates, and their directors, officers and employees; and

iii.

be primary and non-contributory with respect to any insurance or self-insurance that is maintained by AT&T.

Business Automobile Liability insurance with limits of at least $1,000,000 each accident for bodily injury and property damage, extending to all owned, hired, and non-owned vehicles.

Umbrella/Excess Liability insurance with limits of at least $1,000,000 each occurrence and with terms and conditions at least as broad as the underlying Commercial General Liability, Business Auto Liability, and Employers Liability policies. Umbrella/Excess Liability limits will be primary and non-contributory with respect to any insurance or self-insurance that is maintained by AT&T.

Fidelity or Crime insurance covering employee dishonesty, including but not limited to dishonest acts of Amdocs and its employees, agents, subcontractors and anyone under Amdocs supervision or control. Amdocs shall be liable for money, securities or other property of AT&T. Amdocs shall include a client coverage endorsement written for limits of a least $1,000,000 and shall include AT&T as Loss Payee.

Professional Liability (Errors & Omissions) insurance with limits of at least $1,000,000 each claim or wrongful act.

Internet Liability and Network Protection (Cyberrisk) insurance with limits of at least $1,000,000 each claim or wrongful act.

Media Liability insurance with limits of at least $1,000,000 each claim or wrongful act.

Proprietary Information

Agreement Number 02026713.A.011

4.	Appendix 1.2(4), Reimbursable Expenses, which is attached to the Agreement, is deleted in its entirety and replaced with the revised Appendix 1.2(4) Vendor Expense Policy, which is attached hereto.

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.

By:		/s/ Thomas C. Drury



Printed Name:		Thomas C. Drury



Title:		President

Date:		3-15-2010


AT&T Services, Inc.

By:		/s/ Beverly J. Madson



Printed Name:		Beverly J. Madson



Title:		Senior Contract Manager

Date:		3-15-2010

Proprietary Information

Agreement Number 02026713.A.011

Appendix 1.2(4)

AT&T Vendor Expense Policy

AT&T Inc. and Participating Companies

(Updated 1/1/2010)

1.0 General

The following principles apply to requests for expense reimbursement:

When spending money that is to be reimbursed, vendors must ensure that an AT&T Company (“Company”) receives proper value in return.

Deviations from this VEP must be approved in writing by the sponsoring Senior Manager or Officer of an AT&T Company.

Employees should refer to the Section entitled “Payments” in the Schedule of Authorizations for Affiliates of AT&T Inc. for appropriate supplier invoice authorization approval levels.

Receipts will be requested and reviewed for any unusual or out of the ordinary expenses or where the approver cannot make a reasonable determination of the propriety of the invoice without a receipt.

The origination of a given expenditure for business purposes is the responsibility of the vendor incurring the expense and the authorization of that expense is the responsibility of the appropriate level of AT&T management in accordance with the Schedule of Authorizations for Affiliates of AT&T Inc.

Proprietary Information

Agreement Number 02026713.A.011

1.1 Non-Reimbursable Expenses

The following is a list, although not all inclusive, of expenses considered not reimbursable:

•

Airline club membership fees, dues, or upgrade coupon

•

Barber/Hairstylist/Beautician Expenses

•

Birthday cakes, lunches, balloons, and other personal celebration/recognition costs

•

Break-room supplies for the supplier, such as coffee, creamer, paper products, soft drinks, snack food

•

Car rental additional fees associated with high speed toll access programs and GPS devices

•

Car Washes

•

Clothing, personal care items, and toiletries

•

Credit card fees

•

Entertainment expenses

•

Expenses associated with spouses or other travel companions

•

Expenses to cover meals or expenses for an AT&T employee, whether in a home location or on official travel

•

Flowers, cards and gifts

•

Health Club and Fitness facilities

•

Hotel pay-per-view movies, Video Games and/or mini bar items

•

Insurance for rental car and or flight

•

Internet access in hotels (added to 3.5)

•

Laundry (except when overnight travel is required for 7 or more consecutive nights)

•

Lost luggage

•

Magazines & newspapers

•

Medical supplies

•

Membership fees to exercise facilities or social/country clubs

•

Movies purchased while on an airplane

•

Office expenses of suppliers

•

PC, cell phone, and other supplier support expenses (unless specifically authorized in the agreement)

•

Personal entertainment

•

Phone usage on airline unless AT&T business emergency

•

Safe rentals during a hotel stay

•

Tips for housekeeping and excessive tips, i.e., in excess of 15% to 18% of cost of meal or services, excluding tax

•

Tobacco Products

Proprietary Information

Agreement Number 02026713.A.011

•

Traffic or Parking Fines

•

Travel purchased with prepaid air passes.

•

Upgrades on airline, hotel, or car rental fees

•

Water (bottled or dispensed by a supplier), (unless authorized for specific countries where it is recommended that bottled water is used)

The failure to comply with the above mentioned restrictions will result in the Company refusing payment of charges or pursuing restitution from the vendor.

2.0 Responsibilities

2.1 Vendor’s Responsibility

3.0 Travel Policy

AT&T reserves the right to dispute any expense submittal and if not verifiable as valid may reject reimbursement. Reimbursements will be made to vendor only after expenses are verified as valid.

3.1 Travel Authorization

3.2 Travel Reservations

Vendors are expected to procure the most cost efficient travel arrangements, preferably equivalent to the AT&T discount rate. AT&T does not reimburse for travel purchased with prepaid air passes.

Proprietary Information

Agreement Number 02026713.A.011

3.3 Travel Expense Reimbursement

Vendor travel expenses incurred for company business are reimbursable only as specified in these guidelines. Travel expenses may include the following:

•

Transportation (airfare or other commercial transportation, car rental, personal auto mileage, taxi and shuttle service)

•

Meals and lodging

•

Parking and tolls

•

Tips/porter service (if necessary and reasonable)

•

The expense must be ordinary and necessary, not lavish or extravagant, in the judgment of the AT&T sponsoring management. Any reimbursement request must be for actual expenditures only.

3.4 Air Travel Arrangements

Vendors must select lowest logical airfare (fares available in the market at the time of booking, preferably well in advance of trip to attain lowest possible airfare). Vendors shall book coach class fares for all travel at all times. First class bookings are not reimbursable. Vendors can request business class when a single segment of flight time (“in air time” excluding stops, layovers and ground time) is greater than 8 hours providing the relevant manager pre-approves.

3.5 Hotel Arrangements

There must be a strong business justification for incurring any cost for internet access, and a request for reimbursement must be accompanied by a detailed explanation regarding reason for charge.

Proprietary Information

Agreement Number 02026713.A.011

3.6 Ground Transportation

“Loss Damage Waiver” and “Extended Liability Coverage” are not considered reimbursable in the US. Prepaid fuel or refueling charges at the time of return are not reimbursable.

Rental cars should be refueled before returning to the rental company, since gas purchased through the rental company carries an expensive refueling service charge.

3.7 Use of Personal Vehicle

3.8 Parking

If airport parking is necessary, vendors must use long term parking facilities. Additional costs for short term, valet or covered parking are not reimbursable.

3.9 Entertainment

3.10 Laundry and Cleaning

Reasonable laundry charges during business trips of seven or more consecutive nights are reimbursable based on actual expenses incurred.

3.11 Communications

•

The actual cost of landline telephone calls for AT&T business is reimbursable. The use of AT&T products is required when available.

Proprietary Information

Agreement Number 02026713.A.011

•

Charges for high speed internet access are not reimbursable unless specifically approved in the contract.

3.12 Business Meals (Travel and Non-Travel)

AT&T managers authorizing invoices will be held accountable for ensuring that vendors are following this policy and are spending Company funds economically.

3.13 Flowers, Greeting Cards, Gifts and Incentive Awards

The cost of gifts, flowers, birthday lunches, or greeting cards is considered a personal expense and is not reimbursable. For example, vendors making a donation or providing a gift for a fund-raiser for AT&T may not submit such an expense to AT&T for reimbursement.

3.14 Loss or Damage to Personal Property

The Company assumes no responsibility for loss or damage to a vendor’s personal property during business functions or hours.

3.15 Publications

Subscriptions to or purchases of magazines, newspapers and other publications are not reimbursable.

Proprietary Information

Agreement Number 02026713.A.011

AT&T U.S. 2010 Hotel Room Rate Only Guidelines

This Chart applies to the U.S. locations. For Travel outside of the U.S., travelers should exercise prudent judgment and select reasonably priced hotels, based on local market conditions.

Employees traveling outside the U.S. should reference the GSA, Government Per Diems as a guide. http://aoprals.state.gov/web920/per_diem.asp

***U.S. Cities not listed on this Hotel Room Rate Only Guideline Matrix, default to $[**] nightly rate. On occasion an AT&T Preferred Property may exceed the rate guideline for a season (s) or

particular city, but has been added due to demand within the market. However, if an alternate Preferred Property within the guideline is offered it should be accepted when available.

You may select the Preferred Property that is over the Guideline if it is the option that is available, selecting the appropriate reason code.

City

2010
Guideline

City

2010
Guideline

City

2010
Guideline

City

2010
Guideline

City

2010
Guideline

Anchorage

[**]

Susanville

[**]

Fairview Heights

[**]

Morrisville

[**]

Knoxville

[**]

Fairbanks

[**]

Temecula

[**]

Glenview

[**]

Raleigh

[**]

Memphis

[**]

Glennallen

[**]

Thousand Oaks

[**]

Gurnee

[**]

Winston Salem

[**]

Nashville

[**]

Ketchikan

[**]

Torrance

[**]

Hoffman Estates

[**]

Omaha

[**]

Abilene

[**]

Kodiak

[**]

Ukiah

[**]

Lincolnshire

[**]

Basking Ridge

[**]

Addison

[**]

Birmingham

[**]

Universal City

[**]

Lisle

[**]

Bernardsville

[**]

Arlington

[**]

Decatur

[**]

Valencia

[**]

Naperville

[**]

Bridgewater

[**]

Austin

[**]

Hoover

[**]

Van Nuys

[**]

Northbrook

[**]

Cranbury

[**]

Beaumont

[**]

Huntsville

[**]

Walnut Creek

[**]

Ofallon

[**]

Eatontown

[**]

Corpus Christi

[**]

Montgomery

[**]

Watsonville

[**]

Palatine

[**]

Edison

[**]

Dallas

[**]

Mobile

[**]

West Lake Village

[**]

Peoria

[**]

Elizabeth

[**]

El Paso

[**]

Tuscaloosa

[**]

West Sacramento

[**]

Rockford

[**]

Fair Lawn

[**]

Frisco

[**]

Bryant

[**]

Willits

[**]

Rolling Meadows

[**]

Florham Park

[**]

Houston

[**]

El Dorado

[**]

Woodland

[**]

Rosemont

[**]

Iselin

[**]

Irving

[**]

Fayetteville

[**]

Yorba Linda

[**]

Schaumburg

[**]

Mahwah

[**]

Lubbock

[**]

Fort Smith

[**]

Aurora

[**]

Springfield

[**]

Morristown

[**]

Mcallen

[**]

Hardy

[**]

Boulder

[**]

Vernon Hills

[**]

Newark

[**]

Midland

[**]

Little Rock

[**]

Colorado Springs

[**]

Westmont

[**]

Paramus

[**]

Plano

[**]

Mountain Home

[**]

Denver

[**]

Willowbrook

[**]

Parsippany

[**]

Richardson

[**]

North Littlerock

[**]

Englewood

[**]

Bloomington

[**]

Piscataway

[**]

San Antonio

[**]

Pine Bluff

[**]

Greenwood Village

[**]

Carmel

[**]

Princeton

[**]

Texarkana

[**]

Rogers

[**]

Glastonbury

[**]

Columbus

[**]

Ramsey

[**]

Tyler

[**]

Russellville

[**]

Hartford

[**]

Fishers

[**]

Red Bank

[**]

Waxahachie

[**]

Springdale

[**]

Meriden

[**]

Indianaplis

[**]

Saddle Brook

[**]

The Woodlands

[**]

VanBuren

[**]

New Haven

[**]

Muncie

[**]

Saddle River

[**]

Salt Lake City

[**]

Chandler

[**]

New London

[**]

South Bend

[**]

Short Hills

[**]

Alexander

[**]

Mesa

[**]

Rocky Hill

[**]

Merriam

[**]

Somerset

[**]

Arlington

[**]

Proprietary Information

Agreement Number 02026713.A.011

Phoenix

[**]

Stamford

[**]

Overland Park

[**]

Teaneck

[**]

Chantilly

[**]

Rio Rico

[**]

Washington

[**]

Shawnee

[**]

Tinton Falls

[**]

Chester

[**]

Scottsdale

[**]

Wilmington

[**]

Topeka

[**]

Warren

[**]

Dulles

[**]

Tempe

[**]

Altamonte Springs

[**]

Wichita

[**]

West Orange

[**]

Fairfax

[**]

Tucson

[**]

Boynton Beach

[**]

Covington

[**]

Whippany

[**]

Falls Church

[**]

Yuma

[**]

Dania Beach

[**]

Louisville

[**]

Woodcliff Lake

[**]

Glen Allen

[**]

Anaheim

[**]

Fort Lauderdale

[**]

Covington

[**]

Albuquerque

[**]

Hampton

[**]

Buena Park

[**]

Jacksonville

[**]

Metairie

[**]

Henderson

[**]

Herndon

[**]

Burbank

[**]

Kendall

[**]

Monroe

[**]

Las Vegas

[**]

Norfolk

[**]

Burlingame

[**]

Key Largo/Tavernier

[**]

New Orleans

[**]

Pahrump

[**]

Richmond

[**]

Carlsbad

[**]

Key West

[**]

Vidalia

[**]

Reno

[**]

Sandston

[**]

Cerritos

[**]

Lake City

[**]

Boston

[**]

Albany

[**]

Sterling

[**]

Chico

[**]

Lake Mary

[**]

Burlington

[**]

Cheektowaga

[**]

Tysons Corner

[**]

City of Industry

[**]

Lakeland

[**]

Cambridge

[**]

Fishkill

[**]

Vienna

[**]

Clovis

[**]

Marathon

[**]

Dedham

[**]

Jamaica

[**]

Bellevue

[**]

Concord

[**]

Maitland

[**]

Framingham

[**]

New York

[**]

Bothell

[**]

Coronado

[**]

Miami

[**]

Lowell

[**]

Plainview

[**]

Kirkland

[**]

Costa Mesa

[**]

Miami Beach

[**]

Marlborough

[**]

Rochester

[**]

Lynnwood

[**]

Cupertino

[**]

Orlando

[**]

Natick

[**]

Rockville Center

[**]

Redmond

[**]

Del Mar

[**]

Palm Beach

[**]

Stoughton

[**]

Syracuse

[**]

Seattle

[**]

Dublin

[**]

Plantation

[**]

Baltimore

[**]

Vestal

[**]

Spokane

[**]

El Segundo

[**]

Saint Augustine

[**]

Columbia

[**]

White Plains

[**]

Tacoma

[**]

Emeryville

[**]

Sunrise

[**]

Greenbelt

[**]

Woodbury

[**]

Tukwila

[**]

Escondido

[**]

Tallahassee

[**]

Linthicum Heights

[**]

Tarrytown

[**]

Woodinville

[**]

Eureka

[**]

Tamarac

[**]

Portland

[**]

Beachwood

[**]

Green Bay

[**]

Garden Grove

[**]

Tampa

[**]

Battlecreek

[**]

Boardman

[**]

Kenosha

[**]

Glendale (North)

[**]

West Palm Beach

[**]

Canton

[**]

Centerville

[**]

Kimberly

[**]

Hawthorne

[**]

Alpharetta

[**]

Dearborn

[**]

Cleveland

[**]

Madison

[**]

Hayward

[**]

Athens

[**]

Detroit

[**]

Columbus

[**]

Milwaukee

[**]

Hollywood

[**]

Atlanta

[**]

Farmington Hills

[**]

Dublin

[**]

Mukwonago

[**]

Irvine

[**]

Augusta

[**]

Holland

[**]

Fairborn

[**]

Oshkosh

[**]

La Jolla

[**]

Brunswick

[**]

Livonia

[**]

Independence

[**]

Pewaukee

[**]

Livermore

[**]

Carrollton

[**]

Marquette

[**]

Mayfield Village

[**]

Waukesha

[**]

Long Beach

[**]

Columbus

[**]

Novi

[**]

Niles

[**]

Wauwatosa

[**]

Los Angeles

[**]

Dublin

[**]

Port Huron

[**]

North Olmsted

[**]

Beckley

[**]

Merced

[**]

Duluth

[**]

Saginaw

[**]

Orange Village

[**]

Charleston

[**]

Proprietary Information

Agreement Number 02026713.A.011

Milpitas

[**]

Dunwoody

[**]

Southfield

[**]

Perrysburg

[**]

Hurricane

[**]

Modesto

[**]

Griffin

[**]

Walker

[**]

Reynoldsburg

[**]

Montebello

[**]

Lawrenceville

[**]

Warren

[**]

Richfield

[**]

Napa

[**]

Lithia Springs

[**]

Baxter

[**]

Oklahoma City

[**]

Ontario

[**]

Macon

[**]

Bloomington

[**]

Owasso

[**]

Orange

[**]

Newnan

[**]

Deluth

[**]

Ponca City

[**]

Pasadena

[**]

Norcross

[**]

Minneapolis

[**]

Coos Bay

[**]

Petaluma

[**]

Peachtree City

[**]

St. Paul

[**]

Portland

[**]

Pleasanton

[**]

Savannah

[**]

Bridgeton

[**]

Tigard

[**]

Riverside

[**]

Roswell

[**]

Columbia

[**]

Allentown

[**]

Rocklin

[**]

Tifton

[**]

Fenton

[**]

Audubon

[**]

Rohnert Park

[**]

Warner Robins

[**]

Festus

[**]

Bensalem

[**]

Rosemead

[**]

Honolulu

[**]

Joplin

[**]

Berwyn

[**]

Sacramento

[**]

Kailua Kona

[**]

Kansas City

[**]

Coraopolis

[**]

Salinas

[**]

Kihei

[**]

Kirkwood

[**]

Essington

[**]

San Carlos

[**]

Waikoloa

[**]

Lees Summit

[**]

Glen Mills

[**]

San Diego

[**]

Desmoines

[**]

Maryland Heights

[**]

Harrisburg

[**]

San Francisco

[**]

Johnston

[**]

Saint Charles

[**]

King of Prussia

[**]

San Gabriel

[**]

Urbandale

[**]

Saint Louis

[**]

Philadelphia

[**]

San Jose

[**]

Ammon

[**]

Springfield

[**]

Pittsburgh

[**]

San Luis Obispo

[**]

Alsip

[**]

Jackson

[**]

Wayne

[**]

San Mateo

[**]

Arlington Heights

[**]

McComb

[**]

Anderson

[**]

San Rafael

[**]

Barrington

[**]

Natchez

[**]

Charleston

[**]

San Ramon

[**]

Bedford Park

[**]

Ocean Springs

[**]

Duncan

[**]

Santa Ana

[**]

Bourbonnais

[**]

Tupelo

[**]

Florence

[**]

Santa Clara

[**]

Champaign

[**]

Asheville

[**]

Hilton Head

[**]

Santa Monica

[**]

Chicago

[**]

Carolina Beach

[**]

Myrtle Beach

[**]

Sherman Oaks

[**]

Danville

[**]

Charlotte

[**]

Brentwood

[**]

South San Francisco

[**]

Danville

[**]

Durham

[**]

Crossville

[**]

Stevenson Ranch

[**]

Downers Grove

[**]

Gastonia

[**]

Franklin

[**]

Stockton

[**]

Elmhurst

[**]

Goldsboro

[**]

Johnson City

[**]

Proprietary Information

Amendment

No. 02026713.A.012

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.012

AMENDMENT NO. 12

AGREEMENT NO. 02026713

This Amendment No. 12, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, Amdocs Software Systems Limited and AT&T have entered into that certain Agreement No. 03032360.A.003 pursuant to which AT&T has the right to obtain a license to use Amdocs’ Software;

WHEREAS, Supplier and AT&T desire to amend the Agreement as hereinafter set forth.

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

1.	For purposes of extending the term of this Agreement, Section 3.32. “Term of Agreement”, is deleted in its entirety and replaced with the following:

3.32. Term of Agreement

This Agreement, with an Effective Date of August 7, 2003, shall remain in effect for a term ending on November 15, 2010, unless earlier Terminated or Canceled as provided in this Agreement. The Parties may extend the term of this Agreement by agreement in writing.

Proprietary Information

Agreement Number 02026713.A.012

2.	Section 6.1, “Allowable Expenses”, paragraph f, of ARTICLE VI – ONGOING SUPPORT SERVICES is hereby deleted and replaced with the following paragraph f):

The [**] of travel and living expenses will occur each [**] In the event that the total travel and living expenses [**], Amdocs will provide AT&T a credit for the dollar amount that [**]. For the [**], Amdocs will provide a written report by [**] of the respective year showing the [**].

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.



By:		/s/ Thomas C. Drury



Printed Name:		Thomas C. Drury



Title:		President

Date:		5-28-2010


AT&T Services, Inc.



By:		/s/ Beverly J. Madson



Printed Name:		Beverly J. Madson



Title:		Senior Contract Manager

Date:		5-27-2010

Proprietary Information

Amendment

No. 02026713.A.013

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.013

AMENDMENT NO. 13

AGREEMENT NO. 02026713

This Amendment No. 13, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, Amdocs Software Systems Limited and AT&T have entered into that certain Agreement No. 03032360.A.003 pursuant to which AT&T has the right to obtain a license to use Amdocs’ Software;

WHEREAS, Supplier and AT&T desire to amend the Agreement as hereinafter set forth.

