Document

EX-10.28 37 exhibit1028-fx1.htm EX-10.28 Document

Exhibit 10.28

CERTAIN IDENTIFIED INFORMATION HAS BEEN EXCLUDED FROM THIS EXHIBIT

BECAUSE IT IS BOTH NOT MATERIAL AND IS THE TYPE THAT THE REGISTRANT

TREATS AS PRIVATE OR CONFIDENTIAL

DATED May 27, 2022

(1) ASPEN INSURANCE UK SERVICES LIMITED

- and -

(2) MINDTREE LIMITED

MASTER SERVICES AGREEMENT:

ITO SERVICES

TABLE OF CONTENTS


1.	INTERPRETATION	1

2.	CALL OFF OF SERVICES	13

3.	SERVICE PROVIDER'S RESPONSIBILITIES	14

4.	TRANSITION AND TRANSFORMATION	18

5.	WARRANTIES	18

6.	PERFORMANCE METRICS AND SERVICE CREDITS	19

7.	STEP IN	20

8.	ENHANCED COOPERATION	21

9.	ASPEN DEPENDENCIES	23

10.	ASPEN'S OBLIGATIONS	23

11.	GOVERNANCE AND REPORTING	23

12.	ACCEPTANCE	24

13.	PRICE AND PAYMENT	25

14.	TAX	27

15.	CHANGE CONTROL	27

16.	PREMISES	27

17.	ASSETS	27

18.	TERM AND TERMINATION	28

19.	TERMINATION ASSISTANCE/EXIT	30

20.	INTELLECTUAL PROPERTY RIGHTS	30

21.	INDEMNITY	31

22.	LIMITATION OF LIABILITY AND INSURANCE	33

23.	CONFIDENTIALITY	34

24.	FORCE MAJEURE	35

25.	ASSIGNMENT AND SUBCONTRACTING; DIVESTMENT	36

26.	ANTI-BRIBERY AND CORRUPTION	37

27.	DATA PROTECTION	39

28.	THIRD PARTY RIGHTS	41

(i)



29.	REGULATORY MATTERS AND AUDIT RIGHTS	41

30.	DISPUTE RESOLUTION PROCEDURE	45

31.	PUBLICITY	45

32.	CORPORATE SOCIAL RESPONSIBILITY	45

33.	HEALTH AND SAFETY	46

34.	RELATIONSHIP OF THE PARTIES	46

35.	NON-SOLICITATION	46

36.	GENERAL	47

(ii)

Schedules, Exhibits and Attachments:

Schedule 1 - Data Processing Terms

Schedule 2 - Service Delivery Contract

Exhibit A – Service Descriptions

Attachment A-1 (Cross Tower Services)

Attachment A-2 (Data Center and Cloud Services)

Attachment A-3 (Network Services)

Attachment A-4 (Database Services)

Attachment A-5 (IT Security Services)

Exhibit B - Fees

Attachment B-1 (Resource Rates)

Attachment B-2 (T&M Rate Card)

Attachment B-3 (RU and Role Definitions)

Attachment B-4 (Transition Charges)

Attachment B-5 (Transformation Charges)

Attachment B-6 (Termination Charges)

Attachment B-7 (Financial Responsibility Matrix)

Exhibit C - Service Level Methodology

Attachment C-1 (Service Level Matrix)

Attachment C-2 (Severity and Priority Levels)

Exhibit D - Transition

Attachment D-1 (In Flight Projects)

Exhibit E - Transformation

Exhibit F – Reporting

Exhibit G – Provider Delivery Locations

Exhibit H – Key Personnel

Exhibit I – Supported Environments

Exhibit J – Provider and Customer Tools

Exhibit K - Approved Subcontractors

Schedule 3 - Governance

(iii)

Schedule 4 - Contract Change Control Procedure

Schedule 5 - Standards and Policies

Schedule 6 - Security – IT & Physical

Schedule 7 - Form of Local Agreement

Schedule 8 - SOW and Work Request Pro formas

Schedule 9 - Benchmarking

Schedule 10 - Exit Plan and Service Transfer Arrangements

Schedule 11 - Business Continuity and Disaster Recovery

Schedule 12 - Site Licence

[SCHEDULES, EXHIBITS AND ATTACHMENTS INTENTIONALLY OMITTED]

(iv)

THIS AGREEMENT is made on 2022

BETWEEN:

(1) ASPEN INSURANCE UK SERVICES LIMITED (registered number 04270446) whose registered office is at 30 Fenchurch Street, London, EC3M 3BD ("Aspen" or “Customer”); and

(2) MINDTREE LIMITED (registered number L72200KA1999PLC025564 ) whose registered office is at Global Village, RVCE Post, Mysore Road, Bangalore, 560059, Karnataka, India ("Service Provider),

(each a "Party" and together the "Parties").

WHEREAS:

The Service Provider has agreed to supply and Aspen has agreed to accept the Services on the terms and conditions of this Agreement;

IT IS AGREED as follows:

1. INTERPRETATION

1.1 In this Agreement:

“Acceptance” or “Acceptance Testing” means the process of testing Materials or Services as further described in clause 12;

“Acceptance Certificate” means a written notice, issued by Aspen in accordance with clause 12.4, certifying that an Acceptance Item has passed (in full, or conditionally) the relevant acceptance tests;

“Acceptance Criteria” means the mutually agreed objective criteria which an Acceptance Item must satisfy during the acceptance tests as set out in this Agreement before Aspen is required to issue an Acceptance Certificate for that Acceptance Item;

“Acceptance Item” means any Deliverable or Service or any other item expressed to be subject to acceptance testing under this Agreement;

“Active Directory” means Microsoft's proprietary directory service and runs on Windows Server and enables administrators to manage user permissions and access to network resources;

"Affiliate" means any direct or indirect subsidiary of a Party or any direct or indirect subsidiary of any direct or indirect parent or holding company of Party; and an "Aspen Affiliate" means any such subsidiary related by the same means to Aspen. Subsidiary and holding company shall each have the respective meanings given to them in section 1159 of the Companies Act 2006;

“Agreed Form NDA” means the form of non-disclosure agreement set out in Schedule 10 (Exit Plan and Service Transfer Arrangements);

"Agreement" means this Master Services Agreement including all Statements of Work and work requests (WARs) plus the Schedules, Exhibits and Attachments;

“Allocation” has the meaning given to it in Schedule 2, Exhibit C;

“Annual Review” means the meeting to take place annually as the same is further described in Schedule 3 (Governance);

“Approved Sub-contractor” means those Service Provider Subcontractors listed in Schedule 2, Exhibit K (as the same may be updated from time to time by agreement in writing between the Parties);

"Aspen Applicable Regulations" means (i) Relevant Laws which are in force from time to time during the Term, including any amendments to any or all of them, and which apply to Aspen and Aspen Affiliates and/or their use of or receipt of the Services but which in each case are not Service Provider Applicable Regulations; and (ii) those things deemed to be Aspen Applicable Regulations pursuant to the definition of Service Provider Applicable Regulations;

"Aspen Contract Manager" means the person nominated by Aspen as its manager for the Services;

"Aspen Dependencies" means the obligations of Aspen which are specifically identified as being Aspen Dependencies in this Agreement including those identified as such in the Financial Responsibility Matrix;

"Aspen Equipment" has the meaning given to it in clause 17.1;

“Aspen IPR” means any IPR owned by or licensed to Aspen or its Affiliates and licensed (or sub-licensed) by Aspen to Service Provider in relation to its provision of the Services;

“Asset” means any Customer item being managed as part of the Services;

“Asset Management” means the management of Assets in accordance with the requirements of this Agreement;

“At Risk Amount” has the meaning given to it in Schedule 2, Exhibit C;

“At Risk Percentage” has the meaning given to it in Schedule 2, Exhibit C;

“Authorized User” means a member of the Customer Personnel notified to the Service Provider as being entitled to give directions to the Service Provider

“Backup” means a copy of computer data taken and stored elsewhere so that it may be used to restore the original as/if needed;

“Baseline Period” has the meaning given to it in Schedule 2, Exhibit C;

“Benchmarked Services” has the meaning given to it in Schedule 9;

“Benchmarker” has the meaning given to it in Schedule 9;

“Benchmark Information” has the meaning given to it in Schedule 9;

“Benchmarking Agreement” has the meaning given to it in Schedule 9;

“Benchmark Notice” has the meaning set out in paragraph 1.2 of Schedule 9 (Benchmarking);

“Benchmark Parameter” has the meaning given to it in Schedule 9;

“Benchmark Report” has the meaning given to it in Schedule 9;

“Business Continuity Plan” has the meaning given to it in Schedule 11;

"Business Day" means a day other than a Saturday, Sunday or public holiday in England;

“Calendar Year” means the period of 365 (or 366 as applicable) days starting from the first (1st) day of January and ending on the thirty first (31st) day of December;

“Calendar Quarter” means any one of the following four periods of three months that make up a Calendar Year: 1st January to 31st March (quarter 1); 1st April to 30th June (quarter 2); 1st July to 30th September (quarter 3) and 1st October to 31st December (quarter 4);

“Change” means any change to this Agreement and/or provision of the Deliverables and/or Services agreed between the Parties in accordance with Schedule 4 (Contract Change Control Procedure);

“Change Control Note” shall be a document agreed between the Parties in the form set out in Appendix 1 to Schedule 4 (Contract Change Control Procedure) that records a Change;

“Change Management Process” means the process and procedures used to manage changes to a Customer’s IT environment;

“Change Request” means a written request from either party to vary the terms of this Agreement pursuant to the procedure set out in Schedule 4 (Contract Change Control Procedure);

"Charges" means those prices to be charged by the Service Provider as detailed in Schedule 2, Exhibit B, or such other charges as agreed in writing between the Parties from time to time;

“Commercially Reasonable Efforts” means that the Party obliged to perform shall take all such steps and perform in such a manner as if it were acting in a determined, prudent and reasonable manner in order to achieve the desired result for its own benefit;

“Comparative Charges” has the meaning given to it in Schedule 9;

“Comparator” has the meaning given to it in Schedule 9;

"Confidential Information" means all confidential, proprietary and secret information concerning a Party's or an Affiliate's businesses, research, know-how and technical activities, which is disclosed, whether in writing or orally or in electronic or magnetic media, by or with the authority of such Party ("the Disclosing Party") to the other Party ("the Receiving Party") and which is, or by its nature would reasonably be presumed to be, confidential. In particular, this shall include but not be limited to all information concerning a Party's customers, clients, brokers, premiums, discounts, proprietary wordings and renewal dates, and the existence and contents of this Agreement and any Statements of Work hereunder;

“Configuration Management” means the tracking of supported Customer assets in the Customer provided CMDB;

"Consultants" has the meaning given to it in clause 8.2;

"Continuation Services" means the Services (other than Termination Assistance) which Aspen may continue to require the Service Provider to provide during the Termination Assistance Period;

“Continuous Service Improvement” means the same as the ITIL term “Continual Improvement” as at the Effective Date;

“Contract Change Control Procedure or ‘CCP’” means the process for modifying the provision of the Services or the Agreement as set out in Schedule 4 (Contract Change Control Procedure);

“Contract Manager” means the Aspen Contract Manager or the Service Provider Contract Manager;

"Control" shall mean the direct or indirect power to direct or cause the direction of the management and policies of a company or other business entity, whether through ownership of 50% or more of the voting interest, by contract, or otherwise;

“COTS Materials” mean any materials or software owned by the Service Provider or a third party and specifically identified in this Agreement or an SOW as being items that are to be separately licensed to Aspen by the Service Provider on standalone terms;

“Critical Event” means a threat to Customer’s IT operation, safety or reputation of an organisation with an element of surprise and unpredictability, necessitating rapid and effective decision-making;

"Critical Service Levels" means those Service Levels identified as such in the attachments to Schedule 2, Exhibit C or as otherwise agreed between the Parties from time to time;

“Critical Service Level Credit” has the meaning given to it in Schedule 2, Exhibit C;

“Critical Service Level Default” has the meaning given to it in Schedule 2, Exhibit C;

“Cross-Functional Services” has the meaning given to it in Schedule 2, Exhibit A, Attachment A-1;

“Customer Applicable Regulations” has the same meaning as Aspen Applicable Regulations;

“Customer Data” means information regarding or relating to Aspen or Aspen Affiliates that is provided to the Service Provider pursuant to this Agreement;

“Customer Device” is a hardware asset owned or operated by the Customer;

“Customer Group” means Aspen and its Affiliates from time to time;

“Customer Locations or Customer Sites” means the locations and sites from which Aspen operates and to which the Service Provider will require access in order to provide the Services from time to time, as set out in the Procedures Manual, any applicable Exhibit to Schedule 2 and/or Schedule 12 (Site Licence);

“Customer Material” means any Material owned by or licensed to Aspen or its Affiliates (and any modifications to that Material);

“Customer Personnel” means the directors, officers, employees, agents, agency workers, contractors and sub-contractors of Aspen and its sub-contractors (other than the Service Provider and its Affiliates);

“Customer Representative” means the Customer Individual (as identified in Schedule 3) or their appointed alternative contact;

“Cybersecurity Services” has the meaning given to it in Schedule 2, Exhibit A, Attachment A-5;

“Database” means an organized collection of structured information, or data, typically stored electronically” in a computer system;

“Database Services” has the meaning given to it in Schedule 2, Exhibit A, Attachment A-4;

“Data Network Services” has the meaning given to it in Schedule 2, Exhibit A, Attachment A- 3;

"Data Protection Legislation" means all applicable national, international and local laws, rules, regulations or directives concerning data protection, information security, cyber security, data

privacy and data breach notification including, without limitation and where applicable, the Data Protection Act 2018 and the General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR"), each as amended from time to time and any successor laws, rules, legislation, regulation or directives;

“Dedicated Licences” are licences which the Service Provider has purchased specifically for the Aspen to use to receive the Services and excludes licences for Service Provider Tools and COTS Vendor software or services;

“Dedicated Third Party Contracts” means a third party contract designated as such in Schedule 10 (Exit Plan and Service Transfer Arrangement);

“Deliverable” means any tangible item or output required to be provided by the Service Provider to Aspen under this Agreement or a SOW;

“Designated Areas” means those areas designated as such in accordance with the Procedures Manual, any applicable Exhibit to Schedule 2 and/or Schedule 12 (Site Licence);

“Detailed Transformation Plan” has the meaning given to it in Schedule 2, Exhibit E;

“Developed IPR” means any IPR created by Supplier in connection with this Agreement apart from any such IPRs identified as Enhancements;

“Disaster” means any disruption to the performance or receipt of the Services (whether caused by a natural or a man-made phenomenon or occurrence) that requires the implementation of the Disaster Recovery Plan and which is acknowledged to be a Disaster by Aspen;

“Dispute Resolution Procedure” means the procedure set out in clause 30 (Dispute Resolution Procedure);

"Divested Affiliate" means any entity which has been, during the term, an Affiliate of Aspen, and which subsequently ceases to be an Affiliate of Aspen;

“Documentation” means all documentation including user manuals or other operating manuals relating to a Deliverable or the Services;

“Earnback” has the meaning given to it in Schedule 2, Exhibit C;

“Effective Date” means the date of the last signature written below;

"Employment Costs" means: all taxes, national insurance and other costs, compensation and benefits of any personnel of the Service Provider or any of its subcontractors, including salary, health, accident and workers' compensation benefits, pensions and contributions that an employer is required to pay with respect to the employment of such personnel;

“End User” means an individual authorised by the Customer to use and access the Customer’s systems and who is enabled on the Customer’s active directory.

