a.
This Agreement shall commence and be effective on the date when signed by the last Party (“Effective Date”), and shall continue until December 31, 2015 (“Expiration Date”) unless earlier terminated as set forth herein. The Parties may extend the Term of this Agreement beyond that date by mutual agreement.
b.
Any Order in effect on the date when this Agreement expires or is terminated will continue in effect until such Order either (i) expires by its own terms or (ii) is separately terminated, prior to its own scheduled expiration, as provided in this Agreement. The terms and conditions of this Agreement shall continue to apply to such Order as if this Agreement were still in effect.
2.19
Nesting
2.21
Product or Program
2.22
Production
a.
The Parties may not amend this Agreement or an Order except by a written agreement of the Parties that identifies itself as an amendment to this Agreement or such Order and is signed by both Parties, or as otherwise expressly provided below in this Section. No waiver of any right or condition for the benefit of a Party is effective unless given in writing and signed by the Party waiving such right or condition for its benefit. No failure or delay in exercising any right or remedy under this Agreement or an Order operates as a waiver or estoppel of any right or remedy; no failure or delay in requiring the satisfaction of any condition under this Agreement or an Order operates as a waiver or estoppel of any condition; and no course of dealing between the Parties operates as a waiver or estoppel of any right, remedy, or condition. A waiver on one occasion is effective only in that instance, and only for the purpose for which it is given, and is not to be construed as a waiver on any future occasion or against any Affiliate other than the Affiliate that makes such waiver.
b.
AT&T’s Vendor Manager may, at any time, request changes to the scope of Work, which shall be confirmed in writing, and Supplier shall not unreasonably withhold or condition its consent. An equitable adjustment shall be made to the charges if such change to the scope substantially affects the time of performance or the cost of the Work to be performed under this Agreement. Such cost adjustment shall be made on the basis of the actual cost of the Work, unless otherwise agreed in writing.
a.
Supplier shall at all times maintain a current and accurate Business Continuity Plan (“BCP”) that enables Supplier to fulfill its obligations under this Agreement in the event of a manmade or natural disaster or other emergency situation that results in a disruption of the Services furnished by, through, or on behalf of Supplier, which may include a Force Majeure, Labor Dispute, or other act or event (each or any of the foregoing an “Occurrence”). Such BCP shall detail Supplier’s plans for recovering from any Occurrence and resuming normal business operations as soon as practicable to continue its obligations under the Agreement. Additionally, Supplier shall comply with the Unified Emergency Restoration Requirements (“UERP”) or other recovery requirements, if applicable, as specified elsewhere in this Agreement or in an Order. In the event of an Occurrence or upon AT&T’s request Supplier shall provide ongoing status
b.
Supplier shall ensure that the BC Plan procedures are sufficient to enable Supplier to meet any Business Continuity standards that are contained in the Order, including, without limitation, those relating to the maximum amount of data loss that can be incurred (“Recovery Point Objectives”), time required for Supplier to resume Services (“Recovery Time Objectives”), and minimum acceptable percentage of Work that Supplier is able to handle on an interim basis until normal operations are restored (“Recovery Capacity Objectives”).
c.
The BC Plan shall include, but not be limited to, the following elements:
1.
Identification of key contacts together with their telephone numbers, cell phone numbers, email addresses, and pagers;
2.
Identification of alternate contacts together with their telephone numbers, cell phone numbers, email addresses, and pagers;
3.
Detailed discussion of Supplier’s plan for serving AT&T Customers in the event of a Condition;
4.
Plan for communicating with AT&T regarding a Condition;
5.
Redundancy of facilities and network connectivity;
6.
Description of Supplier’s ability to support the Order in the event of a Condition;
7.
Description of security precautions taken to protect AT&T Information in the event of a Condition;
8.
Supplier’s plan for testing its BC Plan; and
9.
Such other information as AT&T may request be included.
d.
Supplier shall participate in any Business Continuity or disaster recovery exercises conducted by AT&T.
e.
Supplier shall provide AT&T with a copy of Supplier’s BC Plan for review upon request. Every [*] ([*]) month, Supplier shall perform a comprehensive assessment of its BC Plan and present its findings and recommendations to AT&T within[*] ([*]) days of completion of the assessment. Supplier shall promptly make, at its sole cost and expense, such recommendations to the BC Plan as may be required in order for Supplier to meet the requirements contained in this Agreement or the Order.
f.
Supplier shall continue to provide the Services under this Agreement if AT&T relocates its operations to an interim or substitute facility or otherwise implements any of its internal disaster recovery plans provided, however, that if such AT&T relocation causes material financial hardship to Supplier, the Parties shall mutually negotiate in good faith any changes to an Order required.
g.
If there is a Condition impacting Supplier, Supplier shall immediately so notify the AT&T Vendor Manager and shall advise the AT&T Vendor Manager of (i) any impact on the Services and (ii) any assistance Supplier is requesting from AT&T.
h.
Supplier’s failure to comply with this Section shall constitute a material breach of this Agreement.
a.
Supplier shall comply with the following Codes of Conduct:
1.
Supplier’s Code of Conduct (“Supplier Code”), attached hereto as Appendix A.
2.
For all contacts with consumers and/or businesses identified by AT&T as originating in Texas, Supplier shall comply with the Code of Conduct contained in the Texas Substantive Rules Applicable to Telecommunications Service Providers (“Texas Code”), attached hereto as Appendix B.
3.
For all contacts with consumers and/or businesses in other states besides Texas, Supplier shall comply with the codes of conduct applicable to telecommunications carriers/service providers of the states in which Supplier and its agents, contractors, and Subcontractors are performing Services.
4.
Supplier shall abide by the Strategic and Competitive Intelligence Professionals’ (formerly known as the Society of Competitive Intelligence Professionals) Code of Ethics.
5.
In obtaining competitive business information, it may be necessary for Supplier to contact AT&T’s Competitors. Supplier shall follow AT&T’s ethical guidelines as set forth below when contacting AT&T Competitors:
a.
Supplier shall not say anything misleading, deceptive or untrue.
b.
Supplier shall not enter into any agreement fraudulently, i.e., order services and then cancel before the service is installed or completed.
c.
Supplier shall always give its name to the AT&T Competitor, if requested.
d.
Supplier shall provide its name and client if asked or, as an alternative, provide the option of terminating the discussion.
e.
Supplier shall not provide the AT&T Competitor with prices, pricing policies, or any sensitive or confidential or proprietary Information of AT&T in exchange for competitive information.
f.
Supplier shall obtain AT&T’s prior written authorization, including authorization for funding, for any project requiring services by a third party consultant, payment of any fees in addition to those contemplated by this Agreement, or execution of any other agreement that would require the payment of any additional fees by AT&T to Supplier.
6.
Any failure of Supplier to abide by this paragraph (a) shall constitute a material breach of this Agreement, entitling AT&T to pursue all available remedies at law or in equity.
b.
Supplier further agrees that its officers, and all employees and agents (if any) with responsibility for any direct AT&T Customer contact shall be trained on and agree in writing to be bound by the terms of the Supplier Code and the Texas Code.
c.
Before allowing an employee or agent to make direct AT&T Customer contact on behalf of AT&T Texas as identified by AT&T prior to any such contact, Supplier shall train each employee and agent on the provisions of the Supplier Code and the Texas Code, and to obtain signed acknowledgement by the employee and/or agent of his/her training on, review and understanding of the Supplier Code and the Texas Code.
d.
Employees and agents not selling to Customers in Texas are not required to be trained on the Texas Code. Supplier shall maintain employee and agent-specific records of training, including dates trained and the identity of the trainer, and shall provide AT&T Texas with copies of such records upon request. All training shall be repeated annually for each employee and agent.
e.
Supplier shall not permit any employee to contact Texas Customers, consumers and/or businesses on behalf of AT&T Texas unless and until (s)he completes successfully all training. Supplier shall ensure that its employees use AT&T suggested scripting in all sales.
a.
Supplier and each of its agents, contractors and Subcontractors, shall comply at its sole cost and expense with all Laws (whether specifically mentioned elsewhere in this Agreement or not) attendant upon Supplier’s performance under this Agreement and AT&T’s utilization of the Materials and Services, in every jurisdiction where Supplier performs or AT&T utilizes the Materials or receives the Services. Supplier shall procure all approvals, bonds, certificates, insurance, inspections, licenses, and permits that such Laws require for the performance of this Agreement.
b.
Without limiting the generality of the foregoing provision, Supplier and each of its agents, contractors and Subcontractors shall comply with all Laws, all applicable tariffs, and all applicable rules and orders of judicial and regulatory bodies regulating the conduct of the Services to be provided under this Agreement, including, but not limited to (i) all Laws, tariffs, rules and orders relating to the monitoring of employees’ telephone calls with Customers, and (ii) all Laws, tariffs, rules and orders relating to telemarketing and caller ID (collectively referred to as “Telemarketing Rules”) including the Telephone Consumer Protection Act (“TCPA”), the Telemarketing and Consumer Fraud and Abuse Protection Act (“Telemarketing Act”), the Telemarketing Sales Rule, California Public Utilities Code section 2893, California Business & Professions Code section 17590 et seq., and all similar laws of the state or states in which the Supplier and its agents, contractors and Subcontractors are located and/or to which they are placing telephone calls. If ever any such Laws, tariffs, rules, and orders should purport to regulate the conduct of AT&T when AT&T performs such Services on its own behalf, but not purport to regulate the conduct of Supplier as an independent contractor providing such Services, AT&T shall provide reasonable prior written notice to Supplier and Supplier shall nevertheless comply with such Laws, tariffs, rules, and orders as though it were subject to the same obligations as AT&T.
c.
Supplier shall be responsible for export control and shall comply with Export Administration Regulations (“EAR”) as defined by the U.S. Bureau of Industry and Security (“BIS”) and embargo regulations. Each Order must be reviewed for compliance with the EAR and embargo regulations. Additionally, each access to AT&T computer systems and all applications that the Supplier will access on such systems must be reviewed to insure that such access is in compliance with the EAR and embargo regulations.
d.
The Parties shall comply with all applicable Laws and regulations, including but not limited to export control, import and trade sanctions Laws, rules and regulations, in their performance of this Agreement.
e.
The Parties specifically acknowledge that certain Materials and Services (including technical assistance and technical data) to be provided hereunder may be subject to export controls under the laws and regulations of the United States, the European Union, and other jurisdictions. No Party shall use, sell, export, re-export, distribute, transfer, dispose or otherwise deal with any such Material or any direct product thereof or undertake any transaction or Service without first obtaining all necessary written consents, permits and authorizations and completing such formalities as may be required by any such Laws or regulations.
f.
Supplier shall be solely responsible for arranging export clearance, including applying for and obtaining any permits, licenses or other authorizations and complying with export clearance formalities, for all exports of Materials and Services made hereunder, including but not limited to exports by Supplier to its affiliates or Subcontractors and exports from such affiliates or Subcontractors to Supplier or to AT&T in the United States. AT&T agrees to use reasonable efforts to obtain and provide to Supplier in a timely
g.
AT&T shall not be responsible or otherwise assume any responsibility for the importation of articles into any country (including the United States). Supplier expressly agrees to be responsible for any and all importations.
i.
Without limiting the generality of the foregoing provisions, Supplier and each of its agents, contractors and Subcontractors shall comply with all laws and regulations relating to the employment and compensation of individuals who provide Services with respect to this Agreement, including but not limited to federal, state, and local laws governing employment (Title VII, ADEA, ADA, FMLA, FLSA, etc.) and applicable laws and regulations relating to the withholding and reporting of payroll taxes, All individuals providing Services under this Agreement will be classified by Supplier (or, if applicable, by Subcontractor) as employees whose wage will be subject to reporting on Form W-2, and not as independent contractors.
j.
Supplier shall indemnify, hold harmless and defend AT&T from and against any and all loss, cost, damage or liability, including but not limited to reasonable attorneys fees and costs, arising from or in connection with any failure of Supplier or any of its agents, contractors or Subcontractors to so comply with any applicable Law, tariff, rule or order. Supplier shall notify AT&T of any lawsuit or any complaint, including any inquiry of any federal or state government agency, alleging any violation of or non-compliance with any Law, tariff, rule or order including, but not limited to, the Telemarketing Rules. Any failure by Supplier or any of its agents, contractors or Subcontractors to comply with any Law, tariff, rule or order shall constitute a material breach of this Agreement and grounds for immediate termination of this Agreement by AT&T.
a.
In the event Supplier provides Material and Services during the Term of this Agreement or an Order to any AT&T Competitor, Supplier shall notify AT&T of such potential conflicts and shall pursue the following safeguards during the Term of this Agreement:
1.
In the event Supplier operates out of more than one Supplier Facility, any activities performed for an AT&T Competitor shall be performed out of a different Supplier Facility from which Supplier is performing Services on behalf of AT&T unless otherwise agreed to by AT&T in writing. If Supplier operates out of one Supplier Facility or AT&T authorizes Supplier to perform Services for an AT&T Competitor at a Supplier Facility where Services are performed for AT&T, Supplier shall ensure all personnel providing Services hereunder are physically segregated (through secured access) from personnel providing Services on behalf of an AT&T Competitor.
2.
With respect to Work performed for AT&T, Supplier shall perform the Work:
i.
With separate management structures on AT&T projects
ii.
By isolating AT&T’s applications and AT&T’s Information from any other customer’s or Supplier’s own applications and information either by using physically separate servers or alternatively by using logical access controls where physical separation of servers is not implemented.
iii.
CSRs performing AT&T’s Work shall not share break rooms with CSRs on projects for other AT&T Competitors.
iv.
During the [*] ([*]) months following completion of the Services for AT&T, Supplier shall not assign supervisory or CSR personnel who Work on AT&T Programs to provide services for other AT&T Competitors if such services are similar to the Services performed by Supplier for AT&T; provided, however, in the case of Termination for Convenience, Supplier may assign such personnel to AT&T Competitors without restriction and without delay.
3.
Supplier shall initiate and maintain strict building security for the protection of AT&T’s Information while in Supplier’s control and shall limit access to operating areas and Information to those with a need for such access. Such security procedures shall be subject to inspection and approval by AT&T.
4.
CSRs, supervisory personnel, or account managers having any staff or oversight role with respect to CSRs performing Services on behalf of an AT&T Competitor shall not have any strategic or creative role with respect to Services performed on behalf of AT&T. No CSR, supervisor, account manager having any staff or oversight role with respect to personnel performing Services on behalf of AT&T may have any strategic or creative role with respect to Services performed on behalf of an AT&T Competitor.
5.
No Information, including but not limited to information furnished to Supplier in connection with this Agreement, Order or request for proposal(s), shall be shared between Supplier personnel, managers, or supervisors who are involved both in this Agreement and any Supplier agreement with an AT&T Competitor.
6.
All information regarding AT&T’s Programs, performance, procedures, scripts, data and methodologies will be regarded as confidential Information.
b.
If at any time during the Term of this Agreement Supplier fails to comply with the safeguards set forth in paragraph (a) above or if Supplier, its parent company or any of its affiliates seeks permission from the appropriate regulatory authority to offer or otherwise commences procedures to provide telecommunications services in competition with AT&T or any of its affiliates, Supplier shall immediately notify AT&T. Upon receipt of such notice AT&T may, at its sole reasonable discretion, terminate this Agreement without further notice or liability to Supplier other than amounts due for Services performed as of the effective termination date.
c.
Supplier represents and warrants that no officer, director, employee, or agent of AT&T has been or will be employed, retained or paid a fee, or otherwise has received or will receive any personal compensation or consideration, by or from Supplier or any of Supplier officers, directors, employees, or agents in connection with the obtaining, arranging, or negotiation of this Agreement or other documents entered into or executed in connection with this Agreement.
a.
This Agreement has been prepared jointly and has been the subject of arm’s length and careful negotiation. Each Party has been given the opportunity to independently review this Agreement with legal counsel and other consultants, and each Party has the requisite experience and sophistication to understand, interpret and agree to the particular language of its provisions. Accordingly, the drafting of this Agreement is not to be attributed to either Party.
b.
Article, Section and paragraph headings contained in this Agreement are for reference purposes only and are not to affect the meaning or interpretation of this Agreement. The word “include” in every form
a.
A Party is excused from performing its obligations under this Agreement or any Order if, to the extent that, and for so long as:
i.
such Party’s performance is prevented or delayed by an act or event (other than economic hardship, changes in market conditions, insufficiency of funds, or unavailability of equipment and supplies) that is beyond its reasonable control and could not have been prevented or avoided by its exercise of due diligence; and
ii.
such Party gives written notice to the other Party, as soon as practicable under the circumstances, of the act or event that so prevents such Party from performing its obligations.
b.
By way of illustration, and not limitation, acts or events that may prevent or delay performance (as contemplated by this Section) include: acts of God or the public enemy, acts of civil or military authority, terrorists acts, embargoes, epidemics, war, riots, insurrections, fires, explosions, earthquakes, floods, and extreme weather events.
c.
If Supplier is the Party whose performance is prevented or delayed, AT&T may elect to:
1.
Terminate, in whole or in part, this Agreement and the affected Order, without any liability to Supplier except for payment of all fees due and owing to Supplier under such affected Order for Services rendered by Supplier to AT&T through such termination date; or
2.
Suspend this Agreement and the affected Order or any part thereof for the duration of the delay; and (at AT&T’s option) obtain Material and Services elsewhere and deduct from any commitment, under this Agreement or such Order, the quantity of the Material and Services obtained elsewhere or for which commitments have been made elsewhere; and resume performance under this Agreement or such Order when Supplier resumes its performance; and (at AT&T’s option) extend any affected Delivery Date or performance date up to the length of time Supplier performance was delayed or prevented. If AT&T does not give any written notice, within [*] ([*]) days after receiving notice under this Section that Supplier performance has been delayed or prevented, this option (ii) will be deemed to have been selected.
d.
Notwithstanding subsections a, b, and c of this Section and except as otherwise specified in an Order, Supplier shall take reasonable steps to provide redundancy such that Supplier’s ability to perform the Services are not impacted by a Force Majeure event.
a.
To the extent that Supplier’s performance is subject to certain executive orders (including E.O. 11246 and E.O. 13201) and statutes (including Section 503 of the Rehabilitation Act of 1973, as amended; the Vietnam Era Veteran’s Readjustment Assistance Act of 1974; Section 8116 of the Defense Appropriations Act for Fiscal Year 2010 (Pub. L. 111-118); and the Jobs for Veterans Act) pertaining to government contractors, Supplier shall:
1.
comply with such executive orders and statutes, and their implementing regulations, as amended from time to time; and
2.
fulfill the obligations of a contractor under the clauses incorporated by this Section.
b.
This Section incorporates the following statutes and rules:
1.
“Affirmative Action For Workers With Disabilities” (at 48 CFR §52.222-36);
2.
“Employment Reports On Special Disabled Veterans, Veterans Of The Vietnam Era, and Other Eligible Veterans” (at 48 CFR §52.222-37);
3.
“Equal Employment Opportunity” (at 48 CFR §52.222-26);
4.
“Equal Employment Opportunity Clause” (at 41 CFR §60-1.4(a));
5.
“Equal Opportunity For Special Disabled Veterans And Veterans of the Vietnam Era” (at 41 CFR §60-250.5);
6.
“Equal Opportunity for Disabled Veterans, Recently Separated Veterans, Other Protected Veterans, and Armed Forces Service Medal Veterans” (at 41 CFR §60-300.5);
7.
“Equal Opportunity For Workers With Disabilities” (at 41 CFR §60-741.5);
8.
“Prohibition of Segregated Facilities” (at 48 CFR §52.222-21);
9.
“Small Business Subcontracting Plan” (at 48 CFR §52.219-9); and
10.
“Utilization Of Small Business Concerns” (at 48 CFR §52.219-8).
11.
"Whistleblower Protections Under the American Recovery and Reinvestment Act of 2009") (FAR 52.203-15,
12.
"American Recovery and Reinvestment Act - Reporting Requirements" (FAR 52.204-11).
13.
“GAO/IG Access” (FAR 52.212-5(d) (Alt. II), FAR 52.214-26(c) (Alt. I), FAR 52.215-2(d) (Alt. I)).
14.
“Davis-Bacon Act" (FAR 52.222-6),
15.
“Buy American Act” (FAR 52.225-21, FAR 52.225-22, FAR 52.225-23, & FAR 52.225-24)
16.
“Whistleblower Protections” (Pub. L. No. 111-5, Section 1553)
18.
“GAO/IG Access” (Pub. L. No. 111-5, Section 902, 1514 and 1515)
19.
“Award term—Wage Rate Requirements under Section 1606 of the Recovery Act” (2 CFR 176.190)
20.
Buy American Requirements (2 CFR 176.140, 2 CFR 176.150, 2 CFR 176.160, & 2 CFR 176.170)
c.
If an Order includes a statement that performance is intended for a government contract and incorporates additional government contracting provisions, Supplier shall also fulfill the obligations of a contractor under those additional provisions.
a.