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

1.	Section 3.3, “Termination,” of ARTICLE III - GENERAL TERMS is hereby amended to include the following paragraph G. Termination Upon Amdocs’ Change of Control, which shall apply to all agreements between any AT&T Entity and any Amdocs’ Entity:

Termination Upon Amdocs’ Change of Control.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

effective; provided, however, AT&T shall not have this right if Amdocs Limited, (a Guernsey corporation as of the Effective Date) retains Control of Amdocs after such transaction, acquisition, merger; provided, further, however, if such change in Control of Amdocs involves an AT&T competitor, AT&T may terminate this Agreement by giving Amdocs at least ten (10) days prior notice, and the AT&T competitor shall be prohibited from any contact with AT&T Data, AT&T Information and any and all other information about the AT&T account, including discussions with Amdocs personnel regarding specifics relating to the Services. Amdocs shall not be entitled to any termination charges in connection with a termination pursuant to this Section 3.3 G. For purposes of this Section, “Control” and its derivatives mean: (a) the legal, beneficial or equitable ownership, directly or indirectly, of (i) [**] or (ii) equity interests having the right to [**] or, in the event of dissolution, [**]; (b) the right to appoint, directly or indirectly, a majority of the board of directors; (c) the right to control, directly or indirectly, the management or direction of the Entity by contract or corporate governance document; or (d) in the case of a partnership, the holding by an Entity (or one of its Affiliates) of the position of sole general partner; and “Entity” means a corporation, partnership, joint venture, trust, limited liability company, association or other organization or entity.

Subject to any legal obligation of confidentiality or applicable securities laws, Amdocs will provide AT&T with notice at the earliest permissible time of Amdocs’ intention to make such a change of Control and facilitate AT&T’s receipt of sufficient information about the Entity acquiring Control for AT&T to choose to exercise its termination rights described in Section 3.3 G 1.

Any permitted assignee or successor in interest under this Section 3.3 G shall agree in writing to be bound by the terms and conditions of this Agreement.

Regardless of AT&T’s consent or refusal to consent to an assignment under this Section 3.3 G, Amdocs, or its successor in interest, shall continue to perform under the terms of the Agreement until such time as the Agreement terminates or expires.

Section 3.39, “AT&T Supplier Information Security Requirements,” of ARTICLE III – GENERAL TERMS is hereby deleted and replaced with the following 3.39, AT&T Rules, Supplier Information Security Requirements and Limited Offshore Remote Access, which shall apply to all agreements between any AT&T Entity and any Amdocs Entity:

3.39. AT&T Rules, Supplier Information Security Requirements and Limited Offshore Remote Access

Amdocs shall comply with AT&T Rules, Supplier Information Security Requirements (SISR) and Limited Offshore Remote Access (LORA) as set forth in Appendix 8.

3.	Section 6.4, “Access to AT&T Facilities,” of ARTICLE VI - ONGOING SUPPORT SERVICES, is hereby deleted in its entirety.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

4.	Section 6.12, “Electronic Privacy Policy,” of ARTICLE VI - ONGOING SUPPORT SERVICES, is hereby deleted in its entirety.

5.	Section 6.13, “Offshore Transfer or Processing of AT&T Data,” of ARTICLE VI - ONGOING SUPPORT SERVICES, is hereby deleted in its entirety.

6.	Section 6.14 “Service Facilities/Location,” of ARTICLE VI - ONGOING SUPPORT SERVICES is hereby deleted and replaced with the following 6.14, Offshore Work Permitted Under Specific Conditions, which shall apply to all agreements between any AT&T Entity and any Amdocs Entity:

6.14

Offshore Work Permitted Under Specific Conditions

a. Supplier shall not perform any Services under this Agreement, nor allow such performance by any Subcontractor, at a location outside the United States (“Offshore Location”) unless AT&T approves work to be performed by Supplier or a Subcontractor at such Offshore Location. In the event of such approval, the physical location where the work is to be performed the Services to be performed at such location; and, if applicable, the identity of any Subcontractor performing such work, shall be specifically set forth in Appendix K. Prior to making any additions or deletions to the physical locations or changes in Subcontractors performing work at an Offshore Location the Parties shall amend Appendix K. A change in the location where a Service is performed from one Offshore Location to another AT&T approved Offshore Location shall not require an amendment to Appendix K. Remote access by Supplier employees or Subcontractor from an Offshore Location for the performance of Services shall be in accordance with Appendix 8 AT&T Rules, Supplier Information Security Requirements (SISR) and Limited Offshore Remote Access (LORA). The requirements of this section shall be in addition to Sections 3.2, Amendments and Waivers, and 6.9 Work Done by Others.

b. AT&T shall have the right to withdraw its consent to the performance of work at an Offshore Location at any time in AT&T’s sole discretion for any reason, in which event the Parties shall assess cost impacts, timing, methodology and amend the Agreement to reflect any changes reasonably required to permit Supplier to continue to perform such work at a location within the United States and the Parties shall amend the Agreement and Appendix K accordingly.

c. Supplier’s compliance with this Section, and all Services performed in Offshore Locations with AT&T’s consent, shall be subject to Section 3.27, Records and Audits. Supplier shall provide, and shall ensure all Subcontractors provide AT&T with physical access to inspect all Offshore Locations.

d. To the extent Supplier interconnects with, or otherwise has access to, the AT&T network, Supplier shall access, or establish network connections that would allow access, to the AT&T network from an Offshore Location in compliance with Appendix 8, “AT&T Rules, Supplier Information Security Requirements (SISR) and Limited Offshore Remote Access (LORA)” to the Agreement.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

e. If Supplier or any Subcontractor without intending to circumvent the requirements of this Section, provides any Services under this Agreement in an Offshore Location without AT&T’s prior written consent and fails to cease providing such Services within [**], such inadvertent provisioning and failure to timely cure within said [**] shall be a material breach of this Agreement and, in addition to any other legal rights or remedies available to AT&T in law or in equity, AT&T may immediately Cancel and/or Terminate this Agreement without cost, liability or penalty to AT&T. Notwithstanding the foregoing, AT&T agrees that Amdocs’ or a Subcontractor’s provision of the Services in an Offshore Location without AT&T’s prior written consent on a transient basis (e.g., an Amdocs’ employee’s provision of Services from an airport while in travel status) shall be permitted and shall not be deemed to be a material breach of this Agreement.

f. When AT&T has granted consent for Services to be performed in an Offshore Location, Supplier shall remain fully responsible for compliance with any foreign, federal, state or local law applicable to the Supplier’s provision of such Services regardless of whether the Service is being performed by Supplier or a Subcontractor. Nothing contained within this Agreement is intended to extend, nor does it extend, any rights or benefits to any Subcontractor, and no third party beneficiary right is intended or granted to any third party hereby.

Appendix 8, AT&T Rules and Supplier Information Security Requirements, is hereby deleted in its entirety, and replaced with Appendix 8, AT&T Rules, Supplier Information Security Requirements and Limited Offshore Remote Access, attached herewith, which shall apply to all agreements between any AT&T Entity and any Amdocs Entity.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.



By:		/s/ Thomas C. Drury



Printed Name:		Thomas C. Drury



Title:		President

Date:		8-30-2010


AT&T Services, Inc.



By:		/s/ Beverly J. Madson



Printed Name:		Beverly J. Madson



Title:		Senior Contract Manager

Date:		8-30-2010

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

Appendix 8

AT&T Rules, Supplier Information Security Requirements and Limited Offshore Remote Access

This Appendix 8 of the Master Service Agreement No. 02026713 (the “Agreement”). Capitalized terms not defined in this Appendix have the meaning given in the Agreement. Any capitalized term not defined has its generally understood meaning in the context in which it is used in the IT industry.

Work Policies and Rules

During the performance of Services, representatives of Amdocs, including the Amdocs Personnel, (“Amdocs Representatives”) shall adhere to AT&T Rules and policies, including but not limited to those specified in the AT&T Code of Business Conduct, found on the following website: http://www.att.com/gen/investor-relations?pid=5711, and to be reviewed once a year, all in accordance with Appendix 8 of the Agreement.

Without limiting Amdocs’ obligations in clauses (a) and (b), if AT&T provides Amdocs Representatives access to its computer systems, Amdocs agrees (i) to use such systems in a professional manner, (ii) to use such systems only for business purposes and solely for the purposes of performing Services under the Agreement, (iii) to use such systems in compliance with AT&T’s applicable standards and guidelines for computer systems use, as outlined in AT&T’s Security Policies and Procedures, and (iv) to use password devices, if applicable and if requested by AT&T. Without limiting the foregoing, any access provided by AT&T, or by virtue of the presence of Amdocs Representatives at AT&T locations, including but not limited to access to intranet and internet services, shall not be used for personal purposes or for any purpose which is not directly related to the Services. Amdocs agrees that Amdocs Representatives must have a valid AT&T business reason to access the intranet and/or the internet from within AT&T’s private corporate network.

2.	Access

When appropriate, Amdocs shall have reasonable access to AT&T’s premises during normal business hours, and at such other times as may be agreed upon by the Parties, to enable Amdocs to perform its obligations under the Agreement. Amdocs shall coordinate such access with AT&T’s designated representative prior to visiting such premises. If AT&T requests Amdocs to discontinue furnishing any person provided by Amdocs from performing Services on AT&T’s premises, in accordance with the terms and conditions of the Agreement, Amdocs shall immediately comply with such request. Such person shall leave AT&T’s premises immediately and Amdocs shall not furnish such person again to perform Services on AT&T’s premises without AT&T’s written consent.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

AT&T may require Amdocs or its Amdocs Representatives to exhibit identification credentials, which AT&T may issue, to gain access to AT&T’s premises for the performance of Services. If, for any reason, any Amdocs Representative is no longer performing such Services, Amdocs shall immediately inform AT&T and promptly deliver to AT&T such person’s identification credentials, if issued by AT&T. Each Amdocs Personnel shall wear a badge indicating that he or she is not an employee of AT&T.

Amdocs shall ensure that Amdocs Representatives, while on or off AT&T’s premises, will (i) perform Services which conform to the Specifications, (ii) protect AT&T Data, buildings and structures, (iii) perform Services which do not interfere with AT&T’s business operations, and (iv) perform such Services with care and due regard for the safety, convenience and protection of AT&T, its employees, and its property and in full conformance with the policies specified in the AT&T Code of Business Conduct, which prohibits the possession of a weapon or an implement which can be used as a weapon.

Amdocs shall ensure that all persons furnished by Amdocs work harmoniously with all others when on AT&T’s premises.

In providing the Services, Amdocs may only use citizens of the United States (“US”) to access or display AT&T Data, including Customer Information, for any Government Applications. AT&T shall be responsible to identify for Amdocs any Application classified as a “Government Application.”

3.	AT&T Supplier Information Security Requirements

The following AT&T Supplier Information Security Requirements (“Security Requirements”) apply to Amdocs, its Subcontractors, and each of their employees and/or temporary workers, contractors, vendors and/or agents who perform Services for, on behalf of, and/or through AT&T (for the purpose of this Appendix, each or all “Supplier”) that include any of the following:

1. Supplier’s performance of Services that involve the collection, storage, handling, or disposal of AT&T Data;

2. Supplier-offered or -supported AT&T branded services using non-AT&T network and Information Resources (as defined below);

3. Connectivity to AT&T non-public networks and Information Resources (as defined below);

4. Custom software development or software implementation; or

5. Website hosting and development for AT&T and/or AT&T’s customers.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

stringent security or other obligations of the Agreement. Section and paragraph headings contained in parentheses following paragraphs in the table, below, in this Appendix are for reference purposes only and are not to affect the meaning or interpretation of this Agreement.

AT&T reserves the right to update or modify its Security Requirements from time to time as specified below. Upon notification by AT&T of its need to modify the Security Requirements, Supplier agrees to promptly negotiate in good faith and execute an amendment to this Agreement to incorporate any such modification. Supplier acknowledges that AT&T may require modifications to Security Requirements upon:

Extension, or renewal of the Agreement;

Any change in work scope or other substantive modification of the Agreement; or

Identification of a potential threat scenario.

3.1 Definitions:

Unless otherwise set forth or expanded herein, defined terms shall have the same meaning as set forth in the main body of the Agreement.

“AT&T Network” is the internal, non-public AT&T network infrastructure.

“AT&T Systems” are the internal, non-public AT&T systems and applications.

“Customer Facing System” means an Information Resource accessible from public networks which is intended for use by AT&T’s customers and which resides in a DMZ, as defined below, and where that DMZ:

Is protected by firewalls located between the Internet and the DMZ, between that DMZ and all other DMZs, and between the DMZ and the AT&T intranet,

Prohibits incoming TELNET connections from public networks, and

Prohibits incoming FTP connections from public networks except to specific systems known as “FTP drop boxes”.

Note: A Customer Facing System which also is used by AT&T employees, contractors, vendors or suppliers to perform work on behalf of AT&T is not considered a Customer Facing System when performing such work.

“Demilitarized Zone” or “DMZ” is a network or sub-network that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet. A DMZ helps prevent outside users from gaining direct access to internal Information Resources. The DMZ must be separated from the untrusted external network by use of a firewall and must be separated from the trusted internal network by use of another firewall. Inbound packets from the untrusted external network must terminate within the DMZ and must not be allowed to flow directly through to the trusted internal network. All inbound packets which flow to the trusted internal network must only originate within the DMZ. For additional clarification, see the diagram below; however, the written text shall control with respect to the interpretation of this definition.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

LOGO

“Information Resources” means any systems, applications, and network elements, and the information stored, transmitted, or processed with these resources in conjunction with supporting AT&T and/or used by Supplier in fulfillment of its obligations under this Agreement.

“Sensitive Personal Information” or “SPI” means any information that could be used to uniquely identify, locate, or contact a single person (or potentially be exploited to steal the identity of an individual, commit fraud or perpetuate other crimes). Examples of SPI include, but are not limited to, social security numbers, national, state or province issued identification number, drivers license numbers, dates of birth, bank account numbers, and credit card numbers.

3.2 Security Requirements

In accordance with the foregoing, Supplier shall:

1.	Actively monitor industry resources (e.g., www.cert.org, pertinent software vendor mailing lists & websites, etc.) for timely notification of all applicable security alerts pertaining to the Supplier networks and Information Resources. (Security Alerts)

2.	Scan externally-facing Information Resources with applicable industry-standard security vulnerability scanning software (including, but not limited to, network, server, & application scanning tools) [**]. (Externally-facing System Scanning)

3.	Scan internal Information Resources with applicable industry-standard security vulnerability scanning software (including, but not limited to, network, server, application & database scanning tools) [**]. (Internal System Scanning)

4.	Upon AT&T’s request, furnish to AT&T its most current scanning results for Information Resources. (Sharing Scanning Results with AT&T)

5.	Deploy one or more Intrusion Detection Systems (IDS) in an active mode of operation. (Intrusion Detection Systems)

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

Have and use a documented process to remediate security vulnerabilities in the Information Resources, including, but not limited to, those discovered through industry publications, vulnerability scanning, virus scanning, and the review of security logs, and apply appropriate security patches promptly with respect to the probability that such vulnerability can be, or is in the process of being, exploited. (Remediating/Patching Service Vulnerabilities)

7.	Assign security administration responsibilities for configuring host operating systems to specific individuals. (Security Administration Responsibilities)

8.	Ensure that its security staff has reasonable and necessary experience in information/network security. (Necessary Staff Experience)

Ensure that all of Supplier’s Information Resources are and remain ‘hardened’ including, but not limited to, removing or disabling unused network services (e.g., finger, rlogin, ftp, simple TCP/IP services, etc.) and installing a system firewall, TCP Wrappers or similar technology. (Hardened Systems)

10.	Change all default account names and/or default passwords in accordance with password requirements as set forth herein. (Changing default Account names and Passwords)

11.	Limit system administrator/root (or privileged, super user, or the like) access to host operating systems only to individuals requiring high-level access in the performance of their jobs. (Limit Super User Privileges)

12.	Require system administrators to restrict access by users to only the commands, data and Information Resources necessary for them to perform authorized functions. (Administrators to Restrict User Access)

13.	Ensure that all of Supplier’s networks and Information Resources are located in secure physical facilities with access limited and restricted to authorized individuals only. (Information Resources in Secure Facilities)

14.	Monitor and record, for audit purposes, access to the physical facilities containing networks and Information Resources used in connection with Supplier’s performance of its obligations under the Agreement. (Monitoring and Recording Access)

15.

When providing Internet-based services to AT&T, protect AT&T Data by the implementation of a network DMZ. Web servers providing service to AT&T shall reside in the DMZ. Information Resources storing AT&T Data (such as application and database servers) shall reside in a trusted internal network. (Internet Services Must Use DMZ)

16.	Upon AT&T’s request, provide to AT&T a logical network diagram detailing the Information Resources (including, but not limited to, firewalls, servers, etc.) that will support AT&T. (Provision of Logical Network Diagram)

17.	Have a documented process and controls in place to detect and handle unauthorized attempts to access AT&T Data. (Detection and Handling of Unauthorized Access).

18.

Use Strong Encryption for the transfer of AT&T Data outside AT&T- or Supplier-controlled facilities or when transmitting AT&T Data over any untrusted network. (Note: This also applies to AT&T Data contained in email, or the attachments embedded within the email, as the case may be. For greater clarity, if, for example, the text in an email does not contain AT&T Data, but the embedded attachments within that email do contain AT&T Data, then the embedded attachment, but not the email, needs to be encrypted.) (Encryption of Information in Transit)

19.	Require strong authentication (e.g., two factor token or digital certificates) for remote access or use of Information Resources. (Remote Access Authentication).

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

20.

Isolate AT&T’s applications and Information from any other customer’s or Supplier’s own applications and information either by using physically separate servers or alternatively by using logical access controls where physical separation of servers is not implemented. (Separate AT&T Data from non-AT&T Data)

21.	Have a documented procedure for the secure backup, transport storage, and disposal of AT&T Data and, upon AT&T’s request, provide such documented procedure to AT&T. (Secure Backup, Transport, Storage and Disposal of AT&T Data)

22.

Amdocs will maintain and upon request provide the Business Continuity Plan for their operations associated with each Amdocs Facility, covering the Applications and Projects that are assigned to them by AT&T, as set forth in this section at all times during the term of this Agreement. This Business Continuity Plan will ensure that Supplier can meet its contractual obligations under the Agreement, including the requirements of any applicable Statement of Work or Service Level Agreement. Upon AT&T’s request, Supplier shall promptly update its business continuity plan to include a potential threat scenario. (Business Continuity Plan)

23.	Where physical and logical security of AT&T SPI cannot be ensured, store AT&T SPI using Strong Encryption. (Encryption at Rest / Storage)

24.	Limit access to AT&T Data, including, but not limited to, paper hard copies, only to authorized persons or systems. (Limit Access to AT&T Data Regardless of Form)

25.

Return or, at AT&T’s option, destroy all AT&T Data, including electronic and hard copies, within thirty (30) days after the sooner of: (a) expiration or Termination or Cancellation of the Agreement; (b) AT&T’s request for the return of AT&T Data; or (c) the date when Supplier (or its suppliers or representatives) no longer needs the AT&T Data. In the event that AT&T approves destruction as an alternative to returning the Information, then Supplier shall certify the destruction (e.g., degaussing, overwriting, performing a secure erase, performing a chip erase, shredding, cutting, punching holes, breaking, etc.) as rendering the AT&T Data non-retrievable. (Return of AT&T Data)

26.

Unless otherwise instructed by AT&T, when collecting, generating or creating Information for, through or on behalf of AT&T or under the AT&T brand, whenever practicable, label such Information as “AT&T Proprietary Information” or, at a minimum, label AT&T Data as “Confidential” or “Proprietary”. Supplier acknowledges that AT&T Data shall remain AT&T-owned Information irrespective of labeling or absence thereof. (Confidential or Proprietary Markings)

27.	Assign unique UserIDs to individual users. (Unique User IDs)

28.

Have and use a documented UserID Lifecycle Management process including, but not limited to, procedures for approved account creation, timely account removal, and account modification (e.g., changes to privileges, span of access, functions/roles) for all Information Resources and across all environments (e.g., production, test, development, etc.). (UserID Life Cycle Management)

29.	Enforce the rule of least privilege (i.e., limiting access to only the commands and Information necessary to perform authorized functions according to one’s job function). (Rule of Least Privilege)

30.

Limit failed login attempts to no more than [**] successive attempts and lock the user account upon reaching that limit. Access to the user account can be reactivated subsequently through a manual process requiring verification of the user’s identity or, where such capability exists, can be automatically reactivated after [**] from the last failed login attempt. (Limit Failed Logins)

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

31.

Terminate interactive sessions, or activate a secure, locking screensaver requiring authentication, after a period of inactivity [**]. Exception: Where elsewhere authorized in writing by AT&T, AT&T customer usage of Customer Facing Systems may be exempted from this requirement. (Terminate Inactive Interactive Sessions)

32.	Require password expiration at regular intervals not to exceed [**]. Exception: Where elsewhere authorized in writing by AT&T, AT&T customer usage of Customer Facing Systems may be exempted from this requirement. (Expire Passwords)

33.	Use an authentication method based on the sensitivity of Information When passwords are used, they must meet these minimum requirements:

•

Passwords must be a minimum of [**] characters in length.

•

Passwords must contain characters from at least [**] of the these groupings: alpha, numeric, and special characters.

•

Passwords must not be the same as the UserID with which they are associated.

•

Password construction must be complex and not contain names, dictionary words, combinations of words, or words with substitutions of numbers for letters, e.g., s3cur1ty.

•

Passwords must not contain repeating or sequential characters or numbers.

Note: 1. When systems or applications do not enforce these password requirements, users and administrators must be instructed to comply with these password requirements when selecting passwords.