“Enhancements” means any enhancements or additions to the Service Provider’s Pre- existing IPR or any Third Party IPR (including any created arising in respect of the COTS Materials (if any)) developed by or on behalf of the Service Provider including those commissioned by or developed with the involvement of Aspen pursuant to this Agreement (including an SOW) but which are agreed in writing to be of general application rather than of use only for Aspen and its Affiliates. All Enhancements shall be owned by the Service Provider or its licensors;

"Equality Legislation" means any and all legislation, applicable guidance and statutory codes of practice relating to equality, diversity, non-discrimination and human rights as may be in force in the jurisdictions in which Aspen operates from time to time;

“Equipment” means all components, materials, plant, tools, test equipment, hardware, firmware, computing and data communications equipment and any related documentation used in the provision of the Services;

“Equivalent Services” has the meaning given to it in Schedule 9;

“Exit Information” has the meaning given to it in Schedule 10;

"Exit Plan" the plan to be developed pursuant to Schedule 10 that shall set out in such detail as is reasonably required by Aspen a plan by which the Services shall be transferred to Aspen or a Successor Service Provider following the termination or expiry of this Agreement in whole or in part;

“Fees” where used shall be deemed to mean Charges;

“Financial Responsibility Matrix” means the document defining the Parties’ respective legal and financial responsibility for the equipment, hardware, software, staffing and facilities set out in Schedule 2, Exhibit B-7;

"Future Equipment" has the meaning given to it in clause 17.3;

"Good Industry Practice" means that degree of skill, care, prudence, foresight and practice which would ordinarily be expected of a skilled, experienced and leading supplier of services of the same or a similar nature to the Services and which, for the avoidance of doubt, includes compliance with standards akin to applicable British Standards Institute and International Organization for Standardization (ISO)standards;

“Governance Process” means the processes described in Schedule 3 (Governance);

“Hardware” means the physical material parts of a computer or other system;

“Incident” means an unplanned interruption to a supported IT service or reduction in the quality of an IT service. Failure of a configuration item that has not yet affected service is also an incident;

“In-flight Projects” means those projects identified as such in the Annex D-1 to Schedule 2, Exhibit D;

“Information Security Requirements” means the cybersecurity and compliance standard defined by Customer;

“Infrastructure Services” means Cross Tower Services, Data Center and Cloud Services, Network Services;

“Infrastructure System” means server running an operating system supported by Service Provider;

“Initial Term” has the meaning set out in clause 18.1;

"Intellectual Property Rights" or “IPR” shall mean all patents and patent-related rights, trademarks, trade names, domain names, design rights, utility models, copyright, rights in respect of confidential information, rights in databases, know-how and other intellectual property rights, in each case whether registered or unregistered and including applications for the grant of any such

rights and the right to apply for such rights, and all current or future rights having equivalent or similar effect anywhere in the world;

“IT Security Services” has the meaning given to it in Schedule 2, Exhibit A, Attachment A-5;

"Key Measurements" shall mean the service measures identified as such in the attachments to Schedule 2, Exhibit C (Service Levels);

“Key Milestone” means any Milestone identified as such by the Parties in accordance with Schedule 2, Exhibit D (Transition) and Exhibit E (Transformation) and/or in relation to any Project;

"Key Personnel" means members of the Service Provider’s Team identified as such in Schedule 2, Exhibit H (Key Personnel);

“Knowledge Exchange” means a method of acquiring and exchanging knowledge about Customer IT environment;

“Knowledge Repository” means a system or tool that is used to store and access organizational knowledge, artifacts, and other content;

“Known Problems Database” has the meaning as given in ITIL as at the Effective Date;

“Local Agreement” means an agreement substantially in the form set out in Schedule 7 entered into between an Aspen Affiliate and the Service Provider or its Affiliates to cover the provision of the Services to such Affiliate in a specified jurisdiction;

“Market Competitive” has the meaning given to it in Schedule 9;

“Material” means methodology or process, documentation, data or other material in whatever form, including without limitation any reports, specifications, business rules or requirements, user manuals, user guides, operations manuals, training materials and instructions, but excluding Software;

"Material Adverse Change" means any of the following occurring in relation to Service Provider or, where applicable, any Affiliate that Controls it (its "parent"):

(a) there being an investigation into improper financial accounting and reporting, suspected fraud or any other financial impropriety of Service Provider or its parent;

(b) Service Provider or its parent committing a material breach of covenants to its lenders;

(d) Service Provider's chief executive or that of its parent failing respond promptly and in a substantive manner to queries raised by Aspen as to Service Provider's or its parent's(i) financial wellbeing; or (ii) priorities for and intentions regarding Service Provider and/or its activities over the next twelve (12) months following the query;

“Monthly Board Meeting” means the meeting to take place monthly as the same is further described in Schedule 3 (Governance);

“Network Devices” means any hardware that links to any network

“New Service” means a service additional to the Services;

“Milestone” means a milestone identified and agreed between the Parties for the performance of any element of the Services;

“Milestone Date” means, in relation to an agreed Milestone, the date by which such Milestone is to be achieved;

“Minimum Service Level” has the meaning given to it in Schedule 2, Exhibit C;

“Non-Dedicated Licences” are licences which the Service Provider has not purchased specifically for Aspen to use to receive the Services;

“Operating Fees” has the meaning given to it in Schedule 2, Exhibit C;

“Operating System” means a software that acts as an interface between computer hardware components and the user, manages allocation of resources to program. (e.g., Windows, Linux);

“Operating Systems Software” means a software that acts as an interface between computer hardware components and the user, manages allocation of resources to program. (e.g., Windows, Linux);

"Operational Risk" has the meaning given to it in clause 29.15

“Other Sites” means any other Customer Site which is not subject to a Site Licence under Schedule 12 (Locations and Site Licence) which Aspen may procure access pursuant to Schedule 12 (Locations and Site Licence);

"Performance Metrics" or “Performance Standards” means the quality and performance measures including the Service Levels, Critical Service Levels and Key Measurements that the Service Provider is required to meet in performing the Services;

“Performance Metric Report” has the meaning given to it in Schedule 2, Exhibit C;

"Permitted Region" has the meaning given to it in clause 27.5.1;

“Pool Percentage Available for Allocation” has the meaning given to it in Schedule 2, Exhibit C;

“Pre-existing IPR” means any IPR owned by or licensed to a Party prior to the Effective Date or applicable Service Commencement Date used in the provision of the Deliverables or Services;

"Premises" means any premises owned or occupied by an Aspen Affiliate;

“Pricebook” shall be deemed to mean a reference to the applicable element of Schedule 2, Exhibit B and its attachments;

“Problem” means the underlying cause of one or more Incidents;

“Problem Management” means the process of managing the lifecycle of the underlying cause of a Problem;

“Procedures Manual” or “SOP” or “Standard Operating Procedures” has the meaning given to it in clause 11.2;

“Project” means a scope of work which will require additional Fees;

“Project Steering Committee” has the meaning given to it in Schedule 3;

“QA Report” has the meaning given to it in Schedule 9;

“QA Review” means the quality assurance review to be performed pursuant to section 9 of Schedule 9.

“Quality Gate” refers to a predefined and mutually agreed criteria to be met before the project can proceed to the next phase;

“Quarterly Business Review” means the meeting to take place each quarter as the same is further described in Schedule 3 (Governance);

“Rate Card” means the rate cards set out in in Schedule 2, Attachment B-2 used to calculate certain Charges payable under this Agreement;

“Raw Data” has the meaning given to it in Schedule 2, Service Delivery Contract;

“Refined Data” has the meaning given to it in Schedule 2, Service Delivery Contract;

“Reference Group” has the meaning given to it in Schedule 9;

“Regulatory Change” means any change to any Customer Applicable Regulations or Service Provider Applicable Regulations;

“Related Services” means any goods or services provided to Aspen by a third party that rely on or enable the Services or are otherwise relevant to the performance, receipt of use of the Services by Aspen;

“Release Unit” means any services that Service Provider must perform to enable third-party and/or Service Provider Product utilisation by Customer;

"Relevant Law" means:

(a) any statute, regulation, by-law, ordinance or subordinate legislation in force from time to time to which a Party is subject including Data Protection Legislation and Equality Legislation;

(b) the common law as applicable to the Parties from time to time;

(d) any applicable industry code, policy or standard, in each case enforceable by law; and

(e) all applicable statutory and all other rules, guidance regulations, instruments and provisions in force from time to time including the rules, codes of conduct, codes of practice, practice requirements guidance and accreditation terms, in each case of mandatory effect and stipulated by any regulatory authority to which a Party or its Affiliates is subject from time to time.

"Relevant Person" means any officer, employee or contractor of either Aspen or the Service Provider;

“Request” also refers to Service Request, means a request from a user for information, advice, a standard change, or access to a service;

"Replacement Services" means the provision of services by an entity other than the Service Provider or Service Provider Affiliate in substitution of the Service Provider following the expiry or termination of all or part of the Services;

“Resource Unit” has the meaning given to it in Schedule 2, Exhibit B;

“Root Cause Report” has the meaning given to it in Schedule 2, Exhibit C;

“Security Control Requirements” has the meaning set out in para 3.1.1 of Schedule 6;

“Service Delivery Model” refers to the way Service Provider manages the information technology systems, process and people that deliver services to the Customer;

“Service Description” means the terms of Schedule 2;

“Service Desk” means the service desk operated by a Third-Party Supplier on behalf of the Customer;

“Service Incident” has the meaning given to it in Schedule 2, Exhibit C

“Service Level Default” means any failure to meet a Service Level;

“Security Event Management” refers to computer security disciplines that use data inspection tools to centralize the storage and interpretation of logs or events generated by other software running on a network;

“Security Incident” means any actual or suspected unauthorised access or disclosure, accidental or unlawful destruction or accidental loss or alteration of Customer Data;

“Security Management” means well defined tasks executed by the security servers, defined by Customer and transitioned to Service Providers security operations center (SOC);

“Server” means a Customer computer, device or a program that manages IT network resources, be it physical, virtual or cloud hosted;

"Service(s) Commencement Date" means the date agreed between the parties during Transition on which Transition is successfully completed and the business as usual Services start to be performed ;

"Services" means those services (and any associated goods) to be provided by the Service Provider as set out in this Agreement, or such other services as agreed in writing between the Parties from time to time. The Services include all Transition, Transformation and Termination Assistance related activities performed by the Service Provider;

"Service Levels" means those levels of standards or service levels which the Service Provider is required to achieve, if any, in the provision of the Services, as set out in the attachments to Schedule 2, Exhibit C or as otherwise agreed between the Parties in writing from time to time;

“Service Management” means IT Service Management is a strategic approach for designing, delivering, managing, and improving the way information technology (IT) is used within an organization;

"Service Credits" means the credits (if any) which become payable to Aspen in accordance with clause 6;

"Service Provider Applicable Regulations" means all Relevant Laws which are in force from time to time during the Term, including any amendments to any or all of them, and which apply to: (a) the Service Provider in its business specifically as a provider of information technology services, or (b) the Service Provider or any of its sub-contractors or Affiliates in relation to the Service Provider's delivery of the Services under this Agreement and, in each case, save to the

extent that Aspen or its regulators require a specific approach to be taken as regards the delivery of the Services in which case, pursuant to clause 29.1 , such specific approach shall not be a Service Provider Applicable Regulation and be designated an Aspen Applicable Regulation;

“Service Provider BC Representative” has the meaning given to it in Schedule 11;

"Service Provider's Equipment" means any equipment, including tools, systems, cabling or facilities, provided by the Service Provider or its sub-contractors and used directly or indirectly in the supply of the Services which are not the subject of a separate agreement between the Parties under which title passes to Aspen;

“Service Provider Service Locations” means those locations, site or facilities from which Services shall be provided that from time to time are owned, leased or under the control of the Service Provider, its Affiliates, or their sub-contractors;

"Service Provider Contract Manager" means the manager nominated by the Service Provider as its dedicated manager for the Services;

"Service Provider's Team" means the Service Provider Contract Manager and all employees, consultants, agents and sub-contractors which the Service Provider engages in any way in relation to the supply of the Services;

"Service Provider Subcontractors" means a person engaged by Service Provider in accordance with the terms of this Agreement, as an independent contractor to perform, or to assist from time to time in performing, one or more of the Services to be arranged or performed by Service Provider under the Agreement, together with its agents, officers and employees;

“Service Request” together with Request for Service or RFC means an Authorized User request for information or advice, or for a standard change (a pre-approved change that is low risk, relatively common and follows a procedure) or for access to an IT service. Activities include individual installation, move, add, change or deletion of an individual item from the Supported Environment, defined in Exhibit I, will either be funded through Dispatch ARC or, if applicable, Project Pool hours. Service Requests requiring more dollars than available in the Project Pool will be treated as a Project;

“Service Tower” means each of the Cross Tower Services, Data Center and Cloud Services, Network Services, Database Services and IT Security Services as set out in Attachments A-1 to A-5.