Supplier shall indemnify, hold harmless, and defend AT&T, its Affiliates, and their agents and employees, in accordance with this Section, against any Loss arising from or in connection with, or resulting from, the Materials or Services furnished by Supplier or Supplier’s acts or omissions with respect to this Agreement. Supplier’s duty to indemnify, hold harmless, and defend against Loss shall, however, be limited by, and subject to applicable laws regarding contributory negligence in the event of any Loss that may be caused or alleged to be caused in part by the negligence of AT&T or other persons indemnified under this Agreement.
b.
“Loss” includes any liability, loss, claim, demand, suit, cause of action, settlement payment, cost and expense, interest, award, judgment, damages (including punitive damages), diminution in value, liens, fines, fees, penalties, and Litigation Expense. “Litigation Expense” means any court filing fee, court cost, arbitration fee, and each other fee and cost of investigating or defending an indemnified claim or asserting any claim for indemnification or defense under this Agreement, including Attorney’s Fees, other professionals’ fees, and disbursements.
c.
Without limiting the foregoing provisions of this section, Supplier also agrees to defend, indemnify, hold harmless and defend AT&T, its Affiliates and their agents and employees in the event that any federal, state or local governmental agency or any of Supplier’s current or former applicants, agents, employees or subcontractors, or agents or employees of Supplier’s subcontractors assert claims arising out of the employment relationship with Supplier, or
d.
AT&T shall notify Supplier in writing, and with reasonable promptness, of any claim, demand, suit, cause of action or legal proceeding that may give rise to a claim against Supplier for defense. If AT&T fails to give notice, Supplier is still obligated to indemnify, hold harmless and defend AT&T, except that Supplier is not liable for any Litigation Expense that AT&T incurs before the time when notice is given and is not liable for a degradation in the ability to defend the Litigation to the extent Supplier can show it was prejudiced as a result of the delay in providing notice.
e.
At the request of AT&T, Supplier shall conduct AT&T’s defense (employing counsel reasonably acceptable to AT&T), at Supplier’s expense, against any claim, demand, suit or cause of action within the scope of paragraph (a) above, whether or not litigation is actually commenced or the allegations are meritorious. At its own option, AT&T may employ separate counsel, including in-house counsel, to conduct AT&T’s defense against such a claim. AT&T and Supplier shall cooperate in the defense of any such claim. Supplier may control the defense and settlement of such a claim, but if the settlement of a claim may have an adverse effect on AT&T, then Supplier shall not settle such claim without the consent of AT&T, and AT&T shall not unreasonably withhold or delay its consent.
f.
Intentionally Omitted
g.
Supplier shall bring no claim or action for indemnification, contribution, or [*] against AT&T, its Affiliates, or their agents or employees, nor shall Supplier implead any of them in any action brought by another, based on injury to the person or death arising out or relating to Supplier’s performance under this Agreement. If, through any such action, Supplier ever acquires a lien on a judgment against AT&T, its Affiliates, or their agents or employees, then Supplier shall assign such lien to AT&T. Supplier waives any immunity from indemnification that Supplier may hold, by virtue of Supplier’s compliance with its workers’ compensation obligations in any jurisdiction, even if such immunity arises under the constitution or statutes of such jurisdiction (such as, for example, Section 35, Article II, of the Ohio Constitution and Sections 4123.74 and 4123.741 of the Ohio Revised Code).
a.
Supplier shall ensure that its Representatives (including employees, contractors, suppliers, and Subcontractors) strictly comply with all Laws regarding security and confidentiality of Information and any higher standards as may be contained in the Agreement or an Order. Such efforts shall include, but are not limited to, the following steps:
1.
Train its Representatives regarding their obligations under the law, the Agreement, and all Orders issued pursuant hereto;
2.
Monitor Representatives’ actions, including their use of websites, for compliance;
3.
Immediately notify AT&T Vendor Manager(s) in the event of any suspected or actual activities of Representatives that would or could reasonably constitute a violation of the Law, the Agreement or an Order;
4.
Identify areas where Supplier’s processes, systems, and monitoring may be vulnerable and take action to reduce the risk of unauthorized access, use, or disclosure of any AT&T Information.
b.
Supplier shall reimburse AT&T for any and all penalties, fines, awards, costs, and actual damages associated with or arising from Supplier’s unauthorized disclosure, use, or access, and from Supplier’s failure to prevent its Representatives from making an unauthorized disclosure, use, or access to, AT&T Information. In addition to all other legal or contractual remedies, in the event of an unauthorized disclosure, use, or accessing of AT&T Information, the Parties agree as follows:
1.
Website Disclosures
i.
Any disclosure or posting of AT&T Information by Supplier, its CSR, or any other Supplier personnel on an unsecure website shall constitute a material breach of the Agreement.
ii.
Within [*] ([*]) hours after Supplier discovers or is advised that AT&T Information has been posted on an unsecure website, Supplier shall remove or cause the removal such AT&T Information. Time is of the essence. If the AT&T Information is not removed within the [*] ([*]) hour period, that failure shall constitute a separate material breach of the Agreement by Supplier.
iii.
Each [*] ([*]) hour period during which the AT&T Information has not been removed from the website shall constitute a separate material breach of the Agreement. For each material breach under this subsection b.1.(iii), Supplier shall credit AT&T’s account at the rate of [*] dollars ($[*]) per byte of Information posted on website per [*] ([*]) hour period for each [*] ([*]) hour period that the Information remains on a website after the [*] ([*]) hour period described in subsection b.1.( ii). (Calculated as (Number of [*] hour period) x ($[*]/byte) x (number of bytes).) In addition, Supplier shall be liable to AT&T for any damages incurred by AT&T by virtue of Supplier’s failures to remove the Information in a timely manner. Further, Supplier’s failure to remove the AT&T Information from the website by the end of the [*][*] ([*]) hour period shall operate as a waiver by Supplier of all forecast guarantees under an Order for the then-current and all subsequent months of an Order. In the event of such material breach, AT&T may demand prompt return of all confidential and proprietary Information previously provided to Supplier and may immediately terminate this Agreement and the applicable Order. The provisions of this Section are in addition to and not in lieu of all other remedies to which AT&T is entitled, whether at law or in equity.
2.
On the first or any subsequent occurrence of an unauthorized disclosure, use, or access to AT&T Information, Supplier shall seek third party certification for its PCI DSS practices as described in the Section entitled Payment Card Industry (PCI).
3.
If a [*] or subsequent unauthorized disclosure, use, or access to AT&T Information occurs, in addition to all other remedies under the Order or the Agreement, Supplier shall submit to a third party audit of its certification processes for PCI DSS practices and implement all recommendations of the third party auditor within [*] ([*]) months thereafter.
4.
Supplier acknowledges that AT&T has a duty to protect AT&T Information. If AT&T determines in its sole and absolute discretion that Supplier or the Supplier Facility is doing an inadequate job of protecting AT&T Information, AT&T shall have the right to stop or reduce the calls routed to Supplier or to the Facility. If AT&T makes this determination and it results in AT&T failing to deliver the forecasted volume of Work to Supplier or the Supplier Facility, Supplier shall not be entitled to any payment under the forecast guarantee provisions in the Order.
c.
In connection with this Agreement, including Supplier’s performance of its obligations hereunder and AT&T’s receipt of Material and Services, either Party may find it beneficial to disclose to the other Party (which may include permitting or enabling the other Party’s access to) certain of its Information. For the purpose of this clause, AT&T’s disclosure of Information to Supplier includes any Information that Supplier receives, observes, collects, handles, stores, or accesses, in any way, in connection with this Agreement. Information of a disclosing Party shall be deemed to be confidential or proprietary only if it is clearly marked or otherwise identified by the disclosing Party as being confidential or proprietary, provided that if it is orally or visually disclosed (including Information conveyed to an answering machine, voice mail box or similar medium), the disclosing Party shall designate it as confidential or proprietary at the time of such disclosure. Not withstanding the foregoing, a disclosing Party shall not have any such obligation to so mark or identify, or to so designate, Information that the disclosing Party discloses to or is otherwise obtained by the other Party’s employees, contractors, or representatives (i) who are located on the disclosing Party’s premises; (ii) who access the disclosing Party’s systems; or (iii) who otherwise obtain AT&T and/or AT&T Customer Information in connection with this Agreement, any such Information so disclosed shall automatically be deemed to be confidential and proprietary. Additionally, the failure to mark or designate information as being confidential or proprietary will not waive the confidentiality where it is reasonably obvious, under the circumstances surrounding disclosure, that the Information is confidential or proprietary; any such Information so disclosed or obtained shall automatically be deemed to be confidential and proprietary. For greater certainty, Information provided by either Party to the other Party prior to the Effective Date of this Agreement in connection with the subject matter hereof, including any such Information provided under a separate non-disclosure agreement (howsoever denominated) is also subject to the terms of this Agreement. Neither Party shall disclose Information under this Agreement that includes, in any form, any of the following: CPNI (as defined in Section 4.6 “Customer-Information”) , SPI (as defined in Appendix O “Security Attachment (SISR)”, Customer or employee personal information, credit card and credit related information, health or financial information, and/or authentication credentials.
d.
With respect to the Information of the disclosing Party, the receiving Party shall:
1.
hold all such Information in confidence with the same degree of care with which it protects its own confidential or proprietary Information, but with no less than reasonably prudent care;
2.
restrict disclosure of such Information solely to its employees, contractors, and agents with a need to know such Information, advise such persons of their confidentiality obligations hereunder with respect thereto, and ensure that such persons are bound by obligations of confidentiality reasonably comparable to those imposed in this Agreement;
3.
use such Information only as needed to perform its obligations (and, if AT&T is the receiving Party, to receive the benefits of the Material and Services provided) under this Agreement;
4.
except as necessary under clause (c), not copy, distribute, or otherwise use any such Information or allow anyone else to copy, distribute, or otherwise use such Information; and ensure that any and all copies bear the same notices or legends, if any, as the originals; and
5.
upon the disclosing Party’s request, promptly return, or destroy all or any requested portion of the Information, including tangible and electronic copies, notes, summaries, extracts, mail or other communications, and provide written certification within [*] ([*]) business days to the disclosing Party that such Information has been returned or destroyed, provided that with respect to archival or back-up copies of Information that reside on the receiving Party’s systems, the receiving Party shall be deemed to have complied with its obligations under this clause (e) if it makes reasonable efforts to expunge from such systems, or to permanently render irretrievable, such copies.
e.
Neither Party shall have any obligation to the other Party with respect to Information which:
1.
at the time of disclosure was already known to the receiving Party free of any obligation to keep it confidential (as evidenced by the receiving Party’s written records prepared prior to such disclosure);
2.
is or becomes publicly known through no wrongful act of the receiving Party (such obligations ceasing at the time such Information becomes publicly known);
a.
is lawfully received from a third party, free of any obligation to keep it confidential;
b.
is independently developed by the receiving Party or a third party, as evidenced by the receiving Party’s written records, and wherein such development occurred without any direct or indirect use of or access to the Information received from the disclosing Party, or
c.
the disclosing Party consents in writing to be free of restriction.
f.
If a receiving Party is required to provide Information of a disclosing Party to any court or government agency pursuant to a written court order, subpoena, regulatory demand, or process of law, the receiving Party must, unless prohibited by applicable law, first provide the disclosing Party with prompt written notice of such requirement and reasonable cooperation to the disclosing Party should it seek reasonable protective arrangements for the production of such Information. The receiving Party will (i) take reasonable steps to limit any such provision of Information to the specific Information required by such court or agency, and (ii) continue to otherwise protect all Information disclosed in response to such order, subpoena, regulation, or process of law.
g.
A receiving Party’s obligations with respect to any particular Information of a disclosing Party shall remain in effect, including after the expiration or termination of this Agreement, until such time as it qualifies under one of the exceptions set forth in clause (e) above.
h.
Notwithstanding anything to the contrary in this Agreement (including in this Section), Supplier understands and acknowledges that Supplier information related to the installation, operation, repair, or maintenance of Material shall not be considered confidential or proprietary, and AT&T may disclose any such information for purposes of installing, operating, repairing, replacing, removing, and maintaining the Material.
i.
The Parties expressly agree that AT&T may use confidential Information relating to Supplier performance to create scorecards showing Supplier performance relative to other suppliers supporting a particular business unit or Program and that, in such event:
1.
AT&T may share this confidential Information with other firms supporting the business unit or Program;
2.
Disclosure of such confidential Information by AT&T to other suppliers supporting the business unit or Program is not a breach of AT&T’s duty to protect Supplier confidential Information;
3.
Any such scorecards are intended to provide Supplier with benchmarking information regarding its performance relative to other firms supporting the business unit or Program and relative to AT&T’s expectations so that Supplier can assess any need for improvement. Supplier shall not use any such scorecards for any other purpose. In particular and without limitation, Supplier shall not use any scorecards in any marketing, sales, or other efforts and all Information related to the existence, rankings, performance, ranking, contents, and criteria of all scorecards shall be disclosed only to individuals within Supplier and, even then, shall only be disclosed to individuals who have a bona fide need to know such confidential Information.
1.
“Indemnified Parties” shall mean AT&T and its Affiliates, as well as their agents, distributors and customers, individually or collectively, as the case may be.
2.
“Loss” shall mean any liability, loss, claim, demand, suit, cause of action, settlement payment, cost and expense, interest, award, judgment, damages (including, without limitation, punitive and exemplary damages and increased damages for willful infringement), liens, fines, fees, penalties, and Litigation Expense.
3.
“Litigation Expense” means any court filing fee, court cost, arbitration fee, and each other fee and cost of investigating or defending an indemnified claim or asserting any claim for indemnification or defense under this Agreement, including without limitation reasonable attorneys’ fees and other professionals’ fees, and disbursements.
4.
“Accused Elements” shall mean any products, hardware, software, systems, content, services, processes, methods, documents, materials, data or information (or functionality therein) provided by or on behalf of Supplier.
1.
Supplier shall indemnify, hold harmless, and defend the Indemnified Parties against any Loss resulting from, arising out of or relating to any allegation, threat, demand, claim or lawsuit brought by any third party (“Covered Claim”), regardless of whether such Covered Claim is meritorious, of:
a)
infringement (including, without limitation, direct, contributory and induced infringement) of any patent, copyright, trademark, service mark, or other Intellectual Property Rights in connection with the Accused Elements, including, for example, any Covered Claim of infringement based on:
(1)
making, repair, receipt, use, importing, sale or disposal (and offers to do any of the foregoing) of Accused Elements (or having others do any of the foregoing, in whole or in part, on behalf of or at the direction of the Indemnified Parties), or
(2)
use of Accused Elements in combination with products, hardware, software, systems, content, services, processes, methods, documents, materials, data or information not furnished by Supplier, including, for example, use in the form of the making, having made or using of an apparatus or system, or the making or practicing of a process or method (a “Combination Claim”);
b)
misappropriation of any trade secret, proprietary or non-public information in connection with the Accused Elements; any and all such Loss referenced in this Section b (“Obligations”) being hereinafter referred to as a “Covered Loss.”
2.
In the event (and only in the event) that Supplier’s obligations under paragraph b.1. result from, arise out of, or relate to a Covered Claim that is a Combination Claim, the following provisions shall apply:
a)
Supplier shall be liable to pay only its Proportionate Share of the Covered Loss associated with such Combination Claim. The “Proportionate Share” payable by Supplier shall be a portion of the Covered Loss determined on an objectively fair and equitable basis to be attributable to Supplier based on the relative materiality of the role played by the applicable Accused Elements in the Combination Claim.
b)
Supplier shall be liable to the Indemnified Parties (or to a third-party claimant directly, if applicable) for its duly determined Proportionate Share of the Covered Loss with respect to a particular Combination Claim, regardless of whether any other interested party compensates the Indemnified Parties as part of an indemnification obligation, if any, relating to the Combination Claim.
c)
Supplier shall make payments in satisfaction of its Proportionate Share obligation (“Required Payments”) whenever those Required Payments become due (for example, Supplier shall make Required Payments for indemnified defense costs when payment is due to be paid to outside counsel; and Supplier shall make Required Payments for court awards (such as damages) when payment is required by the court; and Supplier shall make Required Payments for settlement when payment is due to be paid according to the terms of a settlement agreement). To the extent possible, AT&T shall give Supplier reasonable notice of such payment due dates. Supplier shall be liable to the Indemnified Parties for any monies owed (such as a Proportionate Share) by any affiliate of Supplier should such affiliate fail to pay in accordance with its indemnification obligation to the Indemnified Parties.
3.
AT&T shall have sole control over the defense of (i) any Combination Claim and (ii) any other Covered Claim that involves Supplier and one or more other suppliers of AT&T or its Affiliates ((i) and (ii) being hereinafter referred to separately and collectively as a “Compound Claim”). Supplier shall cooperate in every reasonable way with AT&T to facilitate the defense and may, at its option and at its own expense, participate with AT&T in the defense with counsel of its own choosing.
4.
In the event (and only in the event) that Supplier’s obligations under paragraph b.1. result from, arise out of, or relate to other than a Compound Claim, Supplier may control the defense, but only if, promptly upon any of the Indemnified Parties’ giving Supplier written notice of the
5.
AT&T shall notify Supplier promptly of any Covered Claim, but such notice shall not be a precondition of Supplier’s obligations under this Section; and any delay in such notice shall not relieve Supplier of its obligations under this Section, except if and only to the extent that Supplier can show that such delay actually and materially prejudices Supplier.
6.
In no event shall Supplier settle, without AT&T’s prior written consent, any Covered Claim, in whole or in part, in a manner that would require any Indemnified Party to discontinue or materially modify its products or services (or offerings thereof). In no event shall Supplier enter into any agreement related to any Covered Claim or to the Intellectual Property Rights asserted therein that discharges or mitigates Supplier’s liability to the third-party claimant but fails to fully discharge all of AT&T’s liabilities as to the Covered Loss.
1.
Without in any manner limiting the foregoing indemnification, if, as a result of a Covered Claim, (i) Indemnified Parties’ rights under this Agreement are restricted or diminished; or (ii) an injunction, exclusion order, or other order from a court, arbitrator or other competent tribunal or governmental authority preventing or restricting the Indemnified Parties’ use or enjoyment of the Accused Elements (“Adverse Judicial Order”) is issued, imminent, or reasonably likely to be issued, then, in addition to its other obligations set forth in this Section, Supplier, in any case at its sole expense (or, in the case of a Combination Claim, at its fairly and equitably apportioned expense) and at no loss, cost or damage to the Indemnified Parties or their customers, shall use commercially reasonable efforts to obtain for the Indemnified Parties the right to continue using or conducting other activities with respect to the Accused Elements (or, in the case of a Combination Claim, shall use commercially reasonable efforts, in cooperation as reasonably needed with other interested parties, to obtain for the Indemnified Parties the right to continue using or conducting other activities with respect to the Accused Elements in the combination at issue); provided that if Supplier is unable to obtain such right, Supplier shall, after consulting with and obtaining the written approval of the Indemnified Parties, provide modified or replacement non-infringing Accused Elements that are (or, in the case of a Combination Claim, shall use commercially reasonable efforts, in cooperation as reasonably needed with other interested parties, to provide a modified or replacement non-infringing combination, with the Accused Elements being modified or replaced as needed therein, that is) equally suitable and functionally equivalent while retaining the quality of the original Accused Elements and complying fully with all the representations and warranties set forth in this Agreement; provided further that if Supplier is unable in this way to provide such modified or replacement non-infringing Accused Elements, AT&T shall have the rights, without prejudice to any other rights or remedies that AT&T has in contract, law or equity: (i) to terminate this Agreement; and (ii) to require Supplier, as applicable, to remove, accept return of, or discontinue the provision of the Accused Elements, to refund to AT&T the purchase price thereof or other monies paid therefor, and to reimburse AT&T for any and all out-of-pocket expenses of removing, returning, or discontinuing such Accused Elements.
2.
Notwithstanding any other provision of this Agreement to the contrary, should an Adverse Judicial Order be issued against any person (whether or not stayed or currently in effect), affecting Indemnified Parties’ ability to use or conduct other activities with respect to the Accused Elements, then the Indemnified Parties may seek the right to continue to use, or conduct other activities with respect to, the Accused Elements, and Supplier shall reimburse the Indemnified Parties for the reasonable costs (including reasonable attorney’s fees) associated with obtaining such right; and, in the case of a Combination Claim, the Indemnified Parties may seek the right to continue to use, or conduct other activities with respect to, the combination at issue and seek from Supplier a fair and equitably apportioned share of the reasonable costs (including reasonable attorney’s fees) associated with such right.
d.
Elimination of Charges. AT&T has no obligation to pay Supplier any charges under this Agreement for the purchase, use, or maintenance of Accused Elements when such purchase, use, or maintenance occurs after such time as the Indemnified Parties cease to use them, by reason of actual or claimed infringement.
e.
Exceptions. Supplier shall have no liability or obligation to any of the Indemnified Parties for any Loss resulting from a Covered Claim if and to the extent that such Covered Claim is clearly based on, and would not have arisen but for:
1.
use of the Accused Elements by the Indemnified Parties in a manner that constitutes a material breach of an explicit prohibition in this Agreement; or
2.
a modification or alteration of the Accused Elements by an Indemnified Party that is both unauthorized by Supplier and not reasonably necessary for its use; or
3.