2. Applications housing more sensitive AT&T Data, as identified by AT&T, may require an authentication mechanism stronger than passwords and the authentication mechanism must be approved by AT&T in advance in writing. Examples of stronger authentication methods include tokens, digital certificates, passphrases, and biometrics. Exception: Where elsewhere authorized in writing by AT&T, AT&T customer usage of Customer Facing Systems may be exempted from this requirement. (Passwords and Construction Rules)

34.	Use a secure method for the conveyance of authentication credentials (e.g., passwords) and authentication mechanisms (e.g., tokens or smart cards). (Use Secure Method to Convey UserIDs and Passwords)

35.	Display a warning or “no-trespassing” banner on applicable login screens or pages when in Supplier’s environment and not an AT&T branded product or service.

(example long version):

This is an <company name> system, restricted to authorized individuals. This system is subject to monitoring. Unauthorized users, access, and/or modification will be prosecuted.

(example short version):

<company name> authorized use ONLY, subject to monitoring. All other use prohibited.

For AT&T branded products or services or for software developed for AT&T, the Supplier shall display a warning banner on login screens or pages provided by AT&T. (Display Warning Banners)

36.	Have current antivirus software installed and running to scan for and promptly remove viruses. (Scan and Remove Viruses)

37.	Separate non-production Information Resources from production Information Resources. (Separate Production and Non-Production Information Resources)

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

38.	Have a documented software change control process including back out procedures. (Software Change Control Process)

39.	For applications which utilize a database that allows modifications to AT&T Data, have database transaction logging features enabled and retain database transaction logs for a minimum of [**] (Utilize Database Transaction Logging)

40.	For all software developed, used, furnished and/or supported under this Agreement, review such software to find and remediate security vulnerabilities during initial implementation and upon any modifications and updates. (Review Code for Vulnerabilities)

41.

Perform quality assurance testing for the application functionality and security components (e.g., testing of authentication, authorization, and accounting functions, as well as any other activity designed to validate the security architecture) during initial implementation and upon any modifications and updates. (Quality Assurance Test Application and Security Vulnerabilities).

42.	Not store AT&T SPI on removable media (e.g., USB flash drives, thumb drives, memory sticks, tapes, CDs, external hard drives) except: (a) for backup and data interchange purposes as allowed and required under contract and (b) using Strong Encryption. (Control SPI on Removable Media)

43.	Restrict access to any AT&T SPI to authorized individuals. (Restrict Access to SPI)

44.	Restrict access to security logs to authorized individuals.(Restrict Access to Security Logs)

45.	Review, on [**], security logs for anomalies and document and resolve all logged security problems in a timely manner. (Review Security Logs and Resolve Security Problems)

46.

Retain complete and accurate records relating to its performance of its obligations arising out of these Security Requirements and Supplier’s compliance herewith in a format that will permit audit for a period of [**], or longer as may be required pursuant to a court order or civil or regulatory proceeding. Notwithstanding the foregoing, Supplier shall only be required to maintain security logs for a [**]. (Retain Records)

47.

Permit AT&T to conduct an audit to verify Supplier’s compliance with the contractual obligations in connection with these AT&T Supplier Information Security Requirements. Upon AT&T’s request for audit, Supplier shall schedule a security audit to commence [**] from such request. In the event that AT&T, in its sole discretion, deems that a security breach has occurred, Supplier shall schedule the audit to commence within [**] of AT&T’s notice requiring an audit. This provision shall not be deemed to, and shall not, limit any more stringent audit obligations permitting the examination of Supplier’s records contained in the Agreement. (Audit Rights)

48.

[**] of receipt of the audit report, provide AT&T a written report outlining the corrective actions that Supplier has implemented or proposes to implement with the schedule and corrective action. Supplier shall update this report to AT&T [**] reporting the status of all corrective actions through the date of implementation. Supplier shall implement all corrective actions [**] of Supplier’s receipt of the audit report. (Remediate Audit Findings).

49.

Have and use a documented procedure to follow in the event of an actual or suspected unauthorized intrusion or other security violation, including, but not limited to, a physical security or computer security incident (e.g., hacker activity or the introduction of a virus or malicious code), that involves Supplier in fulfillment of its obligations under this Agreement, which includes immediate notification to the AT&T Computer Security Incident Response Team (ACSIRT).

ACSIRT 24 hour contact information:

[**]

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

50.

Provide AT&T with regular status updates on any actual or suspected unauthorized intrusion or other security violation that involves Information Resources used in conjunction with supporting AT&T and/or used by Supplier in fulfillment of its obligations under this Agreement, including but not limited to actions taken to resolve the incident, [**] for the duration of the incident, [**] of the closure of the incident, a written report describing the incident, actions taken by the Supplier during its response and the Supplier’s plans for future actions to prevent a similar incident from occurring. (Provide AT&T Incident Response Status and Final Resolution)

51.	Ensure, prior to furnishing or development of custom software, that such software incorporates applicable AT&T security requirements as documented by AT&T in the business requirements for the applicable software. (Software Must Comply with AT&T Security Requirements.)

52.

Ensure that all personnel, subcontractors or representatives performing work on any AT&T Information Resources or the resources used to interconnect to AT&T resources or the resources used to house AT&T Data under this Agreement are in compliance with these Security Requirements. (All Work to Be In Compliance with SISR)

53.	At a minimum annually, review these Security Requirements to ensure that Supplier is in compliance with the requirements. (Periodically Review and Ensure Compliance with SISR)

54.

Return all AT&T owned or provided access devices (including, but not limited to, SecurID^® tokens and/or software) as soon as practicable, but in no event [**] after the sooner of: (a) expiration, Termination, or Cancellation of the Agreement; (b) AT&T’s request for the return of such property; or (c) the date when Supplier (or its suppliers or representatives) no longer need such devices. (Return all AT&T Owned or Provided Access Devices)

3.3 Connectivity Requirements

In the event Supplier has, or will be provided, connectivity (i.e., access to AT&T’s or its customers’ networks) in conjunction with this Agreement, then, in addition to the foregoing, the following requirements shall apply to Supplier:

1. In the event that a data connection agreement, such as a “Master Data Connection Agreement,” “Data Connection Agreement,” and/or “Connection Supplement” (“DCA”) exists between the Parties, and incorporates this Agreement by reference, or is otherwise integrated with, or used to govern the Parties’ connectivity obligations under, this Agreement, such DCA is hereby superseded by the terms of these Security Requirements, effective as of the date these Security Requirements become effective under the Agreement, and the terms of such DCA are amended to require that the Security Requirements, and not the DCA, are controlling in the Agreement (as well as any agreements subordinate to this Agreement). Notwithstanding the foregoing, the DCA remains in full force and effect for all other agreements between the Parties to which it applies.

2. Supplier shall:

a. Use only the mutually agreed upon facilities and connection methodologies to interconnect AT&T’s networks with Supplier’s networks and to provide access to the data for each connection.

b. Only establish interconnection to endpoint resources and/or end users outside the United States as specified in the Agreement.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

c. Provide AT&T access to any Supplier facilities during normal business hours for the maintenance and support of any AT&T equipment (e.g., router) used for the transmission of Information under this Agreement.

d. Maintain logs of all sessions that pass through the Supplier’s perimeter security gateway. These session logs must include sufficiently detailed information to identify the end user or application, origination IP address, destination IP address, ports/service protocols used and duration of access. These session logs must be retained [**].

e. Use any AT&T equipment provided under this Agreement only for the furnishing of those Services or functions explicitly defined in the Agreement.

f. Ensure that all Supplier interconnections to AT&T pass through the designated AT&T perimeter security gateway (e.g., firewall).

g. Ensure that Supplier interconnections to AT&T terminate at a perimeter security gateway (e.g., firewall) at the Supplier end of the connection.

3. In addition to other rights set forth herein, AT&T shall have the right to:

a. Gather information relating to Supplier’s access to AT&T’s networks, processing systems and applications. This information may be collected, retained and analyzed by AT&T to identify potential security risks without further notice. This information may include trace files, statistics, network addresses, and the actual data or screens accessed or transferred.

b. AT&T shall have the right to immediately suspend or terminate any interconnection if AT&T, in its sole discretion, believes there has been a breach of security or unauthorized access to or misuse of AT&T data facilities or Information.

3.4 Offshore Information Technology Services Requirements

In the event Supplier currently provides or will be providing Offshore Information Technology Services in conjunction with this Agreement, then, in addition to the foregoing, the following requirements shall apply to Supplier:

1	Strong authentication controls must be established for firewalls, firewall management servers, and firewall hop boxes. Options for strong authentication may include two-factor authentication methods such as tokens, smart-cards and/or one-time passwords.

2	Supplier must ensure that firewall configurations are hardened by selecting a sample of firewalls and verifying that the default rule set ensures the following:

a. IP source routing is disabled.

b. Loopback address is prohibited from entering the internal network,

c. Anti-spoofing filters are implemented.

d. Broadcast packets are disallowed from entering the network,

e. ICMP redirects are disabled.

f. Fragmented packets are dropped.

g. Ruleset ends with a DENY ALL statement

3	Screen savers or connection timeouts are required to prevent unauthorized access to unattended workstations.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

Perform [**] revalidations on the user account list on firewalls, firewall management servers, and firewall hop boxes to ensure that only those users authorized for access to manage these devices have an account. This includes the need to revalidate the authorization level of each user account to ensure appropriate permission levels are maintained.

5	Production support personnel and development personnel must have enough separation and auditable controls to ensure that standard change management procedures are always consistently followed.

6	Developers cannot access production platforms “at will”. For some trouble-shooting situations, developers may be provided access to production platforms but only on an “as needed basis” and for a limited duration. All temporary access should be documented (who, what, when, where and why).

7	Track and approve changes to firewall rules is required and must be validated annually. Inappropriate firewall rules must be removed immediately.

8	Require a clean desk policy at the end of the day.

9A	Effective [**], all portable or removable media (such as CD, floppy and USB drives) will be removed or disabled to ensure that AT&T Data cannot be downloaded and taken offsite.

Wireless networking technologies must not be used for communicating unless the following steps are taken by Amdocs to maintain the confidentiality and integrity of the communication and to prevent unauthorized access to the transmitting device and/or receiving device. When wireless networking technologies are used:

(i) All communications over wireless networks must be transmitted via Virtual Private Network (VPN) session(s) using Strong Encryption.

(ii) Strong authentication (e.g., two factor token or digital certificates) must be used for authenticating VPN access.

(iii) Wireless hardware (with the exception of wireless network cards and access points) must be located in a physically secure area (e.g., in a locked wiring closet or locked machine room).

(iv) All services not being used on the access point, router, and VPN concentrator must be disabled.

(v) Enable Media Access Control (MAC)-based filtering so that only specified wireless cards can communicate to the access point.

10	Supplier must implement procedures to ensure that AT&T Data is not downloaded and removed by Supplier, including at a minimum, searches of persons and their belongings when exiting AT&T restricted areas and Supplier’s premises.

Notify individuals that removal of AT&T Data from the work area or Supplier’s premises is not allowed, to include signage that communicates this policy and that people and personal property including, without limitation, packages, briefcases, and purses are subject to inspection prior to exiting AT&T restricted areas and Supplier’s premises.

Verify that all printed media containing AT&T Data (any information obtained from or provided by AT&T, including information about AT&T Systems, its employees and its customers) is securely stored, and that a mechanism is in place to protect the security and privacy of AT&T Data. Procedures are required to restrict access to AT&T Data to authorized Supplier personnel only, and to ensure that all media containing AT&T Data is accounted for and reconciled on [**] to ensure that the information is not removed from Supplier’s premises.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

All access to electronic documentation of AT&T Data retained locally must be password protected and restricted to the very minimum number of Supplier personnel. Supplier must implement procedures to ensure that AT&T Data is not downloaded and removed by Supplier personnel, including, at a minimum, searches of persons and their belongings when exiting AT&T restricted areas and Supplier’s premises.

14	All electronically stored or printed AT&T Data no longer needed must be shredded onsite or destroyed onsite by authorized Supplier personnel assigned to AT&T projects. Shred bins must be located in AT&T restricted areas and locked until the shredding takes place.

15	A [**] Metric Report of Perimeter Security on the Supplier’s system should be reported to AT&T that consists of:

•

Location

•

Date

•

# of Intrusions

•

Type of Intrusions

•

Source

•

Destination

•

Detail

•

Actions

Security IDS audit logs must be retained [**] and offline for a period of at least [**].

Remote access to AT&T Networks or AT&T Data is prohibited. All work on AT&T projects must be performed within the AT&T restricted area on Supplier’s premises. Prior written exception to this prohibition must be obtained from the [**]). Supplier’s use of laptops offsite must have written approval from the [**]).

Randomly check Supplier-based email and internet-based email so that AT&T Data is not sent to an unauthorized recipient. [**], Amdocs must check for the AT&T Proprietary – Restricted and AT&T Proprietary – Sensitive Personal Information markings in emails and attachments sent from Amdocs to non-AT&T personnel outside. Any unauthorized transmissions must be reported by Amdocs in an email to the [**].

18	B2B VPN connections to AT&T are required to be secured from other remote connections.

19	Device-specific monitoring tools must be used to assure that firewall hardware is operational.

To minimize the risk exposure to visiting AT&T employees in locations that are of medium-high risk of terrorist attacks, adequate security measures are required to include (at a minimum) an enclosed property perimeter with controlled access at entrances, inspection program for people and cars, including delivery vehicles at the entrance, Supplier security personnel trained in surveillance and explosives detection, Supplier mailroom personnel trained in package screening procedures, deployment of security cameras connected to a central monitoring control room, random patrols of property, and restricted vehicle parking near buildings. The security plan should increase security measures as the threat level increases.

All access points into the Supplier’s building(s) where AT&T work is being performed must be locked by either physical keys or a card key system, or controlled by a guard service to restrict access only to authorized individuals. These mechanisms must be in working order and utilized at all times. Proper identification must be worn by all persons inside the Supplier’s building and a procedure in place to challenge those not wearing appropriate identification in the Supplier’s building. The cable vault, electrical and telephone areas should be secured to give access only to those authorized.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

Card key access lists and event logs must be reviewed by Supplier [**] to validate that building card key access is limited to only those individuals with a need to be in the Supplier’s building and restricted area where AT&T work is being performed. Ensure that all keys are accounted for and limited to those individuals with a need to be in the Supplier’s building and restricted areas and all locks are changed on a regular interval (at a minimum annually). Ensure that Supplier personnel surrender company identification, keys and access cards before leaving the premises when access to an area is no longer required or upon voluntarily or involuntarily ceasing to work for Supplier and that the access cards are deactivated. [**] should include employee, contractor and supplier termination records and any associated unauthorized access attempts in the event logs.

23	Alarmed doors and monitored electronic systems are required to detect unauthorized access or access attempts with a plan to respond to and document incidents. [**] recorded video surveillance is required of the area where work on AT&T projects is performed, including entry and exit points.

Prior to permitting any person access to an AT&T project source or origin code (for example, software development), and at annual intervals thereafter, Supplier must ensure that such person (employee, contractor, subcontractor) is not on the Denied Persons List or the Specially Designated Nationals List of the US Department of Commerce – Bureau of Industry and Security. – Those lists are located at http://www.bis.doc.gov/ComplianceAndEnforcement/ListsToCheck.htm.

Prior to permitting any person direct or indirect access, whether physical, virtual, or otherwise, to any of AT&T’s company, employee, or customer information, or any of AT&T’s or AT&T’s customers’ premises, systems, software, or networks, Supplier must have a reputable security company perform a criminal background check and verification of the identity of such person (employee, contractor, or subcontractor including onsite security guards responsible for physical security of Supplier’s premises and AT&T restricted areas, and unescorted cleaning/maintenance personnel).

25	A security plan must be in place to include training of Supplier personnel to report suspicious activity/security incidents and complaints that did or could affect AT&T, to include documentation, follow-up and reporting to the AT&T IT:OFFSHORE organization and, as necessary, law enforcement.

Information to be reported to the Executive Director of the IT:OFFSHORE organization would consist of at least:

•

Date of Incident

•

Who - Identify those involved and be descriptive (suspects, vehicles, property, license plate numbers, …)

•

What - What happened and how?

•

When - When did the incident occur?

•

Where - Where did the incident take place?

•

Action Taken – What action was taken? Was law enforcement notified?

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

An exercise of Supplier’s recovery strategy must be conducted annually. [**] from the completion of a disaster recovery exercise by Amdocs, Amdocs will produce a documented conclusion with a corrective action plan and proposed committed timeframes for corrective action upon which the Parties will agree within [**] from receipt of the action plan.

27	Failover processes and procedures are required to support AT&T applications and these failover processes and procedures are exercised [**]

28	Business continuity communication documents, processes, and procedures must be readily available and current.

As soon as reasonably possible after the execution of this Agreement and on an annual basis thereafter, Supplier will, at no charge to AT&T, perform a security audit utilizing a reputable independent auditor, as agreed by the Parties. Such security audit shall ensure that Supplier will strictly follow these AT&T Supplier Information Security Requirements.

3.5 Requirements for Offshore Information Technology Services Requiring Elevated Rights

In the event Supplier currently provides or will be providing system, database, and or network administrator/root (or privileged, super user, or the like) access to host operating systems located on AT&T non-public networks in conjunction with this Agreement from an Offshore Location, then, in addition to the foregoing, the following requirements shall apply to Supplier:

Access for privileged offshore users will be via a front-end Citrix farm that requires SecurID authentication, with front end Citrix servers located in a DMZ segment. An alternative to this is an AT&T-provided Client VPN with a SecurID token used over a secure connection (NOT the public Internet) as reviewed and approved by AT&T’s Chief Security Office (CSO).

Auditing options must be enabled on any Supplier perimeter equipment which controls access to the Supplier equipment used to do AT&T work. To ensure integrity of audit log entries, all Supplier system clocks must be synchronized to the same time source. Synchronization to AT&T clocks is not required. At a minimum, security audit log(s) must be automatically updated for the following system events:

a. Successful and unsuccessful login attempts.

b. Successful and unsuccessful attempts to switch to another user’s account (where applicable).

c. Logoffs.

d. User attempts to access files or resources outside their privilege level.

e. User access to all privileged files and/or processes.

f. Operating system configuration changes.

g. Operating system program changes.

h. All changes, that can feasibly be captured, to system hardware and software.

i. All security-related changes, including adding users.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

j. Failures for computer, program, communications, and operations.

k. Starting and stopping of audit logging.

Security audit logs must be maintained [**] and offline for a [**].

AT&T reserves the right to perform vulnerability scans and review the scanning results of Supplier systems in a pre-announced, scheduled manner on Supplier’s equipment on an AT&T isolated LAN segment and Supplier Network equipment used to access AT&T Networks, systems, and data or Supplier agrees to reveal to the [**] the detailed scanning findings and closure activities related to vulnerabilities found [**].

Information to be reported to the AT&T-IT OCE would consist of at least:

•

Date of discovery of vulnerability

•

How it was remediated

•

What was remediated

•

What are the plans to remediate

•

Estimated Date of closure

An Intrusion Prevention System (IPS) is required on Supplier’s data network to prevent unauthorized access.

RESTRICTED – PROPRIETARY INFORMATION

Agreement Number 02026713.A.013

Limited Offshore Remote Access (“LORA”) to AT&T Systems

The following outlines the AT&T requirements and procedures to which the Supplier must adhere for allowance of select pre-authorized offshore Supplier personnel to have remote access to AT&T systems, for which the Supplier is already under contract with AT&T to perform IT support services.

This remote access program (the “Limited Offshore Remote Access”) set forth herein defines the program requirements and how the Supplier shall work with the AT&T Offshore Compliance and Enablement organization to determine if Supplier can utilize the LORA for an existing or new information technology Services engagement. Examples of engagements where AT&T will consider Supplier’s request for LORA would be a Work Order where offshore Supplier personnel are required to perform after-hours work monitoring support services and access AT&T data.

I. Definitions

•

AT&T IT Offshore Compliance & Enablement (IT OCE) – AT&T Information Technology organization that manages oversight of the Limited Offshore Remote Access program. The IT OCE will serve as the front door and provide authorization to Supplier. IT OCE point of contact is identified below.

“AT&T Proprietary – Restricted Information” or “Restricted Information” means: any Information that has a higher level of sensitivity and therefore must be shared only among persons with a clear business need to know; or any Information that requires a high degree of protection by law and loss or unauthorized disclosure could require notification by AT&T to government agencies, individuals or law enforcement; or any Information that if revealed widely could present an increased risk of compromising computer systems, fraud, or increased likelihood of disrupting business operations. Examples of Restricted Information include, but are not limited to, unpublished financial information, designs and development plans for new or improved products, services, or processes, Customer Proprietary Network Information (CPNI), marketing information including customer contact lists, software source code for business critical applications, other companies’ confidential information that is shared with AT&T under contract or an NDA, internal AT&T authentication credentials (e.g., passwords, PINs and password hint answers), and security and/or network information including: logs, engineering or architecture diagrams, configuration files, firewall rules, security incident reports, and vulnerability information.

•

Limited Offshore Remote (“LORA”) - the ability, with prior AT&T IT OCE approval, for an Offshore Supplier resource to connect to AT&T systems via AT&T client VPN from their Resource Home Location for the purposes of completing contracted work for AT&T.

•

“Management Remote Access Laptop”- limited in use by Amdocs Management Band 3 (Group leader-management personnel) and above who support the AT&T account, from the Amdocs facility, Resource Home Location or travel. There will be no transfer of or storage of

Proprietary Information

Agreement Number 02026713.A.013

SPI and AT&T Proprietary – Restricted Information or Restricted Information on this device. For clarity the only access to SPI and AT&T Proprietary – Restricted Information or Restricted Information will be as defined in Article II #3 below, “Remote Access end-user for laptops without AT&T Data requirements”.

•

Remote Access Laptop/Desktop – A Supplier-provided Laptop/Desktop which will be used by an approved Supplier resource for LORA from their home location.