“Site Licence” has the meaning given to it in Schedule 12;

“Software” means any computer program (in object code or Source Code form), program interfaces and any tools or object libraries embedded in that Software;

“Standards and Policies” means those standard and policies set out in Schedule 5 (Standards and Policies);

"Statement of Work" or "SOW" means a document substantially in the form set out in Schedule 8 agreed by both Parties in accordance with clause 2.2 detailing the scope and cost of specific or one off project type Services;

“Steady State Service” means the successful completion of Transition and the beginning of production support;

“Storage” means enterprise storage array used by Customer to keep the production data and applications operational;

“Subsystem” means a virtual server within the larger physical server;

"Successor Service Provider" means the third party or Aspen, or an Aspen Affiliate appointed by Aspen to provide the Replacement Services;

”Supply Chain” has the meaning set out in clause 26.2.

“System” means an interconnected grouping or electronic processes, including Equipment, Software and associated attachments, features, accessories, peripherals and cabling, and all additions, modifications, substitutions, upgrades or enhancements to such System, to the extent a party has financial or operational responsibility for such System or System components hereunder. System shall include all Systems in use or required to be used as of the applicable Service Commencement Date, all additions, modifications, substitutions, upgrades or enhancements to such Systems and all Systems installed or developed by or for Aspen or Service Provider following the applicable Service Commencement Date;

“Target Operating Model” means the service delivery model to be implemented once Transition has been successfully completed;

“Term” means the Initial Term together with any extension of the Initial Term;

“Termination Assistance” means the Services to be provided by the Service Provider in the event of and/or in the lead in to the termination (in whole or in part) or expiry of the Agreement as further described in clause 19 (Termination Assistance) and Schedule 10 (Exit Plan and Transfer Arrangements);

“Termination Assistance Period” the period of time during which Termination Assistance is to be provided to Aspen by the Service Provider;

“Third Country” means a country outside the Permitted Region that does not benefit from an adequacy decision pursuant to Article 45 of the GDPR (or the equivalent UK adequacy regulations, as applicable);

“Third Party IPR” means any IPR which is not owned by Aspen or its Affiliates or the Service Provider and its Affiliates;

“Third Party Provider or TPP” means a third party entity that provides goods or services to Aspen in relation to or otherwise connected to Aspen’s receipt or use of the Services.

“Tool” means any program used for software development, testing, data search, analysis, project management, measurement and monitoring or system maintenance, including related know-how;

“Transformation” means the processes undertaken by the Service Provider to change the approach to the provision of the Services as the same may be agreed from time to time pursuant to Schedule 2, Exhibit E (Transformation);

“Transformation Charges” means the Charges agreed from time to time by the Parties (if any) in relation to the delivery of Transformation related Projects;

“Transformation Manager” has the meaning given to it in Schedule 2, Exhibit E;

“Transformation Manager Meetings” has the meaning given to it in Schedule 2, Exhibit E;

“Transformation Plan” means (the detailed plan of activities and associated timescales for the implementation of the Transformation activities that may be agreed by the Parties pursuant to Schedule 2, Exhibit E;

“Transformation Services” means the services agreed between the Parties pursuant to Schedule 2, Exhibit E (Transformation);

“Transition” means implementation of those services to be provided by the Service Provider to Aspen after the Effective Date in accordance with the terms of this Agreement and as more particularly described in Schedule 2, Exhibit D (Transition);

“Transition Charges” means the Charges which may be payable for Transition as set out in Schedule 2, Exhibit B, Attachment B-6 (Transition Charges);

“Transition Manager” is a role refers to Service Provider personnel responsible to plan, manage and govern IT support transition towards steady state production support;

“Transition Plan” the detailed plan of activities and associated timescales for the implementation of the Services set out in or to be developed pursuant to Schedule 2, Exhibit D (Transition);

“Transition PMO” refers a management structure that standardizes the project transition- related governance processes and facilitates the sharing of resources, methodologies, tools, and techniques;

“Transition Services” means the Services provided to deliver Transition;

"Vendor" means a person engaged by Service Provider as an independent contractor to provide a product, as opposed to a service (which may include supplying a product), needed for Service Provider to perform the Services, together with its agents, officers and employees;

"Wilful Abandonment" means Service Provider deliberately ceasing the provision of all or a substantial part of the Services in breach of this Agreement.

“Work Request” or “WAR” means any statement agreed between the Parties for a Change Project in accordance with the template(s) set out in Schedule 8 (SOW and Work Request Pro formas) to this Agreement provided always that references to SOWs in this Agreement shall include Work Requests unless otherwise stated in the relevant provision (including, in particular, for the purposes of calculation of liability under clause 22);

1.2 Headings in this Agreement (including any headings shown in bold at the start of sub-clauses) shall not affect the interpretation of this Agreement.

1.3 A reference to a statute or statutory provision is a reference to it as it is in force for the time being, including any amendment, extension, or re-enactment and includes any subordinate legislation for the time being in force under it.

1.4 Any words following the terms including, include, in particular, for example or any similar expression shall be construed as illustrative and shall not limit the sense of the words, description, definition, phrase or term preceding those terms.

2. CALL OFF OF SERVICES

2.1 Aspen may require that Local Agreements are put in place between Aspen or its Affiliates and the Service Provider or, exceptionally, its Affiliates (it being agreed that wherever possible such

arrangements shall be made with the Service Provider only) pursuant to which the provision of local delivery of certain of the Services may be managed or provided. The Service Provider agrees that subject always to agreement on the appropriate invoicing and taxation arrangements it shall not unreasonably withhold its consent to the agreement of such Local Agreements and further agrees that any such Local Agreements shall incorporate all of the terms of this Agreement save as specified and agreed by the executing parties in such Local Agreement and approved in writing by Aspen and the Service Provider themselves as well as any Affiliate(s) that is party to such Local Agreement.

2.2 During the Term of this Agreement, in addition to providing the Services described herein Aspen may order and the Service Provider may provide Services by entering into a Statement of Work. Each Statement of Work, upon execution by both Parties, shall form a part of and be governed by the terms of this Agreement.

2.3 In the event of conflict or ambiguity the provisions of this Agreement and any SOW that may be agreed pursuant to its terms are to be read in the following order of precedence in relation to that conflict:

2.3.1 this Agreement;

2.3.2 its Schedules;

2.3.3 any exhibits to its Schedules;

2.3.4 any attachments or annexures to the Exhibits or Schedules;

2.3.5 the Statement of Work,

except that a provision in a Statement of Work may override a provision in this Agreement if it expressly refers to and states that the relevant provision(s) of the Statement of Work shall override the conflicting provision(s) of this Agreement and the Statement of Work is signed by both Parties.

3. SERVICE PROVIDER'S RESPONSIBILITIES

3.1 Provision of services. The Service Provider shall provide to Aspen:

3.1.1 the Services;

3.1.2 any ancillary services, functions or responsibilities to enable the Services, performed within the twelve (12) month period immediately preceding the Effective Date by Aspen’s employees, agents and/or contractors whose functions were displaced as a result of this Agreement, even if the service, function or responsibility is not specifically described in this Agreement unless such function or responsibility is specifically identified in this Agreement as either no longer being required or as being the responsibility of Aspen whether in the Financial Responsibility Matrix or agreed elsewhere in this Agreement; and

3.1.3 any services, functions and responsibilities (including any incidental services, functions and responsibilities) not expressly specified or described in this Agreement but which are reasonably and necessarily required for, or related to, the proper performance and provision of the Services.

3.2 Standard of services. The Service Provider shall perform its obligations under this Agreement with reasonable skill and care and in accordance with all applicable laws and with the terms of this Agreement, including the Performance Metrics, and shall allocate sufficient resources

(including Service Provider's Equipment of a sufficient quality and standard) to the Services to enable it to comply with this obligation.

3.3 Delivery timeframe. The Service Provider shall meet any performance dates under this Agreement.

3.4 Notification of delay. If the Service Provider becomes aware that the provision of the Services or any other activity under this Agreement is being, or in its reasonable estimation is likely to be, delayed or interrupted (for whatever reason), such that it shall not meet any of its obligations under this Agreement, then the Service Provider shall give written notice immediately to Aspen of the relevant circumstances. The giving of such notice shall not prejudice Aspen's rights under this Agreement.

3.5 Independence. The Service Provider warrants that it is not in breach of any other contract by providing the Services and shall provide independent and unbiased advice to Aspen in connection with the Services.

3.6 Service Provider Locations. The Service Provider shall provide Services solely from the locations set forth in Schedule 2, Exhibit G (Service Provider Delivery Locations). Notwithstanding the foregoing, Aspen agrees and acknowledges that Service Provider has implemented a Flexi-Office-Remote working model/policy for its employees (“FOR Model”). Under the FOR Model, Service Provider personnel are permitted to work in flexi (hybrid) mode or fully in office mode or fully remote mode. Accordingly, the Parties may mutually discuss and agree on the percentage of Service Provider personnel working in FOR Model for the provision of the Services. The foregoing will not affect Service Provider personnel’s obligation to comply with the terms and conditions under this Agreement, including performance obligations, and adherence to applicable Aspen policies and procedures.

3.7 Service Provider's Team. The Service Provider shall ensure that all members of the Service Provider's Team will have the necessary skills and experience required and will perform the Services with the standard of skill, care, knowledge and foresight which would reasonably and ordinarily be expected from an experienced person engaged in providing services of the same kind as the relevant Services.

3.8 Service Provider Contract Manager. The Service Provider shall appoint the Service Provider Contract Manager in relation to the Services, who shall have the authority to represent the Service Provider on day-to-day matters relating to the Agreement. Additionally the Service Provider shall appoint dedicated project managers to manage individual projects who shall report to the Service Provider Contract Manager. If reasonably requested by Aspen, the Service Provider shall replace the Service Provider Contract Manager, or any other member of the Service Provider's Team, within a reasonable timeframe not to exceed five (5) Business Days, such replacement to be approved by Aspen.

3.9 Key Personnel. During the term, Service Provider shall only remove or change the Key Personnel with the written consent of Aspen except where removal or change results from resignation, death, maternity or other parental leave, long-term sickness or termination of employment of the Key Personnel in question in which case Service Provider shall promptly notify Aspen of such removal and the proposed replacement. Service Provider may only assign or replace any Key Personnel with Aspen's prior written consent (which in the circumstances set out above shall be deemed to have been given) and only after Service Provider has provided Aspen with the relevant curriculum vitae of the proposed replacement and a reasonable opportunity to interview such individual. At no additional cost to Aspen, where possible, Service Provider shall provide for an appropriate transition (including overlap) period for the new individual so that there is no disruption to the performance of Service Provider's obligations or Aspen's receipt of the Services under this Agreement.

3.10 not used.

3.11 Aspen policies. The Service Provider shall ensure that the Service Provider's Team maintains appropriate standards of behaviour and complies with Aspen's IT policies, Health and Safety rules, security arrangements and any other relevant Aspen policy which has been made known to the Service Provider in the performance of the Services on the Premises or any third parties' premises including those set out in Schedules 5 and 6.

3.12 Training. Service Provider shall provide ongoing training, at no additional cost, for all Service Provider personnel employed or engaged in the provision of the Services in compliance with the standards and policies in clause 3.11. Without limiting clause 3.11, Service Provider shall comply and shall ensure that all Service Provider subcontractors comply with vetting procedures and policies in respect of all Service Provider personnel and that those procedures comply with Good Industry Practice

3.13 No employee transfers.:

3.13.1 the Service Provider acknowledges and agrees that it is intended that all employees of the Service Provider shall remain employees of the Service Provider and that termination of this Agreement (or any part of it) shall not operate to transfer the contracts of employment of any of the Service Provider's employees to Aspen or any third party, whether the Services subsequently cease to be provided, are provided by a third party, or by Aspen in-house;

3.13.2 the Service Provider shall use all reasonable endeavours to ensure that none of its employees are deployed in the delivery of the Services to the extent that the Transfer of Undertakings (Protection of Employment) Regulations 2006, as amended by the Collective Redundancies and Transfer of Undertakings (Protection of Employment) (Amendment) Regulations 2014 ("TUPE") or any equivalent legislation anywhere in the world, may operate to transfer the employment of such employee to Aspen or any successor service provider upon termination of this Agreement;

3.13.3 on termination of this Agreement the Service Provider will indemnify Aspen, any relevant Aspen Affiliate and any Successor Service Provider in respect of all liabilities, claims, damages, costs (including reasonable legal fees), Employment Costs, loss and expense arising from the operation of the TUPE and its application to any or all of the Service Provider's Team or any other Service Provider employees deployed in the delivery of the Services;

3.13.4 on entry into this Agreement the parties shall use their reasonable endeavours to ensure that no Customer Personnel, employees of Aspen Affiliates or any of Aspen’s pre-existing vendors (“Displaced Employees”) are subject to transfer pursuant to TUPE; and

3.13.5 on entry into this Agreement Aspen will indemnify the Service Provider in respect of all liabilities, claims, damages, costs (including reasonable legal fees), Employment Costs, loss and expense arising from the operation of the TUPE and its application to any or all of the Displaced Employees deployed in the delivery of services displaced by the entry into this Agreement and the performance of the Services.

3.14 Business continuity plan. Without prejudice to any Services relating to disaster recovery or business continuity the Parties may agree, the Service Provider shall manage and maintain internal disaster recovery and business continuity policies and procedures consistent with Good Industry Practice and the requirements of Schedule 11 (Business Continuity and Disaster Recovery Plan) throughout the Term at no additional cost to Aspen.

3.15 Non-exclusive. The Service Provider accepts that Aspen does not guarantee the volume or value of work under this Agreement and that Aspen has the right to procure services from the Service Provider or any other provider.

3.16 Remedying defects. If at any time within one hundred and eighty (180) days (or such other period as may be agreed between the Parties in the applicable Schedule, Exhibit or other attachment to this Agreement or any individual SOW or WAR) following the date of provision of any Deliverable any element of the Deliverable is found to be defective or otherwise not in accordance with requirements of this Agreement, the Service Provider shall promptly on request and without charge remedy the deficiency by re-performing the Deliverable (or, where applicable, the relevant element of the Deliverable). A variation to the warranty period made in any Schedule, Exhibit or other attachment to this Agreement or any individual SOW or WAR shall take precedence over this clause notwithstanding the terms of clause 2.3.