Supplier’s contractually required conformance to the Indemnified Party’s written specifications, but only if and to the extent all of the following are true:
a)
there was no technically feasible non-infringing means of complying with those specifications; and
b)
the relevant specifications are not designed to bring the Accused Elements into compliance with or conform to an industry standard; and
c)
the Accused Elements (nor the accused functionality therein) are not, nor have been, at any time (now or in the future) provided by or on behalf of Supplier to any third party; and
d)
the Accused Elements (nor the accused functionality therein) are not, nor have been, at any time (now or in the future) available on the open market (i.e. provided or offered at any time by a third party to another party other than AT&T; and
e)
the relevant specifications for the Accused Elements are not of Supplier’s (or their sub-supplier’s) origin, design, or selection.
f.
OTHER LIMITATIONS OF LIABILITY NOT APPLICABLE. NOTWITHSTANDING ANY OTHER PROVISION IN THIS AGREEMENT TO THE CONTRARY (AND WHETHER OR NOT SUCH A PROVISION CONTAINS LANGUAGE THAT REPRESENTS ITSELF AS TAKING PRECEDENCE OVER OTHER PROVISIONS CONTRARY TO IT), WHETHER EXPRESS OR IMPLIED, NONE OF THE LIMITATIONS OF LIABILITY (INCLUDING, WITHOUT LIMITATION, ANY LIMITATIONS REGARDING TYPES OF OR AMOUNTS OF DAMAGES OR LIABILITIES) CONTAINED ANYWHERE IN THIS AGREEMENT WILL APPLY TO SUPPLIER CAP’S OBLIGATIONS UNDER THIS SECTION.
a.
With respect to Supplier’s performance under this Agreement, and in addition to Supplier’s obligation to indemnify, Supplier shall at its sole cost and expense:
i.
maintain the insurance coverages and limits required by this Section and any additional insurance and/or bonds required by law:
1.
at all times during the Term of this Agreement and until completion of all Work associated with this Agreement, whichever is later; and
2.
with respect to any coverage maintained in a “claims-made” policy, for [*] ([*]) years following the Term of this Agreement or completion of all Work associated with this Agreement, whichever is later. If a “claims-made” policy is maintained, the retroactive date must precede the commencement of Work under this Agreement;
ii.
require each subcontractor who may perform Work under this Agreement or enter upon the Work site to maintain coverages, requirements, and limits at least as broad as those listed in this Section from
iii.
procure the required insurance from an insurance company eligible to do business in the state or states where Work will be performed and having and maintaining a Financial Strength Rating of “A-” or better and a Financial Size Category of “VII” or better, as rated in the A.M. Best Key Rating Guide for Property and Casualty Insurance Companies, except that, in the case of Workers’ Compensation insurance, Supplier may procure insurance from the state fund of the state where Work is to be performed; and
iv.
deliver to AT&T certificates of insurance stating the types of insurance and policy limits. Supplier shall provide or will endeavor to have the issuing insurance company provide at least [*] ([*]) days advance written notice of termination, non-renewal, or reduction in coverage, terms, or limits to AT&T. Supplier shall deliver such certificates:
1.
prior to execution of this Agreement and prior to commencement of any Work;
2.
prior to expiration of any insurance policy required in this Section; and
3.
for any coverage maintained on a “claims-made” policy, for [*] ([*]) years following the Term of this Agreement or completion of all Work associated with this Agreement, whichever is later.
b.
The Parties agree that:
i.
the failure of AT&T to demand such certificate of insurance or failure of AT&T to identify a deficiency will not be construed as a waiver of Supplier’s obligation to maintain the insurance required under this Agreement;
ii.
the insurance required under this Agreement does not represent that coverage and limits will necessarily be adequate to protect Supplier, nor be deemed as a limitation on Supplier’s liability to AT&T in this Agreement;
iii.
Supplier may meet the required insurance coverages and limits with any combination of primary and Umbrella/Excess liability insurance; and
iv.
Supplier is responsible for any deductible or self-insured retention.
c.
The insurance coverage required by this Section includes:
1.
Workers’ Compensation insurance with benefits afforded under the laws of any state in which the Work is to be performed and Employers Liability insurance with limits of at least:
2.
Commercial General Liability insurance written on Insurance Services Office (ISO) Form CG 00 01 12 04 or a substitute form providing equivalent coverage, covering liability arising from premises, operations, personal injury, products/completed operations, and liability assumed under an insured contract (including the tort liability of another assumed in a business contract) with limits of at least:
$[*] General Aggregate limit
$[*] each occurrence limit for all bodily injury or property damage incurred in any [*] ([*]) occurrence
$[*] each occurrence limit for Personal Injury and Advertising Injury
$[*] Products/Completed Operations Aggregate limit
$[*] each occurrence limit for Products/Completed Operations
$[*] Damage to Premises Rented to You (Fire Legal Liability)
3.
include AT&T, its Affiliates, and their directors, officers, and employees as Additional Insureds. Supplier shall provide a copy of the Additional Insured endorsement to AT&T. The Additional Insured endorsement may either be specific to AT&T or may be “blanket” or “automatic” addressing any person or entity as required by contract. A copy of the Additional Insured endorsement must be provided within [*] ([*]) days of execution of this Agreement and within [*] ([*]) days of each Commercial General Liability policy renewal;
4.
[*]; and
5.
be primary and non-contributory with respect to any insurance or self-insurance that is maintained by AT&T.
v.
Business Automobile Liability insurance with limits of at least $[*] each accident for bodily injury and property damage, extending to all owned, hired, and non-owned vehicles.
vi.
Commercial Crime Insurance, including employee theft and computer fraud in
vii.
Professional Liability or Technology Errors and Omissions insurance, to include cyber liability coverage, with per claim and annual aggregate limits of $[*]. AT&T shall be named an additional insured on this policy for the wrongful acts of Supplier, either by a blanket endorsement or by separate endorsement if required by the insurance carrier.
a.
If requested by AT&T in an Order, Supplier shall transact business with AT&T using an internet-based system, e.g. Ariba, and submit invoices in electronic form to AT&T's Accounts Payable organization.
b.
AT&T shall pay all properly rendered invoices within [*] ([*]) days of receipt. If AT&T disputes any invoice rendered, AT&T shall so notify Supplier. The Parties shall use their best efforts to resolve any invoicing and payment disputes expeditiously, and AT&T is not obligated to make any payment against any disputed amounts until the Parties have resolved the dispute but will pay any undisputed amounts on any invoice within normal payment terms. AT&T’s failure to pay the undisputed portion in a timely fashion shall not be deemed a waiver of its right to contest the disputed charges. Invoices received by AT&T more than [*] ([*]) months after the provision of Material or performance of Services are untimely and AT&T has no obligation to pay such invoices.
c.
Travel or miscellaneous expenses incurred by Supplier in the performance of Services are not compensable, unless specifically set forth in an Order and authorized pursuant to the Section entitled Reimbursable Expenses. Further, AT&T does not commit to purchase any quantity or volume of Services during the Term of this Agreement.
d.
AT&T may deduct any setoff or recoupment claims that it or its Affiliates may have against Supplier from amounts due or to become due to Supplier, whether under this Agreement or otherwise. Supplier shall pay any amount due to AT&T or its Affiliates that is not applied against the invoiced amounts within [*] ([*]) days after written demand by AT&T.
e.
Supplier agrees to accept standard, commercial methods of payment and evidence of payment obligation including, but not limited to credit card payments, purchasing cards, AT&T’s purchase orders, and electronic fund transfers, in connection with the purchase of the Services.
a.
In the event of a labor dispute between AT&T and the union(s) representing AT&T’s employees, AT&T may exercise its right to modify the Scope of Work under any Order on immediate notice, including postponing, reducing, or terminating the Services to be provided under the Order and due to be performed after the commencement of a labor dispute. AT&T acknowledges and agrees that the exercise of such right may result in a delay in the resumption of Services when requested by AT&T.
b.
The rights and obligations of the Parties under this Section are in addition to, and not a limitation of, their respective rights under the Section entitled “Amendments and Waivers” and “Force Majeure”.
3.25
Intentionally Omitted3.26 No Dependence
a.
Each Party giving or making any notice, consent, request, demand, or other communication (each, a “Notice”) pursuant to this Agreement must give the Notice in writing and use one of the following methods, each of which for purposes of this Agreement is a writing: in person; first class mail with postage prepaid; Express Mail, Registered Mail, or Certified Mail (in each case, return receipt requested and postage prepaid); internationally recognized overnight courier (with all fees prepaid); or email. Such Notice shall reference this Agreement number and Order number if applicable. If Notice is given by e-mail, it must be confirmed by a copy sent by any one of the other methods. Each Party giving Notice shall address the Notice to the appropriate person (the “Addressee”) at the receiving Party at the address listed below:
b.
A Notice is effective only if the Party giving notice has complied with the foregoing requirements of this Section and the Addressee has received the Notice. A Notice is deemed to have been received as follows:
1.
If a Notice is delivered by first class mail, five (5) days after deposit in the mail;
2.
If a Notice is furnished in person, or sent by Express Mail, Registered Mail, or Certified Mail, or internationally recognized overnight courier, upon receipt as indicated by the date on the signed receipt;
3.
If a Notice is sent by e-mail, upon successful transmission to the recipient’s email account, if such Notice is sent in time to allow it to be accessible by the Addressee before the time allowed for giving such notice expires, and a confirmation copy is sent by one of the other methods.
c.
The addresses and telephone numbers to which Notices may be given to the Addressees of either Party may be changed by written Notice given by such Party to the other pursuant to this Section.
a.
Supplier shall not perform any Services under this Agreement, nor allow such performance by any Supplier affiliate or Subcontractor (hereinafter Supplier, its affiliates and Subcontractors are collectively referred to as “Supplier Entity” or “Supplier Entities”), at a location outside the United States (“Offshore Location”) for the purpose of providing Services under this Agreement in the United States unless AT&T consents to such Services to be performed by a Supplier Entity at such Offshore Location. In the event of such consent, the physical location where the Services are to be performed; the Services to be performed at such location; and the identity of the Supplier Entity performing such Services, shall be specifically set forth in Appendix E – Offshore Work. Prior to making any additions or deletions to the physical locations, the Services to be performed at such location, or the Supplier Entities performing Services at an Offshore Location, AT&T must consent to the proposed change and the Parties shall amend Appendix E accordingly. A change in the location where a Service is performed from one Offshore Location to another AT&T approved Offshore Location shall not require an amendment to Appendix E. The requirements of this Section shall be in addition to the Sections entitled, Assignment and Delegation, and Work Done by Others.
b.
AT&T shall have the right to withdraw its consent to the performance of Services at an Offshore Location by a Supplier Entity at any time in AT&T’s sole discretion if (i) there has been a breach of the terms of this Agreement with respect to an Offshore Location, (ii) a violation of any laws or regulations with respect to the Services performed at such Offshore Location, or (iii) the continued performance of Services at said Offshore Location constitutes a risk to AT&T’s financial or security interests or could reasonably damage AT&T’s reputation, in which event Supplier shall continue to perform such Services at a location within the United States, or at another approved Offshore Location, and the Parties shall amend Appendix E accordingly.
c.
Supplier’s compliance with this Section, and all Services performed in Offshore Locations with AT&T’s consent, shall be subject to the Section entitled Records and Audit. Supplier shall provide, and shall ensure all Supplier Entities provide, physical access to , AT&T, at no cost, to inspect all Offshore Locations.
d.
Prior to interconnecting with, or otherwise accessing the AT&T internal company network, or doing any other Work at an Offshore Location, Supplier must be in compliance with all AT&T requirements for such interconnection, access or other Services.
e.
Any Services under this Agreement performed by a Supplier Entity in an Offshore Location without AT&T’s prior consent in accordance with Subsection “a” of this Section shall be a material breach of this Agreement and, in addition to any other legal rights or remedies available to AT&T in law or in equity, AT&T may immediately Cancel this Agreement without cost, liability or penalty to AT&T other than for payment for Services rendered.
f.
When AT&T has granted consent for Services to be performed in an Offshore Location, Supplier shall remain fully responsible for compliance with any applicable foreign, federal, state or local law for such Services regardless of whether the Service is being performed by a Supplier Entity. Nothing contained within this Agreement is intended to extend, nor does it extend, any rights or benefits to any Subcontractor, and no third party beneficiary right is intended or granted to any third party hereby.
g.
Supplier shall advise AT&T as soon as reasonably practicable prior to any change of Control of any of the Supplier Entities. AT&T may, but shall not be obligated to, Cancel all or part of the Agreement or applicable Order, at AT&T’s option, if, without prior consent of AT&T, through merger or acquisition or other means, there is a change in the Control of any of the Supplier Entities performing the Services at the Offshore Location(s). “Control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies by one person or entity or a group of persons or entities acting in concert; provided, however, that the legal or beneficial ownership, directly or indirectly, by persons or entities, including governmental entities, acting alone or in concert, of more than [*] percent ([*]%) of the voting stock for the election of directors of a party shall always be deemed Control.
a.
AT&T may order Services by submitting written Orders in connection with this Agreement.
b.
Orders shall contain the following information, as applicable:
1.
A description of the Material and Services;
2.
Performance metrics, including applicable payment adjustments;
3.
The requested Delivery Date; and/or performance schedule of the Material and Services;
4.
Pricing or rates;
5.
The location where Work is to be performed;
6.
The location to which invoices are to be rendered for payment;
7.
AT&T’s Order number;
8.
The maximum total expenditure authorized, if applicable;
9.
AT&T Vendor Manager(s);
10.
Supplier single point of contact for the Order;.
11.
The name of the Affiliate placing the Order; and
12.
Any Special Terms and Conditions.
c.
The terms in this Agreement shall apply to Orders submitted in connection with this Agreement. In the event of a conflict or inconsistency between this Agreement and any Order, the Order shall control for purposes of that Order.
d.
Except as otherwise provided in an Order, Supplier shall provide Material and/or Services for AT&T in accordance with the General Business Requirements set forth in Appendix D.
a.
Ownership and Use of Rights and Items. AT&T shall be the exclusive owner of all right, title, and interest in and to all Paid-For Development (defined below), including, without limitation, all Intellectual Property Rights. Therefore, Supplier hereby agrees to assign or have assigned to AT&T and hereby assigns all Intellectual Property Rights in and to the Paid-For Development. “Paid-For Development” shall mean any and all Items to the extent produced or developed by or on behalf of Supplier or its employees, agents, or direct or indirect contractors or Suppliers (and whether completed or in-progress), or forming part of any deliverable, pursuant to this Agreement (including, without limitation under any statement of work exhibit, order or other document under, subordinate to, or referencing this Agreement) (collectively “Agreements”) for the development of which AT&T has been charged monies in one or more of the Agreements (“Development Fees”). Payment of standard license fees or standard maintenance and support fees shall not be deemed payment of Development Fees under this subsection. Paid-For Development shall always exclude all Excluded Materials, but shall include (without limitation) any modifications, alterations or updates of any Excluded Materials (“Enhancements”) that otherwise fall within the definition of Paid-For Development (“Paid-For Enhancements”). AT&T’s ownership of Paid-For Enhancements shall, of course, be subject to Supplier’s underlying rights and ownership in Supplier’s Pre-Existing Material.
b.
License Grant to Excluded Materials. If and to the extent that Supplier embeds any Excluded Materials in the Paid-For Development, Supplier hereby grants and promises to grant and have granted to AT&T and its Affiliates a royalty-free, nonexclusive, sublicensable, assignable, transferable, irrevocable, perpetual world-wide license, in and to the Excluded Materials and any applicable Intellectual Property Rights of Supplier to use, copy, modify, distribute, display, perform, import, make, sell, offer to sell, and exploit (and have others do any of the foregoing on or for AT&T’s or any of its customer’s behalf or benefit) the Excluded Materials but only as imbedded in the Paid-For Development by Supplier.
c.
Further Acts and Obligations. Supplier will take or secure such action (including, but not limited to, the execution, acknowledgment, delivery and assistance in preparation of documents or the giving of testimony) as may be reasonably requested by AT&T to evidence, transfer, perfect, vest or confirm AT&T’s right, title and interest in any Paid-For Development. Supplier shall, in all events and without the need of AT&T’s request, secure all Intellectual Property Rights in any Paid-For Development (and any licenses specified above in any Excluded Materials) from each employee, agent, subcontractor or sub-supplier of Supplier who has or will have any rights in the Paid-For Development or Excluded Materials.
d.
AT&T Reservation of Rights and Limited License. The Parties hereby acknowledge and agree that notwithstanding any other provision in this Agreement, AT&T is not transferring or granting to Supplier any right, title, or interest in or to (or granting to Supplier any license or other permissions in or to) any or all: a) Items created by or on behalf of AT&T or directly or indirectly provided to Supplier (in any form, including, without limitation, verbally) by or on behalf of AT&T or its third party providers (“AT&T Provided Items”); b) Paid For Development or c) Intellectual Property Rights, including, without limitation, any Intellectual Property Rights in or to any Items or Paid-for Development. The sole exception to the foregoing reservation of rights is that AT&T hereby grants Supplier a limited, nonexclusive, non-transferable license (that shall automatically terminate upon the termination of this Agreement), under any rights owned by AT&T, to use the AT&T Provided Items and Paid-For Development solely as instructed by AT&T and to the extent necessary for Supplier to perform its obligations under this Agreement, subject further to the terms and conditions of this Agreement. In no way expanding the foregoing license, said license in no manner permits Supplier to
a.
Supplier shall furnish Material and Services in accordance with the prices set forth in an Order. The prices for all Material and Services purchased hereunder are subject to change only in accordance with this Agreement or the Order, which changes must be in writing and signed by both Parties. If Supplier at any time makes a general price decrease, Supplier shall promptly notify AT&T in writing and extend such decrease to AT&T effective on the date of such general price decrease. The prices in an Order are not subject to increase during the term of an Order.
a.
Supplier shall use and document quality assurance and quality control processes sufficient to meet its obligations under this Agreement and Orders. Supplier shall provide copies of its processes upon AT&T request.
b.
Supplier shall monitor CSRs for compliance with the standards set forth in this Agreement and an Order.
c.
Supplier shall provide adequate and timely monitoring, coaching, and feedback to each CSR to ensure that Supplier Services meets the performance criteria contained in this Agreement and an Order. The adequacy and timing of Supplier’s monitoring, coaching and feedback shall be at Supplier’s discretion
d.
If Supplier or any of its Supplier Facilities is not meeting the performance standards contained in this Agreement or an Order, Supplier shall immediately investigate the situation, take any internal management action that is necessary to meet the applicable standards, and contact the AT&T Vendor Manager to discuss the issue. Supplier shall provide AT&T with a copy of any documentation that is reasonably related to the missed performance standards upon request.
e.
Supplier shall record Customer calls and capture screenshots, which may include chat and e-mails, if and as outlined in an Order. Call recordings and screen captures are and shall remain AT&T confidential Information. Supplier shall not use, excerpt, summarize, or disseminate such calls in any manner without the prior written consent of AT&T.
f.
Supplier shall provide AT&T or its designated third party, pursuant to applicable law, with access to Supplier’s recorded calls, which may include chat and e-mails, handled at Supplier Facilities in support of this Agreement without the intervention of Supplier’s personnel.
g.
Supplier shall provide a list to AT&T within [*] ([*]) minutes or less when requested by AT&T of IDs and locations of CSRs who are currently logged into Supplier's systems. Supplier shall provide such list via secured web access or via access to Supplier’s workforce management system.
h.
Supplier shall ensure that CSRs are aware that from time to time their work may be observed or recorded without their knowledge by Supplier or a designated third party, however, Supplier shall not provide specific advance notice to CSR when such observations and/or recordings are to occur. Supplier shall make the necessary system and process changes at no cost to AT&T or its designated third party, to comply with the requirements set forth in this Section.
i.
Notwithstanding any other provision of the Agreement, AT&T may use a third party to exercise any right or perform any obligation AT&T may have under this Section.
a.
Supplier shall maintain complete and accurate records relating to the Work and the performance of this Agreement. AT&T and its auditors (including internal audit staff and external auditors) and governmental authorities shall have the right to review such records (“AT&T Audits”), to verify the following:
1.
the accuracy and integrity of Supplier’s invoices and AT&T’s payment obligations hereunder;
2.
that the Work charged for was actually performed;
3.
that the Services have been and are being provided in accordance with this Agreement;
4.
the integrity of Supplier’s systems that process, store, support, maintain, and transmit AT&T data;
5.
the performance of Supplier’s Subcontractors with respect to any portion of the Services; and
6.
that Supplier and its Subcontractors are complying with Laws.
b.
Supplier shall provide and shall require that its Subcontractors provide to AT&T, its auditors (including internal audit staff and external auditors), and governmental authorities access at all reasonable times to:
1.
any facility at which the Services or any portion thereof are being performed;
2.
systems and assets used to provide the Services or any portion thereof;
3.
Supplier employees and Subcontractor employees providing the Services or any portion thereof; and
4.
all Supplier and Subcontractor records, including financial records relating to the invoices and payment obligations and supporting documentation, pertaining to the Services.
1.
practices and procedures used in performing the Services;
2.
systems, communications and information technology used in performing the Services;
3.
general controls and security practices and procedures;
4.
supporting information and calculations regarding invoices and compliance with service requirements;
5.
quality initiatives and quality assurance; and
6.
compliance with the terms of this Agreement.
c.