•

Resource Home Location – The home residence of a Supplier resource. Each approved Supplier resource can have LORA from only one Resource Home Location.

•

Controlled and Audited Supplier Facility – The designated offshore Supplier work location, which is governed by controls specified by AT&T. This is the Supplier resource’s primary work location.

•

Remote Access Solution – From the Resource Home Location, an approved Supplier resource will use a Remote Access Laptop/Desktop to connect to the AT&T Secure VPN Gateway.

•

Permanent Workstation/Virtual Workstation A laptop or desktop located in a controlled and audited Supplier facility that is used to access the AT&T network for contracted services.

II. LORA requirements:

General requirements: Supplier shall adhere to the following:

Each individual LORA user shall be reviewed and either approved or denied [**] from receipt of written request to the AT&T IT Offshore Compliance & Enablement (IT OCE).

Each individual LORA request must be linked with a specific statement of work covered under an existing or pending Work Order issued under a current Master Agreement between AT&T and the Supplier.

Supplier is to maintain a history log of all requests for LORA.

Supplier is to submit all new LORA requests to IT OCE, in a format specified by AT&T.

The IT OCE Sr. Technical Director or equivalent will approve or deny each request.

[**] interface at the time of this document being implemented. This is subject to change by AT&T.

Supplier may also request AT&T IT OCE approval for temporary remote access from a location other than the Resource Home Location.

Resource Home Location shall be subject to voluntary inspection /verification, as agreed upon by the Parties, by Supplier or AT&T representative if AT&T information/resource is present. The Supplier resource must notify AT&T/Supplier of any changes in Resource Home Location.

Amdocs will notify AT&T immediately upon an Amdocs resource’s change in status that would no longer require them to have LORA.

Proprietary Information

Agreement Number 02026713.A.013

[**] and immediately upon approval, all offshore Supplier personnel approved for LORA must complete Supplier-provided compliance training, which shall include but not be limited to:

A review of all of the requirements outlined in this Agreement that pertain to the end-users of the Remote Access Solution. The review shall include but not be limited to: the use of the Remote Access Solution from only a single Resource Home Location; the Remote Access Laptop theft/loss reporting requirements; and the prohibition of the use of the Remote Access Solution for anything other than responding to on-call situations.

Review of the following guidelines: https://spsf05.web.att.com/sites/AssetProtection/APO/Investigations/LaptopThefts.aspx.

Upon AT&T request, Supplier shall provide to the AT&T IT Offshore Compliance & Enablement (IT OCE) team confirmation that the above training has been completed annually and upon LORA approvals.

Management Remote Access Laptop with AT&T Data other than SPI or AT&T Proprietary – Restricted Information (“APRI”) or Restricted Information (“RI”) requirements:

LOGO

Supplier shall adhere to the following:

Supplier shall designate, provide and support the Management Remote Access Laptop to be used from the Resource Home Location, Amdocs Facility and travel.

Each Management Remote Access Laptop shall have anti-virus and firewall software installed and operating.

The configuration file that controls these settings required for LORA shall be read only for the user and editable only by authorized domain administrators (e.g., settings

Proprietary Information

Agreement Number 02026713.A.013

that control full hard drive encryption, antivirus and [**], for application installations) or resources approved for LORA shall not have administrator rights on the Management Remote Access Laptop.

Each Management Remote Access Laptop shall have a full hard drive encryption solution, such as [**], installed and operating, with all data encrypted as long as the laptop is “locked” (screensaver has turned on) or the Management Remote Access Laptop is shut down. The configuration file that controls the above settings shall be read only for the user and editable only by authorized domain administrators.

Management Remote Access Laptops with no [**] software or equivalent product installed must require both a password and biometric (i.e., thumb print scan) authentication for both logging into the device and “unlocking” the device (gaining control of the device after the screensaver has turned on). The configuration file that controls the above settings shall be read only for the user and editable only by authorized domain administrators. Amdocs will work in good faith to have this requirement implemented [**].

Password and/or biometric-protected screensavers must be set with the inactivity timeout set to [**] or less. The configuration file that controls the above settings shall be read only for the user and editable only by authorized domain administrators.

Each Management Remote Access Laptop shall have the [**] or equivalent product installed and operating [**], with the configuration file that controls the above settings set to be read only for the user and editable only by authorized domain administrators. Supplier shall initiate the [**] data wipe process for all lost or stolen laptops within [**] of the reported theft or loss of a Management Remote Access Laptop. Supplier is to notify [**] of a lost or stolen Management Remote Access Laptop within [**], including in such notification a description of AT&T information that was on the Management Remote Access Laptop. Supplier shall provide full and proactive cooperation with any investigation related to AT&T. In addition to Amdocs’ obligation to indemnify , in the event of such a loss of equipment, if it is determined that the lost equipment included personnel Information (personal data such as HR information, SSN, address, etc.) and the Supplier has failed to comply with the provisions of subsections b, c, d, e, and f, above the Supplier shall provide [**].

Each Management Remote Access Laptop shall only be able to [**] network at any one time.

Management Remote Access Laptops shall use either (i) a VPN connection to AT&T through AT&T’s approved Client VPN or (ii) another VPN connection to connect to the Supplier’s corporate network. The Management Remote Access Laptop may not use both (i) and (ii) at the same time or any other connection method(s).

Proprietary Information

Agreement Number 02026713.A.013

The data and voice connection in the Resource Home Location and all associated costs shall be provided by the Supplier per the Supplier’s policy and will be either a wired or wireless connection. AT&T will not be required to cover the charges for data and voice connections in the Resource Home Locations. Wired data connections are preferred. However, if the connection is wireless (e.g., WIFI or cellular wireless connection), the connection must be encrypted and adequately secured.

Supplier Laptops/Desktops shall be configured such that offshore Supplier personnel shall be unable to download or copy AT&T Data to external devices through means such as disk drives, USB drives, writeable CDs, serial ports, etc. Such configuration settings shall be controlled centrally and editable only by authorized administrators.

Except where expressly stated, all aforementioned software and hardware shall be provided by the Supplier.

Security audit logs shall be maintained by the Supplier to track system events, including login attempts, user sessions, logoffs, configuration changes, and other pertinent events and data. Logs shall be retained online for [**]

Each LORA user [**] for reviewing desktop and email by December 31, 2010. Upon LORA approval each LORA user will execute, review findings classified by [**] as “High” and remediate findings that are found to be SPI. Each LORA user will execute SPI Checker at least [**]. User must review entries in the output file written to the desktop [**] and are classified by [**] as “High”. Entries found to be SPI must be immediately deleted.

At all times, the Management Remote Access Laptop shall be kept in the possession of either the AT&T-approved offshore Supplier resource to whom Supplier has assigned the device or Supplier personnel that are responsible for administering the LORA.

Remote Access end-user for laptops without AT&T Data requirements:

LOGO

To the extent approved by AT&T’s Executive Director of the IT OCE, Amdocs Offshore Personnel may perform Services and access AT&T Data on an as-needed basis (e.g., to perform after-hours contracted work for AT&T only) from an authorized Resource Home Location with specifically designated and approved computers provided by Amdocs (each a “Remote Access Laptop”), subject to the following:

Access to AT&T Data by Offshore Personnel will be done only by:

•

First, accessing the Amdocs network

•

Second, from the Amdocs network, accessing the AT&T network through a “Virtual Workstation”

Proprietary Information

Agreement Number 02026713.A.013

Connection from the Amdocs network to the AT&T network is defined by AT&T. Currently this is done through a dedicated Business to Business (B2B) network connection.

Each Remote Access Laptop will have Amdocs-provided anti-virus and firewall Software installed and operating in accordance with the Agreement.

Each Remote Access Laptop will only access AT&T Data through an Amdocs-provided VPN tunnel that is authenticated using a strong two-factor token solution.

Each Remote Access Laptop will have an AT&T-approved full hard drive encryption solution and Amdocs-provided anti-virus and firewall Software installed and operating in accordance with the Agreement.

Amdocs will implement and enforce commercially reasonable password complexity requirements that are no less strict than those required under this Agreement.

Microsoft (MS) Remote Desktop^TM , VPN Client, and/or Citrix ICA Client shall be installed, provided by and supported by Amdocs. Remote Desktop Protocol traffic must be encrypted. High encryption must be enabled (128 bit).

Remote Access Laptops shall use either (i) a VPN connection to connect to the Permanent Workstation at the Approved Work Location(s) or (ii) another VPN connection to connect to the Supplier’s corporate network or (iii) by connecting to the Virtual Workstation or Citrix server in an AT&T or Amdocs facility, from the Amdocs network, using Microsoft Remote Laptop Connection or Citrix ICA Protocol. The Remote Access Laptop may not use both (i) and (ii) and (iii) at the same time or any other connection methods.

File transfer between the Remote Access Laptop and desktop shall be disabled by the Supplier. MS Remote Desktop and Citrix ICA Client shall be configured to disable download capability. The configuration file that controls the above settings shall be read only for the user and editable only by authorized domain administrators.

Password screensavers on Remote Access Laptops must be set with the inactivity timeout set to [**] or less. The configuration file that controls the above settings shall be read only for the user and editable only by authorized domain administrators.

Security audit logs will be maintained by Amdocs to track system events, including login attempts, user sessions, logoffs, configuration changes, and other pertinent events and data.

Virtual Workstations will be configured such that Offshore Amdocs Personnel will be unable to download or copy AT&T Data to the Remote Access Device. Such configuration settings will be controlled centrally and editable only by authorized administrators.

Amdocs will be responsible for all costs associated with setting up the offshore remote access solution as described above.

Amdocs will review in the yearly Security Awareness training that Remote Access Laptops, with exception to technical support, are not permitted inside the Approved Work Location(s). This is to ensure that the Remote Access Laptop is never in a situation where AT&T data could be downloaded onto it.

Permanent Workstations are not permitted to leave the Approved Work Location.

Proprietary Information

Agreement Number 02026713.A.013

Offshore Supplier personnel approved by AT&T for remote access may only utilize the Remote Access Solution from their Resource Home Location with exception to Section II.1.g Lora Requirements, General Requirements.

Offshore Supplier personnel shall only store their Remote Access Laptops in their Resource Home Locations.

The Remote Access Solution shall only be used for AT&T business purposes, and only for on-call and emergency situations. AT&T will not approve the LORA for Supplier resources providing Services to AT&T who are part or full time telecommuting and use of the Remote Access Solution as a primary disaster recovery solution is prohibited.

Changes in Program:

The Limited Remote Offshore Access program is subject to change as directed by AT&T.

AT&T reserves the right to cancel any approved Limited Remote Offshore Access requests upon written notice to the Supplier.

Proprietary Information

Agreement Number 02026713.A.013

Appendix K


Country(ies) where services are authorized by AT&T to be performed	Services to be performed at approved Physical Location	Name of Supplier / Subcontractor performing the services
Austria	[**]	Amdocs

Austria	[**]	Amdocs
Cyprus	[**]	Amdocs
India	[**]	Amdocs
India	[**]	Amdocs
India	[**]	Amdocs
Israel	[**]	Amdocs
Israel	[**]	Amdocs
Israel	[**]	Amdocs
Israel	[**]	Amdocs
United Kingdom	[**]	Amdocs
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]

India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
Philippines	[**]	[**]

India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]

Proprietary Information

Agreement Number 02026713.A.015

AMENDMENT NO. 15

AGREEMENT NO. 02026713

This Amendment No. 15, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, Amdocs Software Systems Limited and AT&T have entered into that certain Agreement No. 03032360.A.003 pursuant to which AT&T has the right to obtain a license to use Amdocs’ Software;

WHEREAS, Supplier and AT&T desire to amend the Agreement as hereinafter set forth.

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

ARTICLE III - GENERAL TERMS is hereby amended to include the following new Section 3.42 entitled “Access to and Use of Information of Amdocs in AT&T’s PRISM Tool”. The Parties further agree that the terms of Section 3.42 shall apply to each agreement between any AT&T Affiliate and any Amdocs Affiliate (collectively the “Agreements”).

3.42 Access to and Use of Information of Amdocs in AT&T’s “PRISM” Tool

On August 26, 2008, AT&T deployed for use a new version of AT&T’s “PRISM”, an IT management tool that serves as an electronic repository for certain information about various

Proprietary and Confidential

This Amendment and information contained therein is not for use or disclosure outside of AT&T, its Affiliates, and third party representatives, and Amdocs except under written agreement by the contracting parties

Agreement Number 02026713.A.015

AT&T software development projects, including the “artifacts” (i.e., work products) produced in the course of AT&T-IT’s Unified Process (“IT UP”) System Development Life Cycle. Certain information of Amdocs relating to software development that Amdocs may or will perform for AT&T under the Agreements or other software development or maintenance projects that Amdocs may undertake for AT&T under other agreements (or information derived therefrom) may be entered into and thereafter reside in PRISM. The Parties agree as follows with respect to such information:

1. Access to and use of financial information of Amdocs

The only persons who will have access to financial proprietary information of Amdocs in PRISM (e.g., information relating to the fees Amdocs charges AT&T) are (i) AT&T employees, and (ii) contractors of AT&T subject to confidentiality obligations with AT&T similar to those set forth in this Agreement to whom AT&T has assigned an “IT Role”. The “IT Roles” currently include, but shall not be limited to, the following: Client Account Representative/Business Consultant, Lead Project Manager, Project Manager, Project Management Director, Governance Administrator, Governance Manager, Alternative Governance Manager, Strategic Initiative Owner, Strategic Initiative Alternate Owner, Strategic Initiative Designate, Budget Coordinator, PRISM Development, PRISM Testing, Administrator, Release Manager, Application Owner, Business Owner, Development Director, and Business Application Owner. AT&T may change or add to these IT Roles as business needs require. Each such AT&T employee, and each such contractor performing an IT Role, may access and use financial proprietary information of Amdocs in connection with AT&T’s receipt of Services from or AT&T’s performance of obligations (including AT&T’s performance of administrative obligations) with respect to Amdocs and for no other purpose.

2. Access to and use of non-financial information of Amdocs

Users of PRISM, whether (i) AT&T employees, or (ii)(a) contractors of AT&T or (b) third parties (including other suppliers to AT&T of software development services) subject, in the case of (ii)(a) and (b), to confidentiality obligations with AT&T similar to those set forth in this Agreement, may access and use any non-financial information relating to any AT&T software development or maintenance project that Amdocs undertakes for AT&T.

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.

Proprietary and Confidential

Agreement Number 02026713.A.015


Amdocs, Inc.

By:		/s/ Bryson Stucki



Printed Name:		/s/ Bryson Stucki



Title:		Director of Finance



Date:		12-3-2010


AT&T Services, Inc.

By:		Karin M. Hunt



Printed Name:		Karen M. Hunt



Title:		Senior Contract Manager



Date:		December 3, 2010

Proprietary and Confidential

Reinstatement and Amendment

No. 02026713.A.016

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.016

REINSTATEMENT AND AMENDMENT NO. 16

AGREEMENT NO. 02026713

This Reinstatement and Amendment No. 16, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, Amdocs Software Systems Limited and AT&T have entered into that certain Agreement No. 03032360.A.003 pursuant to which AT&T has the right to obtain a license to use Amdocs’ Software; and

WHEREAS, the Agreement expired by its terms on February 15, 2010 (the “Prior Expiration Date”); and

WHEREAS, after such Prior Expiration Date, the Parties continued to perform under the Agreement as if it had not expired, and with the intention of extending its term; and

WHEREAS, AT&T and Supplier now desire to revive the Agreement and to extend its term and to formalize the validity and continuation of the Agreement since its Effective Date of August 7, 2003;

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

The Agreement is revived; the term is extended as set forth below; and the Agreement shall be deemed to have been in effect continuously since the Agreement Effective Date. The Parties further ratify all actions taken by them under the Agreement between the Prior Expiration Date and the date when this Amendment is effective.

Proprietary Information

Agreement Number 02026713.A.016

For purposes of extending the term of the Agreement, Section 3.32, “Term of Agreement”, is deleted in its entirety and replaced with the following:

3.32. Term of Agreement

This Agreement with an Effective Date of August 7, 2003, shall remain in effect for a term ending on May 15, 2011, unless earlier Terminated or Canceled as provided in this Agreement. The Parties may extend the term of this Agreement by agreement in writing.

Appendix K is hereby deleted in its entirety and replaced with Appendix K, attached herewith, which shall apply to all agreements between any AT&T Entity and any Amdocs Entity.

Appendix 1.2(4), Vendor Expense Policy, which is attached to the Agreement, is deleted in its entirety and replaced with the revised Appendix 1.2(4) Vendor Expense Policy, which is attached hereto.

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.

IN WITNESS WHEREOF, the Parties have caused this Reinstatement and Amendment to Agreement No. 02026713 to be executed, which may be in duplicate counterparts, each of which will be deemed to be an original but all of which together shall constitute only one instrument, as of the date the last Party signs.


Amdocs, Inc.

By:		/s/ Thomas C. Drury



Printed Name:		Thomas C. Drury



Title:		President



Date:		2-25-2011


AT&T Services, Inc.

By:		/s/ Beverly J. Madsen



Printed Name:		Beverly J. Madsen



Title:		Senior Contract Manager



Date:		2-24-2011

Proprietary Information

Agreement Number 02026713.A.016

Appendix K


Country(ies) where services are authorized by AT&T to be performed	Services to be performed at approved Physical Location	Name of Supplier / Subcontractor performing the services
Brazil	[**]	[**]

Canada	[**]	Amdocs
Canada	[**]	Amdocs
Cyprus	[**]	Amdocs
India	[**]	Amdocs
India	[**]	Amdocs
India	[**]	Amdocs
Israel	[**]	Amdocs
Israel	[**]	Amdocs
Israel	[**]	Amdocs
Israel	[**]	Amdocs
Israel	[**]	[**]

United Kingdom	[**]	Amdocs
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]

India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
Philippines	[**]	[**]

India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
India	[**]	[**]
Singapore	[**]	[**]
UK	[**]	[**]
UK	[**]	[**]
India	[**]	[**]

Proprietary Information

Agreement Number 02026713.A.016

Appendix 1.2(4)

AT&T Vendor Expense Policy

AT&T Inc. and Participating Companies

(Updated 1/3/2011)

1.0 General

The following principles apply to requests for expense reimbursement:

When spending money that is to be reimbursed, vendors must ensure that an AT&T Company (“Company”) receives proper value in return.

Deviations from this VEP must be approved in writing by the sponsoring Senior Manager or Officer of an AT&T Company.

Employees should refer to the Section entitled “Payments” in the Schedule of Authorizations for Affiliates of AT&T Inc. for appropriate supplier invoice authorization approval levels.

Receipts will be requested and reviewed for any unusual or out of the ordinary expenses or where the approver cannot make a reasonable determination of the propriety of the invoice without a receipt.

The origination of a given expenditure for business purposes is the responsibility of the vendor incurring the expense and the authorization of that expense is the responsibility of the appropriate level of AT&T management in accordance with the Schedule of Authorizations for Affiliates of AT&T Inc.

Proprietary Information

Agreement Number 02026713.A.016

1.1 Non-Reimbursable Expenses

The following is a list, although not all inclusive, of expenses considered not reimbursable:

•

Airline club membership fees, dues, or upgrade coupon

•

Barber/Hairstylist/Beautician Expenses

•

Birthday cakes, lunches, balloons, and other personal celebration/recognition costs

•

Break-room supplies for the supplier, such as coffee, creamer, paper products, soft drinks, snack food

•

Car rental additional fees associated with high speed toll access programs and GPS devices

•

Car Washes

•

Clothing, personal care items, and toiletries

•

Credit card fees

•

Entertainment expenses

•

Expenses associated with spouses or other travel companions

•

Expenses to cover meals or expenses for an AT&T employee, whether in a home location or on official travel

•

Flowers, cards and gifts

•

Health Club and Fitness facilities

•

Hotel pay-per-view movies, Video Games and/or mini bar items

•

Insurance for rental car and or flight

•

Internet access in hotels (added to 3.5)

•

Laundry (except when overnight travel is required for 7 or more consecutive nights)

•

Lost luggage

•

Magazines & newspapers

•

Medical supplies

•

Membership fees to exercise facilities or social/country clubs

•

Movies purchased while on an airplane

•

Office expenses of suppliers

•

PC, cell phone, and other supplier support expenses (unless specifically authorized in the agreement)

•

Personal entertainment

•

Phone usage on airline unless AT&T business emergency

•

Safe rentals during a hotel stay

•

Proprietary Information

Agreement Number 02026713.A.016

•

Tips for housekeeping and excessive tips, i.e., in excess of 15% to 18% of cost of meal or services, excluding tax

•

Tobacco Products

•

Traffic or Parking Fines

•

Travel purchased with prepaid air passes.

•

Upgrades on airline, hotel, or car rental fees

•

Water (bottled or dispensed by a supplier), (unless authorized for specific countries where it is recommended that bottled water is used)

The failure to comply with the above mentioned restrictions will result in the Company refusing payment of charges or pursuing restitution from the vendor.

2.0 Responsibilities

2.1 Vendor’s Responsibility

It is mandatory that financial transactions are recorded in a timely manner. Out-of-pocket business expense(s) for vendors that are not submitted for reimbursement within [**] from the date incurred are considered non-reimbursable. Company managers who are responsible for approving reimbursable expenses of vendors should ensure they are submitted and approved in a timely manner.

3.0 Travel Policy

AT&T reserves the right to dispute any expense submittal and if not verifiable as valid may reject reimbursement. Reimbursements will be made to vendor only after expenses are verified as valid.

3.1 Travel Authorization

Travel requiring overnight stays must be pre-approved by the sponsoring AT&T Manager 3^rd Level or above and should be approved only if it is necessary for the vendor to travel to perform required work.

Proprietary Information

Agreement Number 02026713.A.016

3.2 Travel Reservations

Vendors are expected to procure the most cost efficient travel arrangements, preferably equivalent to the AT&T discount rate. AT&T does not reimburse for travel purchased with prepaid air passes.