3.17 Co-operation. The Service Provider acknowledges that it will be delivering the Services to Aspen in a multi-vendor environment. Accordingly, and without prejudice to the specific obligations agreed pursuant to Schedule 3 (Governance) or set out in OLAs, the Service Provider shall cooperate in good faith with Aspen, to the extent relevant to obtain the benefit of the Services, and with Aspen's other suppliers, its Affiliates and end-customers to facilitate the integrated and efficient carrying out of Aspen's operations and the provision of the Services. Such co-operation shall include providing advice, assistance, data and information as reasonably required by Aspen and (subject to reasonable confidentiality provisions being in place) its suppliers and end-customers.

3.18 The parties acknowledge that Schedule 2, Exhibit I (Supported Environments) remains to be completed during Transition and they undertake to work together in good faith to complete it on or before the Service Commencement Date.

Data Security

3.19 The Service Provider shall provide ongoing training for all the Service Provider Personnel employed or engaged in the provision of the Services in compliance with Aspen’s standards and policies listed in Schedule 5 (as the same may be updated from time to time).

3.20 Without limiting clause 3.19, the Service Provider shall comply and shall ensure that all Sub- contractors comply with vetting procedures and policies in respect of all Service Provider personnel that comply with Good Industry Practice.

3.21 The Service Provider shall ensure that principles aligned to ISO 27001 and, to the extent applicable, PCI DSS, are reflected in its performance of the Services.

3.22 Aspen shall retain exclusive rights and ownership of all of Customer Data and the Customer Data shall not be:

3.22.1 used by the Service Provider for any purpose other than as required under the Agreement in connection with providing the Services;

3.22.2 disclosed, sold, assigned, leased or otherwise provided to third parties by the Service Provider; or

3.22.3 commercially exploited or otherwise used by or on behalf of the Service Provider, its affiliates, officers, directors, employees, or agents, other than in accordance with the Agreement.

3.23 Upon request by Aspen and at its election and at no additional charge, the Service Provider shall promptly return to Aspen the Customer Data in the format and on the media as reasonably

requested by Aspen, or erase or destroy Customer Data in the Service Provider’s possession, power or control (except that the Service Provide may retain one copy for legal records) and, if requested by Aspen to do so, shall provide Aspen with confirmation in writing signed by a corporate officer of the Service Provider.

3.24 The Service Provider shall protect the Customer Data in its possession, power or control so as to not lose, damage, destroy or corrupt the Customer Data.

3.25 Pursuant to the requirements of Schedule 6 (Security – IT and Physical) the Service Provider shall establish and maintain all appropriate technical and organisational controls to safeguard against the destruction, loss or alteration of Customer Data in its possession, power or control and that are no less rigorous than those maintained by the Service Provider for the Service Provider’s own information of a similar nature or that otherwise comply with Good Industry Practice. This obligation is additional to and separate from the Service Provider’s duty to provide the Security Services and applies in relation to its provision of all Services under this Agreement.

3.26 Service Provider personnel must not attempt to access, or allow access to, Customer Data to which they are not entitled or that is not required for the performance of the Services by Service Provider personnel. In relation to its provision of the Services described in Exhibits A-1 to A-5 and Exhibits D and E of Schedule 2, under no circumstances shall the Service Provider or the Service Provider’s Team request access any personal data processed on the Customer’s systems and it shall put in place appropriate controls and safeguards to ensure that no such access is requested or otherwise obtained without Aspen’s knowledge and consent, by any member of Service Provider’s Team.

3.27 The Service Provider acknowledges that Aspen is subject to the New York Department of Financial Services Cybersecurity Regulation (23 NYCRR Part 500) (“NYDFS”) and that the Service Provider’s compliance with clauses 18.8 and 18.9 in relation to Customer Confidential Information is required for Aspen to comply with NYDFS. The Service Provider will also reasonably assist Aspen to comply with any additional requirements of NYDFS (at Aspen’s reasonable and demonstrable cost) provided that the Parties agree in writing the scope of any such additional requirements via the Contract Change Control Procedure.

4. TRANSITION AND TRANSFORMATION

4.1 The parties shall comply with the provisions of Schedule 2, Exhibit D (Transition) to manage the adoption by the Service Provider of additional or substantially amended Services. The parties have agreed that in relation to the Run Services the obligations in Schedule 2, Exhibit D shall apply.

4.2 To the extent that in future the parties agree that a Transformation related project should be undertaken, they agree the provisions of Schedule 2, Exhibit E (Transformation) shall apply to the same.

5. WARRANTIES

5.1 Each Party represents, warrants and undertakes to the other, as at the date of this Agreement:

5.1.1 that it has the power and authority to enter into and perform its obligations under this Agreement;

5.1.2 that it has all necessary rights, licences, permissions and consents to provide (in the case of Service Provider) or receive (in the case of Aspen) the Services; and

5.1.3 that the signing of this Agreement does not violate any law or constitute a default under any other agreement that Party has entered into.

5.2 Service Provider represents, warrants and undertakes to Aspen on a continuing basis throughout the Term that:

5.2.1 it shall not conduct itself in a way so as to adversely affect Aspen's public image or reputation (except that this clause 5.2.1 shall not preclude Service Provider from enforcing its rights under this Agreement);

5.2.2 it is not insolvent or unable to pay its debts within the meaning of the insolvency legislation applicable to it;

5.2.3 it shall ensure that principles aligned to the ISO standards applicable to the Services are reflected in its performance of the Services;

5.2.4 it shall not knowingly and/or negligently insert or include, or permit or cause any Service Provider personnel to insert or include, any known virus into any items provided to Aspen or Aspen's IT systems;

5.2.5 it has undertaken all diligence it requires (including in relation to Aspen's existing services) in order to plan and perform the Services and that accordingly its prices and estimates may be relied upon by Aspen and will not be subject to unexpected changes;

5.2.6 all information it provides to Aspen during the Term shall, at the time it is supplied, be true and accurate in all material respects;

5.2.7 the Services will be performed in accordance with all:

(a) applicable laws; and

(b) ISO standards applicable to its Services and products; and

5.2.8 it shall comply with any reasonable Aspen request or instruction that enables Aspen to comply with its regulatory requirements (if any) in respect of the Services at mutually agreed terms. Any Aspen requests or instructions which fall outside of the scope of the Services shall be agreed through the change control procedure in clause 15.

5.3 Except as expressly set forth herein and to the extent permitted by law, both parties hereby disclaim all other warranties, conditions or statements, whether express, implied, or statutory.

6. PERFORMANCE METRICS AND SERVICE CREDITS

6.1 Service Provider acknowledges that any failure to provide a Service in accordance with the Performance Metrics or any of them may have a material adverse impact on the business and operations of Aspen and that, accordingly, the Service Provider shall:

6.1.1 at all times meet the Performance Metrics; and

6.1.2 perform the Services with accuracy, quality, timeliness, responsiveness and efficiency in accordance with Good Industry Practice.

6.2 Each Party acknowledges and agrees that any Service Credits that may become payable to Aspen are an adjustment to the Charges and that the payment and receipt of Service Credits is without prejudice to any other right or remedy available to Aspen as a result of Service Provider's failure to meet the relevant Performance Metrics.

7. STEP IN

7.1 If:

7.1.1 any default or non-performance by the Service Provider occurs and as a result, the performance of any business critical service is prevented, hindered, degraded or delayed for more than two (2) consecutive days;

7.1.2 the Service Provider is excused from the performance of the Services pursuant to a Force Majeure event;

7.1.3 a regulator requires Aspen to do so; or

7.1.4 the circumstances in paragraph 13.1 of Schedule 10 (Exit Plan and Service Transfer Arrangements) occur,

then, without limiting any other rights it may have, Aspen may take control of the part of the Services (including the entirety of an impacted Service Tower) affected by the Service Provider default or non-performance, or the Force Majeure event and in the case of clause 7.1.3, Aspen shall take control of the part of the Services affected by the regulatory direction (in each case, “Step In”) for a maximum period of two (2) months after which Aspen shall either terminate this Agreement pursuant to any rights to do so hereunder it may have or allow the Service Provider to resume performance of the relevant Service.

7.2 In exercising its rights of Step In Aspen may perform any act that Aspen deems reasonably necessary in order to restore the Services (including by engaging a third party service provider) or may direct the Service Provider to procure those Services from a third party supplier provided that Aspen: (i) complies with the Service Provider’s reasonable security and confidentiality policies as notified to Aspen; (ii) procures that any third party that it engages signs an Agreed Form NDA, with an obligation to erect “ethical walls” within its own organisation to protect the Service Provider’s confidentiality, if the third party stepping in is a competitor of the Service Provider; (iii) does not have unsupervised access to the Service Provider’s facilities and shared computing environment; and (iv) does not require the Service Provider to disclose its commercially sensitive information to any third party.

7.3 Where a third party supplier is engaged in connection with a Step In, the Service Provider shall be liable for the payment of the difference between the sums that would have been paid to the Service Provider for the provision of those Services and the sums payable to the third party supplier for performing the same, for as long as the failure to perform continues (save for where the Step In is a result of a Force Majeure event or consequent to a regulatory direction unless such direction arises due to acts or omissions of the Service Provider), and Aspen shall not be charged for Services that are not provided to Aspen as a result of a Force Majeure event or the Service Provider’s default or non-performance. In the event that the incremental cost of replacement services exceeds [***], Service Provider shall have the right, but not the obligation, to propose an alternate third party supplier and Aspen shall consider such proposal in good faith. The Service Provider shall either pay directly or reimburse Aspen for any such third party costs incurred. Such payments made by the Service Provider may be credited against the Charges or paid by way of cheque or direct debit to Aspen, at Aspen’s option.

7.4 In the event of Aspen exercising its right of Step In, the Service Provider shall co-operate with Aspen (and its agents or representatives, including any applicable third party supplier) and provide reasonable assistance at no charge to Aspen to restore such Aspen function or the Services or any part of them as soon as reasonably possible, including giving Aspen (and its agents or representatives, including any applicable third party services provider) reasonable access to the Service Provider’s premises, Equipment, material and software, to the extent

reasonably necessary for the purpose of restoring such Aspen function or the Services or any part of them to the level required under this Agreement.

7.5 As soon as reasonably practicable following the restoration of the affected Aspen function or the affected part of the Services (meaning that its performance is no longer substantially prevented, hindered, degraded or delayed) to Aspen’s reasonable satisfaction or a Regulator lifting its Step In requirement, the Service Provider shall resume the performance of the relevant Services.

7.6 Without prejudice to the caps set out in clause 22, nothing in this clause 7 limits the Service Provider’s liability to Aspen with respect to any default or non-performance by the Service Provider under this Agreement provided always that the Service Provider shall be relieved of its obligations to deliver the Services affected by any Step In during the period Aspen or any third party supplier has taken over delivery of such Services.

8. ENHANCED COOPERATION

8.1 The parties acknowledge and agree that Aspen shall be entitled to exercise its rights under this clause 8 only if the parties fail to resolve a matter or issue through the issue escalation process in clauses 11.5 and 11.6.

8.2 Where Aspen requires the right to do so in order to obtain an improved understanding of the Services or to assist Service Provider to improve its performance (including in particular in the circumstances set out in clause 8.3), the parties agree that Aspen may nominate a certain number of its employees, agents or contractors (subject to clause 8.4) to be seconded to Service Provider or any of its subcontractors ("Consultants") provided that the Parties agree the role and responsibilities of such Consultants and the desired outcomes of involvement. The number of Consultants shall be the minimum reasonably necessary (as determined by Aspen acting reasonably) for the limited purposes described in clause 8.3 and Aspen agrees to appoint Consultants with a level of seniority appropriate to the tasks they shall be engaged in and to provide Service Provider with at least five (5) working days' notice of its intention to exercise its rights under this clause 8 8.

8.3 The circumstances that the parties agree shall entitle Aspen to invoke its rights under clause 8.2 include where:

8.3.1 Aspen has the right, or has reasonable grounds for believing that it has the right, to terminate the Agreement in whole or in part for cause;

8.3.2 Service Provider is not performing any of the Services in accordance with the Performance Metrics;

8.3.3 Service Provider is or Aspen has reasonable grounds for believing that Service Provider is reasonably likely to be in material breach of its obligations under the Agreement;

8.3.4 Aspen has reasonable grounds to suspect acts of fraud are being committed by Service Provider, any Service Provider subcontractor or any Service Provider personnel;

8.3.5 Service Provider causes Aspen to breach its legal or regulatory obligations; or

8.3.6 Service Provider fails to provide the Services in accordance with the Agreement (whether such failure amounts to a material breach of contract or not) and that failure causes, or is in Aspen's opinion likely to cause:

(a) delay in delivery of the Services that means that Service Provider will not be able to meet a Key Milestone date;

(b) the degradation or unavailability of the Services which, in Aspen's opinion, is unlikely to be resolved within a reasonable period of time; or

8.4 No Consultant shall become an employee of Service Provider, or have a legal entitlement to any benefits conferred by Service Provider on its employees, as a result of his or her secondment under this clause 8.

8.5 A Consultant may not be an employee of any entity who competes with Service Provider unless they are an employee of Aspen.

8.6 The Consultants shall be given full access to all information (other than commercially sensitive information or information related to the Charges) that is available to all relevant Service Provider personnel and that is related to the performance of the Services for the purposes described in clause 8.2 and shall be able to make suggestions related to any element of the performance of the Services provided that the Consultant: (i) complies with Service Provider's reasonable security and confidentiality policies as notified to the Consultant; (ii) signs a non- disclosure agreement; and (iii) does not have unsupervised access to Service Provider's facilities and shared computing environment.

8.7 Service Provider shall not be obliged to follow any suggestions given by the Consultants.

8.8 If Service Provider does follow a suggestion of a Consultant, then Service Provider shall be fully responsible for all consequences that flow from the suggestion as if it were Service Provider's own suggestion.

8.9 By exercising its right under this clause 8, Aspen shall not, and shall not be deemed to, assume any obligation to resolve any issue or problem with the Services or relieve Service Provider of any obligation or liability in relation to that event. Without limiting the foregoing, nothing in this clause 8.9 shall be construed to limit Service Provider's obligation to continue to perform the Services in accordance with all applicable Performance Metrics and Milestone dates.