AT&T Audits may be conducted once a year (or more frequently if requested by governmental authorities who regulate AT&T’s business, if required by applicable Law or if auditors require follow-up access to complete audit inquiries or if an audit uncovers any problems or deficiencies), upon at least [*] ([*]) business days advance notice (unless otherwise mandated by Law). Supplier will cooperate, and will ensure that its Subcontractors cooperate, in the AT&T Audits, and will make the information reasonably required to conduct the AT&T Audits available on a timely basis.
d.
If, as a result of an AT&T Audit, AT&T determines that Supplier overcharged AT&T, then AT&T will notify Supplier of the amount of such overcharge and Supplier will promptly pay to AT&T the amount of the overcharge along with interest from the date of the overcharge. If any such AT&T Audit reveals an overcharge to AT&T during any [*]-month period exceeding [*] percent ([*]%) of all charges in the aggregate paid by AT&T hereunder during such period, then Supplier will reimburse AT&T for the cost of such AT&T Audit. If, as a result of an AT&T Audit, AT&T determines that Supplier has not performed or has unsatisfactorily performed any obligation under this Agreement, then Supplier will promptly remedy the non-performance or unsatisfactory performance.
e.
Supplier will maintain and retain the records set forth in Subsection (a) during the term of the Agreement and for [*] ([*]) years thereafter (unless a discovery or legal hold request is made with respect to such records, in which case Supplier shall retain such records until AT&T notifies Supplier that such discovery or legal hold request has expired). Supplier will provide AT&T, at AT&T’s request, with paper and electronic copies of documents and information reasonably necessary to verify Supplier’s compliance with this Agreement. Upon notification by AT&T of a discovery or legal hold request, Supplier shall fully cooperate with such request and immediately preserve any Supplier records covered by such request and promptly provide such Supplier records requested by AT&T related to the inquiry.
f.
Except as provided in Subsection (d), all reasonable out-of-pocket costs and expenses incurred by AT&T in connection with an AT&T Audit shall be paid by AT&T. Supplier shall be solely responsible for all costs and expenses incurred by Supplier in connection with its obligations under this Section. In the event that either Party requires that an audit be performed by an independent auditor, unless otherwise specified herein, the Party requesting such independent auditor will be responsible for the costs and expenses associated with the independent auditor.
g.
With respect to AT&T requests for audits or inspections of Supplier subcontractors, the following applies:
a.
Supplier shall invoice AT&T the amount of any federal excise taxes and state and local sales taxes imposed upon the sale of Material and provision of Services under this Agreement. All such taxes must be stated as separate items on a timely invoice listing the taxing jurisdiction imposing the tax. Installation, labor and other non-taxable charges must be separately stated. AT&T shall pay all applicable taxes to Supplier that are stated on and at the time the Material or Services invoice is submitted by Supplier. Supplier shall remit taxes to the appropriate taxing authorities. Supplier shall honor tax exemption certificates, and other appropriate documents, which AT&T may submit, pursuant to relevant tax provisions of the taxing jurisdiction providing the exemption.
b.
Supplier shall pay any penalty, interest, additional tax, or other charge that may be levied or assessed as a result of the delay or failure of Supplier, for any reason, to pay any tax or file any return or information required by law, rule or regulation or by this Agreement to be paid or filed by Supplier.
c.
Upon AT&T’s request, the Parties shall consult with respect to the basis and rates upon which Supplier shall pay any taxes or fees for which AT&T is obligated to reimburse Supplier under this Agreement. If AT&T determines that in its opinion any such taxes or fees are not payable, or should be paid on a basis less than the full price or at rates less than the full tax rate, AT&T shall notify Supplier in writing of such determinations, Supplier shall make payment in accordance with such determinations, and AT&T shall be responsible for such determinations. If collection is sought by the taxing authority for a greater amount of taxes than that so determined by AT&T, Supplier shall promptly notify AT&T. If AT&T desires to contest such collection, AT&T shall promptly notify Supplier. Supplier shall cooperate with AT&T in contesting such determination, but AT&T shall be responsible and shall reimburse Supplier for any tax, interest, or penalty in excess of AT&T’s determination.
d.
If AT&T determines that in its opinion it has reimbursed Supplier for any taxes in excess of the amount that AT&T is obligated to reimburse Supplier, AT&T and Supplier shall consult to determine the appropriate method of recovery of such excess reimbursements. Supplier shall credit any excess reimbursements against tax reimbursements or other payments due from AT&T if and to the extent Supplier can make corresponding adjustments to its payments to the relevant tax authority. At AT&T’s request, Supplier shall timely file any claims for refund and any other documents required to recover any other excess reimbursements, and shall promptly remit to AT&T all such refunds and interest received.
e.
If any taxing authority advises Supplier that it intends to audit Supplier with respect to any taxes for which AT&T is obligated to reimburse Supplier under this Agreement, Supplier shall (i) promptly so notify AT&T, (ii) afford AT&T an opportunity to participate on an equal basis with Supplier in such audit with respect to such taxes and (iii) keep AT&T fully informed as to the progress of such audit. Each Party shall bear its own expenses with respect to any such audit unless such audit is a result of a determination by AT&T under subsection C above in which case AT&T will pay all expenses of Supplier, and the responsibility for any additional tax, interest or penalty resulting from such audit is to be determined in accordance with the applicable provisions of this Taxes Section. Supplier failure to comply with the notification requirements of this Taxes Section will relieve AT&T of its responsibility to reimburse Supplier for taxes only if Supplier failure materially prejudiced AT&T’s ability to contest imposition or assessment of those taxes.
f.
In addition to its rights under Subsections c., d., and e. above with respect to any tax or tax controversy covered by this Taxes Section, AT&T is entitled to contest, pursuant to applicable law and tariffs, and at its own expense, any tax previously invoiced that it is ultimately obligated to pay. AT&T is entitled to the benefit of any refund or recovery of amounts that it has previously paid resulting from such a contest. Supplier shall cooperate in any such contest, but AT&T shall pay all costs and expenses incurred in obtaining a refund or credit for AT&T.
g.
If either Party is audited by a taxing authority or other governmental entity in connection with taxes under this Taxes Section, the other Party shall reasonably cooperate with the Party being audited in order to respond to any audit inquiries in an appropriate and timely manner, so that the audit and any resulting controversy may be resolved expeditiously.
h.
AT&T and Supplier shall reasonably cooperate with each other with respect to any tax planning to minimize taxes. The degree of cooperation contemplated by this Section is to enable any resulting tax planning to be implemented and includes, but is not limited to: (i) Supplier installing and loading all of the Software licensed by AT&T, and retaining possession and ownership of all tangible personal property, (ii) Supplier installing, loading and/or transferring the Software at a location selected by AT&T, and (iii) Supplier Delivering all of the Software in electronic form. AT&T shall bear all reasonable external (paid to third parties), additional expenses incurred by Supplier to comply with the provisions of this subsection, but AT&T's advance written consent is required whenever these expenses for any Software item or update are expected to exceed [*] dollars ($[*]) or [*] percent ([*]%) of the cost of the item or update, whichever
a.
Termination for Convenience - AT&T may at any time, for its own convenience and without cause, by providing Supplier written notice, terminate this Agreement and/or any Order placed hereunder in whole or in part. At the request of AT&T, Supplier shall Deliver the Material and Services-in-progress to AT&T. Except as provided in subsection e below, AT&T shall have no liability or obligation for such termination.
b.
Termination for Cause - If either Party breaches any provision of this Agreement and/or any Order, and (i) if the breach is one that by its nature could be cured, and such breach is not cured within [*] ([*]) days after the breaching Party receives written notice, or (ii) if the breach is one that by its nature cannot be cured, or (iii) if the breach is a violation of Laws, then, in addition to all other rights and remedies at law or in equity or otherwise, the non-breaching Party shall have the right upon written notice to immediately terminate this Agreement and/or any such Order without any obligation or liability. Failure of the non-breaching Party to immediately terminate this Agreement and/or any Order (x) following a breach which continues longer than such cure period, provided such breach has not been cured prior to the non-breaching Party’s providing notice of termination, or (y) following a breach that cannot be cured or that constitutes a violation of Laws shall not constitute a waiver of the non-breaching Party’s rights to terminate. If AT&T terminates an Order for cause, Supplier shall refund any amounts AT&T may have previously paid for Material and Services that AT&T returns or does not Accept; and reimburse AT&T for any cost incurred in returning Material to Supplier and restoring AT&T’s site to its previous condition. If AT&T returns or rejects any Material to which title has already passed, title in such Material shall revert to Supplier when Supplier satisfies its refund and reimbursement obligations under the preceding sentences. Supplier bears the risk that such Material may be lost or damaged in transit.
c.
Partial Termination - Whenever law or a provision of this Agreement permits AT&T to terminate any Order, AT&T may, at its option, terminate such Order either in whole or in part. If AT&T terminates an Order in part, AT&T shall pay only for such Material and Services as AT&T Accepts at prices established under this Agreement or, if there are none, at prices calculated on the basis of such partially terminated Order, and, unless a termination charge applies, AT&T has no obligation to pay for such Material and Services as AT&T does not Accept.
d.
Termination of Related Orders - Whenever law or a provision of this Agreement permits AT&T to terminate any Order, AT&T may also terminate such other Orders as are related to the same transaction or series of transactions as the Order in question.
e.
Termination Charges -
1.
Except as provided below, in the event AT&T terminates any Order for convenience or AT&T is in breach of any Order that precludes Supplier from completing Delivery, AT&T shall pay Supplier, as Supplier’s sole and exclusive remedy for detriment resulting from AT&T’s termination of or breach preventing Delivery under an Order, the lesser of:
i.
the price of such Material and Services, as derived from the Order, or
ii.
the actual costs Supplier incurred to prepare the Material or perform the Services up to the date of termination, as determined under normal cost accounting methods, less salvage value, if salvage is permitted by AT&T. For purposes of this Section, “salvage value” includes the proceeds of the
2.
AT&T is not liable to Supplier for any detriment resulting from termination of an Order for Material not specially manufactured for AT&T when termination of such Order occurs more than [*] ([*]) days before the Delivery Date.
3.
If AT&T incurs a termination charge as provided in this Section, and AT&T or an Affiliate places an Order for Material and Services equivalent to that for which such termination charge is incurred within [*] ([*]) days after AT&T incurs such termination charge, then Supplier shall refund such termination charge to AT&T.
4.
AT&T is not liable for any termination charges in any case when termination results from the agreement of the Parties.
f.
Obligations upon Expiration or Termination - Upon expiration or termination of this Agreement or any Order, Supplier shall, upon the request of AT&T: (i) return all papers, materials and property of AT&T held by Supplier and (ii) provide reasonable assistance as may be necessary for the orderly, non-disrupted continuation of AT&T’s business. Supplier also agrees to assist AT&T in coordinating the transfer of the provision of the Services to a successor supplier, which shall include continuing to provide the required level of Services until the date of expiration or termination and providing the successor supplier with all pertinent information about the Services.
a.
Supplier acknowledges that a third party administrator will perform certain administrative functions for AT&T in relation to this Agreement. Such administrative functions may include:
1.
Collecting and verifying certificates of insurance
2.
Providing financial analysis;
3.
Verifying certifications under the Section entitled “Utilization of Minority, Women, and Disabled Veteran Owned Business Enterprises”; and
4.
Collecting and verifying Supplier profile information.
b.
Supplier shall cooperate with such third party administrator in its performance of such administrative functions and shall provide such data as from time to time the third party administrator may request. Further, notwithstanding any other provision of this Agreement, Supplier agrees that AT&T may provide any information regarding Supplier to such third party administrator. AT&T shall contractually require the third party administrator to maintain confidentiality of Supplier’s information with rights to use it solely for purposes of the administrative functions. Supplier agrees to pay the third party administrator an annual fee for the performance of these administrative functions, which annual fee shall not exceed [*] dollars ($[*]), and a one time set-up fee of [*] ($[*]).
a.
It is the policy of AT&T that minority, women, and disabled veteran owned business enterprises (“MWDVBEs”) shall have the maximum practicable opportunity to participate in the performance of contracts.
b.
Supplier shall make good faith efforts to carry out this policy in the award of subcontracts, distribution agreements, resale agreements, and other opportunities for MWDVBE participation. In furtherance of those efforts, and not as a limitation, Supplier shall submit annual participation plans, at the time of Agreement execution and each subsequent year by [*], establishing Supplier’s goals for the upcoming year for participation by minority owned business enterprises (“MBE”), women owned business enterprises (“WBE”) and disabled veteran business enterprises (“DVBE”), with “participation” expressed as a percentage of aggregate estimated annual purchases by AT&T for the coming year under this Agreement. Supplier shall include specific and detailed plans for achieving its goals in each participation plan. Supplier’s participation goals for the first year (that is, the calendar year that ends on [*] next following the effective date of this Agreement) are: [*]% annual MBE participation; [*]% annual WBE participation; and [*]% annual DVBE participation. Supplier’s participation plan for the [*] year is attached to and incorporated into this Agreement as Appendix G.
c.
By the [*] day following the close of each calendar month, Supplier shall, in a format and manner acceptable to AT&T, report actual results of its efforts to meet its goals during the preceding calendar month as directed in Appendix G. When reporting its results, Supplier shall count only expenditures with MWDVBEs that are certified as MBE, WBE, or DVBE firms by certifying agencies that are recognized by AT&T, as listed on Appendix G.
d.
Supplier shall inform prospective MBE, WBE, and DVBE subcontractors of their opportunities to apply for certification from the agencies listed in Appendix G.
e.
The extent to which suppliers (a) set challenging goals in their annual participation plans and (b) succeed in exceeding the goals that they have set are factors that AT&T may consider favorably when deciding to extend or renew expiring agreements, to apportion orders among competing suppliers under existing agreements, and to award new business in competitive bidding.
f.
Supplier’s obligations under this Section are not a limitation of any obligations that Supplier may have under other provisions of this Agreement, including the Section entitled “Government Contract Provisions”.
a.
Supplier warrants to AT&T that any Services provided hereunder shall be performed in a first-class, professional manner, in strict compliance with the Specifications, and with the care, skill, and diligence, and in accordance with the applicable standards, currently recognized in Supplier profession or industry. If Supplier fails to meet applicable professional standards, Supplier shall, without additional compensation, promptly correct or revise any errors or deficiencies in the Services furnished hereunder.
b.
The warranty period for Services shall be the longer of the warranty period stated in the Order, the Specifications, or [*] ([*]) year. The warranty period shall commence upon Acceptance.
c.
Supplier represents and warrants that: there are no actions, suits, or proceedings, pending or threatened, which will have a material adverse effect on Supplier ability to fulfill its obligations under this Agreement; it shall immediately notify AT&T if, during the Term of this Agreement, Supplier becomes aware of any
d.
All warranties shall survive inspection, Acceptance, payment and use. These warranties shall be in addition to all other warranties, express, implied, or statutory. Supplier shall defend, indemnify, and hold AT&T harmless for a breach of these warranties.
e.
If at any time during the warranty period for Material or Services AT&T believes there is a breach of any warranty, AT&T will notify Supplier setting forth the nature of such claimed breach. Supplier shall promptly investigate such claimed breach and shall either (i) provide information satisfactory to AT&T that no breach of warranty in fact occurred or (ii) at no additional charge to AT&T, promptly take such action as may be required to correct such breach. If the required corrective action is to re-perform the Services and/or repair the Material, and if Supplier fails or refuses to make such repairs and/or re-perform such Services, then, in addition to any other remedies, ATT shall have the right, at its option, either (1) to perform such Services and to repair such Material, at Supplier’s expense; or (2) to receive a full refund of any amounts paid for such Material and Services.
f.
If a breach of warranty has not been corrected within a commercially reasonable time, or if [*] or more breaches of warranty occur in any [*] ([*]) day period, AT&T may terminate the applicable Order.
a.
When appropriate, Supplier shall have reasonable access to AT&T’s premises during normal business hours, and at such other times as may be agreed upon by the Parties to enable Supplier to perform its obligations under this Agreement. Supplier shall coordinate such access with AT&T’s designated representative prior to visiting such premises. Supplier shall ensure that only persons employed by Supplier or subcontracted by Supplier will be allowed to enter AT&T’s premises. If AT&T requests Supplier or its subcontractor to discontinue furnishing any person provided by Supplier or its subcontractor from performing Work on AT&T’s premises, Supplier shall immediately comply with such request. Such person shall leave AT&T’s premises immediately and Supplier shall not furnish such person again to perform Work on AT&T’s premises without AT&T’s written consent. The Parties agree that, where required by governmental regulations, Supplier will submit satisfactory clearance from the U.S. Department of Defense and/or other federal, state or local authorities.
b.
AT&T may require Supplier or its Representatives, including employees and subcontractors, to exhibit identification credentials, which AT&T may issue to gain access to AT&T’s premises for the performance of Services. If, for any reason, any Supplier Representative is no longer performing such Services, Supplier shall immediately inform AT&T. Notification shall be followed by the prompt delivery to AT&T of the identification credentials, if issued by AT&T. Supplier agrees to comply with AT&T’s corporate policy requiring Supplier or its Representatives, including employees and subcontractors, to exhibit their company photo identification in addition to the AT&T issued photo identification when on AT&T’s premises.
c.
Supplier shall ensure that its Representatives, including employees and subcontractors, while on or off AT&T’s premises, will perform Work which (i) conform to the Specifications, (ii) protect AT&T’s Material, buildings and structures, (iii) does not interfere with AT&T’s business operations, and (iv) perform such Services with care and due regard for the safety, convenience and protection of AT&T, its employees, and property.
d.
Supplier shall ensure that all persons furnished by Supplier work harmoniously with all others when on AT&T’s premises.
a.
AT&T electronic and computer resources are provided for the transaction of company business. The policy of AT&T with respect to Information in electronic media (including but not limited to programs, databases, files, e-mail records) is no different from the policy concerning paper records. While AT&T at all times retains the right to inspect, record and/or remove all Information made or kept by employees utilizing company resources, such inspection, recording, or removing takes place only on the basis of company need. Need includes but is not limited to management’s determination that reasonable cause exists for belief that Laws, AT&T policies or management directives have been, are being, or may be broken or violated.
b.
Protection of AT&T systems/networks: Supplier and all Supplier personnel shall follow all AT&T policies/AT&T Personal Data, Supplier shall provide AT&T with such assistance as AT&T may reasonably require to fulfill its responsibilities under the respective applicable Privacy Laws.
c.
“AT&T Personal Data” shall mean that portion of AT&T Data that is subject to any Privacy Laws. “Privacy Laws” shall mean Laws relating to data privacy, trans-border data flow or data protection such as the implementing legislation and regulations of the European Union member states under the European Union Directive 95/46/EC or any other relevant legislation in the jurisdiction where the Service is supplied or data is collected or stored.
a.
Supplier, with respect to the following requirements in this Section (collectively, “Background Checks”) and subject to any federal, state, or local laws, rules or regulations which may limit any Supplier action otherwise required by this section, shall:
b.
Supplier acknowledges and agrees that it is Supplier’s sole and exclusive responsibility to determine whether a Supplier Person with a Conviction or a Sex Offender Status has a reasonable relationship to the individual’s fitness or trustworthiness to perform the Service, subject to any federal, state, or local
c.
Supplier represents and warrants to AT&T that, to the best of its knowledge, no Supplier Person has (i) falsified any of his or her Identification Credentials, or (ii) failed to disclose any material information in the hiring process relevant to the performance of any Service. Supplier shall not permit any Supplier Person who has falsified such Identification Credentials or failed to disclose such information to perform any Service that permits Access.
d.
The following definitions apply:
1.
“Identification Credentials” includes, with respect to each Supplier Person, his or her Social Security number, driver’s license, educational credentials (if position such Supplier Person is applying for contains an education requirement) employment history, home address, and citizenship indicia.
2.
“Drug Screen” means the testing for the use of illicit drugs (including opiates, cocaine, cannabinoids, amphetamines, and phencyclidine (PCP)) of any Supplier Person who (i) has unsupervised (or badged) physical Access to AT&T’s or its customer’s premises, or (ii) has regular or recurring supervised physical Access to AT&T’s or its customer’s premises for more than [*] ([*]) days in the aggregate annually.
e.
The failure of Supplier to comply with the requirements of this Section shall be considered a material breach of this Agreement. Notwithstanding any of the foregoing, exceptions for individual Supplier Persons may be granted by AT&T on a case-by-case basis.
a.