3.3 Travel Expense Reimbursement

Vendor travel expenses incurred for company business are reimbursable only as specified in these guidelines. Travel expenses may include the following:

•

Transportation (airfare or other commercial transportation, car rental, personal auto mileage, taxi and shuttle service)

•

Meals and lodging

•

Parking and tolls

•

Tips/porter service (if necessary and reasonable)

•

The expense must be ordinary and necessary, not lavish or extravagant, in the judgment of the AT&T sponsoring management. Any reimbursement request must be for actual expenditures only.

3.4 Air Travel Arrangements

Vendors must select lowest logical airfare (fares available in the market at the time of booking, preferably well in advance of trip to attain lowest possible airfare). Vendors shall book coach class fares for all travel at all times. First class bookings are not reimbursable. Vendors can request business class when a single segment of flight time (“in air time” excluding stops, layovers and ground time) is greater than 8 hours providing the relevant manager pre-approves.

3.5 Hotel Arrangements

AT&T has established Market-Based Room Rate Guidelines for vendors to reference when making hotel reservations in the United States (see Addendum A). U.S. vendors traveling outside the U.S. should reference the GSA, Government Per Diem as a guide: http://aoprals.state.gov/web920/per_diem.asp. Non-US vendors may use these dollar per diems as a guide, but any locally specified per diems will take precedence. Vendors are expected to abide by these guidelines when making hotel arrangements or use specified AT&T preferred hotels/maximum location rates or reasonably priced hotels outside of the U.S. The AT&T supplier manager can advise which hotel/max rate to use if there is a hotel in the location concerned. AT&T will only reimburse vendors up to the established room rate guideline/AT&T preferred hotel rate in each market, or for actual hotel lodging charges incurred, whichever is less.

Proprietary Information

Agreement Number 02026713.A.016

There must be a strong business justification for incurring any cost for internet access, and a request for reimbursement must be accompanied by a detailed explanation regarding reason for charge.

3.6 Ground Transportation

“Loss Damage Waiver” and “Extended Liability Coverage” are not considered reimbursable in the US. Prepaid fuel or refueling charges at the time of return are not reimbursable.

Rental cars should be refueled before returning to the rental company, since gas purchased through the rental company carries an expensive refueling service charge.

3.7 Use of Personal Vehicle

3.8 Parking

If airport parking is necessary, vendors must use long term parking facilities. Additional costs for short term, valet or covered parking are not reimbursable.

3.9 Entertainment

3.10 Laundry and Cleaning

Reasonable laundry charges during business trips of seven or more consecutive nights are reimbursable based on actual expenses incurred.

Proprietary Information

Agreement Number 02026713.A.016

3.11 Communications

•

The actual cost of landline telephone calls for AT&T business is reimbursable. The use of AT&T products is required when available.

•

Charges for high speed internet access are not reimbursable unless specifically approved in the contract.

3.12 Business Meals (Travel and Non-Travel)

AT&T managers authorizing invoices will be held accountable for ensuring that vendors are following this policy and are spending Company funds economically.

3.13 Flowers, Greeting Cards, Gifts and Incentive Awards

The cost of gifts, flowers, birthday lunches, or greeting cards is considered a personal expense and is not reimbursable. For example, vendors making a donation or providing a gift for a fund-raiser for AT&T may not submit such an expense to AT&T for reimbursement.

3.14 Loss or Damage to Personal Property

The Company assumes no responsibility for loss or damage to a vendor’s personal property during business functions or hours.

3.15 Publications

Subscriptions to or purchases of magazines, newspapers and other publications are not reimbursable.

Proprietary Information

Agreement Number 02026713.A.016

AT&T U.S. 2011 Hotel Room Rate Only Guidelines

***U.S. Cities not listed on this Hotel Room Rate Only Guideline Matrix, default to [**] nightly rate. On occasion an AT&T Preferred Property may exceed the rate guideline for a season (s) or particular city, but has been added due to demand within the market. However, if an alternate Preferred Property within the guideline is offered it should be accepted when available. You may select the Preferred Property that is over the Guideline if it is the option that is available, selecting the appropriate reason code.

City

2011
Guideline

City

2011
Guideline

City

2011
Guideline

Anchorage

[**]

Plantation

[**]

Edison

[**]

Fairbanks

[**]

Port St. Lucie

[**]

Elizabeth

[**]

Glennallen

[**]

Saint Augustine

[**]

Fair Lawn

[**]

Ketchikan

[**]

Sarasota

[**]

Florham Park

[**]

Kodiak

[**]

Sunrise

[**]

Iselin

[**]

Birmingham

[**]

Tallahassee

[**]

Mahwah

[**]

Decatur

[**]

Tamarac

[**]

Manahawkin

[**]

Florence

[**]

Tampa

[**]

Morristown

[**]

Hoover

[**]

West Palm Beach

[**]

Newark

[**]

Huntsville

[**]

Alpharetta

[**]

Paramus

[**]

Montgomery

[**]

Atlanta

[**]

Parsippany

[**]

Mobile

[**]

Augusta

[**]

Piscataway

[**]

Tuscaloosa

[**]

Brunswick

[**]

Princeton

[**]

Bryant

[**]

Carrollton

[**]

Ramsey

[**]

El Dorado

[**]

Columbus

[**]

Red Bank

[**]

Fayetteville

[**]

Dublin

[**]

Saddle Brook

[**]

Fort Smith

[**]

Duluth

[**]

Saddle River

[**]

Hardy

[**]

Dunwoody

[**]

Short Hills

[**]

Little Rock

[**]

Griffin

[**]

Somerset

[**]

Mountain Home

[**]

Lawrenceville

[**]

Teaneck

[**]

North Littlerock

[**]

Lithia Springs

[**]

Tinton Falls

[**]

Pine Bluff

[**]

Norcross

[**]

Warren

[**]

Rogers

[**]

Peachtree City

[**]

West Orange

[**]

Russellville

[**]

Savannah

[**]

Whippany

[**]

Springdale

[**]

Roswell

[**]

Woodcliff Lake

[**]

VanBuren

[**]

Tifton

[**]

Albuquerque

[**]

Chandler

[**]

Honolulu

[**]

Henderson

[**]

Mesa

[**]

Kailua Kona

[**]

Las Vegas

[**]

Phoenix

[**]

Kihei

[**]

Pahrump

[**]

Rio Rico

[**]

Waikoloa

[**]

Albany

[**]

Scottsdale

[**]

Desmoines

[**]

Brooklyn

[**]

Tempe

[**]

Johnston

[**]

Cheektowaga

[**]

Tucson

[**]

Urbandale

[**]

Fishkill

[**]

Proprietary Information

Agreement Number 02026713.A.016

Yuma

[**]

Ammon

[**]

Jamaica

[**]

Anaheim

[**]

Idaho Falls

[**]

New York

[**]

Buena Park

[**]

Alsip

[**]

Plainview

[**]

Burbank

[**]

Arlington Heights

[**]

Rochester

[**]

Burlingame

[**]

Barrington

[**]

Rockville Center

[**]

Carlsbad

[**]

Bedford Park

[**]

Syracuse

[**]

Cerritos

[**]

Bourbonnais

[**]

Tarrytown

[**]

Chico

[**]

Champaign

[**]

Vestal

[**]

City of Industry

[**]

Chicago

[**]

West Harrison

[**]

Clovis

[**]

Danville

[**]

White Plains

[**]

Concord

[**]

Des Plaines

[**]

Woodbury

[**]

Coronado

[**]

Downers Grove

[**]

Beachwood

[**]

Costa Mesa

[**]

Elk Grove

[**]

Boardman

[**]

Cupertino

[**]

Elmhurst

[**]

Centerville

[**]

Del Mar

[**]

Fairview Heights

[**]

Cleveland

[**]

Dublin

[**]

Gurnee

[**]

Columbus

[**]

El Segundo

[**]

Hoffman Estates

[**]

Dayton

[**]

Emeryville

[**]

Lincolnshire

[**]

Dublin

[**]

Escondido

[**]

Lisle

[**]

Fairborn

[**]

Eureka

[**]

Lombard

[**]

Independence

[**]

Garden Grove

[**]

Naperville

[**]

Mayfield Village

[**]

Glendale (North)

[**]

Northbrook

[**]

North Olmsted

[**]

Hawthorne

[**]

Oakbrook

[**]

Orange Village

[**]

Hayward

[**]

Ofallon

[**]

Perrysburg

[**]

Hollywood

[**]

Palatine

[**]

Poland

[**]

Irvine

[**]

Rockford

[**]

Reynoldsburg

[**]

La Jolla

[**]

Rolling Meadows

[**]

Richfield

[**]

Livermore

[**]

Rosemont

[**]

Oklahoma City

[**]

Long Beach

[**]

Schaumburg

[**]

Owasso

[**]

Los Angeles

[**]

Springfield

[**]

Ponca City

[**]

Merced

[**]

Tinley Park

[**]

Coos Bay

[**]

Milpitas

[**]

Vernon Hills

[**]

Lake Oswego

[**]

Modesto

[**]

Westmont

[**]

Portland

[**]

Montebello

[**]

Willowbrook

[**]

Tigard

[**]

Monterey

[**]

Bloomington

[**]

Allentown

[**]

Mountain View

[**]

Carmel

[**]

Audubon

[**]

Napa

[**]

Columbus

[**]

Bensalem

[**]

Newark

[**]

Indianapolis

[**]

Berwyn

[**]

Newport Beach

[**]

Muncie

[**]

Coraopolis

[**]

Oakland

[**]

South Bend

[**]

Essington

[**]

Ontario

[**]

Merriam

[**]

Glen Mills

[**]

Proprietary Information

Agreement Number 02026713.A.016

Orange

[**]

Overland Park

[**]

Harrisburg

[**]

Palo Alto

[**]

Shawnee

[**]

King of Prussia

[**]

Pasadena

[**]

Topeka

[**]

Langhorn

[**]

Petaluma

[**]

Wichita

[**]

Philadelphia

[**]

Pleasanton

[**]

Covington

[**]

Pittsburgh

[**]

Redondo Beach

[**]

Louisville

[**]

Wayne

[**]

Redwood City

[**]

Baton Rouge

[**]

Lincoln

[**]

Riverside

[**]

Covington

[**]

Providence

[**]

Rocklin

[**]

La Place

[**]

Anderson

[**]

Rohnert Park

[**]

Metairie

[**]

Charleston

[**]

Rosemead

[**]

New Orleans

[**]

Duncan

[**]

Sacramento

[**]

Boston

[**]

Florence

[**]

Salinas

[**]

Burlington

[**]

Hilton Head

[**]

San Carlos

[**]

Cambridge

[**]

Myrtle Beach

[**]

San Diego

[**]

Dedham

[**]

Brentwood

[**]

San Francisco

[**]

Framingham

[**]

Crossville

[**]

San Gabriel

[**]

Lowell

[**]

Franklin

[**]

San Jose

[**]

Marlborough

[**]

Jackson

[**]

San Luis Obispo

[**]

Natick

[**]

Johnson City

[**]

San Mateo

[**]

Stoughton

[**]

Knoxville

[**]

San Rafael

[**]

Baltimore

[**]

Memphis

[**]

San Ramon

[**]

Bethesda

[**]

Nashville

[**]

Santa Ana

[**]

Columbia

[**]

Addison

[**]

Santa Clara

[**]

Greenbelt

[**]

Arlington

[**]

Santa Monica

[**]

Hanover

[**]

Austin

[**]

Santa Rosa

[**]

Linthicum

[**]

Beaumont

[**]

Sherman Oaks

[**]

Linthicum Heights

[**]

Corpus Christi

[**]

South San Francisco

[**]

Portland

[**]

Dallas

[**]

Stevenson Ranch

[**]

Battlecreek

[**]

El Paso

[**]

Stockton

[**]

Canton

[**]

Frisco

[**]

Susanville

[**]

Detroit

[**]

Ft. Worth

[**]

Temecula

[**]

Farmington Hills

[**]

Houston

[**]

Thousand Oaks

[**]

Holland

[**]

Irving

[**]

Torrance

[**]

Lansing

[**]

McAllen

[**]

Ukiah

[**]

Marquette

[**]

Midland

[**]

Universal City

[**]

Novi

[**]

Plano

[**]

Valencia

[**]

Port Huron

[**]

Richardson

[**]

Van Nuys

[**]

Romulus

[**]

San Antonio

[**]

Walnut Creek

[**]

Southfield

[**]

Texarkana

[**]

Watsonville

[**]

Walker

[**]

Waxahachie

[**]

West Lake Village

[**]

Warren

[**]

The Woodlands

[**]

West Sacramento

[**]

Baxter

[**]

Salt Lake City

[**]

Proprietary Information

Agreement Number 02026713.A.016

Willits

[**]

Bloomington

[**]

Alexandria

[**]

Woodland

[**]

Edina

[**]

Arlington

[**]

Yorba Linda

[**]

Minneapolis

[**]

Charlottesville

[**]

Aurora

[**]

St. Paul

[**]

Chantilly

[**]

Boulder

[**]

Bridgeton

[**]

Chester

[**]

Colorado Springs

[**]

Columbia

[**]

Dulles

[**]

Denver

[**]

Fenton

[**]

Fairfax

[**]

Englewood

[**]

Festus

[**]

Falls Church

[**]

Greenwood Village

[**]

Joplin

[**]

Glen Allen

[**]

Glastonbury

[**]

Kansas City

[**]

Hampton

[**]

Meriden

[**]

Kirkwood

[**]

Herndon

[**]

New Haven

[**]

Lees Summit

[**]

Norfolk

[**]

New London

[**]

Maryland Heights

[**]

Richmond

[**]

Rocky Hill

[**]

Saint Charles

[**]

Sandston

[**]

Stamford

[**]

Saint Louis

[**]

Sterling

[**]

Wallingford

[**]

Springfield

[**]

Tysons Corner

[**]

Washington

[**]

Jackson

[**]

Vienna

[**]

Wilmington

[**]

McComb

[**]

Bellevue

[**]

Altamonte Springs

[**]

Natchez

[**]

Bothell

[**]

Aventura

[**]

Ocean Springs

[**]

Kirkland

[**]

Boca Raton

[**]

Pearl

[**]

Lynnwood

[**]

Boynton Beach

[**]

Ridgeland

[**]

Redmond

[**]

Dania Beach

[**]

Tupelo

[**]

Seattle

[**]

Fort Lauderdale

[**]

Asheville

[**]

Spokane

[**]

Fort Meyers

[**]

Carolina Beach

[**]

Tacoma

[**]

Jacksonville

[**]

Charlotte

[**]

Tukwila

[**]

Kendall

[**]

Durham

[**]

Woodinville

[**]

Key Largo/Tavernier

[**]

Gastonia

[**]

Green Bay

[**]

Key West

[**]

Goldsboro

[**]

Kenosha

[**]

Lake City

[**]

Greensboro

[**]

Kimberly

[**]

Lake Mary

[**]

Morrisville

[**]

Madison

[**]

Lakeland

[**]

Raleigh

[**]

Milwaukee

[**]

Marathon

[**]

Shelby

[**]

Mukwonago

[**]

Maitland

[**]

Wilmington

[**]

Oshkosh

[**]

Melbourne

[**]

Winston Salem

[**]

Pewaukee

[**]

Miami

[**]

Omaha

[**]

Waukesha

[**]

Miami Beach

[**]

Basking Ridge

[**]

Wauwatosa

[**]

Orlando

[**]

Bernardsville

[**]

Beckley

[**]

Palm Beach

[**]

Bridgewater

[**]

Charleston

[**]

Panama City

[**]

Cranbury

[**]

Hurricane

[**]

Pensacola

[**]

Eatontown

[**]

Proprietary Information

Amendment

No. 02026713.A.021

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.021

AMENDMENT NO. 21

AGREEMENT NO. 02026713

This Amendment No. 21, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

1.	A new Section 2.51, “AT&T Data,” is hereby added to ARTICLE II - DEFINITIONS as follows:

2.51

“AT&T Data” means any data or information of AT&T, and any data or information of the customers of AT&T, that is provided to or obtained by Amdocs in the performance of its obligations under this Agreement, including Customer Information, user identification numbers and passwords provided for access or use of AT&T Software, Equipment or Systems, data and information with respect to the businesses,

Proprietary Information

Agreement Number 02026713.A.021

customer, operations, facilities, products, rates, regulatory compliance, competitors, consumer markets, assets, expenditures, mergers, acquisitions, divestitures, billings, collections, revenues and finances of AT&T. “AT&T Data” also means any data or information created, generated, collected or processed by Amdocs in the performance of its obligations under this Agreement, including data processing input and output, service level measurements, asset information, third party service and product agreements, contract charges and retained and pass-through expenses.

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.



By:		/s/ Thomas G. O’Brien



Printed Name:		Thomas G. O’Brien



Title:		Treasurer



Date:		7-23-2012


AT&T Services, Inc.



By:		/s/ Beverly J. Madsen



Printed Name:		Beverly J. Madsen



Title:		Senior Contract Manager



Date:		July 20, 2012

Proprietary Information

Amendment

No. 02026713.A.025

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.025

AMENDMENT NO. 25

AGREEMENT NO. 02026713

This Amendment No. 25, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, AT&T and Amdocs are parties to that certain Agreement No. 02026713 for Software and Professional Services, dated as of August 7, 2003, as amended by Amendment No. 1 effective December 19, 2003, as amended by Amendment No. 2 effective January 10, 2005, as amended by Amendment No. 3 effective December 15, 2005, as amended by Amendment No. 4 effective September 27, 2006, as amended by Amendment No. 5 effective September 27, 2007, as amended by Amendment No. 6 effective September 2, 2008, as amended by Amendment No. 7 effective December 8, 2008, as amended by Amendment No. 8 effective February 4, 2009, as amended by Amendment No. 9 effective March 28, 2009, as amended by Amendment No. 10 effective August 7, 2009, as amended by Amendment No. 11 effective March, 15, 2010, as amended by Amendment No. 12 effective May 28, 2010, as further amended by Amendment No. 13 effective August 30, 2010, as amended by Amendment 14 effective November 22, 2010, as amended by Amendment No. 15 effective December 3, 2010, as amended by Amendment No. 16 effective February 24, 2011, as amended by Amendment 17 effective May 24, 2011; as amended by Amendment No. 18 effective July 25, 2011; as amended by Amendment No. 19 effective November 14, 2011; as amended by Amendment No. 20 effective June 28, 2012; as amended by Amendment No. 21 effective July 23, 2012; as amended by Amendment No. 22 effective August 28, 2012; as amended by Amendment No. 23 effective October 31, 2012; as amended by Amendment No. 24 effective January 28, 2013 (collectively, the “Agreement”) and

WHEREAS, the Agreement in accordance with Amendment 24 is set to expire by its terms on March 31, 2013 (the “Prior Expiration Date”); and

WHEREAS, AT&T and Supplier now desire to extend its term and to formalize the validity and continuation of the Agreement since its Effective Date of August 7, 2003;

Proprietary Information

Agreement Number 02026713.A.025

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

1.	The Agreement is extended as set forth below; and the Agreement shall be deemed to have been in effect continuously since the Agreement Effective Date.

2.	For purposes of extending the term of the Agreement, Section 3.32, “Term of Agreement”, is deleted in its entirety and replaced with the following:

3.32. Term of Agreement

This Agreement with an Effective Date of August 7, 2003, shall remain in effect for a term ending on June 30, 2013, unless earlier Terminated or Canceled as provided in this Agreement. The Parties may extend the term of this Agreement by agreement in writing.

3.	For purposes of changing payment terms of the Agreement, Section 3.16.B, “Invoicing and Payment”, is hereby deleted in its entirety and replaced with the following:

Section 3.16.B Invoicing and Payment

The invoice shall specify in detail, where applicable (1) quantities of each ordered item, (2) unit prices of each ordered item, (3) the estimated amount of tax per item, (4) any relevant item and commodity codes known to Amdocs, (5) total amounts for each item, (6) total estimated amount of applicable sales or use taxes, (7) discounts, (8) shipping charges, and (9) total amount due. AT&T shall pay Supplier in accordance with the prices set forth in this Agreement [**] of the date of receipt of the invoice. Payment for Material or Services not conforming to the Specifications (in the event of payments due upon Acceptance), and portions of any invoice in dispute, may be withheld by AT&T until such problem has been resolved in accordance with the escalation and arbitration mechanisms described in Sections 4.7. If AT&T disputes any invoice rendered or amount paid, AT&T shall promptly so notify Supplier. The Parties shall use their best efforts to resolve such dispute expeditiously, including escalation in accordance with Section 4.7 (A), if necessary.

The term “Leadership Council” and all references thereto are deleted throughout the Agreement and associated Amendments, and where the Parties so agree in an applicable Work Order, is replaced by Section 4.7.

Proprietary Information

Agreement Number 02026713.A.025

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.



By:		/s/ Michael Saeger



Printed Name:		Michael Saeger



Title:		Treasurer



Date:		3-22-2013


AT&T Services, Inc.



By:		/s/ Phillip S. Castle



Printed Name:		Phillip S. Castle



Title:		Senior Contract Manager



Date:		3-22-2013

Proprietary Information

Amendment

No. 02026713.A.026

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.026

AMENDMENT NO. 26

AGREEMENT NO. 02026713

This Amendment No. 26, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, AT&T and Supplier now desire to further amend the Agreement;

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

Notwithstanding anything to the contrary contained in any Work Order or Order that was executed pursuant to the Agreement prior to March 22, 2013, the Parties agree that the payment terms for any invoices issued by Amdocs to AT&T [**], shall be [**].

Proprietary Information

Agreement Number 02026713.A.026

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.



By:		/s/ Thomas C. Drury



Printed Name:		Thomas C. Drury



Title:		President



Date:		4/10/2013


AT&T Services, Inc.