8.10 If Aspen exercises its rights under this clause 8, the parties shall carry out a monthly review to agree on whether the secondment shall continue. In any case, a secondment under this section may be terminated by Aspen at any time by giving written notice to Service Provider, but shall in any event cease when the secondment has been effective for a continuous period of ninety (90) days (or such longer period as may be agreed between the parties, such agreement may not be withheld by Service Provider where clause 8.12 applies), when both of the following conditions are satisfied:

8.10.1 the event giving rise to the appointment of the Consultants under this clause 7 has ceased and/or has been resolved or remedied; and

8.10.2 Service Provider has demonstrated to Aspen's reasonable satisfaction that Service Provider has taken all reasonable measures to ensure that the event giving rise to the appointment of the Consultants shall not reoccur.

8.11 Subject to clause 8.12, Aspen shall be responsible for paying the Consultants' reasonable and demonstrable fees for the duration of the secondment, plus any reasonable, actual and demonstrable travel and subsistence costs incurred by the Consultants in relation to their secondment under this clause 8 provided that the salaries of the Consultants are reasonable given their level of seniority and experience and Good Industry Practice ("Consultant Costs").

8.12 The parties agree that to the extent that Aspen exercises its rights due to an alleged Service Provider default and it transpires that Service Provider was in default, then Service Provider shall be responsible for [***].

8.13 The exercise by Aspen of its rights in this clause 8 shall be without prejudice to any other rights or remedies of Aspen.

9. ASPEN DEPENDENCIES

9.1 Service Provider shall be excused from failures to perform its obligations under this Agreement if Aspen delays or fails to provide Aspen Dependencies but only:

9.1.1 to the extent that such failure causes or materially contributes to Service Provider's failure to perform;

9.1.2 provided that such acts or omissions are not undertaken by Aspen at Service Provider's direction or with Service Provider's written consent;

9.1.3 provided that Service Provider gives Aspen reasonable written notice of Aspen's failure to perform Aspen Dependencies; and

9.1.4 provided Service Provider uses Commercially Reasonable Efforts to mitigate the adverse consequences of Aspen's failure and continues to provide the Services.

9.2 Provided Service Provider has complied with the obligations set out in Section 9.1 above and has notified Aspen, Service Provider will be entitled to receive a reasonable adjustment in the timeframes to deliver or perform its obligations and reimbursement of its reasonable, demonstrable, unavoidable costs incurred directly as a result of Aspen's failure to perform the relevant Aspen Dependency.

9.3 Service Provider shall only be entitled to relief under this Section 9 from the date on which it notifies Aspen in accordance with Section 9.1.3.

10. ASPEN'S OBLIGATIONS

10.1 Aspen shall:

10.1.1 co-operate with the Service Provider in all matters relating to the Services and appoint the Aspen Contract Manager in relation to the Services, who shall have the authority to represent Aspen on day-to-day matters relating to this Agreement; and

10.1.2 inform the Service Provider of all policies relevant to the provision of the Services, including without limitation any reasonable security requirements at the Premises.

11. GOVERNANCE AND REPORTING

11.1 The Service Provider shall comply with Aspen's governance and reporting requirements as set out in Schedule 3 and the operational reporting requirements set out in Schedule 2.

Procedures Manual

11.2 Service Provider shall develop on or before the date agreed in the Transition Plan and in any event within 90 working days following the Effective Date and maintain (subject always to approval by Aspen) a policy and procedures manual (the "Procedures Manual") that describes, at a minimum:

11.2.1 how the Services are to be performed and delivered;

11.2.2 the equipment and software to be used;

11.2.3 the relevant documentation including operations manuals and user guides;

11.2.4 the quality assurance procedures approved by Aspen;

11.2.5 the supervision, monitoring, staffing, reporting, planning and oversight activities to be undertaken by Service Provider;

11.2.6 Service Provider's problem management escalation procedures;

11.2.7 other pertinent Service Provider standards and procedures; and

11.2.8 Aspen's standards and policies notified to Service Provider pursuant to clause 3.11.

11.3 Service Provider shall update and maintain the Procedures Manual at least annually and Aspen and Service Provider shall agree on any policies and procedures to be included within the same.

11.4 Until the Procedures Manual is approved, Service Provider shall perform the Services consistent with existing Aspen standards and policies.

Escalation and Incentives

11.5 Service Provider agrees that if an agreed trigger event occurs (it being agreed that this shall include if: (i) there are repeated delivery or service failures; (ii) there is a major one-off failure such as a failure to achieve a Key Milestone Date; and/or (iii) Service Provider fails to comply with its rectification obligations) then, without prejudice to its ongoing duty to address the underlying issue in accordance with the terms of this Agreement, it will commit to executive escalation as follows:

11.5.1 as a first level of executive escalation ("Executive Escalation (a)") Service Provider has agreed that should Executive Escalation (a) be triggered then the Service Provider’s insurance business head (as at the Effective Date Jim Davidson) shall relocate to Aspen's offices for four (4) full working days per week to lead Service Provider's team and to explain progress; and Service Provider's CEO or his or her nominee who shall be a member of Service Provider’s senior leadership team shall telephone Aspen's CEO or CIO (at Aspen’s election) once each week to report progress. Without prejudice to its other rights and remedies Aspen may in its sole and absolute discretion elect to waive or defer Executive Escalation (a);

11.5.2 not used.

11.6 Service Provider shall request that Aspen act as a reference source in relation to at least two (2) bids each year. Such bids shall be for services broadly similar to the Services for clients of a similar size to Aspen. Failure to do this shall require Service Provider's Chief Business Officer to provide detailed reasons for such failure to Aspen's CIO.

12. ACCEPTANCE

12.1 The Parties shall agree and set out in writing the Acceptance Criteria for each Acceptance Item.

12.2 The Service Provider must undertake its own internal testing of any Acceptance Item before submitting it to Aspen for acceptance testing.

12.3 Unless otherwise agreed, the Service Provider must provide Aspen with at least ten (10) Business Days' notice prior to submitting any item for acceptance testing.

12.4 Unless otherwise agreed between the Parties, Aspen shall conduct the acceptance testing promptly after receiving the Acceptance Item and promptly (but in any event no later than ten (10) Business Days from receipt or such other period that is agreed in a SOW) notify the Service Provider whether it accepts, rejects or conditionally accepts the Acceptance Item. Aspen shall promptly issue an Acceptance Certificate if it accepts or conditionally accepts the Acceptance Item. To be binding the Acceptance Certificate must be issued by (or otherwise authorised by) the Customer Individual appointed pursuant to Schedule 3.

12.5 The Service Provider shall provide all reasonable support to Aspen in relation to conducting the acceptance testing at no additional charge.

12.6 If the Service Provider conducts the acceptance testing, Aspen shall be entitled to observe the acceptance testing and shall provide reasonable support to the Service Provider in relation to the conduct of the acceptance testing.

12.7 If an Acceptance Item is rejected, Aspen shall provide reasons for such rejection, and the Service Provider shall remedy the relevant defects at no additional charge and re-submit the Acceptance Item to Aspen as soon as reasonably practicable but in all cases within seven (7) Business Days.

12.8 If an Acceptance Item is rejected a second time, without prejudice to any other rights Aspen may have, Aspen shall have the option to:

12.8.1 require the Service Provider to rectify any defects and re-submit the Acceptance Item for acceptance;

12.8.2 accept the Acceptance Item subject to an equitable reduction in the Charges for such Acceptance Item and, in this scenario, such Acceptance Item shall be treated as if it were fully accepted; or

12.8.3 immediately terminate the Service related to the Acceptance Item and any other affected Services for material breach and be refunded all Charges paid under this Agreement in connection with the Acceptance Item and the affected Services provided that all Acceptance Items related to such termination are returned to the Service Provider.

12.9 In no circumstances shall Aspen be deemed to have accepted an Acceptance Item, other than where it is unconditionally accepted and an Acceptance Certificate is issued.

12.10 If Aspen conditionally accepts an Acceptance Item, it shall notify the Service Provider of the conditions to which the acceptance is subject and the Acceptance Item shall not be fully accepted until such conditions have been met. The Charges related to the relevant Acceptance Item shall be subject to an equitable reduction, with the balance paid when the defects or backlog of issues have been completed.

13. PRICE AND PAYMENT

13.1 The Charges shall be incurred and become payable in accordance with the terms of Schedule 2, Exhibit B.

13.2 The Service Provider's pricing shall not be subject to or contingent upon any due diligence to be performed after the Effective Date. The foregoing shall not preclude the application of the True-up Period process in relation to quantities described in Schedule 2, Exhibit B (Fees).

13.3 Unless stated otherwise in an SOW with reference to this clause, the Supplier shall invoice for the Charges monthly in arrears and all such invoices shall be accompanied by a statement setting out the Services supplied in the relevant month in sufficient detail to justify the Charges charged.

Where any Charges are in respect of Services provided to one or more Aspen Affiliate, the Supplier's invoices shall detail which Charges apply to each Aspen Affiliate.

13.4 Service Provider shall only be entitled to invoice Aspen for its expenses if such expenses have been agreed upon in advance in writing. In the event of any travel made by Service Provider personnel at Aspen’s request, provided the same have been agreed pursuant to the foregoing 13.4 such travel shall be charged to Aspen at actuals together with such evidence as Aspen may reasonably request.

13.5 Service Provider shall maintain complete and accurate records of, and supporting documentation for, the amounts billable to and payments made by Aspen under this Agreement, and Service Provider shall provide Aspen with documentation and other information with respect to each invoice as may be reasonably requested by Aspen to verify accuracy and compliance with the provisions of the Agreement.

13.6 In the event the Parties agree that a particular pass through expense is to be paid directly by Aspen, such pass through expense shall not be subject to any mark up, unless agreed otherwise by the parties in writing and Service Provider shall provide Aspen with the original third party invoice together with a statement that the Charges are proper and valid and should be paid by Aspen.

13.7 Within 30 days following receipt of the Service Provider's invoice, Aspen will pay the undisputed Charges to the Service Provider. In the event that a payment is not made within the payment period specified herein, Service Provider reserves the right to levy a delayed payment charge of [***] until the date Aspen remits payment in full.

13.8 Aspen may withhold payment of particular charges that Aspen reasonably and in good faith disputes on notice to Service Provider.

13.9 If Aspen disputes a part of an invoice, Service Provider shall re-issue an invoice (with the original invoice date) for the undisputed Charges and Aspen shall pay such undisputed Charges in accordance with this clause 13 of the Agreement. Service Provider shall also re-issue a separate invoice for the disputed Charges (with the original invoice date). The Parties shall diligently pursue an expedited resolution of such dispute in accordance with the issue escalation process in Schedule 3 (Governance).

13.10 To the extent Service Credits become payable these shall be credited against the next invoice that falls due after they arise. If no invoices remain to be raised then they shall be paid to Aspen by the Supplier.

13.11 Aspen may on reasonable notice (not less than thirty (30) days) to the Service Provider set-off part or all of the payments due to the Service Provider under this Agreement against undisputed amounts due from the Service Provider to Aspen under this Agreement or any other agreements.

13.12 All invoices shall be sent by email to AspenInvoiceCapture@Concursolutions.com or to such address, or by other such means, as Aspen may notify to the Service Provider in writing from time to time.

13.13 The Service Provider agrees that Aspen may invoke its rights to assess the value for money represented by the Services and Charges pursuant to Schedule 9 at such times and in accordance with such procedures as set out in Schedule 9.

13.14 With effect from the anniversary date of this Agreement, the professional rates under the Rate Card attached to Schedule 2, Attachment B-3 will be adjusted based on the applicable official index issued by World Bank at http://data.worldbank.org/indicator/FP.CPI.TOTL.ZG?_sm_au_=iVHRPMZqWB3SpJLM for the

respective countries from which the Services are delivered or by a maximum of (i) [***] for onsite resources and (ii) [***], in each case whichever is lower.

14. TAX

14.1 All prices are exclusive of value added tax or any other locally applicable equivalent sales taxes (“VAT”), which is payable at the rate and as prescribed by law.

14.2 Unless otherwise agreed between the Parties, the Service Provider will be responsible for all other taxes which are incurred as a result of its provision of the Services under this Agreement.

14.3 Aspen shall be entitled to deduct the sums required to pay any withholding taxes, demanded by any taxation authority, from payment to the Service Provider. Upon becoming aware that it must make a tax deduction, Aspen must notify the Service Provider accordingly.

14.4 If Aspen does deduct any amounts pursuant to clause 14.3, it shall pay such sums to the relevant taxation authority within the period for payment permitted by law, and furnish the Service Provider with evidence of payment of the relevant amount from the relevant tax authority. Aspen shall upon request reasonably assist the Service Provider with obtaining relevant basic information about such tax obligations and shall use reasonable efforts to assist the Service Provider with reclaiming such withholding tax, where any double-tax treaties or similar rules in the jurisdiction allow for tax reclaims to reduce the Service Provider’s tax burden, or with claiming a foreign tax credit.

14.5 If VAT or other taxes are payable on damages payable or paid under this Agreement, then the Party liable for payment of such damages must pay any such VAT or other taxes in addition to the relevant amount of damages upon production of a valid VAT or other appropriate tax invoice by the other Party.

15. CHANGE CONTROL

15.1 If either Party wishes to change the scope of provision of the Services it shall submit details of the requested change to the other Party's authorised representative in writing in accordance with Schedule 4 (Contract Change Control Procedure).

16. PREMISES

16.1 The Service Provider shall be entitled to use such parts of the Premises as Aspen may from time to time designate as necessary for the performance of the Services provided that use of this space is solely for the purpose of providing the Services.

16.2 Aspen may refuse to admit to, or order the removal from, the Premises any member of the Service Provider's Team or person otherwise acting on behalf of the Service Provider who, in the reasonable opinion of Aspen, is not behaving in accordance with the requirements of this Agreement or whose behaviour, conduct or dress renders such person unfit or unsuitable to be on the Premises. Costs associated with any such refusal of admittance or removal and with the provision of a suitable replacement shall be met by the Service Provider.

17. ASSETS

Equipment

17.1 In the event Aspen deems it necessary to require Service Provider to use equipment owned or operated by Aspen ("Aspen Equipment"), Service Provider shall be responsible for transfer, but not transportation, of Aspen equipment to Service Provider's sites/environments. As at the

Service Commencement Date, the Parties do not envisage any Aspen Equipment being installed on Service Provider's sites/environments.