For the purposes of this Section, “Customer Information” includes, but is not limited to, any Customer or Customer name, address, e-mail address, and/or phone number (listed or unlisted); personal information concerning a an employee, Customer or with any persons in the household of a Customer, including birth date, social security number, drivers license, health of financial information, credit card information, bank account, account number or personal identification numbers; information concerning a Customer’s calling patterns, call details, records of incoming or outgoing calls, or minutes of use or other use of AT&T’s services; information related to payments, credit status, and transactions with AT&T; demographic information; or aggregate Customer data – including aggregate data with individual identifying information deleted; and Customer proprietary network information (“CPNI”) (as that term is defined in Section 222 of the Communications Act of 1934, 47 U.S.C.222, as amended (“Section 222”), which includes information available to AT&T by virtue of AT&T’s relationship with its Customers as a provider of telecommunications, Internet, information or other services, including but not limited to: the quantity, technical configuration, location, type, destination, amount of use of telecommunications service subscribed to, and information contained on the telephone bills of AT&T’s Customers pertaining to telephone exchange service or telephone toll service received by a Customer of AT&T. Except as provided herein, as between Supplier and AT&T, title to all Customer Information shall be in AT&T. Except as otherwise provided herein, no license or rights to any Customer Information are granted to Supplier hereunder.
b.
Supplier acknowledges that Customer Information received may be subject to certain privacy laws and regulations and requirements, including requirements of AT&T. Supplier shall consider Customer
1.
not use any CPNI to market or otherwise sell products to AT&T’s Customers, except to the extent necessary for the performance of Services for AT&T or as otherwise approved or authorized by AT&T in this Agreement or in writing;
2.
make no disclosure of Customer Information to any party other than AT&T, except to the extent necessary for the performance of Services for AT&T or except such disclosure required under force of law; provided that Supplier shall provide AT&T with notice immediately upon receipt of any legal request or demand by a judicial, regulatory or other authority or third party to disclose or produce Customer Information; Supplier shall furnish only that portion of the Customer Information that is legally required to furnish and shall provide reasonable cooperation to AT&T should AT&T exercise efforts to obtain a protective order or other confidential treatment with respect to such Customer Information;
i.
not incorporate any Customer Information into any database other than in a database maintained exclusively for the storage of AT&T’s Customer Information;
ii.
not incorporate any data from any of Supplier other Customers, including Affiliates of AT&T, into AT&T’s Customer database;
iii.
make no use whatsoever of any Customer Information for any purpose except to comply with the terms of this Agreement;
iv.
make no sale, license or lease of Customer Information to any other party;
v.
restrict access to Customer Information to only those employees of Supplier that require access in order to perform Services under this Agreement;
vi.
prohibit and restrict access or use of Customer Information by any of Supplier other Customers, Supplier Affiliates, or third parties except as may be agreed otherwise by AT&T;
vii.
promptly return all Customer Information to AT&T upon expiration, or termination of this Agreement or applicable schedule or Order, unless expressly agreed or instructed otherwise by AT&T; and
viii.
immediately notify AT&T upon Supplier awareness of (i) any breach of the above-referenced provisions, (ii) any disclosure (inadvertent or otherwise) of Customer Information to any third party not expressly permitted herein to receive or have access to such Customer Information, or (iii) a breach of, or other security incident involving, Supplier systems or network that could cause or permit access to Customer Information inconsistent with the above-referenced provisions, and such notice shall include the details of the breach, disclosure or security incident. Supplier shall fully cooperate with AT&T in determining, as may be necessary or appropriate, actions that need to be taken including, but not limited to, the full scope of the breach, disclosure or security incident, corrective steps to be taken by Supplier, the nature and content of any Customer notifications, law enforcement involvement, or news/press/media contact etc., and Supplier shall not communicate directly with any AT&T Customer without AT&T’s consent, which such consent shall not be unreasonably withheld.
a.
Contact by Supplier of AT&T’s Customers in any form, including but not limited to face-to-face contact, telephone contact, e-mail contact, and written contact (individually and collectively: “contact”), shall be only as set forth in this Agreement.
b.
Prior to Supplier, or Supplier Subcontractor, if any, having contact in any form with AT&T’s Customers pursuant to this Agreement, Supplier must submit a script, creative media or recital, as applicable, that describes specifically what will be communicated during the contact with AT&T’s Customer. Approval of the script, creative media or recital, which will not be unreasonably withheld, must be obtained prior to the Customer contact being initiated.
c.
Supplier, or Supplier Subcontractor, if any, shall not change or otherwise deviate from the approved script, creative media or recital without the prior written approval of AT&T.
d.
Except as specifically authorized by this Agreement, Supplier shall not contact AT&T's Customers directly for the purpose of selling Services similar to those covered under this Agreement.
e.
Failure on the part of Supplier, or Supplier Subcontractors, if any, to comply with this provision shall be considered a material breach of this Agreement and AT&T may, in addition to remedies available under this Agreement and in law, immediately terminate this Agreement and/or the governing Order for default.
a.
At the request of AT&T, the Parties shall exchange Orders, payments, acknowledgements, invoices, remittance notices, and other records (“Data”) electronically, in place of tangible documents. In such case, AT&T shall also designate whether the Parties shall exchange Data by direct electronic or computer systems communication between AT&T and Supplier, or indirectly through third party service providers with which either Party may contract or a single AT&T designated third party service provider with which each Party shall contract independently (“Provider”), to translate, forward and/or store such Data. If the Parties exchange Data directly, they agree to exchange it in accordance with the Telecommunications Industry Forum EDI Guidelines for use of American National Standards Institute (“ANSI”) Accredited Standards Committee X12 transaction sets, unless they mutually agree to a proprietary format or another standard such as Extensible Markup Language (“XML”).
b.
The following additional conditions apply to any such exchanges:
1.
Garbled Transmissions: If any Data is received in an unintelligible, electronically unreadable, or garbled form, the receiving Party shall promptly notify the originating Party (if identifiable from the received Data) in a reasonable manner. In the absence of such notice, the originating Party's record of the contents of such Data shall control.
2.
Signatures: Each Party will incorporate into each EDI transmission an electronic identification consisting of symbol(s) or code(s) ("Signature"). Each Party agrees that any predetermined Signature of such Party included in or affixed to any EDI transmission shall be sufficient to verify such Party originated, “signed” and “executed” such transmission. No Party shall disclose to any unauthorized person the Signatures of the Parties hereto.
3.
Statute of Frauds: The Parties expressly agree that all Data transmitted pursuant to this Section shall be deemed to be a "writing" or "in writing" for purposes of Section 2-201 of the Uniform Commercial Code (“UCC”) or any other applicable law requiring that certain agreements be in writing and signed by the Party to be bound thereby. Any such Data containing or having affixed to it
4.
Method of Exchange: Each Party shall be responsible for its own cost(s) to provide and maintain the equipment, software and services necessary to effectively and reliably transmit and receive Data, and the associated charge(s) of any Provider with which it contracts. Supplier shall be solely responsible for the cost of storing its information or Data on a Provider’s computer network, which may be retrieved by AT&T at no additional charge to AT&T by Supplier. Either Party may change a Provider upon [*] ([*]) days’ prior written notice to the other Party, except that if a single Provider for both Parties has been designated by AT&T, then AT&T may change the Provider upon [*] ([*]) days’ prior written notice to Supplier.
5.
Warranty of Data Integrity: Supplier represents and warrants that Data and/or information either transmitted to AT&T by Supplier or stored by Supplier on a Provider’s network for access by AT&T a) do not contain any Harmful Code or Vulnerability, and b) do not infringe or violate any third party’s copyright, patent, trademark, trade secret or other proprietary rights or rights of publicity or privacy. Supplier further represents and warrants that all product and pricing information provided in its catalogues either stored on a Provider’s network or transmitted to AT&T by Supplier is current, accurate and complete. In the event more favorable prices or terms appear in Data transmitted to AT&T by Supplier than appear in Supplier current catalogue, AT&T will be entitled to the more favorable prices or terms contained in the Data.
a.
Supplier shall take necessary steps to ensure employees or Subcontractors are not involved in fraudulent practices, including, but not limited to, cramming or slamming.
1.
Cramming occurs when a Customer is charged for products or services they have not ordered or may not have ever received.
2.
Slamming is the unauthorized and illegal changing of a Customer's telecommunications service provider without his or her knowledge or permission. It can affect local and long-distance service provider choices.
b.
Fraudulent Credit Card, Social Security Number and Unauthorized Access or Disclosure Activity:
1.
Supplier shall pay a fee of [*] U.S. Dollars ($[*] U.S.D.) per Instance of credit card fraud against any credit card. Supplier shall pay a fee of [*] U.S. Dollars ($[*] U.S.D.) per Instance of social security number misuse. An “Instance” is defined as an individual transaction attempt against a credit card or any single use of a social security number. For example, [*] ([*]) fraudulent transaction attempts against a single credit card would result in a [*] U.S Dollars ($[*]) discount and [*] ([*]) fraudulent uses of a single social security number would results in an additional [*] U.S Dollars ($[*]) discount.
2.
Supplier shall pay a fee of [*] U.S. Dollars ($[*] U.S.D.) per account for unauthorized access to customer accounts and/or unauthorized disclosure of customer account information in connection with fraudulent activity. For example, the unauthorized access of an account in connection with fraudulent activity would result in a [*] Dollar ($[*]) discount regardless of whether there was an unauthorized disclosure of the customer’s account information. Similarly, the unauthorized disclosure of customer account information in connection with fraudulent activity would result in a [*] Dollar ($[*]) discount regardless of whether the information was obtained through an unauthorized access of the account. If there is both unauthorized access to an account and
c.
In addition to all other remedies available under this Agreement and in-law, AT&T reserves the right at its sole discretion by providing written notice of such fraudulent practice to require the immediate removal of any Supplier employee or Subcontractor employee, which may include withdrawing AT&T’s prior written approval of any Supplier Subcontractor, who does not follow these anti-fraud provisions.
a.
Supplier hereby represents and warrants to AT&T that:
1.
Supplier is engaged in an independent business and, except as specifically provided herein, shall perform all obligations under this Agreement as an independent contractor and not as the agent or an employee of AT&T;
2.
Supplier personnel performing Services shall be considered solely the employees of Supplier and not employees of AT&T;
3.
Supplier has and retains the right to exercise full control of and supervision over the performance of the Services and full control over the employment, direction, assignment, compensation, and discharge of all personnel performing the Services;
4.
Supplier is solely responsible for all matters relating to compensation and benefits for all of Supplier personnel who perform Services. This responsibility includes (i) timely payment of compensation and benefits, including, but not limited to, overtime pay, medical, dental, and any other benefit, and (ii) all matters relating to compliance with all employer obligations to withhold employee taxes, pay employee and employer taxes, and file payroll tax returns and information returns under local, state and federal income tax laws, unemployment compensation insurance and state disability insurance tax laws, social security and Medicare tax laws, and all other payroll tax laws or similar laws with respect to all Supplier personnel providing Services;
5.
Supplier shall indemnify, hold harmless and defend AT&T from all Losses related to Supplier failure to comply with the immediately preceding paragraph in accordance with the Section entitled “Indemnity.”
b.
Notwithstanding any other provision of this Agreement, Supplier shall be AT&T's agent for the limited purpose of marketing communications-related Services as described in this Agreement. Supplier shall act on AT&T’s behalf with respect to such Services, and Supplier performance of such Services shall be conducted pursuant to the terms, conditions, and requirements of this Agreement. Further, to the extent Supplier obtains or uses CPNI in connection with this Agreement, Supplier shall be an agent of AT&T
a.
Supplier, which shall include any employees, agents, or Subcontractor it may utilize to fulfill this Agreement, shall provide immediate notice to AT&T in the event Supplier becomes aware of (1) any unauthorized (whether intentional or unintentional) release by Supplier, of Customer Proprietary Network Information (“CPNI”) or other Customer Personal Information (“CPI”) of any AT&T Customer to any person or entity other than the Customer to which such CPNI pertains or (2) any unauthorized acquisition by any person or entity of computerized or hard-copy data that compromises the security, confidentiality, or integrity of any CPNI or other CPI of any AT&T Customer maintained by or in the possession of Supplier.
b.
For purposes of this Section, Customer Proprietary Network Information / CPNI shall mean information as contained in 47 U.S.C. 222 of the Federal Telecommunications Act (1996).
a.
Transition support activities may include, but are not limited to:
1.
Full cooperation in the orderly transition of Work to an AT&T center or a third party service provider;
2.
Supplier shall provide to AT&T and any designated third party service provider, to the extent available, applicable requirements, standards, policies, operating procedures and other documentation, reports, call recordings, chat transcripts, screen captures, files and other Information associated with the Services, at no additional cost;
3.
Continuation of Services at reducing levels if necessary during the transition period and at reduced levels if Services is transferred in part;
4.
Supplier shall assist AT&T in developing a plan which shall specify the tasks to be performed by the Parties in connection with the transition and the schedule for the performance of such tasks, at AT&T’s request;
5.
Supplier shall provide transition Services during such time as required by AT&T; and
6.
Following the transition period set forth in paragraph 5 for a period not to exceed [*] ([*]) months thereafter, Supplier shall answer all reasonable and necessary verbal or written questions from AT&T regarding the Services on an “as needed” basis.
b.
Supplier’s quality and level of performance during the transition period shall continue to comply with all requirements of the Order.
a.
Use of Subcontractors. Supplier shall not subcontract any of its responsibilities without AT&T’s prior written approval, which may be withheld in AT&T’s sole discretion. Where a portion of the Work is subcontracted, Supplier remains fully responsible for performance thereof and shall be responsible to AT&T for the acts and omissions of any subcontractor. If any part of Supplier’s Work is dependent upon Work performed by others or subcontracted consistent with the terms herein, Supplier shall inspect and promptly report to AT&T any defect that renders such other Work unsuitable for Supplier’s proper performance. Supplier’s silence shall constitute approval of such other Work as fit, proper and suitable for Supplier’s performance of its Services or provision of Materials.
b.
Prior to entering into a subcontract with a Subcontractor, including any changes to the use of a Subcontractor, for the performance of all or any part of Supplier’s obligations under this Agreement, Supplier shall (i) give AT&T reasonable prior notice specifying the components of the Services affected, complete description of the activities to be performed, the identity, location, and qualifications of the proposed Subcontractor and the reasons for subcontracting the Work in question; and (ii) obtain AT&T’s
c.
Supplier Responsibility. Supplier shall be responsible for any failure by any Subcontractor or Subcontractor personnel to perform in accordance with this Agreement or to comply with any duties or obligations imposed on Supplier under this Agreement to the same extent as if such failure to perform or comply was committed by Supplier or Supplier employees. Supplier shall guarantee the performance of all such Subcontractors and Subcontractor personnel providing any of the Services hereunder. Supplier shall be AT&T’s sole point of contact regarding the Services, including with respect to payment to Subcontractors. Supplier shall require all Subcontractors performing Work on the project or who may enter upon the Work site to maintain the same insurance requirements as those set forth in the Insurance Section of this Agreement. Nothing in this Agreement shall create any contractual obligation or other liability of AT&T to any Subcontractor or its employees. The Supplier shall bind every Subcontractor to the terms of this Agreement and, specifically, to compliance with the Insurance Section of this Agreement.
1.
Immediately notify AT&T’s Vendor Manager and identify the Supplier Representative (s) so the applicable AT&T user id can be deleted.
2.
Ensure that Supplier Representative critical knowledge as to the performance of Services is transferred via training of other Supplier Representative (s) and/or documented.
3.
Ensure that any roles assigned to the Supplier Representative are appropriately reassigned, such as:
i.
Project team/committee member
ii.
Functional representative for internal/external interfaces
4.
Advise the AT&T Vendor Manager if a security clearance exists.
5.
Advise the AT&T Vendor Manager, as applicable, if there is reason to believe the Worker should not be engaged for future assignments.
6.
Remind the Supplier Representatives of their obligation to maintain confidentiality of AT&T Information and Customer Information.
7.
Perform an inventory of AT&T records (paper and electronic) in Supplier Representative’s office or home-based Agent/virtual office and arrange for appropriate retention or destruction pursuant to an Order or as directed by AT&T’s Vendor Manager.
8.
Have Supplier Representative establish “Out of Office” Voice Mail message and have the Supplier’s Representatives’ supervisory personnel, or its delegate, review for appropriateness.
9.
Upon Supplier Representative(s) completion of Services, including attrition of Supplier Representative, dismissal of Supplier Representative, or Program and/or Order expiration or termination, Supplier shall have Supplier supervisory personnel, or its delegate, obtain password from Worker and deactivate it.
10.
If a reservation or reservationless conference bridge is assigned to the Supplier Representative for AT&T’s Program, Supplier’s supervisory personnel, or its delegate, shall ensure that such reservation and reservationless conference bridges are cancelled.
11.
When transition of Supplier Representative job responsibilities under an AT&T Program is complete, Supplier supervisory personnel, or its delegate, requests cancellation of other system / job specific user identification, access codes, and access privileges that the Supplier Representative may have to support AT&T’s Work, such as:
i.
Shared drives (transfer ownership, if applicable)
ii.
Financial systems
iii.
Data warehouses
iv.
Internet and database services
v.
Digital Certificates
vi.
Other systems
12.
Collect and return SecurID Card/Token to AT&T, if applicable.
13.
If TACACS/Config service, applies, notify the AT&T Vendor Manager to delete TACACS/config server ID, if applicable.
14.
Recover and secure AT&T assets, which may include AT&T assets, in Supplier Representative’s possession (including those kept at the individual’s home):
i.
Personal computers
ii.
Software
iii.
Monitors
iv.
Modems
v.
Printers
vi.
Fax machines
vii.
Speakers
viii.
PDAs
ix.
Pagers
x.
Cellphones
15.
If Supplier Representatives used a non-Supplier PC or Supplier’s PC (collectively “PC”), Supplier shall ensure that AT&T Information is cleaned off the PC by having the machine re-imaged.
16.
Have Supplier supervisory personnel, or its delegate, ensure that the office space of exiting Worker is cleaned and ready for next occupant.
17.
If Services are performed at remote locations, Supplier shall ensure the following installed services are disconnected at Supplier Representative’s location (home and/or other Work location):
i.
Phone lines
ii.
DSL lines
iii.
Cable modem connections
18.
If Services are performed at Supplier Facilities, Supplier shall ensure the following services are disconnected:
i.
Office Telephone
ii.
Voice Mail
iii.
LAN Port
19.
Supplier shall collect all property used for AT&T’s Program(s). This includes but is not limited to:
i.
Supplier Representative’s identification badges, portal passes, parking decals and passes, building access cards, security ID cards, smart cards, key cards, toll pass cards
ii.
Keys to desks, file cabinets, storage cabinets, offices, conference rooms, and other Work areas
iii.
Keys to buildings, gates and vehicles used for AT&T’s Program(s)
iv.
Other equipment or property used for AT&T’s Program(s) not mentioned in previous tasks, including any items that the Supplier Representative has at home or other remote location, such as:
1.
Microphones, video recorders, cameras and answering machines
2.
Manuals, library materials, software, documentation for software and hardware
3.
Office furniture (and keys to same) and artwork
4.
Special devices (e.g., scanners, 2-way radios)
5.
Tools and Uniforms
20.
Supplier shall prepare AT&T files for storage:
i.
Supplier shall review office records for compliance with AT&T’s retention schedule pursuant to an Order and as required by law, and transfer active records with retention obligations to appropriate person or group inheriting Work function. For inactive records with retention obligations, Supplier shall follow procedures for sending to off-site vendor storage.
ii.
For Information for which there is no retention obligation or as may be required by law, Supplier shall destroy such Information in accordance with the Order or as directed by AT&T’s Vendor Manager.
i.
Upon Supplier Representative’s completion of Services, including the attrition of Supplier Representative, dismissal of Supplier Representative, and Program and/or Order expiration or termination, Supplier shall ensure that all Supplier Representative complete and sign the “Written Certification of Return or Destruction of AT&T Information or Data”, attached hereto as Appendix L.
ii.
Supplier shall retain the original to be placed in the Supplier Representatives personal file as a permanent record.
IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed, which may be in duplicate counterparts, each of which will be deemed to be an original instrument, by their duly authorized representatives.
StarTek, Inc.
AT&T Services, Inc.
By: /s/ Chad A. Carlson_____________________
By: /s/ Brett Binkley________________________
Printed Name: Chad A. Carlson
Printed Name: Brett Binkley
Title: President & CEO
Title: Senior Contract Manager
Date: 1/25/2013_____________________________
Date: 1/17/2013_____________________________
1.
Every Supplier has the responsibility of dealing fairly with AT&T’s Customers, past and present, fellow AT&T Suppliers and authorized sales representatives and the general public.
2.
Each Supplier has the responsibility of adhering to generally accepted standards of accuracy, truth and good taste at all times. No Supplier shall be placed in a position where the Supplier’s interest is, or may be, in conflict with duty to the Customer.
3.
Each Supplier shall safeguard the confidences of both present and former AT&T Customers, and shall not accept retainers that may involve the disclosure or use of these confidences to the disadvantage or prejudice of such Customers.
4.
Each Supplier shall always strive to communicate clearly with Customers, and treat them with respect. In some instances, our competitors are also our Customers, and it is our duty to treat them with the same level of courtesy and respect as we use in dealing with the rest of our Customers.
5.
No Supplier shall intentionally disseminate false or misleading information, and each Supplier is obligated to use as much care as is humanly possible to avoid dissemination of false or misleading information.
6.
Supplier shall not represent themselves as an employee of AT&T.
7.
Supplier agrees that any fraudulent conduct by it’s employees must be identified and investigated immediately and brought to the attention of AT&T. Fraudulent or illegal conduct includes, but is not limited to, any oral or written misrepresentation of facts, misappropriation of funds, theft, improper reporting of sales or expenses, or any other dishonest acts, done while working for Supplier.