By:		/s/ Beverly J. Madsen



Printed Name:		Beverly J. Madsen



Title:		Senior Contract Manager



Date:		4-9-2013

Proprietary Information

Reinstatement and Amendment

No. 02026713.A.027

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.027

REINSTATEMENT AND AMENDMENT NO. 27

AGREEMENT NO. 02026713

This Reinstatement and Amendment No. 27, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, the Agreement expired by its terms on June 30, 2013 (the “Prior Expiration Date”); and

WHEREAS, after such Prior Expiration Date, the Parties continued to perform under the Agreement as if it had not expired, and with the intention of extending its term; and

Proprietary Information

Agreement Number 02026713.A.027

WHEREAS, AT&T and Supplier now desire to revive the Agreement and to extend its term and to formalize the validity and continuation of the Agreement since its Effective Date of August 7, 2003;

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

The Agreement is revived; the term is extended as set forth below; and the Agreement shall be deemed to have been in effect continuously since the Agreement Effective Date. The Parties further ratify all actions taken by them under the Agreement between the Prior Expiration Date and the date when this Amendment is effective.

For purposes of extending the term of the Agreement, Section 3.32, “Term of Agreement”, is deleted in its entirety and replaced with the following:

3.32. Term of Agreement

This Agreement with an Effective Date of August 7, 2003, shall remain in effect for a term ending on September 30, 2013, unless earlier Terminated or Canceled as provided in this Agreement. The Parties may extend the term of this Agreement by agreement in writing.

For purposes of changing AT&T Data definitions, Section 2.51, “AT&T Data”, is deleted in its entirety and replaced with the following:

2.51 “AT&T Data”

“AT&T Data” means any data or information (i) of AT&T or its customers, that is disclosed or provided to Supplier by, or otherwise obtained by Supplier from, AT&T or its customers, including Customer Information and customer proprietary network information (as that term is defined in Section 222 of the Communications Act of 1934, as amended, 47 U.S.C. §222), as well as data and information with respect to the businesses, customers, operations, networks, systems, facilities, products, rates, regulatory compliance, competitors, consumer markets, assets, expenditures, mergers, acquisitions, divestitures, billings, collections, revenues and finances of AT&T; and (ii) not supplied by AT&T or its customers, but created, generated, collected or harvested by Supplier either (a) in furtherance of this Agreement or an Order hereunder or (b) as a result of Supplier having access to AT&T infrastructure, systems, data, hardware, software or processes (for example, through data processing input and output, service level measurements, or ascertainment of network and system information). Notwithstanding the foregoing, the Parties agree that “AT&T Data” shall (1) not be deemed to include material or software (A)(I) created or owned by Amdocs prior to execution of this Agreement or (II) provided under license from third parties by Amdocs prior to execution of this Agreement or (III) created by Amdocs or third parties after execution of this Agreement for a client other than AT&T or (B) that Supplier owns in accordance with this Agreement or as agreed by the Parties in a Work Order, and (2) be deemed to include material or software that is derived from the performance and operation of AT&T Data or AT&T Proprietary Information.

Proprietary Information

Agreement Number 02026713.A.027

For purposes of adding AT&T Derived Data definitions, Section 2.52, “AT&T Derived Data”, is being added as follows:

2.52 “AT&T Derived Data”

“AT&T Derived Data” means any data or information that is a result of or modification of, adaption, revision, translation, abridgement, condensation, compilation, evaluation, expansion, or any other recasting or processing of the AT&T Data, for example, as a result of Supplier’s observation, analysis, or visualization of AT&T Data arising out of the performance of Supplier’s obligations. Notwithstanding the foregoing, the Parties agree that “AT&T Derived Data” shall not be deemed to include Supplier’s material or software that does not constitute AT&T Data as set forth in Subsection 1 above.

For purposes of addressing Ownership of AT&T Data and AT&T Derived Data, Section 3.37 “Ownership of AT&T Data and AT&T Derived Data”, is being added as follows:

3.37 “Ownership of AT&T Data and AT&T Derived Data”

AT&T Data is the property of AT&T. To the extent needed to perfect AT&T’s ownership in AT&T Data, Supplier hereby assigns all right, title and interest in AT&T Data to AT&T. No transfer of title in AT&T Data is implied or shall occur under this Agreement. AT&T grants to Supplier and its approved subcontractors a license to access, use, and copy the AT&T Data, with no right to grant sublicenses, solely for the performance of Supplier’s obligations during the Term of this Agreement and solely in compliance with AT&T’s privacy policies, including obligations relating to Customer Information as set forth in the Agreement. Supplier shall promptly return AT&T Data, at no cost to AT&T, and in the format and on the media prescribed by AT&T (i) at any time at AT&T’s request, regardless of the expiration or termination of this Agreement, (ii) at the expiration or termination of this Agreement, or (iii) with respect to particular AT&T Data, whenever such data is no longer needed by Supplier to perform its obligations under this Agreement. AT&T Data shall not be (a) utilized by Supplier for any purpose other than as required to fulfill its obligations under this Agreement, (b) sold, assigned, leased, commercially exploited or otherwise provided to or accessed by third parties, whether by or on behalf of Supplier, (c) withheld from AT&T by Supplier, or (d) used by Supplier to assert any lien or other right against or to it. Supplier shall promptly notify AT&T if Supplier believes that any use of AT&T Data by Supplier contemplated under this Agreement or to be undertaken as part of the performance of this Agreement is inconsistent with the preceding sentence.

AT&T shall own all right, title and interest to the AT&T Derived Data. To the extent needed to perfect AT&T’s ownership in AT&T Derived Data, Supplier hereby assigns all right, title and interest in AT&T Derived Data to AT&T. AT&T grants to Supplier and its approved subcontractors a license to access, use, and copy the AT&T Derived Data, with

Proprietary Information

Agreement Number 02026713.A.027

no right to grant sublicenses (except to an approved Supplier subcontractor), solely for the performance of Supplier’s obligations during the Term of this Agreement and solely in compliance with AT&T’s privacy policies, including obligations relating to Customer Information. Supplier shall deliver AT&T Derived Data in the format, on the media and in the timing prescribed by AT&T. Such delivery shall be at no cost to AT&T unless the format, media, or timing prescribed by AT&T for delivery would cause Supplier to incur substantial additional costs, in which case Supplier shall so notify AT&T and the Parties shall negotiate in good faith to determine whether the format, media, or timing can be changed to avoid Supplier’s incurring such costs or to determine whether AT&T is willing to reimburse Supplier for such costs. If the Parties fail to agree, the Parties agree to use the Dispute Resolution procedures in the Agreement to resolve the dispute. For the avoidance of doubt, Supplier shall not create or develop AT&T Derived Data after the expiration or termination of this Agreement.

The provisions of this Section 3.37 shall apply (i) to all AT&T Data and AT&T Derived Data disclosed or otherwise provided to, or created, developed, modified, recast or processed by, Supplier on or after the Effective Date of this Agreement should AT&T request such AT&T Data and AT&T Derived Data and (ii) to all AT&T Data and AT&T Derived Data disclosed or otherwise provided to, or created, developed, modified, recast or processed by Supplier after the effective date of this Amendment No. 27 as part of the Services provided to AT&T under any Work Order that was in effect on the Effective Date of Amendment No.27. Supplier’s obligation to return AT&T Data and AT&T Derived Data upon AT&T’s request shall survive the expiration or termination of this Agreement, but shall not apply to AT&T Data and AT&T Derived Data which, at the time of AT&T’s request for return, is no longer retained by or on behalf of Supplier.

Proprietary Information

Agreement Number 02026713.A.027

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.



By:		/s/ Thomas C. Drury



Printed Name:		Thomas C. Drury



Title:		President



Date:		7-19-2013


AT&T Services, Inc.



By:		/s/ Beverly J. Madsen



Printed Name:		Beverly J. Madsen



Title:		Senior Contract Manager



Date:		July 17, 2013

Proprietary Information

Amendment

No. 02026713.A.030

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.030

AMENDMENT NO. 30

AGREEMENT NO. 02026713

This Amendment No. 30, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, AT&T and Supplier now desire to further amend the Agreement;

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

1.	For purposes of extending the term of the Agreement, Section 3.32, “Term of Agreement”, is deleted in its entirety and replaced with the following:

3.32. Term of Agreement

This Agreement with an Effective Date of August 7, 2003, shall remain in effect for a term ending on September 30, 2014, unless earlier Terminated or Canceled as provided in this Agreement. The Parties may extend the term of this Agreement by agreement in writing.

Proprietary Information

Agreement Number 02026713.A.030

2.	Section 3, “AT&T Supplier Information Security Requirements”, of Appendix 8, “AT&T Rules, Supplier Information Security Requirements and Limited Offshore Remote Access”, is deleted in its entirety and replaced with the following:

AT&T Supplier Information Security Requirements

The following AT&T Supplier Information Security Requirements (“Security Requirements”) apply to Amdocs, its affiliates, its Subcontractors, and each of their employees and/or temporary workers, contractors, vendors and/or agents who perform any Services for, on behalf of, and/or through AT&T and/or any other obligations (for the purpose of this Appendix, each or all “Supplier”) that include any of the following:

Supplier’s performance of Services that involve the collection, storage, handling, or disposal of AT&T’s Information;

Supplier-offered or -supported AT&T branded services using non-AT&T Information Resources (as defined below);

Connectivity to AT&T’s Nonpublic Information Resources (as defined below);

Custom Software development pursuant to Section 3.33 to the Master Services Agreement No. 02026713 to the extent produced or developed by or on behalf of Supplier, or forming part of any software pursuant to the Agreement to which these Security Requirements are attached (including under any statement of work, exhibit, order or other document under, subordinate to, or referencing this Agreement) for the development of which AT&T has been charged monies; or

Website hosting and development for AT&T and/or AT&T’s customers.

Supplier represents and warrants that during the term of this Agreement and thereafter (as applicable with respect to Supplier’s obligations under the Survival of Obligations clause) Supplier is, and shall continue to be, in compliance with its obligations as set forth herein. In addition to all other remedies specified in the Agreement, Supplier agrees that AT&T shall be entitled to seek an injunction, specific performance or other equitable relief and be reimbursed the costs (including reasonable attorney’s fees) by Supplier to enforce the obligations in these Security Requirements, including those that survive Termination, Cancellation or expiration of this Agreement. The provisions of this Appendix shall not be deemed to, and shall not, limit any more stringent security or other obligations of the Agreement. Section and paragraph headings contained in parentheses following paragraphs in the table, below, in this Appendix are for reference purposes only and are not to affect the meaning or interpretation of this Agreement.

AT&T reserves the right to update or modify its Security Requirements from time to time. Upon notification by AT&T of its need to modify the Security Requirements, Supplier agrees to promptly negotiate in good faith and expedite execution of an amendment to this Agreement to incorporate any such modification. Supplier acknowledges that AT&T may require modifications to Security Requirements:

Upon extension or renewal of the Agreement;

Upon any change in work scope or other substantive modification of the Agreement; or

At such time that AT&T deems necessary.

Proprietary Information

Agreement Number 02026713.A.030

3.1 Definitions:

Unless otherwise set forth or expanded herein, defined terms shall have the same meaning as set forth in the main body of the Agreement.

“Customer Facing System” means an Information Resource accessible from public networks, intended for use by AT&T and/or its customers and which resides in a Demilitarized Zone (DMZ), as defined below, and where that DMZ:

Is protected by firewalls located between the Internet and the DMZ, between that DMZ and all other DMZs, and between the DMZ and the AT&T intranet,

Prohibits incoming TELNET connections from public networks, and

Prohibits incoming File Transfer Protocol (FTP) connections from public networks except to specific systems known as “FTP drop boxes”.

“CPNI” (Customer Proprietary Network Information) as that term is defined in the Telecommunications Act of 1996, 47 U.S.C. §222 (h)(1).

“Demilitarized Zone” or “DMZ” is a network or sub-network that sits between a trusted internal network, such as a corporate private Local Area Network (LAN), and an untrusted external network, such as the public Internet. A DMZ helps prevent outside users from gaining direct access to internal Information Resources. Inbound packets from the untrusted external network must terminate within the DMZ and must not be allowed to flow directly through to the trusted internal network. All inbound packets which flow to the trusted internal network must only originate within the DMZ.

The DMZ must be separated from the untrusted external network by use of a Security Gateway and must be separated from the trusted internal network by use of either:

another Security Gateway, or

the same Security Gateway used to separate the DMZ from the untrusted external network, in which case the Security Gateway must ensure that packets received from the untrusted external network are either immediately deleted or if not deleted are routed only to the DMZ with no other processing of such inbound packets performed other than possibly writing the packets to a log.

Proprietary Information

Agreement Number 02026713.A.030

The following must only be located within the trusted internal network:

Any of AT&T’s Sensitive Personal Information (SPI) stored without the use of Strong Encryption,

The official record copy of information to be accessed from requests originating from the untrusted external network,

The official record copy of information to be modified as the result of requests originating from the untrusted external network,

Database servers,

All exported logs, and

Development environments and source code.

The following must not be located within the DMZ:

Authentication credentials not protected by the use of Strong Encryption.

“Incident Management Process” is a Supplier-developed documented procedure to be followed in the event of an actual or suspected attack upon, intrusion upon, unauthorized access to, loss of, or other breach involving AT&T’s Information Resources.

“Information Resources” means systems, applications, networks, network elements and other computing and information storage devices, including smart phones, tablets, and USB memory sticks, and AT&T’s Information stored, transmitted, or processed with these resources in conjunction with supporting AT&T and/or used by Supplier in fulfillment of its obligations under this Agreement.

“Location Based Information” or “LBI” means information that identifies the current or past location of a specific individual’s mobile device. LBI contains two factors both of which must be present and able to be associated with each other. These two factors are: (1) a mobile device’s physical location (e.g. a map address, or latitude and longitude together with altitude where known) derived from the mobile device through activities such as GPS (Global Positioning System ) or network connectivity rather than as a result of user action (e.g. revealing location in the content of an email or SMS text message), and (2) an individual’s identity derived from a unique identifier assigned to that mobile device such as customer name, MSISDN (Mobile Subscriber Integrated Services Digital Network-Number), IMSI (International Mobile Subscriber Identity), IMEI (International Mobile Station Equipment Identity) or ICCID (Integrated Circuit Card Identifier).

“Mobile and Portable Devices” means mobile and/or portable computers, devices, media and systems capable of being easily carried, moved, transported or conveyed that are used in connection with the Agreement. Examples of such devices include laptop computers, tablets, USB hard drives, USB memory sticks, Personal Digital Assistants (PDAs), and wireless phones, such as smartphones.

Proprietary Information

Agreement Number 02026713.A.030

“Nonpublic Information Resources” means those Information Resources used under the Agreement to which access is restricted and cannot be gained without proper authorization and identification.

“Sensitive Personal Information” or “SPI” means any information that: (a) requires a high degree of protection by law and where loss or unauthorized disclosure would require notification by AT&T to government agencies, individuals or law enforcement, and (b) any information that, if made public, could expose individuals to a risk of physical harm, fraud, or identity theft. Examples of SPI include, but are not limited to, social security numbers, national government, such as passport and visa numbers, state- or province-issued identification numbers, driver’s license numbers, dates of birth, bank account numbers, credit card numbers, customer authentication credentials, Protected Health Information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA) and Location Based Information (LBI) (as defined above). Note: Authentication credentials, encryption keys, and encryption passwords used to protect Sensitive Personal Information are themselves classified as Sensitive Personal Information.

“Security Gateway” means a set of control mechanisms between two or more networks having different trust levels which filter and log traffic passing, or attempting to pass, between networks, and the associated administrative and management servers. Examples of Security Gateways include firewalls, firewall management servers, hop boxes, session border controllers, proxy servers, and intrusion prevention devices.

“Strong Authentication” means the use of authentication mechanisms and authentication methodologies stronger than the passwords required by Security Requirement 34 herein. Examples of Strong Authentication mechanisms and methodologies include digital certificates, two-factor authentication, and one-time passwords.

“Strong Encryption” means the use of encryption technologies with minimum key lengths of 128-bits for symmetric encryption and 1024-bits for asymmetric encryption whose strength provides reasonable assurance that it will protect the encrypted information from unauthorized access, and is adequate to protect the confidentiality and privacy of the encrypted information, and which incorporates a documented procedure approved by the Supplier’s appropriate management level, for the management of the encryption keys and associated processes adequate to protect the confidentiality and privacy of the keys and passwords used as inputs to the encryption algorithm.

3.2 Security Requirements

In accordance with the foregoing, Supplier shall:

System Security

1.	Actively monitor industry resources (e.g., www.cert.org, pertinent software vendor mailing lists & websites) for timely notification of all applicable security alerts pertaining to Supplier’s Information Resources. (Security Alerts)

Proprietary Information

Agreement Number 02026713.A.030

If commercially available and to the extent practicable, [**], and in addition immediately following all significant changes and upgrades, scan externally-facing Information Resources, including, but not limited to, networks, servers, & applications, with applicable industry-standard security vulnerability scanning software to uncover security vulnerabilities. (Externally-facing System Scanning)

If commercially available and to the extent practicable, [**], and in addition immediately following all significant changes and upgrades, scan internal Information Resources, including, but not limited to, networks, servers, applications & databases, with applicable industry-standard security vulnerability scanning software to uncover security vulnerabilities, ensure that such Information Resources are properly hardened as documented in Security Requirement 9 below, and identify any unauthorized wireless networks, unless documented policies and processes are in place to proactively prevent the creation of unauthorized wireless networks. (Internal System Scanning)

RESERVED

In environments where such technology is commercially available and to the extent practicable, deploy one or more Intrusion Detection Systems (IDS) , Intrusion Prevention Systems (IPS), or Intrusion Detection and Prevention Systems (IDP) in an active mode of operation that monitors all traffic entering and leaving Information Resources in conjunction with the Agreement. (Intrusion Detection Systems)

Have and use a documented process to remediate security vulnerabilities in the Information Resources, including, but not limited to, those discovered through industry publications, vulnerability scanning, virus scanning, and the review of security logs, and apply appropriate security patches promptly with respect to the probability that such vulnerability can be or is in the process of being exploited. (Remediating/Patching Service Vulnerabilities)

7.	Assign security administration responsibilities for configuring host operating systems to specific individuals. (Security Administration Responsibilities)

8.	Ensure that its information security staff has reasonable and necessary experience in information and network security. (Necessary Staff Experience)

If commercially available and to the extent practicable, ensure that all of Supplier’s Information Resources are and remain ‘hardened’ including, but not limited to, removing or disabling unused network services (e.g., finger, rlogin, ftp, and simple Transmission Control Protocol/Internet Protocol (TCP/IP) services) and installing a system firewall, Transmission Control Protocol (TCP) wrappers or similar technology. (Hardened Systems)

10.	Change all default account names and/or default passwords. (Changing Default Account Names and Passwords)

11.	Limit system administrator (also known as root, privileged, or super user) access to operating systems intended for use by multiple users only to individuals requiring such high-level access in the performance of their jobs. (Limit Super User Privileges)

12.	Require application, database, network and system administrators to restrict access by users to only the commands, data and Information Resources necessary for them to perform authorized functions. (Administrators to Restrict User Access)

Proprietary Information

Agreement Number 02026713.A.030

Physical Security

13.	Ensure that all of Supplier’s Information Resources intended for use by multiple users are located in secure physical facilities with access limited and restricted to authorized individuals only. (Information Resources in Secure Facilities)

14.	Monitor and record, for audit purposes, access to the physical facilities containing Information Resources intended for use by multiple users used in connection with Supplier’s performance of its obligations under the Agreement. (Monitoring and Recording Access)

Network Security

15.

When providing Internet-based services to AT&T, protect AT&T’s Information by the implementation of a network DMZ. Web servers providing service to AT&T shall reside in the DMZ. Information Resources storing AT&T’s Information (such as application and database servers) shall reside in a trusted internal network. (Internet Services Must Use DMZ)

16.	Upon AT&T’s request, provide to AT&T a logical network diagram documenting the Information Resources (including, but not limited to, Security Gateways, servers, etc.) that will support AT&T. (Provision of Logical Network Diagram)

17.	Have a documented process and controls in place to detect and handle unauthorized attempts to access AT&T’s Information. (Detection and Handling of Unauthorized Access).


18.		a.		Use Strong Encryption for the transfer of AT&T’s Information outside of AT&T-controlled or Supplier-controlled networks or when transmitting AT&T’s Information over any untrusted network.

Additionally, [**], always use Strong Encryption to protect AT&T’s SPI when transmitted over any AT&T-controlled or Supplier-controlled network.

(Note: This also applies to AT&T’s Information contained in email, or the attachments embedded within the email, as the case may be. For greater clarity, if, for example, the text in an email does not contain AT&T’s Information, but the embedded attachments within that email do contain AT&T’s Information, then the embedded attachments, but not the email, need to be encrypted.) (Encryption of Information in Transit)

19.	Require strong authentication for any remote access use of Nonpublic Information Resources. (Remote Access Authentication)

Information Security

20.

Isolate AT&T’s applications and AT&T’s Information from any other customer’s or Supplier’s own applications and information either by using physically separate servers or alternatively by using logical access controls where physical separation of servers is not implemented. (Separate AT&T’s Information from non-AT&T Information)

21.

Have documented procedures for the secure backup and recovery of AT&T’s Information which shall include, at a minimum, procedures for the transport, storage, and disposal of the backup copies of AT&T’s Information and, upon AT&T’s request, provide such documented procedures to AT&T. (Secure Backup, Transport, Storage and Disposal of AT&T’s Information)

22.

