|
Comenity Bank
|
By:
|
/s/ Baron Schlachter
|
Name:
|
Baron Schlachter
|
Title:
|
Comenity Bank President
|
Comenity Servicing LLC
|
By:
|
/s/ Tammy McConnaughey
|
Name:
|
Tammy McConnaughey
|
Title:
|
EVP, Chief Credit Risk and
|
Operations Officer
|1.
|
Amendments and Additions. Set forth below are additional Performance Standards or revisions to existing Performance Standards, all of which shall be incorporated into Appendix A to the Agreement.
|
Service
|
Performance Standard
|
Measuring
Period
|
Amended/
Added
|
Business Continuity and Disaster Recovery Services
• Assist management in planning for a shut down or disruption in business.
• Respond to emergencies and safeguard the interests of key stakeholders, reputation, brand and value-creating activities.
• Oversee each area that is responsible for planning, developing, updating and testing the procedures that will provide the organization the ability to respond and recover during an unplanned event.
• Provide business continuity and disaster recovery services as follows:
• Provide alternate site for Bank headquarters personnel in the event that the Bank’s location is rendered inaccessible or inoperable, until the Bank’s facility has been restored or other permanent location is secured.
• Provide workstations for the duration of need, including access to all systems, availability, hardware, Bank data, and telephones with unlimited call access within the United States.
• Upon arrival at the Servicer’s facility, Bank personnel will be issued such building access devices (electronic cards, keys, etc.) as needed to facilitate access to the building.
• Provide security policies and procedures then in effect for this the facility.
• Provide data security, data recovery, data backup, secured connectivity, and confidentiality functions.
• Provide access to copy machines, fax machines and customary office supplies needed.
|
Conduct Business Impact Analysis (BIA) assessment within 12 months of the last assessment for 95% of business processes and provide results to Operational Risk Management Committee.
|
A
|
Amended
|
Conduct risk assessment within 12 months of the last assessment for 95% of facilities and provide results to Operational Risk Management Committee.
|
A
|
Amended
|
Establish and approve 97% of Business Continuity plans within 12 months of the last approval consistent with BCDR standards and report quarterly results to Operational Risk Management Committee.
|
Q
|
Amended
|
Establish and approve 97% of Disaster Recovery plans within 12 months of the last approval consistent with BCDR standards and report quarterly results to Operational Risk Management Committee.
|
Q
|
Added
|
Conduct 95% of Business Continuity plan testing consistent with BCDR standards and report quarterly results to Operational Risk Management Committee.
|
Q
|
Amended
|
Conduct 95% of Disaster Recovery plan testing consistent with BCDR standards and report quarterly results to Operational Risk Management Committee.
|
Q
|
Added
|
Service
|
Performance Standard
|
Measuring
Period
|
Amended/
Added
|
Information Security Support
• Provide technologies and manage network and application access to protect client/customer data while assuring privacy and regulatory compliance.
|
Perform semi-annual user access reviews on non-privileged applications and non-critical IT infrastructure.
|
S-A
|
Amended
|
Perform quarterly privileged user access reviews on ancillary systems, high/moderate risk applications, and critical IT infrastructure
|
Q
|
Added
|
Information Technology Services/Outsourcing
• Provide Information Technology services, platform, network, including telecommunications through a secure environment, which can be outsourced to third and fourth parties, including but not limited to:
• Timely Incident Restoration
• Unix/Linux Server Availability
• Windows Server Availability
• Mainframe Availability
• Critical Application Availability
• Data/Voice Connectivity Availability
• Implementation of Critical Security
Updates/Patches
• Completion of Critical Batches
• Authorizations
• Other IT services as needed
• Provide IT Quality services as listed below:
• Provide management of production defects
• Maintain tracking of Critical and High defects
• Maintain listing of critical applications supporting the Bank(s)
• Maintain oversight of critical application performance
• Provide monitoring of IT fixes implemented
• Other IT Quality Services, as requested
|
Complete 99% of critical batches within 24 hours of required completion time.
|
M
|
Amended