8.
No Supplier shall intentionally injure the professional reputation or practice of AT&T or another AT&T Supplier or authorized sales representative. However, if a Supplier has evidence that another Supplier vendor has been guilty of unethical, illegal or unfair practices, including practices in violation of this Code, the Supplier is obligated to present the information to the proper representative of AT&T for action and in accordance with the terms and conditions set forth in this Agreement or the applicable services sales agreement.
9.
No Supplier shall accept fees, compensations, or any other valuable consideration in connection with those Services provided herein from anyone other than AT&T.
10.
Supplier shall take necessary steps to ensure employees are not involved in fraudulent practices, including, but not limited to, cramming or slamming. “Cramming” occurs when a Customer is charged for products or services they have not ordered or may not have ever received. “Slamming” is the unauthorized and illegal changing of a Customer’s telecommunications service provider without his or her knowledge or permission. Supplier must obtain clear, explicit consent from Customers before making any additions or changes to their service or accounts. Supplier must report any information concerning slamming and cramming to their supervisor and to AT&T immediately.
11.
Supplier shall not create sales that do not provide value to the Customer and the Company, or manipulate the commission system.
12.
Supplier shall not provide any discounts, bonus payments, cash, or non-cash incentives to a Customer for the sale of a Service covered under this Agreement except those included in AT&T tariffs and pricing plans.
(a)
Purpose. The purpose of this section is to establish a code of conduct in order to implement Public Utility Regulatory Act (PURA) §51.001 and §64.001 relating to fair business practices and safeguards against fraudulent, unfair, misleading, deceptive, or anticompetitive practices in order to ensure quality service and a competitive market.
(b)
Application. This section applies to all certificated telecommunications utilities (CTUs), as defined in §26.5 of this title (relating to Definitions), and CTU employees. This section also applies to all authorized agents of the CTU.
(c)
Communications.
(1)
A CTU employee or authorized agent shall conduct communications with competitors and competitors’ end-user Customers with the same degree of professionalism, courtesy, and efficiency as that performed on behalf of their employer and end-user Customers.
(2)
A CTU employee or authorized agent, while engaged in the installation of equipment or the rendering of services (including the processing of an order for the installation, repair or restoration of service, or engaged in the actual repair or restoration of service) on behalf of a competitor shall not make statements regarding the service of any competitor and shall not promote any of the CTU’s services to the competitor’s end-user Customers.
(d)
Corporate advertising and marketing.
(1)
A CTU, CTU employee or authorized agent shall not engage in false, misleading or deceptive practices, advertising or marketing with respect to the offering of any telecommunications service.
(2)
A CTU, CTU employee or authorized agent shall not falsely state or falsely imply that the services provided by the CTU on behalf of a competitor are superior when purchased directly from the CTU.
(3)
A CTU, CTU employee or authorized agent shall not falsely state or falsely imply that the services offered by a competitor cannot be reliably rendered, or that the quality of service provided by a competitor is of a substandard nature.
(4)
A CTU, CTU employee or authorized agent shall not falsely state nor falsely imply to any end-user Customer that the continuation of any telecommunications service provided by the CTU is contingent upon ordering any other telecommunications service offered by the CTU. This section is not intended to prohibit a CTU from offering, or enforcing the terms of, any bundled or packaged service or any other form of pricing flexibility permitted by PURA and commission rules.
(e)
Information sharing and disclosure.
(1)
Pursuant to the federal Telecommunications Act §222(a), each CTU has a duty to protect the confidentiality of proprietary information of, and relating to, other CTUs.
(2)
Pursuant to the federal Telecommunications Act §222(b), each CTU that receives or obtains proprietary information from another CTU for purposes of providing any telecommunications service shall use such information only for such purpose, and shall not use such information for its own marketing efforts or any other unauthorized purpose.
(f)
References to other Chapter 26 substantive rules. The following commission rules also affect the conduct of CTU employees and authorized agents. All CTU employees and agents must be trained to comply with the specific substance of these rules which affect their employment responsibilities. Copies of specific commission rules shall be made available by the CTU to any employee or agent upon their request. The applicability of each of the following sections is unaffected by the reference in this section and does not relieve any CTU of its responsibility to abide by other applicable commission rules.
(3)
Section 26.32 of this title (relating to Protection Against Unauthorized Billing Charges (“Cramming”));
(5)
Section 26.122 of this title (relating to Customer Proprietary Network Information (CPNI));
(7)
Section 26.130 of this title (relating to Selection of Telecommunications Utilities).
(1)
Every CTU or authorized agent shall formally adopt and implement all applicable provisions of this section as company policy, or modify existing company policy as needed to incorporate all applicable provisions, within 90 days of the effective date of this section. A CTU shall provide a copy of its internal code of conduct required by this section to the commission upon request.
(2)
Every CTU or authorized agent shall disseminate the applicable provisions of this section to all existing and new employees and agents, and take appropriate actions to both train employees and enforce compliance with this section on an ongoing basis. Every CTU shall document every employee’s and agent’s receipt and acknowledgement of its internal policies required by this section, and every CTU shall make such documentation available to the commission upon request.
(1)
Administrative penalties. If the commission finds that a CTU has violated any provision of this section, the commission shall order the utility to take corrective action, as necessary, and the utility may be subject to administrative penalties and other enforcement actions pursuant to PURA, Chapter 15.
(2)
Certificate revocation. If the commission finds that a CTU is repeatedly in violation of this section, and if consistent with the public interest, the commission may suspend, restrict, or revoke the registration or certificate of the CTU.
(3)
Coordination with the Office of the Attorney General. The commission shall coordinate its enforcement efforts regarding the prosecution of fraudulent, misleading, deceptive, and anticompetitive business practices with the Office of the Attorney General in order to ensure consistent treatment of specific alleged violations.
•
Average number of Contacts per hour
•
Average number of Sales per hour
•
Number of total contacted
•
Percentage of total campaign list contacted
•
Total Sales
•
Products Sold
•
Conversion rate
2.
INBOUND TELEMARKETING AND CUSTOMER SERVICE
•
Number of inbound calls
•
Number of calls handled
•
Number of calls transferred
•
Number of calls abandoned
•
Average time per call in queue
•
Average speed of answer
•
Number of sales completed and products sold
•
Number of refusals (no sale) and the reason for the no sale
3.
Do Not Call
1.
Supplier's Responsibilities:
i
Supplier shall comply with all state, federal, and DMA laws and regulations in regard to DNC lists and procedures except where AT&T expressly assumes responsibility for compliance.
ii
Supplier shall establish and implement written procedures for complying with applicable Telemarketing Rules.
iii
Supplier shall train its employees engaged in telemarketing on the Telemarketing Rules and Supplier’s written procedures concerning the Telemarketing Rules.
iv
Supplier shall monitor, within its regular course of business, the compliance of its employees with federal and state DNC laws and regulations, the requirements of the Agreement and this Order, and Supplier’s written procedures.
a.
Supplier shall be responsible for submitting on a daily basis a list of all persons, including their names and telephone numbers, who have indicated to Supplier a desire to be excluded from future AT&T telephone or written solicitations, or who have indicated that they have signed up for a federal or state DNC list, so that AT&T may update its internal do not call and do not write lists. The submission of the daily DNC requests shall be done via the daily response file as well as entering the DNC information on the AT&T DNC Web site.
b.
Supplier shall establish that an employee’s willful violation of the applicable Telemarketing Rules or Supplier’s written policy concerning such rules constitute grounds for immediate termination from the Program.
c.
Supplier shall maintain records of its compliance with its responsibilities as described in this Section for a period of five (5) years.
d.
Supplier represents and warrants that it shall comply with the foregoing procedures and with applicable DNC laws and regulations and that it shall reimburse AT&T for the cost of AT&T's defense and for any and all remedies, fines or penalties of any kind that may be imposed on AT&T arising from or related to Supplier's breach of its responsibilities as described in this Agreement. Failure of Supplier to comply with the foregoing provisions shall be considered a material breach of the Agreement, and AT&T may, in addition to all other available legal and equitable remedies, immediately terminate this Agreement and/or Order for default, without incurring any liability whatsoever to Supplier for such termination.
1.
Supplier will use commercially reasonable efforts to determine whether each individual who performs Services for AT&T has performed Work as an employee or temporary worker for AT&T, or any AT&T Affiliate, in the [*] ([*]) months preceding the individual’s proposed commencement of Work for AT&T. Supplier will provide AT&T with written notice of any individuals who meet the foregoing criteria. AT&T may require that Supplier provide another individual to perform the Work.
2.
Supplier will use commercially reasonable efforts to ensure that no individual providing Services in connection with an Order submitted by AT&T provides Services to AT&T for more than t[*] ([*]) consecutive months, unless AT&T provides written authorization for the individual to perform Services for more than [*] ([*]) consecutive months.
1.
Supplier shall not create print-outs or other hardcopy of SPI (defined in Appendix O Security Attachment) and/or Customer Information data unless required by the job function and necessary to perform the Services.
2.
When a hardcopy of SPI and/or Customer Information must be created, Supplier shall label the hardcopy as AT&T Proprietary (Sensitive Personal Information), but only under express authority granted by AT&T for the particular job activity.
3.
If there is any identified compromise or suspected compromise under investigation, loss or theft of any print-outs or hardcopy containing SPI and/or Customer Information data, Supplier shall notify AT&T on or before close of business on the day following the identification.
4.
If there is any identified compromise, loss or theft of any print-outs or hardcopy containing SPI and/or Customer Information data, Supplier shall notify AT&T on or before close of business on the day following the identification.
5.
Supplier shall maintain SPI and/or Customer Information only if mandated by law or if the data element is a necessary attribute for the business process.
6.
Supplier shall limit replication of SPI and/or Customer Information to the minimum copies (both hardcopy and softcopy) required to achieve the business purposes under this Agreement.
7.
If SPI and/or Customer Information will reside on any Supplier systems, Supplier shall store such data in a format that is fully compliant with all AT&T standards that have been communicated to Supplier as well as the then-current standards of SISR and PCI industry, as applicable.
8.
Supplier shall not take print-outs or other hardcopy of SPI and/or Customer Information data outside AT&T or Supplier premises without the prior written consent of AT&T’s Vendor Manager.
9.
Supplier shall not transmit SPI and/or Customer Information data via regular (insecure) FAX without the express permission of AT&T.
10.
Supplier shall not transmit SPI and/or Customer Information data via e-mail without encryption, which is explicitly approved by AT&T.
a.
Supplier agrees to take all commercially reasonable appropriate steps to endeavor to prevent and respond to incidents involving the mistreatment of AT&T’s customers. To protect AT&T’s customers, as well as AT&T, its Affiliates and its services, from the effects of such mistreatment, Supplier will not permit any of its Customer Service Representatives (CSRs) or other employees (e.g., trainers, supervisors) to engage in any of the following actions:
1.
Using vulgar, offensive, abusive, or sexually oriented language in communications with Customers.
2.
Making derogatory references to race, ethnicity, religion, or gender in communications with Customers.
3.
Yelling or screaming, making rude, argumentative, abrasive, or sarcastic comments in communications with Customers.
4.
Exchanging personal information with Customers or AT&T representatives for social purposes or engagements, including the exchange of personal email addresses for such purposes that are unrelated to the business engagement of Supplier.
5.
Intentional acts of call avoidance, including but not limited to:
a.
Intentional disconnect of a Customer during a call.
b.
Intentional transfer of a call back into the queue that the CSR is trained to handle.
c.
Intentional dissemination of inaccurate information or troubleshooting steps in order to release a call without assisting the Customer.
d.
Intentionally ignoring a Customer that has been presented to the CSR from a call queue.
6.
Intentionally abandoning a Customer on hold without providing a status update to the Customer.
7.
Refusing to escalate to a supervisor at the Customer’s request.
8.
Refusing to assist Customers with requests that the CSR is trained to handle.
9.
Any unauthorized access, release or use of confidential information, such as Customer account information. This shall include, but not be limited to, accessing a Customer’s email account without permission and/or creating a password for a Customer without authorization.
10.
Retaining, collecting, accessing, and/or using Customer information for reasons outside the scope of support of an Order.
11.
Any attempt to falsify AT&T’s records or any record related to a Customer.
12.
Any statements that misrepresent, or provide misleading information about, AT&T or its products, pricing or promotions.
13.
Any intentional acts that create a risk of compromising the privacy of customer information, including failure to strictly comply with the “Clean Desk Policy,” which requires that AT&T Information be secured any time a CSR goes on a break or is away from the CSR’s work area.
b.
Supplier shall submit a monthly report to AT&T’s Vendor Manager identifying any instances where, to Supplier’s knowledge, any of the prohibited conduct listed in subsection (a) occurred at a Supplier facility during the preceding month. Supplier shall deliver the report to AT&T’s Vendor Manager on the 10th day of each month or on the next business day if the 10th day is a weekend or holiday. This report shall include: (i) the name of the facility where the incident occurred; (ii) the date of the incident; (iii) a brief description of the incident; and (iv) a brief description of the action taken by Supplier to address the incident. Supplier shall not identify individual CSRs by name or identification number in such reports.
c.
Supplier and AT&T agree that violations of this Customer Protection Policy will injure AT&T’s relationships with its Customers and that the amount of such injury may be
d.
In order to protect its customers from further mistreatment in circumstances involving any of the behaviors that fall within the scope of subsection (a), AT&T may request that Supplier immediately remove a CSR or any other employee of Supplier (e.g. trainers, supervisors) from all AT&T Programs.
e.
Supplier shall be wholly responsible for accepting or rejecting a request to remove pursuant to subsection (d) and for any other remedial measures related to the CSR or other employee of Supplier. Supplier shall be solely responsible for the expense associated with such removal or other remedial measures.
Country(ies) where services are authorized by AT&T to be performed
Services
to be performed at approved Physical Location
Name of Supplier / Subcontractor performing the services
Philippines
Call Center Services
StarTek, Inc.
1.
Supplier shall include in it’s BCP the following components:
a.
Communication Procedures: In addition to your normal communication channels, communication and escalation procedures that address how information is coordinated and communicated to AT&T representatives via the AT&T IT Sourcing Mailbox at: g11995@att.com in the event of a Occurrence. Unless directed otherwise by AT&T, Supplier shall provide such status reports relating to Information Technology (“IT”) matters to the AT&T IT Sourcing Mailbox at: g11995@att.com until all unresolved restoration efforts have been completed to AT&T’s satisfaction. Unless directed otherwise by AT&T, Supplier shall provide non-IT related status reports to the AT&T’s designated business or BCP contact until all unresolved restoration efforts have been completed to AT&T’s satisfaction. In the event of a disruption of connectivity that delays or prevents email communication with the AT&T IT Sourcing Mailbox, in addition to making all reasonable and necessary attempts to contact AT&T via the mailbox, Supplier shall contact appropriate AT&T’s representative(s) through alternate means as set forth in Supplier’s BCP (it is Supplier’s responsibility to ensure alternate AT&T points of contact are contained in its BCP).
b.
Business Functions: Phone numbers, email addresses, and alternate point of contact for each type of Materials and Services furnished hereunder.
c.
Response Procedures: Response procedures are immediate actions taken at the onset of an Occurrence which shall involve such activities as assessment of an Occurrence and associated recovery procedures and intervals, activation of BCPs and any crisis teams, ongoing communications to AT&T, impact to Materials and/or Services and the prioritization of work.
d.
Recovery Strategies: Recovery strategies may include but are not limited to Supplier’s utilization of technology, alternate work locations and implementation of manual workarounds to enable Supplier’s provision of the Materials and/or Services to continue until normal operations can be resumed. Supplier’s recovery strategies should enable Supplier to meet the timeframes set forth in any applicable UERP. In the event this Agreement does not set forth an applicable UERP for a given business process and/or Service, then for each such business process and/or Service, Supplier shall respond promptly after an Occurrence.
2.
Supplier shall conduct exercises to test its BCP:
a.
Within [*] ([*]) days of the Effective Date of this Agreement and annually thereafter. Supplier shall conduct appropriate exercises, as specified in Subsection 2b of this clause, to validate its BCP. Supplier shall promptly make all reasonable and necessary updates, corrections, and modifications and take any corrective actions required when Services, systems or processes are added or changed in its BCP.
b.
No less than annually Supplier shall conduct BCP exercises at either a Table-Top Exercise or Functional Exercise levels.
Prime Supplier MBE/WBE/DVBE Participation Plan
PRIME SUPPLIER MBE/WBE/DVBE PARTICIPATION PLAN
YEAR REPORTING:
1.
GOALS
2.
LIST THE PRINCIPAL GOODS AND SERVICES TO BE SUBCONTRACTED TO MBE/WBE/DVBEs OR DELIVERED THROUGH MBE/WBE/DVBE VALUE ADDED RESELLERS
Company Name
Classification (MBE/WBE/DVBE)
Products/Services to be provided
$ Value
Date to Begin
3.
SELLER AGREES THAT IT WILL MAINTAIN ALL NECESSARY DOCUMENTS AND RECORDS TO SUPPORT ITS EFFORTS TO ACHIEVE ITS MBE/WBE/DVBE PARTICIPATION GOAL(S). SELLER ALSO ACKNOWLEDGES THE FACT THAT IT IS RESPONSIBLE FOR IDENTIFYING, SOLICITING AND QUALIFYING MBE/WBE/DVBE SUBCONTRACTORS, DISTRIBUTORS AND VALUE ADDED RESELLERS.
4.
THE FOLLOWING INDIVIDUAL, ACTING IN THE CAPACITY OF MBE/WBE/DVBE COORDINATOR FOR SELLER, WILL:
Supplier:
AT&T
By:
By:
Printed Name:
Printed Name:
Title:
Title:
Date:
Date:
•
Supplier shall staff and maintain an Information Security Organization
•
Supplier shall maintain and periodically review a policy on the “Security of Information and Acceptable Use of Systems”
•
Supplier’s policy shall address the following: User IDs and Authentication, Access Rights, Privacy, Confidentiality, Required Security Behaviors for Acceptable Use, Communication of Trade Secrets, Disclaimer of Liability for Use of the Internet, Physical Security and Security of Company Systems, Reporting of Security Incidents to the Supplier’s Computer Incident Response Team.
•
Supplier shall staff and maintain a Computer Incident Response Team (CIRT), a 24-hour emergency response organization that operates a global hotline to report infractions and investigate potential security breaches
•
Supplier’s policy shall be made available to Customers that have executed a Non-Disclosure Agreement
•
Supplier shall ensure its Home-Based Agents use an approved computer Workstation that they provide to connect to the Supplier’s corporate environment through their centralized servers (e.g. CITRIX ) or a similar centralized controlled environment which is accessed via the Supplier’s Corporate VPN
•
Supplier’s corporate VPN shall perform an “end-point analysis” prior to allowing a connection to the Supplier’s corporate network.
•
Supplier shall ensure that no reverse engineering application binaries and / or no cache files to mine for data offline are in use on the computer Workstations used to perform Services for AT&T.
•
Supplier shall ensure that Supplier’s centralized servers feature prevent data transfers between the end user’s Workstation and the Supplier’s centralized servers.
•
Supplier’s corporate VPN shall not permit “split-tunneling”
•
Supplier shall ensure that attempts to tamper with local routing tables results in the immediate termination of the VPN connection
•
Supplier shall ensure that Supplier’s corporate VPN uses encryption (128-bit minimum)
•
Supplier shall ensure that personnel performing Services for AT&T only access AT&T’s non-public networks as follows:
◦
All access shall use the existing site-to-site VPN tunnel between the Supplier and AT&T, and
◦
All access shall use the applications running on the Supplier’s centralized servers
•
Supplier shall ensure that its personnel performing Services for AT&T have no direct access to any other applications on AT&T’s non-public network
•
Supplier shall ensure that each of the Supplier’s Home-Based Agents use two-factor authentication when accessing Supplier’s corporate VPN.
•
Supplier shall ensure that each of the Supplier’s Home-Based Agents have a unique and valid Supplier Enterprise ID and use it for access to Supplier’s corporate VPN.
•
Supplier shall ensure that when Supplier’s Home-Based Agents have to authenticate with AT&T applications the following occurs:
◦
Supplier’s centralized server password manager randomly generates the characters of the password for the Agent.
◦
Supplier’s centralized server password manager has a feature which allows the Supplier to automatically disable all or selected user accounts in the event of an employment termination/departure from a centralized location.
•
Supplier shall ensure that Supplier’s corporate VPN connects the user to an isolated network in a designated Supplier data center that is specifically designed for client access
•
Supplier shall ensure that Supplier’s centralized servers has integrated access controls with each published application that grants users access to only the applications the Supplier’s Home Based Agents need – not to a published desktop
•
Supplier shall ensure that Supplier’s Home Based Agents have no direct access to AT&T’s non-public networks
•
Supplier shall ensure that access by Supplier’s Home Based Agents to AT&T’s non-public networks only occurs via the Supplier’s centralized servers
•
Supplier shall ensure that administration and configuration of the access controls are performed only by Supplier’s authorized administrators
▪
Setup
§
Supplier shall ensure that only Supplier’s authorized administrators grant access rights, security settings and restrictions to end users
▪
Access Management
§
Supplier shall ensure that the following features are employed:
◦
Restricting time of access based on day of week and hour of day
◦
Restricting access to features at the group or user level, including features such as drag-and-drop file transfers, remote Printing, or any feature which could be used to capture and remove AT&T Information.