17.2 Service Provider shall be fully responsible for monitoring the operation of and maintenance of Aspen Equipment (if any) and shall promptly notify Aspen of any issues with the same that may impact the provision of the Services or achievement of the Performance Metrics.

17.3 Service Provider may, where directed to do so by Aspen, acquire future equipment ("Future Equipment"), including modifications, upgrades, enhancements, additions and replacements of Aspen Equipment, as necessary or appropriate to provide the Services. Such Future Equipment shall be acquired in the name of Aspen and title shall vest in Aspen and, unless agreed to the contrary pursuant to the change control procedure in clause 15, Aspen shall pay the vendor directly for such Future Equipment.

17.4 Aspen shall have the right to approve any software or Service Provider tools used by Service Provider in relation to the Services and installed on Aspen IT systems prior to Service Provider's use of the same in order to provide the Services, such approval shall not be unreasonably withheld or delayed. Service Provider shall be responsible for:

17.4.1 installing, operating and maintaining Service Provider software and Service Provider tools;

17.4.2 managing and using any other software, systems or materials (including Aspen software, Aspen systems and Aspen materials) required to provide the Services; and

17.4.3 modifying such other software, systems or materials (including Aspen software, Aspen systems and Aspen materials) where the same is agreed by the Parties.

17.5 During the first 120 days after the Service Commencement Date, Service Provider shall conduct an asset 'Verification and Condition' based survey along with a verification of the Services. Any differences found between this information, the tender information, Service Provider's price and pricing model shall be discussed and, based on the resulting cost/benefit analysis, the Parties may agree through the change control procedure in clause 15 whether and to what extent Service Provider shall provide a repricing of the Charges for the Services in line with these changes.

Risk of Loss

17.6 Each Party shall be responsible for risk of loss of, and damage to, equipment, software or other material in its possession or under its control.

17.7 Service Provider shall be responsible for the risk of loss of, and damage to, any property, systems or material used by it to provide the Services, except to the extent that any loss of, or damage to, any such property, systems or materials is caused by the negligence or an intentional wrongful act or omission of Aspen or Aspen personnel.

18. TERM AND TERMINATION

18.1 This Agreement shall commence on the Effective Date and 31 December 2025 unless terminated earlier in accordance with its terms (the “Initial Term”).

18.2 Aspen may, in its sole discretion, extend the Initial Term by up to two further periods of one (1) year from the expiry of the Initial Term, by giving written notice to the Service Provider at least ninety (90) days prior to the expiry of the Initial Term or an extension period, as applicable.

18.3 Not used.

18.4 Aspen shall be entitled to terminate this Agreement without cause by giving the Service Provider not less than three (3) months' written notice of termination (and any SOW by giving not less than thirty (30) days' written notice of termination), in which event the Service Provider will comply with Aspen's reasonable instructions with regard to termination and Aspen will only be liable to pay the Service Provider (i) in respect of the Services satisfactorily performed and accepted by Aspen up to the effective date of such termination; and (ii) any other pre-agreed termination charges as specified in Schedule 2, Exhibit B, Attachment B-4 (Termination Charges). Termination of this Agreement pursuant to this clause shall, unless stated otherwise, terminate all SOWs then in force.

18.5 Either Party shall be entitled to terminate this Agreement or any SOW immediately if the other Party:

18.5.1 has committed a material breach of any of its obligations thereunder which is not capable of remedy and in this regard it is agreed that the Service Provider shall be deemed to have committed a material breach that is incapable of remedy entitling Aspen to terminate immediately if:

(a) the termination rights described in Section 4.6 of Schedule 2, Exhibit C arise;

(b) a Material Adverse Change occurs in relation to Service Provider;

(d) any breach by Service Provider which causes Aspen or any Aspen Affiliate to be in breach of its obligations pursuant to Relevant Law; or

(e) any breach by Service Provider which has a material adverse impact on Aspen's reputation (or that of any Aspen Affiliate) or leads to material adverse publicity; or

18.5.2 has committed a material breach of any of its obligations thereunder which is capable of remedy but which has not been remedied within 30 days of receipt of written notice to do so; or

18.5.3 becomes insolvent, has a receiver or administrator appointed over the whole or any part of its assets, enters into any compromise with its creditors, has an order made or resolution passed for it to be wound up (unless for the purposes of amalgamation or reconstruction) or undergoes any similar process in any jurisdiction to which such Party is subject.

18.6 Upon the termination or expiry of this Agreement or an SOW the Service Provider will immediately deliver up to Aspen all items, equipment, and documentation which is the property of Aspen or an Aspen Affiliate, together with notes, memoranda, correspondence, documents, specifications, and other records (however stored) which contain or reflect Confidential Information related to Aspen or an Aspen Affiliate which have been made or obtained by the Service Provider or the Service Provider's Team in the course of providing the terminated Services or are otherwise in its possession or control.

18.7 Termination or expiry of this Agreement or any SOW shall not affect any rights, remedies, obligations or liabilities of the Parties that have accrued up to the date of termination or expiry, including the right to claim damages in respect of any breach of this Agreement or the applicable SOW(s) which existed at or before the date of termination or expiry.

18.8 Following the expiry or termination (for whatever reason) of this Agreement or any SOW, the Service Provider shall co-operate with Aspen and other suppliers to Aspen to ensure a smooth handover of the terminated Services carried out by the Service Provider.

18.9 Any provision of this Agreement that expressly or by implication is intended to come into or continue in force on or after termination or expiry of this Agreement including clauses 20 (Intellectual Property Rights), 21 (Indemnity), 22 (Limitation of Liability), 23 (Confidentiality), 27 (Data Protection) and 33 (Health and Safety) shall survive termination of this Agreement.

19. TERMINATION ASSISTANCE/EXIT

19.1 Subject to clause 19.5, for up to a maximum period of nine (9) months following the effective date of termination or expiration of the Agreement or following the date of any notice of termination, at Aspen's election and request the Service Provider shall co-operate with Aspen and other suppliers to Aspen to ensure a smooth handover of the work carried out by the Service Provider at the agreed day rates and in accordance with Schedule 10.

19.2 Actions by the Service Provider under this clause 19 shall be subject to the provisions of the Agreement.

19.3 Charges for termination assistance activities by the Service Provider shall be at the services rates set out in Schedule 2, Exhibit B or such lower rates (if any) as specified in an Exit Plan.

19.4 The Service Provider represents and warrants that the termination assistance services shall be provided to facilitate Aspen to readily continue the provision of the services in-house or by a replacement supplier (working in accordance with Good Industry Practice) and eliminate or minimise any disruption or deterioration of the Services, including, but not limited to, the following:

19.4.1 efficient and comprehensive transition;

19.4.2 assistance in providing information required to prepare and execute any request for proposal process;

19.4.3 knowledge transfer;

19.4.4 enabling data migration; and

19.4.5 executing any document required for assignment of rights.

19.5 Aspen shall procure that any Successor Service Provider shall enter into a confidentiality agreement with the Service Provider on terms consistent with clause 23 (Confidentiality).

20. INTELLECTUAL PROPERTY RIGHTS

Pre-existing IPR

20.1 Each Party shall retain its rights in its own Pre-existing IPR. Except as expressly provided in this clause 20 (Intellectual Property Rights), neither Party shall gain by virtue of this Agreement any rights of ownership in any Intellectual Property Rights owned by the other Party or any third party.

Developed IPR

20.2 The Service Provider shall procure that all members of the Service Provider’s Team waive all Moral Rights (as defined in has the meaning set out in Chapter IV of the UK Copyright, Designs and Patents Act 1988) that such individuals may have in any deliverable or item provided to, or used by, Aspen in connection with this Agreement.

20.3 Developed IPR shall be solely owned by Aspen and shall vest in Aspen on creation. The Service Provider may use the Developed IPR solely to provide the Services to Aspen during the Term. To the extent that title and/or ownership rights may not automatically vest in Aspen as contemplated by this clause, the Service Provider agrees to irrevocably assign, transfer and convey to Aspen all rights, title and ownership in the Developed IPR. The Service Provider shall and shall procure that all Service Provider personnel shall give Aspen or its designees, all reasonable assistance and execute all documents necessary to assist or enable Aspen to perfect, preserve, register or record its rights in the Developed IPR.

20.4 The Service Provider shall ensure that where Developed IPR is comprised of software, it shall deliver the same in source code and object code form, with appropriate documentation and that both versions shall be able to be used by a reasonably skilled programmer familiar with the relevant software language.

Licences granted by the Service Provider

20.5 Save for the rights in the Pre-existing IPR and any Enhancements arising in relation to COTS Materials (it being acknowledged that as at the Effective Date no such COTS Materials have been identified), the Service Provider grants to Aspen and its Affiliates a royalty free, world- wide, non-exclusive transferable licence (at no additional charge and including the right to sub- licence) to use, copy, modify, and prepare derivative works of:

20.5.1 the Service Provider’s Pre-existing IPR;

20.5.2 the Enhancements; and

20.5.3 any Third Party IPR used or provided by it in connection with the delivery of the Services,

in each case: (i) in connection with Aspen’s and its Affiliates use and receipt of the Deliverables, Services or any Replacement Services provided in-house or by a Successor Service Provider, or any Related Services; and (ii) on a perpetual and irrevocable basis to the extent the same are embedded in or form part of any Developed IPR and in all other cases during the Term and during any Termination Assistance Period. For the purposes of clarity, unless specifically agreed to the contrary in an SOW, no right is granted to Aspen or its Affiliates to extract, separate, use or commercially exploit any Pre-existing IPR or Enhancements on a stand-alone basis, or as a separate development tool.

Licence granted by Aspen

20.6 Aspen grants to the Service Provider a non-exclusive, non-transferable, revocable licence (including the right to sub-licence, but only to subcontractors approved by Aspen in accordance with this Agreement) to use, copy, modify, and prepare derivative works of Aspen IPR for the sole purpose of providing the Services to Aspen during the Term.

21. INDEMNITY

21.1 The Service Provider shall indemnify, defend and hold harmless Aspen and its Affiliates and their respective officials, employees, agents and assigns (each, an “Indemnified Party”) against any claims, losses, damages, costs (including reasonable legal fees), expenses and liabilities incurred or suffered by an Indemnified Party in connection with any infringement (or claim of infringement) of any IPR or other proprietary rights of a third party, alleged to have occurred because of materials or Services provided by or on behalf of the Service Provider to Aspen or any of its Affiliates, or based upon Service Provider’s performance or Aspen’s or its Affiliate’s receipt or use of such materials or Services.

21.2 Without prejudice to its obligations pursuant to clause 21.1, if any Service or other item or material provided by the Service Provider or the provision of the Services by the Service Provider is, or in the Service Provider’s reasonable judgment is likely to become, the subject of a claim (an “Infringing Item”), the Service Provider, at its expense and in addition to the indemnity and defending the claim, will procure for Aspen the right to use and continue using the Infringing Item or replace it with a non-infringing equivalent or modify it to make its use non- infringing, provided that such replacement or modification does not result in a degradation of the performance or quality of the Infringing Item.

21.3 The Service Provider’s indemnification obligations under clause 21.1 above shall be excluded to the extent the infringement arises from: (i) any modification to the Services, Deliverables or materials by persons other than Service Provider personnel or otherwise made with the permission or in accordance with instructions of the Service Provider; (ii) any information or materials supplied by or instructions given by Aspen, an Aspen Affiliate or a Third Party Provider and used in the Services, Deliverable(s) or other infringing item unless, acting in accordance with Good Industry Practice, Service Provider should have identified that such infringement may arise; or (iii) use of the Deliverables or Services or portions thereof in combination with any other services/ deliverables not envisaged by this Agreement or the applicable SOW or otherwise not recommended, approved or provided by the Service Provider.

21.4 The following procedures will apply with respect to indemnification for third party claims arising in connection with this Agreement save that Aspen shall only give the Service Provider the right to control third party litigation relating to a third party claim that is subject to indemnification by Service Provider where the claim relates to IPR:

21.4.1 as soon as reasonably practicable after receipt by an Indemnified Party of written notice of the assertion or the commencement of any claim, demand, action, cause of action or other proceeding by a third party, whether by legal process or otherwise (a “Claim”), but no later than fourteen (14) days following receipt of written notice from the Indemnified Party relating to any Claim, the indemnifying Party will notify the Indemnified Party in writing whether it wishes to assume control of the defence and settlement of such Claim (the “Notice”);

21.4.2 if the indemnifying Party delivers the Notice relating to any claim within the required notice period, the indemnifying Party will be entitled to have control over the defence and settlement of such Claim;

21.4.3 if the indemnifying Party fails to assume the defence of any such Claim within the prescribed period of time, then the Indemnified Party may assume the defence of any such Claim at the cost and expense of the indemnifying Party; and

21.4.4 subject to the payment of its reasonable costs, the Indemnified Party shall provide reasonable assistance to the indemnifying Party, including reasonable assistance to the indemnifying Party’s employees, agents, independent contractors and Affiliates, as applicable. Notwithstanding any provision of this clause 21 to the contrary, the indemnifying Party will not consent to the entry of any judgment or enter into any settlement that provides for injunctive or other non-monetary relief affecting the Indemnified Party without the prior written consent of the Indemnified Party, such consent not to be unreasonably withheld or delayed.

21.5 Service Provider shall additionally procure that Aspen receives the full benefit and protection of any IPR indemnity that Service Provider has in relation to IPR which is not owned by Service Provider (whether Third Party IPR or otherwise) but is supplied to Aspen pursuant to this Agreement and/or any SOW.

22. LIMITATION OF LIABILITY AND INSURANCE

22.1 Nothing in this Agreement shall exclude or restrict the liability of either Party to the other for death or personal injury arising from negligence or for fraudulent misrepresentation, in relation to the indemnities granted under clause 3.13, or in any other circumstances where liability may not be so limited under any applicable law.

22.2 Nothing in this clause 22 shall exclude or restrict the liability of the Service Provider to Aspen:

22.2.1 under the indemnities given in clause 21; or

22.2.2 for any breach by the Service Provider of clause 23 (Confidentiality);

22.2.3 for any liability arising from its Wilful Abandonment.

22.3 Subject to clauses 22.1 and 22.2, neither Party shall be liable to the other whether in contract, tort, negligence, breach of statutory duty or otherwise for any indirect loss or damage, costs or expenses arising under or in connection with this Agreement.