Maintain and, upon AT&T’s request, furnish to AT&T a documented business continuity plan that ensures that Supplier can meet its contractual obligations under the Agreement, including the requirements of any applicable Statement of Work or Service Level Agreement. Such plan shall include the requirement that the included procedures be regularly tested in accordance with Supplier’s documented risk management plan. Supplier shall promptly review its business continuity plan to address additional threat scenarios. (Business Continuity Plan)

Proprietary Information

Agreement Number 02026713.A.030

23.	Use Strong Encryption to protect AT&T’s SPI when stored. (Encryption of SPI at Rest/Storage)

24.	Limit access to AT&T’s Information, including, but not limited to, paper hard copies, only to authorized persons or systems. (Limit Access to AT&T’s Information Regardless of Form)

25.

Be compliant with government- and generally known industry-mandated information security standards to the extent applicable to the Services provided by Supplier. (Examples of such standards include, but are not limited to, the Payment Card Industry-Data Security Standards (PCI-DSS), National Automated Clearing House Associates (NACHA) Rules, and Electronic Data Interchange (EDI) standards, and the information security requirements documented within laws, such as HIPAA.) (Compliance with Industry and Government Requirements)

In the event any such government- or industry-mandated information security standards cause Amdocs to incur additional costs to be compliant, [**]

26.	At no additional charge to AT&T:

Upon AT&T’s request, provide copies of any of AT&T’s Information to AT&T [**].

Return, or, at AT&T’s option, destroy all of AT&T’s Information, including electronic and hard copies, [**] after the sooner of:

expiration or Termination of the Agreement;

ii.

AT&T’s request for the return of AT&T’s Information; or

iii.

the date when Supplier no longer needs AT&T’s Information to perform Services under the Agreement.

In the event that AT&T approves destruction as an alternative to returning AT&T’s Information, then certify in writing the destruction (e.g., degaussing, overwriting, performing a secure erase, performing a chip erase, shredding, cutting, punching holes, breaking, etc.) as rendering the AT&T’s Information non-retrievable.

In the event that Supplier needs to retain copies of AT&T’s Information [**]either the expiration or Termination of the Agreement, or AT&T’s request for the return or destruction of AT&T’s Information, Supplier shall be allowed to retain such copies when elsewhere agreed to in writing with AT&T. Exception: Copies of AT&T’s Information retained as part of a backup-and-recovery, business continuity or disaster recovery process may be retained for [**] the expiration or Termination of the Agreement without obtaining agreement in writing from AT&T allowing such retention provided that all such copies are destroyed within [**] of creation. (Return of AT&T’s Information)

27.

Unless otherwise instructed by AT&T in writing, when collecting, generating or creating Information for, through or on behalf of AT&T or under the AT&T brand, ensure that such Information shall be AT&T’s Information and, whenever practicable, label such Information of AT&T as “AT&T Proprietary Information” or, at a minimum, label AT&T’s Information as

Proprietary Information

Agreement Number 02026713.A.030

“Confidential” or “Proprietary”. Supplier acknowledges that AT&T’s Information shall remain AT&T-owned Information irrespective of labeling or absence thereof. (Confidential or Proprietary Markings)

28.	Assign unique UserIDs to individual users. (Unique User IDs)

29.

Have and use a documented UserID Lifecycle Management process including, but not limited to, procedures for approved account creation, timely account removal, and account modification (e.g., changes to privileges, span of access, functions/roles) for all Information Resources and across all environments (e.g., production, test, development, etc.). Such process shall include review of access privileges and account validity to be performed [**]. (UserID Life Cycle Management)

30.	Enforce the rule of least privilege (i.e., limiting access to only the commands and Information Resources necessary to perform authorized functions according to one’s job function). (Rule of Least Privilege)

31.

32.

33.	Require password expiration at regular intervals not to exceed [**]. Exception: Where elsewhere authorized in writing by AT&T, AT&T customer usage of Customer Facing Systems may be exempted from this requirement. (Expire Passwords)

34.

Use an authentication method based on the sensitivity of AT&T’s Information. Whenever authentication credentials are stored, Supplier shall protect them using Strong Encryption.

When passwords are used, they shall be complex and shall at least meet the following password construction requirements:

•

Be a minimum of six (6) characters in length.

•

Contain characters from at least two (2) of these groupings: alphabetic, numeric, and special characters.

•

Not be the same as the UserID with which they are associated.

•

Passwords must not contain repeating or sequential characters or numbers.

Exception: Where elsewhere authorized in writing by AT&T, AT&T customer usage of Customer Facing Systems may be exempted from the password construction requirements.

Applications housing more sensitive copies of AT&T’s Information, as identified in writing by AT&T, may require an authentication mechanism stronger than passwords. In such case the authentication mechanism shall be mutually agreed to in advance in writing. Examples of stronger authentication methods include Strong Authentication, passphrases, and biometrics. (Passwords and Construction Rules)

Proprietary Information

Agreement Number 02026713.A.030

35.	Use a secure method for the conveyance of authentication credentials (e.g., passwords) and authentication mechanisms (e.g., tokens or smart cards). (Use Secure Method to Convey UserIDs and Passwords)

Warning Banner

36.	For AT&T branded products or services or for software developed for AT&T, the Supplier shall display a warning banner on login screens or pages provided by AT&T. (Display Warning Banners)

Software and Data Integrity

37.

In environments where antivirus software is commercially available and to the extent practicable, have current antivirus software installed and running to scan for and promptly remove or quarantine viruses and other malware. (Note: For the avoidance of doubt, this requirement also applies to Mobile and Portable Devices where antivirus software is commercially available.) (Scan and Remove Viruses)

38.	Separate non-production Information Resources from production Information Resources. (Separate Production and Non-Production Information Resources)

39.	Have a documented change control process including back out procedures for all production environments. (Software Change Control Process)

40.	For applications which utilize a database that allows modifications to AT&T’s Information, have database transaction logging features enabled and retain database transaction logs [**]. (Utilize Database Transaction Logging)

41.

For all software developed under this Agreement, review such software to find and remediate security vulnerabilities during initial implementation and upon any modifications and updates.

Where technically feasible, for all software used, furnished and/or supported under the Agreement, review such software to find and remediate security vulnerabilities during initial implementation and upon any modifications and updates. (Review Code for Vulnerabilities)

42.

Perform quality assurance testing for the security components (e.g., testing of identification, authentication, and authorization functions), as well as any other activity designed to validate the security architecture, during initial implementation and upon any modifications and updates. (Quality Assurance Test Security Components)

Privacy Issues

43.	Restrict access to any of AT&T’s CPNI and AT&T’s SPI to authorized individuals. (Restrict Access to AT&T CPNI and SPI)

44.

Not store AT&T’s CPNI and AT&T’s SPI on removable media (e.g., USB flash drives, thumb drives, memory sticks, tapes, CDs, or external hard drives) except: (a) for backup, business continuity, disaster recovery, and data interchange purposes as allowed and required under contract, and (b) using Strong Encryption. Exception: Where elsewhere authorized in writing by AT&T, AT&T’s CPNI stored for distribution to AT&T’s customers may be exempted from this requirement. (Control AT&T CPNI and SPI on Removable Media)

Proprietary Information

Agreement Number 02026713.A.030

Monitoring and Auditing Controls

45.	Restrict access to security logs to authorized individuals, and protect security logs from unauthorized modification. (Restrict Access to Security Logs)

46.	Review, on [**], all security and security-related logs for anomalies and document and resolve all logged security problems in a timely manner. (Review Security Logs and Resolve Security Problems)

47.

Retain complete and accurate records relating to its performance of its obligations arising out of these Security Requirements and Supplier’s compliance herewith in a format that will permit assessment or audit for a period of [**], or longer as may be required pursuant to a court order or civil or regulatory proceeding. Notwithstanding the foregoing, Supplier shall only be required to maintain security logs for a [**]. (Retain Records)

48.

Permit AT&T to conduct an assessment or audit to verify Supplier’s compliance with the contractual obligations in connection with these AT&T Supplier Information Security Requirements. Upon AT&T’s request for audit, Supplier shall schedule a security audit to commence [**] from such request. In the event that AT&T, in its sole discretion, deems that a security breach has occurred, which has not been promptly reported to AT&T in compliance with the Supplier’s Incident Management Process, Supplier shall schedule the audit to commence within [**] of AT&T’s notice requiring an audit. This provision shall not be deemed to, and shall not, limit any more stringent audit obligations permitting the examination of Supplier’s records contained in the Agreement. (Audit Rights)

49.

[**] of receipt of the assessment or audit report, provide AT&T a written report outlining the corrective actions that Supplier has implemented or proposes to implement with the schedule and current status of each corrective action. Supplier shall update this report to AT&T [**] reporting the status of all corrective actions through the date of implementation. Supplier shall implement all corrective actions [**] of Supplier’s receipt of the audit report. (Remediate Audit Findings)

Reporting Violations

50.	Have and use an Incident Management Process and promptly notify AT&T whenever there is an attack upon, intrusion upon, unauthorized access to, loss of, or other breach of AT&T’s Information Resources at:

Asset Protection by telephone at 800-807-4205 from within the US and at 1-908-658-0380 from elsewhere, and

Supplier’s contact within AT&T for Service-related issues.

(Maintain and Use Incident Response Procedures)

51.

After notifying AT&T whenever there is an attack upon, intrusion upon, unauthorized access to, loss of, or other breach of AT&T’s Information Resources, provide AT&T with regular status updates, including, but not limited to, actions taken to resolve such incident, at mutually agreed intervals or times for the duration of the incident and, [**] of the closure of the incident, provide AT&T with a written report describing the incident, actions taken by the Supplier during its response and the Supplier’s plans for future actions to prevent a similar incident from occurring. (Provide AT&T Incident Response Status and Final Resolution)

Proprietary Information

Agreement Number 02026713.A.030

Software Development

52.

RESERVED

Security Policies and Procedures

53.	Ensure that all personnel, subcontractors or representatives performing work under this Agreement are in compliance with these Security Requirements. (All Work to Be In Compliance with SISR)

54.

RESERVED

55.

Deactivate or Return all AT&T-owned or -provided access devices (including, but not limited to, SecurID^® tokens and/or software) as soon as practicable, but in no event [**] after the sooner of: (a) expiration or Termination of the Agreement; (b) AT&T’s request for the return of such property; or (c) the date when Supplier no longer need such devices. (Return all AT&T Owned or Provided Access Devices)

Mobile and Portable Devices

56.

By [**] after the date of execution of Amendment 30, Supplier shall not store any of AT&T’s SPI on Mobile and Portable Devices unless AT&T’s SPI stored on such devices is protected by the use of Strong Encryption.

Following the execution of Amendment 30, Supplier shall continue to negotiate in good faith with AT&T on reaching mutual agreement on a date when Supplier shall protect AT&T’s Information stored on Mobile and Portable Devices through the use of Strong Encryption. Such negotiations shall successfully conclude within [**] of the execution of Amendment 30, and shall result in an execution of an amendment to the Agreement, or AT&T shall have the right to terminate for convenience.

57.

Following the execution of Amendment 30, Supplier shall continue to negotiate in good faith with AT&T on reaching mutual agreement on a date when Supplier shall use Strong Encryption to protect all of AT&T’s Information transmitted using or remotely accessed by network-aware Mobile and Portable Devices. Such negotiations shall successfully conclude within [**] of the execution of Amendment 30, and shall result in an execution of an amendment to the Agreement, or AT&T shall have the right to terminate for convenience.

58.

When using network-aware Mobile and Portable Devices that are not laptop computers to access and/or store AT&T’s Information, such devices must be capable of deleting all stored copies of AT&T’s Information upon receipt over the network of a properly authenticated command. (Note: Such capability is often referred to as a “remote wipe” capability.)

Have documented policies, procedures and standards in place to ensure that the authorized individual who should be in physical control of a network-aware Mobile and Portable Device that is not a laptop computer and that is storing AT&T’s Information promptly initiates deletion of all AT&T’s Information when the device becomes lost or stolen.

Have documented policies, procedures and standards in place to ensure that Mobile and Portable Devices that are not laptop computers and are not network aware, will automatically delete all stored copies of AT&T’s Information after no more than three times the number of consecutive failed login attempts documented within Security Requirement 31.

Proprietary Information

Agreement Number 02026713.A.030

59.	Have documented policies, procedures and standards in place which ensure that any Mobile and Portable Devices used to access and/or store AT&T’s Information:

Are in the physical possession of authorized individuals;

Are physically secured when not in the physical possession of authorized individuals; or

Have their data storage promptly and securely deleted when not in the physical possession of authorized individuals nor physically secured.

60.	Prior to allowing access to AT&T’s Information stored on or through the use of Mobile and Portable Devices, Supplier shall have and use a process to ensure that:

The user is authorized for such access; and

The identity of the user has been authenticated.

61.	Implement a policy that prohibits the use of any Mobile and Portable Devices that are not administered and/or managed by Supplier or AT&T to access and/or store AT&T’s Information.

62.	Review, [**], the use of, and controls for, all Supplier-administered or -managed Mobile and Portable Devices to ensure that the Mobile and Portable Devices can meet the applicable Security Requirements.

Security Gateways

63.	Require Strong Authentication for administrative and/or management access to Security Gateways, including, but not limited to, any access for the purpose of reviewing log files.

64.	Have and use documented controls, policies, processes and procedures to ensure that unauthorized users do not have administrative and/or management access to Security Gateways, and that user authorization levels to administer and manage Security Gateways are appropriate.

65.	At least [**], ensure that Security Gateway configurations are hardened by selecting a sample of Security Gateways and verifying that each default rule set and set of configuration parameters ensures the following:

Internet Protocol (IP) source routing is disabled,

The loopback address is prohibited from entering the internal network,

Anti-spoofing filters are implemented,

Broadcast packets are disallowed from entering the network,

Proprietary Information

Agreement Number 02026713.A.030

Internet Control Message Protocol (ICMP) redirects are disabled,

All rule sets end with a “DENY ALL” statement, and

Each rule is traceable to a specific business request.

66.	Ensure that monitoring tools are used to validate that all aspects of Security Gateways (e.g., hardware, firmware, and software) are continuously operational.

67.	Ensure that all Security Gateways are configured and implemented such that all non-operational Security Gateways shall deny all access.

Wireless Networking

68.

When using radio frequency (RF) based wireless networking technologies to perform or support Services for AT&T, ensure that all of AT&T’s Information transmitted is protected by the use of appropriate encryption technologies sufficient to protect the confidentiality of AT&T’s Information; provided, however, that in any event such encryption shall use no less than key lengths of 256-bits for symmetric encryption and 256-bits for asymmetric encryption. Exception: The use of RF-based wireless headsets, keyboards, microphones, and pointing devices, such as mice, touch pads, and digital drawing tablets, is excluded from this requirement.

Connectivity Requirements

69.

In the event that a data connection agreement, such as a “Master Data Connection Agreement,” “Data Connection Agreement,” and/or “Connection Supplement” (“DCA”) exists between the Parties, and incorporates the Agreement by reference, or is otherwise integrated with, or used to govern the Parties’ connectivity obligations under, this Agreement, agree that any information security requirements incorporated within such DCA are hereby superseded by the terms of these Security Requirements, effective as of the date these Security Requirements become effective under the Agreement, and the terms of such DCA are amended to require that the Security Requirements and not the information security requirements incorporated within the DCA are controlling in the Agreement (as well as any agreements subordinate to the Agreement). Notwithstanding the foregoing, the DCA remains in full force and effect for all other agreements between the Parties to which it applies.

Proprietary Information

Agreement Number 02026713.A.030

70.	In the event that Supplier has, or will be provided, connectivity to AT&T’s or AT&T’s customers’ Nonpublic Information Resources in conjunction with this Agreement, then in addition to the foregoing:

Use only the mutually agreed upon facilities and connection methodologies to interconnect AT&T’s and AT&T’s customers’ Nonpublic Information Resources with Supplier’s Information Resources.

NOT establish interconnection to AT&T’s and AT&T’s customers’ Nonpublic Information Resources without the prior consent of AT&T.

Provide AT&T access to any applicable Supplier facilities during normal business hours for the maintenance and support of any equipment (e.g., router) provided by AT&T under the Agreement for connectivity to AT&T’s and AT&T’s customers’ Nonpublic Information Resources.

Use any equipment provided by AT&T under this Agreement for connectivity to AT&T’s and AT&T’s customers’ Nonpublic Information Resources only for the furnishing of those Services or functions explicitly defined in the Agreement.

If the agreed upon connectivity methodology requires that Supplier implement a Security Gateway, maintain logs of all sessions using such Security Gateway. These session logs must include sufficiently detailed information to identify the end user or application, origination IP address, destination IP address, ports/service protocols used and duration of access. These session logs must be retained for a [**]

71.	In the event that Supplier has, or will be provided, connectivity to AT&T’s or AT&T’s customers’ Nonpublic Information Resources in conjunction with this Agreement, in addition to other rights set forth herein, permit AT&T to:

Gather information relating to access, including Supplier’s access to, AT&T’s and AT&T’s customers’ Nonpublic Information Resources. This information may be collected, retained and analyzed by AT&T to identify potential security risks without further notice. This information may include trace files, statistics, network addresses, and the actual data or screens accessed or transferred.

Immediately suspend or terminate any interconnection to AT&T’s and AT&T’s customers’ Nonpublic Information Resources if AT&T, in its sole discretion, believes there has been a breach of security or unauthorized access to or misuse of AT&T data facilities or Information.

Proprietary Information

Agreement Number 02026713.A.030

3.3 Offshore Information Technology Services Requirements

1	Strong authentication controls must be established for firewalls, firewall management servers, and firewall hop boxes. Options for strong authentication may include two-factor authentication methods such as tokens, smart-cards and/or one-time passwords.

2	Supplier must ensure that firewall configurations are hardened by selecting a sample of firewalls and verifying that the default rule set ensures the following:

IP source routing is disabled.

Loopback address is prohibited from entering the internal network,

Anti-spoofing filters are implemented.

Broadcast packets are disallowed from entering the network,

ICMP redirects are disabled.

Fragmented packets are dropped.

Ruleset ends with a DENY ALL statement

3	Screen savers or connection timeouts are required to prevent unauthorized access to unattended workstations.

5	Production support personnel and development personnel must have enough separation and auditable controls to ensure that standard change management procedures are always consistently followed.

6	Developers cannot access production platforms “at will”. For some trouble-shooting situations, developers may be provided access to production platforms but only on an “as needed basis” and for a limited duration. All temporary access should be documented (who, what, when, where and why).

7	Track and approve changes to firewall rules is required and must be [**]. Inappropriate firewall rules must be removed immediately.

8	Require a clean desk policy at the end of the day.

9A	Effective October 1, 2010, all portable or removable media (such as CD, floppy and USB drives) will be removed or disabled to ensure that AT&T Data cannot be downloaded and taken offsite.

Proprietary Information

Agreement Number 02026713.A.030

(i) All communications over wireless networks must be transmitted via Virtual Private Network (VPN) session(s) using Strong Encryption.

(ii) Strong authentication (e.g., two factor token or digital certificates) must be used for authenticating VPN access.

(iii) Wireless hardware (with the exception of wireless network cards and access points) must be located in a physically secure area (e.g., in a locked wiring closet or locked machine room).

(iv) All services not being used on the access point, router, and VPN concentrator must be disabled.

(v) Enable Media Access Control (MAC)-based filtering so that only specified wireless cards can communicate to the access point.

10	Supplier must implement procedures to ensure that AT&T Data is not downloaded and removed by Supplier, including at a minimum, searches of persons and their belongings when exiting AT&T restricted areas and Supplier’s premises.

Verify that all printed media containing AT&T Data (any information obtained from or provided by AT&T, including information about AT&T Systems, its employees and its customers) is securely stored, and that a mechanism is in place to protect the security and privacy of AT&T Data. Procedures are required to restrict access to AT&T Data to authorized Supplier personnel only, and to ensure that all media containing AT&T Data is accounted for and reconciled on a [**] basis to ensure that the information is not removed from Supplier’s premises.

14	All electronically stored or printed AT&T Data no longer needed must be shredded onsite or destroyed onsite by authorized Supplier personnel assigned to AT&T projects. Shred bins must be located in AT&T restricted areas and locked until the shredding takes place.

Proprietary Information

Agreement Number 02026713.A.030

15	A [**] Metric Report of Perimeter Security on the Supplier’s system should be reported to AT&T that consists of:

•

Location

•

Date

•

# of Intrusions

•

Type of Intrusions

•

Source

•

Destination

•

Detail

•

Actions

Security IDS audit logs must be retained [**] and offline for a period of at least [**].

Remote access to AT&T Networks or AT&T Data is prohibited. All work on AT&T projects must be performed within the AT&T restricted area on Supplier’s premises. Prior written exception to this prohibition must be obtained from the [**]Supplier’s use of laptops offsite must have written approval from the [**]

18	B2B VPN connections to AT&T are required to be secured from other remote connections.

19	Device-specific monitoring tools must be used to assure that firewall hardware is operational.

Proprietary Information

Agreement Number 02026713.A.030

Card key access lists and event logs must be reviewed by Supplier at a minimum of [**] to validate that building card key access is limited to only those individuals with a need to be in the Supplier’s building and restricted area where AT&T work is being performed. Ensure that all keys are accounted for and limited to those individuals with a need to be in the Supplier’s building and restricted areas and all locks are changed on a regular interval (at a minimum [**]). Ensure that Supplier personnel surrender company identification, keys and access cards before leaving the premises when access to an area is no longer required or upon voluntarily or involuntarily ceasing to work for Supplier and that the access cards are deactivated. [**] should include employee, contractor and supplier termination records and any associated unauthorized access attempts in the event logs.

23	Alarmed doors and monitored electronic systems are required to detect unauthorized access or access attempts with a plan to respond to and document incidents. 24/7 recorded video surveillance is required of the area where work on AT&T projects is performed, including entry and exit points.