◦
Complete logging of all key strokes and mouse clicks during the session so as to maintain a record of what actions have been taken on the Workstation by the Home Based Agent
▪
Enforceable Configuration Settings
§
Supplier shall ensure that the following features are employed:
◦
Password controls including expiring passwords, limiting failed log-in attempts and disallowing previous password use
◦
Viewer timeouts, screen blanking and keyboard lockout when in session
▪
Network Controls
§
Supplier shall ensure that the following features are employed:
◦
Users who log into the Supplier’s corporate web-site authenticate with a user id and password using Secure Sockets Layer (“SSL”).
◦
Users authenticate a second time with a unique access code that seeds the 128-bit Advanced Encryption Standard (“AES”) end-to-end encryption
1.
Supplier’s performance of Services that involve the collection, storage, handling, or disposal of AT&T’s Information;
2.
Supplier-offered or -supported AT&T branded services using non-AT&T Information Resources (as defined below);
3.
Connectivity to AT&T’s Nonpublic Information Resources (as defined below);
4.
Incidental and/or AT&T-paid-for development of any software to the extent produced or developed by or on behalf of Supplier, or forming part of any software, pursuant to the Agreement to which these Security Requirements are attached (including under any statement of work, exhibit, order or other document under, subordinate to, or referencing this Agreement) (collectively the “Agreement”) for the development of which AT&T has been charged monies; or
5.
Website hosting and development for AT&T and/or AT&T’s customers.
1.
Upon extension or renewal of the Agreement;
2.
Upon any change in work scope or other substantive modification of the Agreement; or
3.
At such time that AT&T deems necessary.
a.
Is protected by firewalls located between the Internet and the DMZ, between that DMZ and all other DMZs, and between the DMZ and the AT&T intranet,
b.
Prohibits incoming TELNET connections from public networks, and
c.
Prohibits incoming File Transfer Protocol (FTP) connections from public networks except to specific systems known as “FTP drop boxes”.
a.
Any of AT&T’s Sensitive Personal Information (SPI) stored without the use of Strong Encryption,
b.
The official record copy of information to be accessed from requests originating from the untrusted external network,
c.
The official record copy of information to be modified as the result of requests originating from the untrusted external network,
d.
Database servers,
e.
All exported logs, and
f.
Development environments and source code.
a.
Authentication credentials not protected by the use of Strong Encryption.
1.
Actively monitor industry resources (e.g.www.cert.org, www.cert.org and pertinent software vendor mailing lists and websites) for timely notification of all applicable security alerts pertaining to Supplier’s Information Resources. (Security Alerts)
2.
At least monthly, scan externally-facing Information Resources, including, but not limited to, networks, servers, and applications, with applicable industry-standard security vulnerability scanning software to uncover security vulnerabilities. (Externally-facing System Scanning)
3.
At least monthly, scan internal Information Resources, including, but not limited to, networks, servers, applications and databases, with applicable industry-standard security vulnerability scanning software to uncover security vulnerabilities, ensure that Information Resources are properly hardened as documented in Security Requirement 9 below, and identify any unauthorized wireless networks. (Internal System Scanning)
4.
Upon AT&T’s request, furnish to AT&T its most current scanning results for the Information Resources. (Sharing Scanning Results with AT&T)
5.
In environments where such technology is commercially available and to the extent practicable, deploy one or more Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), or Intrusion Detection and Prevention Systems (IDP) in an active mode of operation that monitors all traffic entering and leaving Information Resources in conjunction with the Agreement. (Intrusion Detection/Prevention Systems)
6.
Have and use a documented process to remediate security vulnerabilities in the Information Resources, including, but not limited to, those discovered through industry publications, vulnerability scanning, virus scanning, and the review of security logs, and apply appropriate security patches promptly with respect to the probability that such vulnerability can be or is in the process of being exploited. (Remediating/Patching Service Vulnerabilities)
7.
Assign security administration responsibilities for configuring host operating systems to specific individuals. (Security Administration Responsibilities)
8.
Ensure that its information security staff has reasonable and necessary experience in information and network security. (Necessary Staff Experience)
9.
Ensure that all of Supplier’s Information Resources are and remain ‘hardened’ including, but not limited to, removing or disabling unused network and other services (e.g., finger, rlogin, ftp, and simple Transmission Control Protocol/Internet Protocol (TCP/IP) services) and installing a system firewall, Transmission Control Protocol (TCP) wrappers or similar technology. (Hardened Systems)
10.
Change all default account names and/or default passwords. (Changing Default Account Names and Passwords)
11.
Limit system administrator (also known as root, privileged, or super user) access to operating systems intended for use by multiple users only to individuals requiring such high-level access in the performance of their jobs. (Limit Super User Privileges)
12.
Require application, database, network and system administrators to restrict access by users to only the commands, data and Information Resources necessary for them to perform authorized functions. (Administrators to Restrict User Access)
13.
Ensure that all of Supplier’s Information Resources intended for use by multiple users are located in secure physical facilities with access limited and restricted to authorized individuals only. (Information Resources in Secure Facilities)
14.
Monitor and record, for audit purposes, access to the physical facilities containing Information Resources intended for use by multiple users used in connection with Supplier’s performance of its obligations under the Agreement. (Monitoring and Recording Access)
15.
When providing Internet-based services to AT&T, protect AT&T’s Information by the implementation of a network DMZ. Web servers providing service to AT&T shall reside in the DMZ. Information Resources storing AT&T’s Information (such as application and database servers) shall reside in a trusted internal network. (Internet Services Must Use DMZ)
16.
Upon AT&T’s request, provide to AT&T a logical network diagram documenting the Information Resources (including, but not limited to, Security Gateways, servers, etc.) that will support AT&T. (Provision of Logical Network Diagram)
17.
Have a documented process and controls in place to detect and handle unauthorized attempts to access AT&T’s Information. (Detection and Handling of Unauthorized Access)
18.
a. Use Strong Encryption for the transfer of AT&T’s Information outside of AT&T- or Supplier-controlled facilities or when transmitting AT&T’s Information over any untrusted network.
b.
By no later than July 1, 2014, always use Strong Encryption to protect AT&T’s customer proprietary network information (“CPNI”), as that term is defined in the Telecommunications Act of 1996, 47 U.S.C. §222 (h)(1), and AT&T’s SPI when transmitted. Exception: Where elsewhere authorized in writing by AT&T, AT&T’s CPNI transmitted for distribution to AT&T’s customers may be exempted from this requirement.
19.
Require Strong Authentication for any remote access use of Nonpublic Information Resources. (Remote Access Authentication)
20.
Isolate AT&T’s applications and AT&T’s Information from any other customer’s or Supplier’s own applications and information either by using physically separate servers or alternatively by using logical access controls where physical separation of servers is not implemented. (Separate AT&T’s Information from non-AT&T information)
21.
Have documented procedures for the secure backup and recovery of AT&T’s Information which shall include, at a minimum, procedures for the transport, storage, and disposal of the backup copies of AT&T’s Information and, upon AT&T’s request, provide such documented procedures to AT&T. (Secure Backup, Transport, Storage and Disposal of AT&T’s Information)
22.
Maintain and, upon AT&T’s request, furnish to AT&T a documented business continuity plan that ensures that Supplier can meet its contractual obligations under the Agreement, including the requirements of any applicable Statement of Work or Service Level Agreement. Such plan shall include the requirement that the included procedures be regularly tested at least annually. Supplier shall promptly review its business continuity plan to address additional threat scenarios. (Business Continuity Plan)
23.
a. Where physical and logical security of AT&T’s SPI cannot be assured, store AT&T’s SPI using Strong Encryption.
b.
By no later than July 1, 2012, always use Strong Encryption to protect AT&T’s CPNI and AT&T’s SPI when stored. (Encryption at Rest/Storage)
24.
Limit access to AT&T’s Information, including, but not limited to, paper hard copies, only to authorized persons or systems. (Limit Access to AT&T’s Information Regardless of Form)
25.
Be compliant with any applicable government- and industry-mandated information security standards. (Examples of such standards include, but are not limited to, the Payment Card Industry-Data Security Standards (PCI-DSS), National Automated Clearing House Associates (NACHA) Rules, and Electronic
26.
At no additional charge to AT&T:
a.
Upon AT&T’s request, provide copies of any of AT&T’s Information to AT&T within [*] ([*]) days of such request.
b.
Return, or, at AT&T’s option, destroy all of AT&T’s Information, including electronic and hard copies, within [*] ([*]) days after the sooner of:
i.
expiration or termination of the Agreement;
ii.
AT&T’s request for the return of AT&T’s Information; or
iii.
the date when Supplier no longer needs AT&T’s Information to perform Services under the Agreement.
c.
In the event that AT&T approves destruction as an alternative to returning AT&T’s Information, then certify in writing the destruction (e.g., degaussing, overwriting, performing a secure erase, performing a chip erase, shredding, cutting, punching holes, breaking, etc.) as rendering AT&T’s Information non-retrievable.
d.
In the event that Supplier needs to retain copies of AT&T’s Information more than [*] ([*]) days past either the expiration or termination of the Agreement, or AT&T’s request for the return or destruction of AT&T’s Information, be allowed to retain such copies when elsewhere agreed to in writing with AT&T. Exception: Copies of AT&T’s Information retained as part of a backup-and-recovery, business continuity or disaster recovery process may be retained for more than [*] ([*]) days past the expiration or termination of the Agreement without obtaining agreement in writing from AT&T allowing such retention provided that all such copies are destroyed within no more than [*] ([*]) years of the date of creation. (Return of AT&T’s Information)
27.
Unless otherwise instructed by AT&T in writing, when collecting, generating or creating Information for, through or on behalf of AT&T or under the AT&T brand, ensure that such Information shall be AT&T’s Information and, whenever practicable, label such Information of AT&T as “AT&T Proprietary Information” or at a minimum, label AT&T’s Information as “Confidential” or “Proprietary”. Supplier acknowledges that AT&T’s Information shall remain AT&T-owned Information irrespective of labeling or the absence thereof. (Confidential or Proprietary Markings)
28.
Assign unique UserIDs to individual users. (Unique UserIDs)
29.
Have and use a documented UserID lifecycle management process including, but not limited to, procedures for approved account creation, timely account removal, and account modification (e.g., changes to privileges, span of access, functions/roles) for all Information Resources and across all environments (e.g., production, test, development, etc.). Such process shall include review of access privileges and account validity to be performed at least annually. (UserID Life Cycle Management)
30.
Enforce the rule of least privilege (i.e., limiting access to only the commands and Information Resources necessary to perform authorized functions according to one’s job function). (Rule of Least Privilege)
31.
Limit failed login attempts to no more than [*] ([*]) successive attempts and lock the user account upon reaching that limit. Access to the user account can be reactivated subsequently through a manual process requiring verification of the user’s identity or, where such capability exists, can be automatically
32.
Terminate interactive sessions, or activate a secure, locking screensaver requiring authentication, after a period of inactivity not to exceed [*] [*]. Exception: Where elsewhere authorized in writing by AT&T, AT&T customer usage of Customer Facing Systems may be exempted from this requirement. (Terminate Inactive Interactive Sessions)
33.
Require password expiration at regular intervals not to exceed [*] ([*]) days. Exception: Where elsewhere authorized in writing by AT&T, AT&T customer usage of Customer Facing Systems may be exempted from this requirement. (Expire Passwords)
34.
Use an authentication method based on the sensitivity of AT&T’s Information. When passwords are used, they must meet these minimum requirements:
•
Passwords must be a minimum of [*] ([*]) characters in length.
•
Passwords must contain characters from at least [*] ([*]) of these groupings: alphabetic, numeric, and special characters.
•
Passwords must not be the same as the UserID with which they are associated.
•
Password construction must be complex and not contain names, dictionary words, combinations of words, or words with substitutions of numbers for letters, e.g., s3cur1ty.
•
Passwords must not contain repeating or sequential characters or numbers.
Notes:
1. When systems or applications do not enforce these password requirements, users and administrators must be instructed to comply with these password requirements when selecting passwords.
35.
Use a secure method for the conveyance of authentication credentials (e.g., passwords) and authentication mechanisms (e.g., tokens or smart cards). (Use Secure Method to Convey UserIDs and Passwords)
36.
For AT&T branded products or services or for software developed for AT&T, display a warning banner on login screens or pages as specified in writing by AT&T. (Display Warning Banners)
37.
In environments where antivirus software is commercially available and to the extent practicable, have current antivirus software installed and running to scan for and promptly remove or quarantine viruses and other malware. (Note: For the avoidance of doubt, this requirement also applies to Mobile and Portable Devices where antivirus software is commercially available.) (Scan and Remove Viruses)
38.
Separate non-production Information Resources from production Information Resources. (Separate Production and Non-Production Information Resources)
39.
Have a documented change control process including back-out procedures for all production environments. (Software Change Control Process)
40.
For applications which utilize a database that allows modifications to AT&T’s Information, have database transaction logging features enabled and retain database transaction logs for a minimum of [*] ([*]) months. (Utilize Database Transaction Logging)
41.
a. For all software developed under the Agreement, review such software to find and remediate security vulnerabilities during initial implementation and upon any modifications and updates.
b.
Where technically feasible, for all software used, furnished and/or supported under the Agreement, review such software to find and remediate security vulnerabilities during initial implementation and upon any modifications and updates. (Review Code for Vulnerabilities)
42.
Perform quality assurance testing for the security components (e.g., testing of identification, authentication and authorization functions), as well as any other activity designed to validate the security architecture, during initial implementation and upon any modifications and updates. (Quality Assurance Test Security Components)
43.
Restrict access to any of AT&T’s CPNI and AT&T’s SPI to authorized individuals. (Restrict Access to AT&T CPNI and SPI)
44.
Not store AT&T’s CPNI and AT&T’s SPI on removable media (e.g., USB flash drives, thumb drives, memory sticks, tapes, CDs, or external hard drives) except: (a) for backup, business continuity, disaster recovery, and data interchange purposes as allowed and required under contract, and (b) using Strong Encryption. Exception: Where elsewhere authorized in writing by AT&T, AT&T’s CPNI stored for distribution to AT&T’s customers may be exempted from this requirement. (Control AT&T CPNI and SPI on Removable Media)
45.
Restrict access to security logs to authorized individuals, and protect security logs from unauthorized modification. (Restrict Access to Security Logs)
46.
Review, on no less than a weekly basis, all security and security-related audit logs for anomalies and document and resolve all logged security problems in a timely manner. (Review Security Logs and Resolve Security Problems)
47.
Retain complete and accurate records relating to its performance of its obligations arising out of these Security Requirements and Supplier’s compliance herewith in a format that will permit assessment or audit for a period of no less than [*] ([*]) years, or longer as may be required pursuant to a court order or civil or regulatory proceeding. Notwithstanding the foregoing, Supplier shall only be required to maintain security logs for a minimum of [*] ([*]) months. (Retain Records)
48.
Permit AT&T to conduct an assessment or audit to verify Supplier’s compliance with its contractual obligations in connection with these AT&T Supplier Information Security Requirements. Upon AT&T’s request for audit, Supplier shall schedule a security audit to commence within [*] ([*]) days from such request. In the event that AT&T, in its sole discretion, deems that a security breach has occurred, which has not been promptly reported to AT&T in compliance with the Supplier’s Incident Management Process, Supplier shall schedule the audit to commence within [*][*] of AT&T’s notice requiring an audit. This provision shall not be deemed to, and shall not, limit any more stringent audit obligations permitting the examination of Supplier’s records contained in the Agreement. (Audit Rights)
49.
Within [*] ([*]) days of receipt of the assessment or audit report, provide AT&T a written report outlining the corrective actions that Supplier has implemented or proposes to implement with the schedule and current status of each corrective action. Supplier shall update this report to AT&T every [*] ([*]) days reporting the status of all corrective actions through the date of implementation. Supplier shall implement all corrective actions within [*] ([*]) days of Supplier’s receipt of the assessment or audit report. (Remediate Audit Findings)
50.
Have and use an Incident Management Process and promptly notify AT&T whenever there is an attack upon, intrusion upon, unauthorized access to, loss of, or other breach of AT&T’s Information Resources at:
a.
Asset Protection by telephone at 800-807-4205 from within the US and at 1-908-658-0380 from elsewhere, and
b.
Supplier’s contact within AT&T for Service-related issues.
51.
After notifying AT&T whenever there is an attack upon, intrusion upon, unauthorized access to, loss of, or other breach of AT&T’s Information Resources, provide AT&T with regular status updates, including, but not limited to, actions taken to resolve such incident, at mutually agreed intervals or times for the duration of the incident and, within [*] ([*]) days of the closure of the incident, provide AT&T with a written report describing the incident, actions taken by the Supplier during its response and Supplier’s plans for future actions to prevent a similar incident from occurring. (Provide AT&T Incident Response Status and Final Resolution)
52.
Ensure, prior to development of custom software, that such software incorporates any applicable AT&T information security requirements that may be provided by AT&T. (Custom Software Must Incorporate AT&T Security Requirements)
53.
Ensure that all personnel, subcontractors or representatives performing work under this Agreement are in compliance with these Security Requirements. (All Work to Be In Compliance with SISR)
54.
At a minimum annually, review these Security Requirements to ensure that Supplier is in compliance with the requirements. (Periodically Review and Ensure Compliance with SISR)
55.
Return all AT&T-owned or -provided access devices (including, but not limited to, SecurID® tokens and/or software) as soon as practicable, but in no event more than [*] ([*]) days after the sooner of: (a) expiration or termination of the Agreement; (b) AT&T’s request for the return of such property; or (c) the date when Supplier no longer needs such devices. (Return all AT&T Owned or Provided Access Devices)
56
Use Strong Encryption to protect all of AT&T’s Information stored on Mobile and Portable Devices.
57
Use Strong Encryption to protect all of AT&T’s Information transmitted using or remotely accessed by network-aware Mobile and Portable Devices.
58
a. Only use network-aware Mobile and Portable Devices to access and/or store AT&T’s Information which are capable of deleting all stored copies of AT&T’s Information upon receipt over the network
b.
Have documented policies, procedures and standards in place to ensure that whenever the authorized individual who should be in physical control of a network-aware Mobile and Portable Device storing AT&T’s Information is not sure of its physical location that the deletion of all of AT&T’s Information stored on such network-aware Mobile and Portable Devices is initiated promptly.
c.
For Mobile and Portable Devices, after [*] ([*]) consecutive failed login attempts automatically delete all stored copies of AT&T’s Information.
59.
Have documented policies, procedures and standards in place which ensure that any Mobile and Portable Devices used to access and/or store AT&T’s Information:
a.
Are in the physical possession of authorized individuals;
b.
When not in the physical possession of authorized individuals are physically secured to prevent unauthorized access and use; or
c.
When neither in the physical possession of authorized individuals nor physically secured to prevent unauthorized access and use, have their data storage promptly securely deleted.
60.
Prior to allowing access to AT&T’s Information stored on or through the use of Mobile and Portable Devices, Supplier shall have and use a process to ensure that:
a.
The user is authorized for such access; and
b.
The identity of the user has been authenticated.
61.
Implement a policy that prohibits the use of any Mobile and Portable Devices that are not administered and/or managed by Supplier or AT&T to access and/or store AT&T’s Information.
62.
Review, at least annually, the use of, and controls for, all Supplier-administered or -managed Mobile and Portable Devices to ensure that the Mobile and Portable Devices can meet the applicable Security Requirements.
63.
Require Strong Authentication for administrative and/or management access to Security Gateways, including, but not limited to, any access for the purpose of reviewing log files.
64.
Have and use documented controls, policies, processes and procedures to ensure that unauthorized users do not have administrative and/or management access to Security Gateways, and that user authorization levels to administer and manage Security Gateways are appropriate.
65.
At least once every [*] ([*]) months, ensure that Security Gateway configurations are hardened by selecting a sample of Security Gateways and verifying that each default rule set and set of configuration parameters ensures the following:
a.
Internet Protocol (IP) source routing is disabled,
b.
The loopback address is prohibited from entering the internal network,
c.
Anti-spoofing filters are implemented,
d.
Broadcast packets are disallowed from entering the network,
e.
Internet Control Message Protocol (ICMP) redirects are disabled,
f.
All rule sets end with a “DENY ALL” statement, and
g.
Each rule is traceable to a specific business request.
66.
Ensure that monitoring tools are used to validate that all aspects of Security Gateways (e.g., hardware, firmware, and software) are continuously operational.
67.
Ensure that all Security Gateways are configured and implemented such that all non-operational Security Gateways shall deny all access.
68.
When using radio frequency (RF) based wireless networking technologies to perform or support Services for AT&T, ensure that all of AT&T’s Information transmitted is protected by the use of appropriate encryption technologies sufficient to protect the confidentiality of AT&T’s Information; provided, however, that in any event such encryption shall use no less than key lengths of 256-bits for symmetric encryption and 256-bits for asymmetric encryption. Exception: The use of RF-based wireless headsets, keyboards, microphones, and pointing devices, such as mice, touch pads, and digital drawing tablets, is excluded from this requirement.