22.4 The exclusions in clause 22.3 shall not exclude liability for the following heads of losses which the Parties agree shall be deemed to be direct losses or damages suffered by Aspen but subject to the other limitations of liability contained in this clause 22:

22.4.1 the costs of procuring and implementing an alternative to the Services provided (or not provided) by the Service Provider;

22.4.2 the cost of restoring lost or damaged data caused or contributed to by the Service Provider;

22.4.3 the cost of restoring damage to physical property caused or contributed to by the Service Provider;

22.4.4 additional wages, overtime and expenses incurred by Aspen or its subcontractors or agents in performing or rectifying defective Services and/or managing a third party’s performance of the same;

22.4.5 fines or penalties imposed on Aspen as result of the Service Provider’s breach of its data protection obligations contained in this Agreement or any SOW (whether by act, omission or otherwise); and

22.4.6 in the event that a default (whether by act, omission or otherwise) of the Service Provider prevents Aspen from running its business in the normal way, the costs of the remedial action necessary so as to re-enable such normal running together with the costs of implementing any temporary work-around.

22.5 Subject to clauses 22.1 and 22.2, the total liability of the Service Provider to Aspen whether in contract, tort, negligence, breach of statutory duty or otherwise for any direct loss or damage, costs or expenses arising under or in connection with this Agreement shall not exceed:

22.5.1 for any breach by the Service Provider of clause 27 (Data Protection) and/or Schedule 1 the greater of (i) [***]; or (ii) [***];

22.5.2 for any other breach occurring during any twelve month period commencing on the Effective Date and each anniversary thereof contract year in the aggregate the greater of [***] or [***]. For the avoidance of doubt, the limitation of liability specified herein for each

such 12-month period, including any unclaimed portion thereof, shall not be carried forward to the subsequent 12-month period.

22.6 Subject to clauses 22.1 and 22.2, Aspen's liability whether in contract, tort, negligence, breach of statutory duty or otherwise under or in connection with this Agreement shall be limited to a sum equal to the Charges paid in the 12 months preceding the relevant claim.

Insurance

22.7 The Service Provider shall maintain at its own cost (and on request provide evidence to Aspen in the form of a broker’s letter) the following insurance policies with an insurer of good standing (subject to clause 35.2) for the Term Agreement and six (6) years thereafter:

22.7.1 professional liability insurance for a minimum amount of [***];

22.7.2 public and product liability insurance for a minimum amount of [***]; and

22.7.3 employer’s liability insurance for a minimum amount of [***].

22.8 The Service Provider shall not take out or hold any of the insurance coverage described in clause 0 with Aspen or any member of Aspen Group without Aspen’s prior written consent.

22.9 The Service Provider shall not during the Term and for a period of six (6) years thereafter act or refrain from acting in such a way as would entitle the underwriter(s) of the policies required by clause 0 above to avoid or negate their liability to deal with any claim(s) which would otherwise be covered.

22.10 The Service Provider shall, whenever reasonably requested by Aspen, provide evidence of such insurance and of its currency.

23. CONFIDENTIALITY

23.1 Each Party shall, and will ensure that its respective Affiliates, directors, officers, employees and contractors shall:

23.1.1 treat Confidential Information as secret and confidential;

23.1.2 use Confidential Information only as is necessary for the performance or receipt of the Services and in particular will not make commercial use of it or otherwise use it to the detriment of the Disclosing Party without such Party's prior written agreement;

23.1.3 restrict Confidential Information to such of the Receiving Party's Affiliates, directors, officers, employees or contractors who require access to it for the delivery or receipt of the Services and who have undertaken or are subject to confidentiality obligations to the Receiving Party no less stringent than those undertaken herein;

23.1.4 not copy or reproduce Confidential Information except where this is reasonably necessary for the delivery or receipt of the Services. The Parties agree that all copies or reproductions of Confidential Information, in any form, shall be the property of the Disclosing Party; and

23.1.5 refrain from directly or indirectly disclosing Confidential Information to any third party.

23.2 Clause 23.1 will not apply to:

23.2.1 information which the Receiving Party can prove with documentary evidence was already known to it prior to disclosure, other than that disclosed in any other agreement with Disclosing Party, and free of any confidentiality obligations to the Disclosing Party;

23.2.2 information which is disclosed to the Receiving Party by a third party with a legal right to do so and free of any obligations of confidence to the Disclosing Party;

23.2.3 disclosure to any court or government or regulatory authority, where this is required by law or judicial decree, provided that the Receiving Party (i) promptly notifies the Disclosing Party in advance if legally permitted to do so, (ii) exercises reasonable efforts to obtain assurance that confidential treatment will be applied to that portion of the Confidential Information that is being disclosed and (iii) takes all reasonable steps at the expense of the Disclosing Party to assist in the protection of it.

23.3 For the avoidance of doubt, the Disclosing Party may not disclose Confidential Information made up of a combination of items of Confidential Information merely because one or more of the items falls within the exceptions in Clause 23.2 above, if the combination as a whole does not.

23.4 On termination or expiry of this Agreement the obligations in Clauses 23.1 to 23.4 shall remain in force for three years from the date of termination or expiry.

23.5 On expiry or termination of this Agreement (or earlier if the Disclosing Party so requests in writing), the Receiving Party shall, on request, return, delete or destroy all copies of any Confidential Information it has received from the Disclosing Party.

23.6 The Receiving Party agrees that breach of the obligations contained in this clause 23 may result in substantial harm to the Disclosing Party or an affiliate thereof; and that the Disclosing Party is accordingly entitled to seek injunctive or other equitable relief without first exhausting any or all of its available legal remedies; and that the Receiving Party will reimburse the Disclosing Party for all loss and expense, including legal costs, arising from the Receiving Party's breach of the terms of this clause 23 and the Disclosing Party enforcing its rights hereunder.

24. FORCE MAJEURE

24.1 In this Agreement, "Force Majeure" means circumstances outside the Affected Party's reasonable control which prevent or delay it from performing its obligations under this Agreement, including acts of God, flood, earthquake or other natural disaster; war; riot or civil commotion; or strike, lockout or other labour disturbance (not including those involving the Service Provider's Team). Any failure or delay by the Service Provider in performing its obligations under this Agreement which results from a failure or delay by an agent, sub- contractor or supplier shall be regarded as due to a Force Majeure event only if that agent, sub- contractor or supplier is itself impeded by a Force Majeure event from complying with an obligation to the Service Provider.

24.2 If Aspen or the Service Provider (the "Affected Party") is prevented or delayed from performing any of its obligations under this Agreement (whether in whole or in part) by reason of a Force Majeure event it shall as promptly as practicable given the nature of the event notify the other Party (the "Unaffected Party") in writing of the circumstances constituting the Force Majeure event and shall keep the Unaffected Party regularly informed of its progress in resuming full performance of its obligations.

24.3 The Affected Party shall take all reasonable steps to minimise the adverse effects of the event of Force Majeure on the performance of its obligations under this Agreement and, in the case of the Service Provider, shall, to the extent feasible and practical, provide workarounds which in Aspen's reasonable opinion are satisfactory.

24.4 Subject to the Affected Party's compliance with its obligations under clauses 24.2 and 24.3 above, the Affected Party shall not be treated as being in breach of this Agreement if and to the extent that its failure to perform this Agreement results from a Force Majeure event.

24.5 If the event of Force Majeure prevents the Affected Party from complying with this Agreement for a period of two months or more then the Unaffected Party may at the expiry of such period give notice in writing to the Affected Party to immediately terminate this Agreement. If the Service Provider is the Affected Party, it shall be under a continuing obligation to co-operate with Aspen in transferring the work to another supplier or otherwise ensuring that Aspen's business needs continue to be met despite the event of Force Majeure at Aspen's reasonable cost, to the extent applicable and only at the rates set forth for the Services herein.

24.6 Where following an event of Force Majeure to which this clause applies the Affected Party is able to resume performance of its obligations it shall notify the Unaffected Party accordingly and promptly resume performance of the affected obligations.

25. ASSIGNMENT AND SUBCONTRACTING; DIVESTMENT

25.1 The Service Provider shall not, without the prior written consent of Aspen, assign, transfer, charge, create a trust in, or deal in any other manner with all or any of its rights or obligations under this Agreement.

25.2 The Service Provider may not sub-contract the provision of any material part of the Services without the prior written consent of Aspen, such consent not to be unreasonably withheld or delayed which as at the Effective Date shall be deemed to include all the Approved Sub- contractors. The Service Provider agrees that its subcontracts with Service Provider Subcontractors shall include robust terms broadly equivalent to those set out in this Agreement. For the avoidance of doubt, the engagement of individual subcontractors as members of theService Provider’s Team shall not be restricted by this clause and such individuals shall not be deemed to be sub-processors for the purposes of the Data Protection Legislation.

25.3 Notwithstanding any sub-contracting permitted under clause 25.2, the Service Provider shall remain wholly liable and responsible for all acts and omissions (howsoever arising) of its sub- contractors in the performance of the Services.

25.4 Aspen may assign or novate this Agreement to an Aspen Affiliate or any provider of outsourcing or third party services that is employed under a service contract to provide services to Aspen or an Aspen Affiliate.

25.5 At Aspen's discretion and upon notice to Service Provider of the divestment, any Divested Affiliate shall be entitled (at no additional charge to it or Aspen other than in respect of any separation costs identified and agreed pursuant to the change control procedure in clause 15) to continue to receive the Services, which it has been receiving pursuant to this Agreement (including the governance regime in Schedule 3 (Governance), for a period of up to two (2) years from the date of completion of such divestment or the date of notice whichever is later, such period to co-terminate with the Term and provided that: (i) the overall liability of Service Provider under this Agreement or any Statement of Work to Aspen, the Divested Affiliate and any of the beneficiaries does not increase; and (ii) the Divested Affiliate passes Service Provider's reasonable ethics and compliance checks. The Divested Affiliate shall enjoy the same Charges for the Services. Any separation costs will be agreed pursuant to the change control procedure in clause 15. Any changes to the relevant Services or additional requirements (for example, separate invoices for Aspen and Divested Affiliate) or other commercial impact (including to the Charges) resulting from the activities contemplated in this Section shall be agreed in accordance with the change control procedure in clause 15.

26. ANTI-BRIBERY AND CORRUPTION

Anti-Bribery

26.1 Each Party shall comply with all Relevant Laws relating to anti-bribery and anti-corruption including (but not limited to) the UK Bribery Act 2010 and all relevant US requirements.

Modern Slavery

26.2 Without prejudice to any other provisions in this Agreement, the Service Provider shall, and shall procure that all persons who will or may be used in performing or to support the performance of this Agreement in any part of the world (“Supply Chain”) shall, at all relevant times:

26.2.1 comply with the provisions of the Modern Slavery Act 2015 and all Relevant Laws made under it or relating to it (“MSA”), and ensure that all relevant Service Provider personnel have received appropriate training on the same;

26.2.2 comply with any Aspen policy relating to modern slavery and/or human trafficking as is notified to the Service Provider by Aspen from time to time; and

26.2.3 immediately notify Aspen’s Head of Procurement in writing if it has reason to believe that it or any member of its Supply Chain is in breach or is likely to breach any of the MSA or any provisions of these clauses 26.2 to 26.4 (or would do so if it were a party to this Agreement), or if it receives a communication from any person alleging breach of any of the MSA.

26.3 The Service Provider shall maintain detailed, accurate and up-to-date records setting out:

26.3.1 its staff hiring procedures;

26.3.2 its supplier selection processes; and

26.3.3 the steps it takes to ensure that it and each member of its Supply Chain is not engaged in the activities prohibited by the MSA, and shall promptly provide copies of such records to Aspen on Aspen’s request.

26.4 On Aspen’s reasonable request, the Service Provider shall make, and shall require any relevant member of its Supply Chain to make, such adjustments to its processes that relate to staff hiring and supplier selection as Aspen reasonably considers to be desirable to address any risk of non-compliance with the MSA.

Environment

26.5 The Service Provider shall ensure that its performance of the Services shall comply with all applicable environmental laws, statutes, regulations and relevant government issued guidance.

Health & Safety

26.6 The Service Provider shall at times throughout the Term comply with all Relevant Laws relating to health and safety including (but not limited to) the Health and Safety at Work etc. Act 1974 and shall maintain a written health & safety policy.

Equal Opportunities

26.7 The Service Provider shall at all times throughout the Term comply with all Relevant Law relating to equal opportunities, including, (but not limited to) the Equality Act 2010.

Compliance with Competition Laws

26.8 The Service Provider confirms that it has not colluded with any third parties in relation to the Charges and that it shall comply with all Relevant Laws relating to competition and anti-trust including (but not limited to) the UK Competition Act 1998 and all relevant US requirements.

Compliance with Import/Export Laws

26.9 Aspen agrees to notify Service Provider of (1) any requirements for Deliverables or (2) any other technology, technical data or information to which the Service Provider will have access as a result of the Services that, in either case, will subject the Deliverables or the other technology, technical data or information to control under applicable export regulations under any classification other than EAR99 (or its non-U.S. equivalent) and, in such event, will (i) identify to the Service Provider the applicable regulations (e.g. EAR or ITAR) and classifications (e.g. ECCN) and (ii) follow such guidelines as the Service Provider may communicate to Aspen that reasonably are required to avoid violations. Subject to and except for the foregoing, the Service Provider agrees to notify Aspen of any technology, technical data or information that it will provide to Aspen pursuant to this Agreement that is subject to control under applicable export regulations under any classification other than EAR99 (or its non-U.S. equivalent) and, in such event, will (i) identify to Aspen the applicable regulations (e.g. EAR or ITAR) and classifications (e.g. ECCN) and (ii) follow such guidelines as Aspen may communicate to the Service Provider that reasonably are required to avoid violations. Subject to the foregoing the Service Provider shall comply with all Relevant Laws with respect to the Service Provider’s export and/or import of systems, dual-use items, materials, data, information and technologies necessary for the provision of the Services to each Aspen Site (including those comprising the Deliverables) and with applicable embargoes, sanctions, and similar restrictions in force from time to time (including by determining and obtaining all relevant import and/or export authorisations). Notwithstanding the foregoing, Aspen agrees that it will not provide the Service Provider with any technology, technical data or information that is subject to control under the International Traffic in Arms Regulations (ITAR). In the event that Aspen wishes to provide the Service Provider with ITAR-controlled technology, technical data or information, Aspen will notify the Service Provider in writing of such intent, and the Parties agree to cooperate to determine the appropriate agreements and controls, if any, required before Aspen makes such disclosure.