Prior to permitting any person access to an AT&T project source or origin code (for example, software development), and at [**] intervals thereafter, Supplier must ensure that such person (employee, contractor, subcontractor) is not on the Denied Persons List or the Specially Designated Nationals List of the US Department of Commerce – Bureau of Industry and Security. – Those lists are located at http://www.bis.doc.gov/ComplianceAndEnforcement/ListsToCheck.htm.

25	A security plan must be in place to include training of Supplier personnel to report suspicious activity/security incidents and complaints that did or could affect AT&T, to include documentation, follow-up and reporting to the AT&T IT:OFFSHORE organization and, as necessary, law enforcement.

Information to be reported to the Executive Director of the IT:OFFSHORE organization would consist of at least:

•

Date of Incident

•

Who - Identify those involved and be descriptive (suspects, vehicles, property, license plate numbers, …)

•

What - What happened and how?

•

When - When did the incident occur?

•

Where - Where did the incident take place?

•

Action Taken – What action was taken? Was law enforcement notified?

Proprietary Information

Agreement Number 02026713.A.030

An exercise of Supplier’s recovery strategy must be conducted [**] from the completion of a disaster recovery exercise by Amdocs, Amdocs will produce a documented conclusion with a corrective action plan and proposed committed timeframes for corrective action upon which the Parties will agree [**] from receipt of the action plan.

27	Failover processes and procedures are required to support AT&T applications and these failover processes and procedures are exercised [**] (at a minimum).

28	Business continuity communication documents, processes, and procedures must be readily available and current.

As soon as reasonably possible after the execution of this Agreement and on [**] basis thereafter, Supplier will, at no charge to AT&T, perform a security audit utilizing a reputable independent auditor, as agreed by the Parties. Such security audit shall ensure that Supplier will strictly follow these AT&T Supplier Information Security Requirements.

3.4 Requirements for Offshore Information Technology Services Requiring Elevated Rights

a. Successful and unsuccessful login attempts.

b. Successful and unsuccessful attempts to switch to another user’s account (where applicable).

c. Logoffs.

d. User attempts to access files or resources outside their privilege level.

Proprietary Information

Agreement Number 02026713.A.030

e. User access to all privileged files and/or processes.

f. Operating system configuration changes.

g. Operating system program changes.

h. All changes that can feasibly be captured, to system hardware and software.

i. All security-related changes, including adding users.

j. Failures for computer, program, communications, and operations.

k. Starting and stopping of audit logging.

Security audit logs must be maintained [**] and offline for a period of [**]

Information to be reported to the AT&T-IT OCE would consist of at least:

•

Date of discovery of vulnerability

•

How it was remediated

•

What was remediated

•

What are the plans to remediate

•

Estimated Date of closure

4	An Intrusion Prevention System (IPS) is required on Supplier’s data network to prevent unauthorized access.

Proprietary Information

Agreement Number 02026713.A.030

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.		AT&T Services, Inc.

By:	/s/ Bryson Stucki	By:	/s/ Deidre D. Byer
Name:	Bryson Stucki	Name:	Deidre D. Byer
Title	Director of Finance	Title	Sr. Contract Manager – Global Business & Operations Sourcing
Date:	5/31/14	Date:	5/31/2014

Proprietary Information

Amendment

No. 02026713.A.031

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.031

AMENDMENT NO. 31

AGREEMENT NO. 02026713

This Amendment No. 31, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, AT&T and Supplier now desire to further amend the Agreement;

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

1.	Section 6.6, “Confidentiality and Invention Agreement and Non-Disclosure Agreement”, is deleted in its entirety and replaced with, Section 6.6, “Non-Disclosure Agreement” as follows:

6.6

Non-Disclosure Agreement

Proprietary Information

Agreement Number 02026713.A.031

Compliance with Export/Import Law and Foreign Trade Controls

1.1

Each Party shall comply with all export control, import and foreign trade sanctions laws, rules and regulations, in its performance of this Agreement. Without prejudice to the generality of the foregoing, Supplier understands and acknowledges that certain AT&T applications and Materials and Services (including technical assistance and technical data) to be provided hereunder may be subject to export controls under the laws and regulations of the United States, the European Union and other foreign trade control laws, rules and regulations restricting their transfer to certain countries and parties including but not limited to the US Export Administration Regulations and trade sanctions programs administered by the US Department of the Treasury. Supplier shall comply with all applicable export control and other foreign trade laws, rules and regulations in performance of its obligations hereunder, and shall not use, resell, export, transfer, distribute, dispose or otherwise deal with the AT&T applications or any technical data related thereto, directly or indirectly, except in full compliance with such laws, rules and regulations.

1.2.

1.3

1.4.

Proprietary Information

Agreement Number 02026713.A.031

1.5.

1.6

1.7

Failure by Supplier to comply with applicable export control and foreign trade control laws, rules and regulations shall constitute a material breach of this Agreement.

2.	Exhibit F, “Confidentiality and Invention Agreement”, is hereby deleted in its entirety.

3.	Section 3.3, “Offshore Information Technology Services Requirements”, and Section 3.4, “Requirements for Offshore Information Technology Services Requiring Elevated Rights”, are hereby deleted in their entirety and replaced with the following:

3.3 Offshore Information Technology Services Requirements

1	Strong authentication controls must be established for firewalls, firewall management servers, and firewall hop boxes. Options for strong authentication may include two-factor authentication methods such as tokens, smart-cards and/or one-time passwords.

Proprietary Information

Agreement Number 02026713.A.031

2	Supplier must ensure that firewall configurations are hardened by selecting a sample of firewalls and verifying that the default rule set ensures the following:

IP source routing is disabled.

Loopback address is prohibited from entering the internal network,

Anti-spoofing filters are implemented.

Broadcast packets are disallowed from entering the network,

ICMP redirects are disabled.

Fragmented packets are dropped.

Ruleset ends with a DENY ALL statement

3	Screen savers or connection timeouts are required to prevent unauthorized access to unattended workstations.

5	Production support personnel and development personnel must have enough separation and auditable controls to ensure that standard change management procedures are always consistently followed.

6	Developers cannot access production platforms “at will”. For some trouble-shooting situations, developers may be provided access to production platforms but only on an “as needed basis” and for a limited duration. All temporary access should be documented (who, what, when, where and why).

7	Track and approve changes to firewall rules is required and must be validated [**]. Inappropriate firewall rules must be removed immediately.

8	Require a clean desk policy at the end of the day.

9A	Supplier resources shall be notified of the restriction that AT&T Data may not be downloaded and taken offsite.

(i) All communications over wireless networks must be transmitted via Virtual Private Network (VPN) session(s) using Strong Encryption.

(ii) Strong authentication (e.g., two factor token or digital certificates) must be used for authenticating VPN access.

(iii) Wireless hardware (with the exception of wireless network cards and access points) must be located in a physically secure area (e.g., in a locked wiring closet or locked machine room).

(iv) All services not being used on the access point, router, and VPN concentrator must be disabled.

(v) Enable Media Access Control (MAC)-based filtering so that only specified wireless cards can communicate to the access point.

Proprietary Information

Agreement Number 02026713.A.031

Supplier must implement procedures to ensure that AT&T Data is not downloaded and removed by Supplier. To the extent Supplier suspects that AT&T Data may have been removed, Supplier agrees to conduct searches of suspected persons and their belongings when exiting AT&T restricted areas and Supplier’s premises to the extent such searches are permissible by local law.

All access to electronic documentation of AT&T Data retained locally must be password protected and restricted to the very minimum number of Supplier personnel. Supplier must implement procedures to ensure that AT&T Data is not downloaded and removed by Supplier personnel, including, at a minimum, searches. To the extent Supplier suspects that AT&T Data may have been removed, Supplier agrees to conduct searches of persons and their belongings when exiting AT&T restricted areas and Supplier’s premises to the extent searches are permissible under local law.

14	All electronically stored or printed AT&T Data no longer needed must be shredded onsite or destroyed onsite by authorized Supplier personnel assigned to AT&T projects. Shred bins must be located in AT&T restricted areas and locked until the shredding takes place.

15	A [**] Metric Report of Perimeter Security on the Supplier’s system should be reported to AT&T that consists of:

•

Location

•

Date

•

# of Intrusions

•

Type of Intrusions

•

Source

•

Destination

•

Detail

•

Actions

Security IDS audit logs must be retained [**] and offline for a period of at least [**].

Remote access to AT&T Networks or AT&T Data is prohibited. All work on AT&T projects must be performed within the AT&T restricted area on Supplier’s premises and any exceptions must be in accordance with the Limited Offshore Remote Access in this Appendix 8. Prior written exception to this prohibition must be obtained from the [**] Supplier’s use of laptops offsite must have written approval from the [**]

Proprietary Information

Agreement Number 02026713.A.031

18	B2B VPN connections to AT&T are required to be secured from other remote connections.

19	Device-specific monitoring tools must be used to assure that firewall hardware is operational.

20	To minimize the risk exposure to visiting AT&T employees in locations that are of medium-high risk of terrorist attacks, Supplier shall take necessary security measures customary for the location.

Card key access lists and event logs must be reviewed by Supplier [**] to validate that building card key access is limited to only those individuals with a need to be in the Supplier’s building and restricted area where AT&T work is being performed. Ensure that all keys are accounted for and limited to those individuals with a need to be in the Supplier’s building and restricted areas and all locks are changed on a regular interval (at a minimum [**]). Ensure that Supplier personnel surrender company identification, keys and access cards before leaving the premises when access to an area is no longer required or upon voluntarily or involuntarily ceasing to work for Supplier and that the access cards are deactivated. [**] should include employee, contractor and supplier termination records and any associated unauthorized access attempts in the event logs.

23	Alarmed doors and monitored electronic systems are required to detect unauthorized access or access attempts with a plan to respond to and document incidents. [**] recorded video surveillance is required of the area where work on AT&T projects is performed, including entry and exit points.

Proprietary Information

Agreement Number 02026713.A.031

25	A security plan must be in place to include training of Supplier personnel to report suspicious activity/security incidents and complaints that did or could affect AT&T, to include documentation, follow-up and reporting to the AT&T IT:OFFSHORE organization and, as necessary, law enforcement.

Information to be reported to the Executive Director of the IT:OFFSHORE organization would consist of at least:

•

Date of Incident

•

Who - Identify those involved and be descriptive (suspects, vehicles, property, license plate numbers, …)

•

What - What happened and how?

•

When - When did the incident occur?

•

Where - Where did the incident take place?

•

Action Taken – What action was taken? Was law enforcement notified?

27	Failover processes and procedures are required to support AT&T applications and these failover processes and procedures are exercised [**].

28	Business continuity communication documents, processes, and procedures must be readily available and current.

Proprietary Information

Agreement Number 02026713.A.031

3.4 Requirements for Offshore Information Technology Services Requiring Elevated Rights

Successful and unsuccessful login attempts.

Successful and unsuccessful attempts to switch to another user’s account (where applicable).

Logoffs.

User attempts to access files or resources outside their privilege level.

User access to all privileged files and/or processes.

Operating system configuration changes.

Operating system program changes.

All changes, that can feasibly be captured, to system hardware and software.

All security-related changes, including adding users.

Failures for computer, program, communications, and operations.

Starting and stopping of audit logging.

Security audit logs must be maintained [**] and offline for a period of [**]

Proprietary Information

Agreement Number 02026713.A.031

Information to be reported to the AT&T-IT OCE would consist of at least:

•

Date of discovery of vulnerability

•

How it was remediated

•

What was remediated

•

What are the plans to remediate

•

Estimated Date of closure

An Intrusion Prevention System (IPS) is required on Supplier’s data network to prevent unauthorized access.

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.		AT&T Services, Inc.

By:	/s/ Michael Saeger	By:	/s/ Deidre D. Byer
Name:	Michael Saeger	Name:	Deidre D. Byer
Title	Treasurer	Title	Sr. Contract Manager – Global Business & Operations Sourcing
Date:	8-28-2014	Date:	8/27/2014

Proprietary Information

Amendment

No. 02026713.A.032

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

AMENDMENT NO. 32

AGREEMENT NO. 02026713

This Amendment No. 32, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, AT&T and Supplier now desire to further amend the Agreement;

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to Agreement 02026713 as follows:

1.	For purposes of extending the term of the Agreement, Section 3.32, “Term of Agreement”, is deleted in its entirety and replaced with the following:

Proprietary Information

Agreement Number 02026713.A.032

3.32. Term of Agreement

This Agreement with an Effective Date of August 7, 2003, shall remain in effect for a term ending on March 31, 2015, unless earlier Terminated or Canceled as provided in this Agreement. The Parties may extend the term of this Agreement by agreement in writing.

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.		AT&T Services, Inc.

By:	/s/ Steven Pennington	By:	/s/ Deidre D. Byer
Name:	Steven Pennington	Name:	Deidre D. Byer
Title	Director of Operations	Title	Sr. Contract Manager – Global Supply Chain
Date:	9-30-2014	Date:	9/30/2014

Proprietary Information

Amendment

No. 02026713.A.033

Between

Amdocs, Inc.

And

AT&T Services, Inc.

Proprietary Information

Agreement Number 02026713.A.033

AMENDMENT NO. 33

AGREEMENT NO. 02026713

This Amendment No. 33, effective on the date when signed by the last Party (“Effective Date”), and amending Agreement No. 02026713, is by and between Amdocs, Inc., a Delaware corporation (“Supplier” or “Amdocs”), and AT&T Services, Inc., a Delaware corporation (“AT&T”), each of which may be referred to in the singular as a “Party” or in the plural as the “Parties”.

WITNESSETH

WHEREAS, AT&T and Amdocs are parties to that certain Agreement No. 02026713 for Software and Professional Services, dated as of August 7, 2003, (as previously amended, the “Agreement”) and

WHEREAS, AT&T and Supplier now desire to further amend the Agreement;

NOW, THEREFORE, in consideration of the premises and the covenants hereinafter contained, the Parties hereto agree to changes to the Agreement as follows:

1.	Section 3.3, “Termination”, is hereby deleted and replaced in its entirety as follows:

3.3

Termination

Termination for Cause. Subject to the provisions of Section 4.7, any party may, prior to the completion of any Order, Terminate for Cause the applicable Order if the Arbitrator (as defined herein) has made a determination that the other party has committed a material breach of the applicable Order, provided that (i) before Terminating, the first party has given the defaulting party a written notice specifying the breach with seventy-five (75) days right to cure, and (ii) the Arbitrator has determined that the defaulting party has committed a material breach of the applicable Order, and has determined the circumstances and/or terms and conditions which shall constitute a cure of such material breach. The Arbitrator shall retain jurisdiction over the dispute until such cure has been made.

Partial Termination. Where a provision of this Agreement permits AT&T to Terminate an Order for cause or convenience, such Termination may, at AT&T’s option, be either complete or partial. In the case of a partial Termination for Cause, the terms of Section 3.3(A) shall apply. In the case of a partial Termination for Convenience, AT&T may accept a portion of the Software or Services covered by an Order, but AT&T shall in any event compensate Amdocs for the Software or Services performed through the date of such partial Termination for Convenience of the Order. In either event (partial Termination for Cause or Partial Termination for Convenience), AT&T shall pay Amdocs for any portion of such Software or Services at the unit prices set forth in such Order, (plus equitable portions of the termination charges provided in this Agreement in the event of partial Termination for Convenience of an Order for Custom Software Development or OnGoing Support), and the parties shall utilize change management procedures as set forth in Section 5.10 to issue a Change Order to reflect such partial Termination; provided however that, [**] any Order [**] under the Order) [**] of

Proprietary Information

Agreement Number 02026713.A.033

the Order, in which [**] the parties shall [**] the parties [**] in accordance with the [**]. The right to Terminate an Order for Cause shall also include the right to Terminate any other Order for Cause which is directly affected by the Termination of the initially Terminated Order. Upon receipt of AT&T’s payment in relation to a partial Termination for Cause or Convenience, Amdocs shall deliver to AT&T the applicable Work relating to the Software or Services which has been prepared pursuant to such Terminated Order.

Termination for Convenience of the Agreement. Either party may Terminate for Convenience this Agreement upon [**] prior written notice to the other party setting forth the effective date of such Termination. The Termination of this Agreement for any reason shall not affect the obligations of either party pursuant to any Orders previously executed hereunder, and the terms and conditions of this Agreement shall continue to apply to such Orders as if this Agreement had not been Terminated.

Termination For Convenience of Custom Software Development Order. AT&T may at any time Terminate for Convenience any Order for Custom Software Development prior to the Delivery Date of the Software covered by such Order, by giving Amdocs written notice. Upon receipt of any such Termination notice, Amdocs shall, if so requested by AT&T, immediately cease performing work and incurring costs in connection with such Order. [**] in accordance with the applicable Order for work under such Order performed [**] in the applicable Order, [**]under the Order, [**]. Upon receipt of AT&T’s payment, Amdocs shall deliver to AT&T all drafts and versions of the Custom Software which have been prepared pursuant to such Terminated Order.

Termination For Convenience of OnGoing Support Order. AT&T may, at its option and without any Liability to Amdocs, Terminate for Convenience any OnGoing Support Order by written notice to Amdocs. Upon receipt of such notice, Amdocs shall, if so requested by AT&T, cease performing any OnGoing Support Services as of the effective date of such Termination. [**] all in accordance with the provisions of the applicable Order and in accordance with Appendix 1.2(2) (Prices and Terms). [**] under the Order, [**] Upon receipt of AT&T’s payment, Amdocs shall deliver to AT&T all Work relating to the Software or Services which has been prepared pursuant to such Terminated Order, if applicable.

In exercising its Termination rights under subsections 3.3(D) and 3.3(E) above, [**] provided, however, that if AT&T determines in good faith that an Order for such Custom Software Development or Ongoing Support Services requires immediate Termination due to budget restrictions, AT&T shall be permitted to exercise such rights immediately upon notice.

Insolvency

Proprietary Information

Agreement Number 02026713.A.033

so long as AT&T pays for the Services to be received hereunder in advance on a month-to-month basis. If any Party elects to terminate this Agreement due to the insolvency of the other Party, such termination will be deemed to be a termination for cause hereunder.

(b) Section 365(n). Notwithstanding any other provision of this Agreement to the contrary, in the event that Amdocs becomes a debtor under the Bankruptcy Code and rejects this Agreement pursuant to Section 365 of the Bankruptcy Code (a “Bankruptcy Rejection”), (i) any and all of the licensee and sublicensee rights of AT&T arising under or otherwise set forth in this Agreement shall be deemed fully retained by and vested in AT&T as protected intellectual property rights under Section 365(n)(1)(B) of the Bankruptcy Code and further shall be deemed to exist immediately before the commencement of the bankruptcy case in which Amdocs is the debtor; (ii) AT&T shall have all of the rights afforded to non-debtor licensees and sublicensees under Section 365(n) of the Bankruptcy Code; and (iii) to the extent any rights of AT&T under this Agreement which arise after the termination or expiration of this Agreement are determined by a bankruptcy court to not be “intellectual property rights” for purposes of Section 365(n), all of such rights shall remain vested in and fully retained by AT&T after any Bankruptcy Rejection as though this Agreement were terminated or expired. AT&T shall under no circumstances be required to terminate this Agreement after a Bankruptcy Rejection in order to enjoy or acquire any of its rights under this Agreement.

Proprietary Information

Agreement Number 02026713.A.033

Termination Upon Amdocs’ Change of Control, which shall apply to all agreements between any AT&T Entity and any Amdocs Entity:

In the event of a change in Control of Amdocs (or that portion of Amdocs providing Services under this Agreement) or the Entity that Controls Amdocs (if any), where such Control is acquired, directly or indirectly, in a single transaction or series of related transactions, or all or substantially all of the assets of Amdocs are acquired by any Entity, or Amdocs is merged with or into another Entity to form a new Entity, AT&T may at its option terminate this Agreement by giving Amdocs at least ninety (90) days prior notice and designating a date upon which such termination shall be effective; provided, however, AT&T shall not have this right if Amdocs Limited, (a Guernsey corporation as of the Effective Date) retains Control of Amdocs after such transaction, acquisition, merger; provided, further, however, if such change in Control of Amdocs involves an AT&T competitor, AT&T may terminate this Agreement by giving Amdocs at least ten (10) days prior notice, and the AT&T competitor shall be prohibited from any contact with AT&T Data, AT&T Information and any and all other information about the AT&T account, including discussions with Amdocs personnel regarding specifics relating to the Services. Amdocs shall not be entitled to any termination charges in connection with a termination pursuant to this Section3.3 H. For purposes of this Section, “Control” and its derivatives mean: (a) the legal, beneficial or equitable ownership, directly or indirectly, of (i) [**] or (ii) equity interests having the right to at least [**] or, in the event of dissolution, to at least [**]; (b) the right to appoint, directly or indirectly, a majority of the board of directors; (c) the right to control, directly or indirectly, the management or direction of the Entity by contract or corporate governance document; or (d) in the case of a partnership, the holding by an Entity (or one of its Affiliates) of the position of sole general partner; and “Entity” means a corporation, partnership, joint venture, trust, limited liability company, association or other organization or entity.

Any permitted assignee or successor in interest under this Section 3.3 H shall agree in writing to be bound by the terms and conditions of this Agreement.

Regardless of AT&T’s consent or refusal to consent to an assignment under this Section 3.3 H, Amdocs, or its successor in interest, shall continue to perform under the terms of the Agreement until such time as the Agreement terminates or expires.

Proprietary Information

Agreement Number 02026713.A.033

The terms and conditions of Agreement No. 02026713 as previously amended in all other respects remain unmodified and in full force and effect.


Amdocs, Inc.		AT&T Services, Inc.

By:	/s/ Steven Pennington	By:	/s/ Deidre D. Byer
Name:	Steven Pennington	Name:	Deidre D. Byer
Title	Director of Operations	Title	Sr. Contract Manager – Global Supply Chain
Date:	11-12-2014	Date:	11/11/2014

Proprietary Information