69.
In the event that a data connection agreement, such as a “Master Data Connection Agreement,” “Data Connection Agreement,” and/or “Connection Supplement” (“DCA”) exists between the Parties, and incorporates the Agreement by reference, or is otherwise integrated with, or used to govern the Parties’ connectivity obligations under, this Agreement, agree that any information security requirements incorporated within such DCA are hereby superseded by the terms of these Security Requirements, effective as of the date these Security Requirements become effective under the Agreement, and the terms of such DCA are amended to require that the Security Requirements and not the information security requirements incorporated within the DCA are controlling in the Agreement (as well as any agreements subordinate to the Agreement). Notwithstanding the foregoing, the DCA remains in full force and effect for all other agreements between the Parties to which it applies.
70.
In the event that Supplier has, or will be provided, connectivity to AT&T’s or AT&T’s customers’ Nonpublic Information Resources in conjunction with this Agreement, then in addition to the foregoing:
a.
Use only the mutually agreed upon facilities and connection methodologies to interconnect AT&T’s and AT&T’s customers’ Nonpublic Information Resources with Supplier’s Information Resources.
b.
NOT establish interconnection to AT&T’s and AT&T’s customers’ Nonpublic Information Resources without the prior consent of AT&T.
c.
Provide AT&T access to any applicable Supplier facilities during normal business hours for the maintenance and support of any equipment (e.g., router) provided by AT&T under the Agreement for connectivity to AT&T’s and AT&T’s customers’ Nonpublic Information Resources.
d.
Use any equipment provided by AT&T under this Agreement for connectivity to AT&T’s and AT&T’s customers’ Nonpublic Information Resources only for the furnishing of those Services or functions explicitly authorized in the Agreement.
e.
If the agreed upon connectivity methodology requires that Supplier implement a Security Gateway, maintain logs of all sessions using such Security Gateway. These session logs must include sufficiently detailed information to identify the end user or application, origination IP address, destination IP address, ports/service protocols used and duration of access. These session logs must be retained for a minimum of s[*] ([*]) months.
71.
In the event that Supplier has, or will be provided, connectivity to AT&T’s or AT&T’s customers’ Nonpublic Information Resources in conjunction with this Agreement, in addition to other rights set forth herein, permit AT&T to:
a.
Gather information relating to access, including Supplier’s access, to AT&T’s and AT&T’s customers’ Nonpublic Information Resources. This information may be collected, retained and analyzed by AT&T to identify potential security risks without further notice. This information may include trace files, statistics, network addresses, and the actual data or screens accessed or transferred.
b.
Immediately suspend or terminate any interconnection to AT&T’s and AT&T’s customers’ Nonpublic Information Resources if AT&T, in its sole discretion, believes there has been a breach of security or unauthorized access to or misuse of AT&T data facilities or AT&T Information Resources.
•
Airline club membership fees, dues, or upgrade coupon
•
Barber/Hairstylist/Beautician Expenses
•
Birthday cakes, lunches, balloons, and other personal celebration/recognition costs
•
Break-room supplies for the supplier, such as coffee, creamer, paper products, soft drinks, snack food
•
Car rental additional fees associated with high speed toll access programs and GPS devices
•
Car Washes
•
Clothing, personal care items, and toiletries
•
Credit card fees
•
Entertainment expenses
•
Expenses associated with spouses or other travel companions
•
Expenses to cover meals or expenses for an AT&T employee, whether in a home location or on official travel
•
Flowers, cards and gifts
•
Health Club and Fitness facilities
•
Hotel pay-per-view movies, Video Games and/or mini bar items
•
Insurance for rental car and or flight
•
Internet access in hotels (added to 3.5)
•
Laundry (except when overnight travel is required for 7 or more consecutive nights)
•
Lost luggage
•
Magazines & newspapers
•
Meals not consistent with AT&T’s Global Employee Expense Policy and or meals not directly required for doing business on the AT&T account (e.g. suppliers cannot voucher lunch with each other simply to talk about AT&T)
•
Medical supplies
•
Membership fees to exercise facilities or social/country clubs
•
Movies purchased while on an airplane
•
Office expenses of suppliers
•
PC, cell phone, and other supplier support expenses (unless specifically authorized in the agreement)
•
Personal entertainment
•
Phone usage on airline unless AT&T business emergency
•
Safe rentals during a hotel stay
•
Surcharges for providing fast service (not related to delivery charges such as Fedex, UPS, etc.). AT&T expects all suppliers to complete the terms of contracts in the shortest period practicable. Charges for shortening the timeframe in which contracts are fulfilled are not permissible.
•
Tips for housekeeping and excessive tips, i.e., in excess of 15% to 18% of cost of meal or services, excluding tax
•
Tobacco Products
•
Traffic or Parking Fines
•
Travel purchased with prepaid air passes.
•
Upgrades on airline, hotel, or car rental fees
•
Water (bottled or dispensed by a supplier), (unless authorized for specific countries where it is recommended that bottled water is used)
•
Transportation (airfare or other commercial transportation, car rental, personal auto mileage, taxi and shuttle service)
•
Meals and lodging
•
Parking and tolls
•
Tips/porter service (if necessary and reasonable)
•
Vendors who stay with friends or relatives or other vendor employees while on a Company business trip will NOT be reimbursed for lodging, nor will they be reimbursed for expenditures made to reciprocate their hospitality by buying groceries, being host at a restaurant, etc.
•
The actual cost of landline telephone calls for AT&T business is reimbursable. The use of AT&T products is required when available.
•
AT&T will not reimburse vendors for cell phone bills unless approved under the contract. With prior consent of the sponsoring AT&T Senior Manager, only individual calls that exceed a vendor’s rate plan that are necessary to conduct business for AT&T may be reimbursed.
•
Charges for high speed internet access are not reimbursable unless specifically approved in the contract.
City
St
2011 Guideline
City
St
2011 Guideline
City
St
2011 Guideline
Anchorage
AK
$200
Plantation
FL
$120
Edison
NJ
$140
Fairbanks
AK
$150
Port St. Lucie
FL
$120
Elizabeth
NJ
$165
Glennallen
AK
$135
Saint Augustine
FL
$135
Fair Lawn
NJ
$165
Ketchikan
AK
$155
Sarasota
FL
$125
Florham Park
NJ
$185
Kodiak
AK
$140
Sunrise
FL
$130
Iselin
NJ
$140
Birmingham
AL
$120
Tallahassee
FL
$125
Mahwah
NJ
$185
Decatur
AL
$90
Tamarac
FL
$135
Manahawkin
NJ
$200
Florence
AL
$130
Tampa
FL
$140
Morristown
NJ
$200
Hoover
AL
$125
West Palm Beach
FL
$165
Newark
NJ
$165
Huntsville
AL
$140
Alpharetta
GA
$150
Paramus
NJ
$185
Montgomery
AL
$95
Atlanta
GA
$160
Parsippany
NJ
$200
Mobile
AL
$120
Augusta
GA
$125
Piscataway
NJ
$165
Tuscaloosa
AL
$95
Brunswick
GA
$120
Princeton
NJ
$140
Bryant
AR
$90
Carrollton
GA
$90
Ramsey
NJ
$90
El Dorado
AR
$95
Columbus
GA
$120
Red Bank
NJ
$140
Fayetteville
AR
$90
Dublin
GA
$90
Saddle Brook
NJ
$165
Fort Smith
AR
$95
Duluth
GA
$120
Saddle River
NJ
$200
Hardy
AR
$70
Dunwoody
GA
$90
Short Hills
NJ
$165
Little Rock
AR
$135
Griffin
GA
$90
Somerset
NJ
$135
Mountain Home
AR
$70
Lawrenceville
GA
$90
Teaneck
NJ
$230
North Littlerock
AR
$70
Lithia Springs
GA
$90
Tinton Falls
NJ
$150
Pine Bluff
AR
$70
Norcross
GA
$90
Warren
NJ
$165
Rogers
AR
$90
Peachtree City
GA
$120
West Orange
NJ
$135
Russellville
AR
$90
Savannah
GA
$135
Whippany
NJ
$230
Springdale
AR
$90
Roswell
GA
$90
Woodcliff Lake
NJ
$200
VanBuren
AR
$90
Tifton
GA
$90
Albuquerque
NM
$120
Chandler
AZ
$135
Honolulu
HI
$230
Henderson
NV
$160
Mesa
AZ
$135
Kailua Kona
HI
$150
Las Vegas
NV
$150
Phoenix
AZ
$150
Kihei
HI
$200
Pahrump
NV
$70
Rio Rico
AZ
$90
Waikoloa
HI
$200
Albany
NY
$140
Scottsdale
AZ
$185
Desmoines
IA
$135
Brooklyn
NY
$200
Tempe
AZ
$165
Johnston
IA
$120
Cheektowaga
NY
$125
Tucson
AZ
$125
Urbandale
IA
$90
Fishkill
NY
$155
Yuma
AZ
$120
Ammon
ID
$90
Jamaica
NY
$165
Anaheim
CA
$125
Idaho Falls
ID
$120
New York
NY
$350
Buena Park
CA
$125
Alsip
IL
$90
Plainview
NY
$200
Burbank
CA
$150
Arlington Heights
IL
$120
Rochester
NY
$165
Burlingame
CA
$150
Barrington
IL
$70
Rockville Center
NY
$140
Carlsbad
CA
$165
Bedford Park
IL
$150
Syracuse
NY
$135
Cerritos
CA
$150
Bourbonnais
IL
$90
Tarrytown
NY
$200
Chico
CA
$95
Champaign
IL
$135
Vestal
NY
$140
City of Industry
CA
$125
Chicago
IL
$170
West Harrison
NY
$185
Clovis
CA
$95
Danville
IL
$90
White Plains
NY
$185
Concord
CA
$140
Des Plaines
IL
$150
Woodbury
NY
$125
Coronado
CA
$350
Downers Grove
IL
$90
Beachwood
OH
$125
Costa Mesa
CA
$125
Elk Grove
IL
$135
Boardman
OH
$95
Cupertino
CA
$170
Elmhurst
IL
$135
Centerville
OH
$90
Del Mar
CA
$150
Fairview Heights
IL
$90
Cleveland
OH
$125
Dublin
CA
$120
Gurnee
IL
$90
Columbus
OH
$140
El Segundo
CA
$140
Hoffman Estates
IL
$110
Dayton
OH
$120
Emeryville
CA
$165
Lincolnshire
IL
$185
Dublin
OH
$120
Escondido
CA
$90
Lisle
IL
$140
Fairborn
OH
$90
Eureka
CA
$120
Lombard
IL
$165
Independence
OH
$120
Garden Grove
CA
$130
Naperville
IL
$120
Mayfield Village
OH
$95
Glendale (North)
CA
$180
Northbrook
IL
$135
North Olmsted
OH
$120
Hawthorne
CA
$135
Oakbrook
IL
$170
Orange Village
OH
$90
Hayward
CA
$90
Ofallon
IL
$70
Perrysburg
OH
$90
Hollywood
CA
$185
Palatine
IL
$90
Poland
OH
90
Irvine
CA
$165
Rockford
IL
$120
Reynoldsburg
OH
$70
La Jolla
CA
$155
Rolling Meadows
IL
$90
Richfield
OH
$90
Livermore
CA
$125
Rosemont
IL
$140
Oklahoma City
OK
$120
Long Beach
CA
$185
Schaumburg
IL
$125
Owasso
OK
$90
Los Angeles
CA
$185
Springfield
IL
$90
Ponca City
OK
$70
Merced
CA
$125
Tinley Park
IL
$120
Coos Bay
OR
$70
Milpitas
CA
$150
Vernon Hills
IL
$90
Lake Oswego
OR
115
Modesto
CA
$125
Westmont
IL
$90
Portland
OR
$140
Montebello
CA
$125
Willowbrook
IL
$95
Tigard
OR
$120
Monterey
CA
$165
Bloomington
IN
$90
Allentown
PA
$95
Mountain View
CA
$165
Carmel
IN
$120
Audubon
PA
$125
Napa
CA
$165
Columbus
IN
$90
Bensalem
PA
$90
Newark
CA
$160
Indianapolis
IN
$125
Berwyn
PA
$176
Newport Beach
CA
$185
Muncie
IN
$70
Coraopolis
PA
$120
Oakland
CA
$130
South Bend
IN
$120
Essington
PA
$125
Ontario
CA
$120
Merriam
KS
$90
Glen Mills
PA
$140
Orange
CA
$125
Overland Park
KS
$120
Harrisburg
PA
$120
Palo Alto
CA
$230
Shawnee
KS
$120
King of Prussia
PA
$140
Pasadena
CA
$185
Topeka
KS
$90
Langhorn
PA
$120
Petaluma
CA
$90
Wichita
KS
$90
Philadelphia
PA
$176
Pleasanton
CA
$125
Covington
KY
$140
Pittsburgh
PA
$185
Redondo Beach
CA
$130
Louisville
KY
$135
Wayne
PA
$140
Redwood City
CA
$130
Baton Rouge
LA
$120
Lincoln
RI
$150
Riverside
CA
$130
Covington
LA
$125
Providence
RI
150
Rocklin
CA
$135
La Place
LA
$120
Anderson
SC
$95
Rohnert Park
CA
$125
Metairie
LA
$140
Charleston
SC
$120
Rosemead
CA
$140
New Orleans
LA
$150
Duncan
SC
$90
Sacramento
CA
$135
Boston
MA
$285
Florence
SC
$95
Salinas
CA
$150
Burlington
MA
$200
Hilton Head
SC
$150
San Carlos
CA
$90
Cambridge
MA
$230
Myrtle Beach
SC
$150
San Diego
CA
$165
Dedham
MA
$150
Brentwood
TN
$120
San Francisco
CA
$230
Framingham
MA
$165
Crossville
TN
$70
San Gabriel
CA
$140
Lowell
MA
$120
Franklin
TN
$120
San Jose
CA
$135
Marlborough
MA
$150
Jackson
TN
95
San Luis Obispo
CA
$120
Natick
MA
$165
Johnson City
TN
$95
San Mateo
CA
$200
Stoughton
MA
$165
Knoxville
TN
$90
San Rafael
CA
$125
Baltimore
MD
$250
Memphis
TN
$125
San Ramon
CA
$185
Bethesda
MD
$250
Nashville
TN
$125
Santa Ana
CA
$130
Columbia
MD
$165
Addison
TX
$140
Santa Clara
CA
$185
Greenbelt
MD
$185
Arlington
TX
$125
Santa Monica
CA
$250
Hanover
MD
$140
Austin
TX
$125
Santa Rosa
CA
$120
Linthicum
MD
$140
Beaumont
TX
$95
Sherman Oaks
CA
$120
Linthicum Heights
MD
$140
Corpus Christi
TX
$120
South San Francisco
CA
$135
Portland
ME
$120
Dallas
TX
$150
Stevenson Ranch
CA
$90
Battlecreek
MI
$90
El Paso
TX
$135
Stockton
CA
$95
Canton
MI
$90
Frisco
TX
$120
Susanville
CA
$90
Detroit
MI
$125
Ft. Worth
TX
$115
Temecula
CA
$135
Farmington Hills
MI
$90
Houston
TX
$135
Thousand Oaks
CA
$135
Holland
MI
$70
Irving
TX
$140
Torrance
CA
$120
Lansing
MI
$120
McAllen
TX
$90
Ukiah
CA
$90
Marquette
MI
$90
Midland
TX
$90
Universal City
CA
$185
Novi
MI
$95
Plano
TX
$130
Valencia
CA
$135
Port Huron
MI
$90
Richardson
TX
$120
Van Nuys
CA
$120
Romulus
MI
$120
San Antonio
TX
$150
Walnut Creek
CA
$165
Southfield
MI
$135
Texarkana
TX
$90
Watsonville
CA
$90
Walker
MI
$90
Waxahachie
TX
$90
West Lake Village
CA
$140
Warren
MI
$90
The Woodlands
TX
$135
West Sacramento
CA
$90
Baxter
MN
$90
Salt Lake City
UT
$135
Willits
CA
$90
Bloomington
MN
$140
Alexandria
VA
$200
Woodland
CA
$90
Edina
MN
$135
Arlington
VA
$210
Yorba Linda
CA
$95
Minneapolis
MN
$185
Charlottesville
VA
$115
Aurora
CO
$140
St. Paul
MN
$120
Chantilly
VA
$200
Boulder
CO
$185
Bridgeton
MO
$120
Chester
VA
$135
Colorado Springs
CO
$125
Columbia
MO
$90
Dulles
VA
$200
Denver
CO
$185
Fenton
MO
$90
Fairfax
VA
$200
Englewood
CO
$165
Festus
MO
$70
Falls Church
VA
$200
Greenwood Village
CO
$165
Joplin
MO
$90
Glen Allen
VA
$125
Glastonbury
CT
$135
Kansas City
MO
$135
Hampton
VA
$135
Meriden
CT
$90
Kirkwood
MO
$90
Herndon
VA
$210
New Haven
CT
$160
Lees Summit
MO
$90
Norfolk
VA
$135
New London
CT
$95
Maryland Heights
MO
$120
Richmond
VA
$135
Rocky Hill
CT
$120
Saint Charles
MO
$95
Sandston
VA
$135
Stamford
CT
$185
Saint Louis
MO
$120
Sterling
VA
$210
Wallingford
CT
$120
Springfield
MO
$95
Tysons Corner
VA
$230
Washington
DC
$300
Jackson
MS
$125
Vienna
VA
$210
Wilmington
DE
$185
McComb
MS
$90
Bellevue
WA
$185
Altamonte Springs
FL
$120
Natchez
MS
$70
Bothell
WA
$135
Aventura
FL
$150
Ocean Springs
MS
$90
Kirkland
WA
$130
Boca Raton
FL
$150
Pearl
MS
$120
Lynnwood
WA
$140
Boynton Beach
FL
$120
Ridgeland
MS
$120
Redmond
WA
$215
Dania Beach
FL
$120
Tupelo
MS
$90
Seattle
WA
$185
Fort Lauderdale
FL
$135
Asheville
NC
$120
Spokane
WA
$120
Fort Meyers
FL
$125
Carolina Beach
NC
$120
Tacoma
WA
$200
Jacksonville
FL
$135
Charlotte
NC
$135
Tukwila
WA
$185
Kendall
FL
$120
Durham
NC
$150
Woodinville
WA
$185
Key Largo/Tavernier
FL
$135
Gastonia
NC
$90
Green Bay
WI
$90
Key West
FL
$200
Goldsboro
NC
$90
Kenosha
WI
$90
Lake City
FL
$90
Greensboro
NC
$125
Kimberly
WI
$90
Lake Mary
FL
$95
Morrisville
NC
$120
Madison
WI
$95
Lakeland
FL
$120
Raleigh
NC
$120
Milwaukee
WI
$135
Marathon
FL
$135
Shelby
NC
$90
Mukwonago
WI
$70
Maitland
FL
$120
Wilmington
NC
$115
Oshkosh
WI
$90
Melbourne
FL
$120
Winston Salem
NC
$125
Pewaukee
WI
$95
Miami
FL
$165
Omaha
NE
$90
Waukesha
WI
$70
Miami Beach
FL
$165
Basking Ridge
NJ
$185
Wauwatosa
WI
$90
Orlando
FL
$125
Bernardsville
NJ
$200
Beckley
WV
$90
Palm Beach
FL
$165
Bridgewater
NJ
$230
Charleston
WV
$95
Panama City
FL
$120
Cranbury
NJ
$140
Hurricane
WV
$90
Pensacola
FL
$130
Eatontown
NJ
$125
I.
Status
II.
Work Policies and Rules
1.
I agree that during the performance of my services I will not violate AT&T Company work rules and policies, including but not limited to those specified in the AT&T Code Of Business Conduct.
2.
I understand that it is my responsibility to ensure that my personal conduct and comments in the workplace support a professional environment which is free of inappropriate behavior, language, joke or actions which could be perceived as sexual harassment or as biased, demeaning, offensive, derogatory to others based upon race, color, religion, national origin, sex, age, sexual orientation, marital status, veteran’s status or disability. I further agree to refrain from words or conduct that is threatening and/or disrespectful of others.
3.
If AT&T Company provides me access to its computer systems, I agree (a) to use such systems in a professional manner, (b) to use such systems only for business purposes and solely for the purposes of performing under the agreement named below, (c) to use such systems in compliance with AT&T Company’s applicable standards and guidelines for computer systems use, and (d) to use password devices, if applicable and if requested by AT&T Company. Without limiting the foregoing, AT&T Company property, including but not limited to Intranet and Internet services, shall not be used for personal purposes or for any purpose which is not directly related to the business which is the subject
III.
Administrative Terms
1.
This Agreement shall be effective as of the date executed below, and shall remain in effect notwithstanding my termination of employment with Supplier or termination of my work at AT&T Company.
2.
In the event that any provision of this Agreement is held to be invalid or unenforceable, then such invalid or enforceable provisions shall be severed, and the remaining provisions shall remain in full force and effect to the fullest extent permitted by law.