Lloyd’s Centre of Excellence

26.10 Aspen expects the Service Provider to demonstrate a commitment to developing its knowledge of the London insurance market during the Term. Accordingly, the Service Provider shall commit to:

26.10.1 engaging with external consultants to develop training materials and to obtain a deeper understanding of Lloyd’s of London performance standards and requirements;

26.10.2 developing and delivering training and certification programmes for Service Provider personnel delivering the Services;

26.10.3 increasing the general pool of Service Provider staff who are familiar with Lloyd’s of London operations;

26.10.4 promoting the sharing of experience across the Service Provider’s and its Affiliate’s clients in the Lloyd’s of London market including by promoting opportunities for such clients to network and share experiences;

26.10.5 inviting Lloyd’s of London staff to participate as guest teachers / lecturers; and

26.10.6 identifying best practices across all the clients of the Service Provider and its Affiliates in the insurance sector and applying such best practice to services in areas regulated by Lloyd’s of London including by recommending enhancements to processes.

27. DATA PROTECTION

27.1 Both Parties will comply with all applicable requirements of the Data Protection Legislation. This clause 27 is in addition to, and does not relieve, remove or replace, a Party's obligations under the Data Protection Legislation.

27.2 The terms 'Data Controller', 'Data Processor', 'Data Subject', 'Personal Data', 'processing' and 'Sensitive Personal Data' shall have the meanings as defined in the relevant Data Protection Legislation.

27.3 The Parties acknowledge that for the purposes of the Data Protection Legislation, Aspen is the Data Controller and the Service Provider is the Data Processor. Schedule 1 sets out the scope, nature and purpose of processing by the Service Provider, the duration of the processing and the types of Personal Data and categories of Data Subject.

27.4 Without prejudice to the generality of clause 27.1, Aspen will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Service Provider for the duration and purposes of this Agreement.

27.5 Without prejudice to the generality of clause 27.1, the Service Provider shall, in relation to any Personal Data processed in connection with the performance by the Service Provider of its obligations under this Agreement:

27.5.1 process Personal Data only on the prior written instructions of Aspen including, but not limited to, with regard to transfers of Personal Data outside the region comprising the UK and the European Economic Area Member States ("Permitted Region"), or between countries that are outside the Permitted Region, unless required by the laws of a country in the Permitted Region or of the European Union applicable to the Service Provider ("Applicable Law"). Where the Service Provider is relying on Applicable Law as the basis for processing Personal Data, the Service Provider shall notify Aspen of this as soon as such reliance is known and, in any event, before performing the processing required unless the Applicable Law prohibits the Service Provider from so notifying Aspen;

27.5.2 put in place appropriate technical and organisational measures to protect Personal Data against unauthorised or unlawful processing and against accidental loss, alteration, unauthorised disclosure or access, in particular where any processing involves the transmission of Personal Data over a network, and against all other unlawful access, disclosure, use or processing. Such measures shall include, where appropriate, pseudonymising and encrypting Personal Data in transit and at rest, implementing effective access controls such as multi-factor authentication, ensuring confidentiality, integrity, availability and resilience of systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident (i.e. back-up and disaster recovery processes), and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted;

27.5.3 ensure that access is strictly limited to those individuals who need to know / access the relevant Personal Data, as strictly necessary for the purposes of this Agreement, ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality;

27.5.4 assist Aspen, in responding to any request from a Data Subject and in ensuring compliance with Aspen's obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators. The Service Provider shall not respond to any request from a Data Subject except on the written instructions of Aspen or as required by Data Protection Legislation, in which case the Service Provider shall inform Aspen of that legal requirement before it responds to any such request;

27.5.5 notify Aspen immediately (and in any event within one day) of becoming aware of any security breach and cooperate fully with Aspen in the event of any security breach to limit the unauthorised disclosure or use of data, seek the return of any Personal Data and assist in providing notice of the data breach to affected individuals if requested by Aspen. For the avoidance of doubt, data security breaches shall include, but not be limited to, data which has been accessed, disclosed, acquired, released or used without proper authorisation and contrary to the terms of this Agreement;

27.5.6 take such reasonable commercial steps as are directed by Aspen to assist in the investigation, mitigation and remediation of any such security breaches, including preserving all evidence regarding the breach and providing Aspen or its agents with access to such evidence as well as any facilities, equipment, or operations that may have been affected, together with access to all staff or contractors with knowledge of the matter and all relevant records, logs, files, data or other materials;

27.5.7 at the written direction of Aspen, delete or return Personal Data and copies thereof to Aspen on termination of this Agreement unless required by Applicable Law to store the Personal Data;

27.5.8 maintain complete and accurate records and information to demonstrate its compliance with this Agreement and allow for audits by Aspen or Aspen's designated auditor;

27.5.9 inform Aspen immediately if it thinks it has been given an instruction which doesn't comply with applicable Data Protection Legislation; and

27.5.10 not process any Personal Data outside the Permitted Region unless (1) Aspen has provided its prior written consent to this, and (2) in addition to obtaining Aspen's prior written consent, the Service Provider ensures that the transfer out of the Permitted Region is effected by way of a legally enforceable safeguarding mechanism that is permitted under the Data Protection Legislation at the time of the relevant transfer.

27.6 Without limiting the foregoing, Service Provider acknowledges that the Service Provider's obligations with respect to Personal Data set out in Clause 27.5.2, 27.5.3 and 27.5.5 – (i) shall also apply to the same extent to any confidential, financial, material or proprietary non-public information regarding Aspen or its business received by Service Provider.

27.7 For the purposes of the Data Protection Legislation, the Service Provider agrees, and will procure that the Service Provider's Team agrees, to Aspen holding and processing (both electronically and manually) Personal Data provided by the Service Provider or the Service Provider's Team to Aspen for purposes relating to the Service Provider's engagement and the operation, management, security and administration of Aspen's businesses.

27.8 The Service Provider shall indemnify Aspen and its Affiliates in respect of any of the Service Provider's failures to comply with any Data Protection Legislation provisions, any other breach of the data protection obligations contained in this Agreement or where it has acted without Aspen's lawful instructions, or against Aspen's instructions.

27.9 The Service Provider shall not appoint a third-party processor of Personal Data without Aspen's prior written consent. In the case of Aspen's written authorisation, the Service Provider shall:

27.9.1 inform Aspen of any intended changes concerning the addition or replacement of third party processors, thereby giving Aspen the opportunity to object to such changes;

27.9.2 confirm that it has entered or (as the case may be) will enter into a written agreement with the third-party processor incorporating terms which are substantially similar to those set out in this clause 27; and

27.9.3 indemnify Aspen and its Affiliates, and remain fully liable for all acts or omissions of any third-party processor(s) appointed by it.

28. THIRD PARTY RIGHTS

28.1 This Agreement does not create any rights or benefits enforceable by any person not a Party to it except that an Aspen Affiliate or a person who under clause 25 is a permitted successor or assignee, novatee or transferee of the rights or benefits of a Party, may enforce such rights or benefits.

29. REGULATORY MATTERS AND AUDIT RIGHTS

General

29.1 Without prejudice to the generality of clause 3.2:

29.1.1 the Service Provider shall comply with all Service Provider Applicable Regulations; and

29.1.2 Aspen may notify the Service Provider:

(a) of any Aspen Applicable Regulations it specifically requires the Service Provider to comply with (including any requirements set out in the Performance Metrics to either comply with Aspen Applicable Regulations referenced there or to ensure compliance with Aspen Applicable Regulations by following certain policies or procedures); and/or

(b) if it requires compliance with what would otherwise be a Service Provider Applicable Regulation in a Aspen specific way (such specific compliance becoming compliance with a Aspen Applicable Regulation for the purposes of this Agreement and the definition of Service Provider Applicable Regulation).

Once any such Aspen Applicable Regulations are identified the Parties will agree how they are to be complied with. For the avoidance of doubt, such notifications under clause 29.1.2 may relate to compliance with Aspen Applicable Regulations in any jurisdictions worldwide in which Aspen or Aspen Affiliates operate or do business from time to time.

29.2 The Service Provider recognises that Aspen and Aspen Affiliates are subject to regulation by (or have regulatory responsibilities in respect of) the regulatory authorities in the jurisdictions in which it operates and that, in particular, Aspen has regulatory responsibilities in respect of:

29.2.1 the U.S. Securities and Exchange Commission and Financial Industry Regulatory Authority;

29.2.2 the Financial Conduct Authority, the Prudential Regulation Authority and Lloyd’s of London;

29.2.3 the Bermuda Monetary Authority;

29.2.4 North Dakota Department of Insurance and the Texas Department of Insurance;

29.2.5 the Jersey Financial Services Commission;

29.2.6 the Swiss Financial Market Supervisory Authority;

29.2.7 the Monetary Authority of Singapore;

29.2.8 The Australian Prudential Regulation Authority;

29.2.9 the Central Bank of Ireland;

29.2.10 the Office of the Superintendent of Financial Institutions;

29.2.11 the successor organisations/regulators of each entity listed in clauses 29.2.1 to 29.2.9 from time to time; and

29.2.12 various other relevant governmental agencies or bodies around the world.

29.3 The Service Provider shall make any modifications to the Services as reasonably necessary as a result of changes to Service Provider Applicable Regulations at no extra cost to Aspen. Where the relevant modification is required to address a change in Aspen Applicable Regulations or a change in the applicable regulatory authorities in clause 29.2 the effect on cost and delivery shall be assessed and agreed via the change control procedure set out in clause 15 of this Agreement.

29.4 Subject to clause 23 (Confidentiality) and the applicable terms in clauses 29.5 to 29.14 (External Audits), the Service Provider shall provide such cooperation with all applicable regulatory authorities as may reasonably be requested by Aspen or otherwise required by such authorities and in any event shall cooperate with both Aspen and any regulatory authorities in responding to any enquiries made by such authorities. Such cooperation shall be provided at Aspen's reasonable cost. The Service Provider's obligations under this clause 29.4 shall include:

29.4.1 providing, on request, such assistance as Aspen may reasonably require to prove its compliance with its regulatory requirements in the context of the Services;

29.4.2 providing to Aspen such information and/or documentation as a regulatory authority may request in its supervision of the performance of the Services and it consents to such information and documentation being passed on to the relevant regulatory authority; and

29.4.3 in addition to Aspen's own audit rights hereunder, permitting a regulator to carry out audits of Service Provider where such regulator requires the right to do so.

External Audits

29.5 Aspen (or its nominee) shall be entitled to audit the Service Provider's conformance with its obligations under the Agreement (including to verify the Charges) and the relevant Service Provider's facilities in each case in respect of the Services provided to Aspen and its Affiliates, during business hours up to a maximum of two (2) times per year in aggregate for all audits under this clause (at no charge) on reasonable written notice (which shall, other than in the case of an emergency or regulatory audit, be no less than one (1) month), provided that the audit is carried out subject to clauses 29.6, 29.7 and 29.12; the auditor is not a direct competitor of the Service Provider; and the auditor enters into a confidentiality agreement with Aspen on terms no less onerous than those set out in clause 23 (Confidentiality). For the avoidance of doubt, the audit departments of the "Big 4" accountancy firms are not direct competitors of the Service Provider, provided that they sign a confidentiality agreement with the Service Provider, including the obligation to put in place appropriate ethical walls between their audit departments and those

parts of their business which provide business and technology consulting and services, to ensure that all information obtained by their audit department is not disclosed to parts of their business which may compete with the Service Provider.

29.6 The Service Provider shall provide all reasonable co-operation with any audits conducted pursuant to clause 29.5 and Aspen shall use its reasonable endeavours to seek to:

29.6.1 minimise any disruption to the Services; and

29.6.2 consolidate such audits for each aspect of the Services and the Premises, where possible.

29.7 In conducting an audit, Aspen (or its nominee) shall comply with the Service Provider's reasonable security and confidentiality procedures and shall not be permitted to have unsupervised access to the Service Provider's shared facilities and systems. The Service Provider shall be entitled to reasonable relief if there is any disruption to the Services as a direct result of Aspen carrying out an audit.

29.8 Subject to the restrictions in clauses 29.5, 29.6 and 29.7 (other than in relation to the frequency of audits), Aspen (or its nominee) shall be entitled to undertake no more than one (1) further audit in that same year across the Agreement as a whole, (with the Service Provider providing all reasonable co-operation) at its own cost (at the Service Provider's relevant day rate), unless such audits reveal fraud or a breach (other than a minor or cosmetic breach) of the Agreement (including all instances of overcharging), in which case the cost of the audit shall be borne by the Service Provider.

29.9 If, as a result of an audit, it is determined that the Service Provider has overcharged Aspen, Aspen shall notify the Service Provider of the amount of such overcharge and the Service Provider shall promptly, and in any event no later than thirty (30) days from the date of receipt of notice of overcharge, pay to Aspen the amount of the overcharge interest at a rate of [***] until the date of payment to Aspen.

29.10 In the event any such audit by Aspen or its agents reveals an overcharge to Aspen by the Service Provider of [***], the Service Provider shall reimburse Aspen for the cost of such audit in addition to the repayment of the sum plus interest at the rate set out above.

29.11 The Service Provider agrees that the restrictions on the number of audits and the notice period for such audits set out in clause 29.5 will not apply to audits required for legal or regulatory reasons. Such audits shall be conducted at Aspen's cost where the number set out in clause 29.5 has been exceeded.

29.12 If any audit by an auditor designated by Aspen or a regulatory authority having jurisdiction over Aspen results in Aspen being notified that it is not in compliance with any generally accepted accounting principle or audit requirement relating to the Services, then provided that the non- compliance resulted from the Service Provider's default, the Service Provider shall, at its own expense and within the period of time specified by such auditor or regulatory authority, bring the Services into compliance. If the Service Provider fails to bring the Services into compliance within a reasonable time Aspen shall be entitled to terminate this Agreement under clause 18.5.1 on the grounds of the Service Provider's irremediable material breach of contract on the provision of written notice.

29.13 The Service Provider shall maintain and retain in a manner that complies with Good Industry Practice accurate records (including complete financial records of its operations and activities specifically related to the Services) in relation to the provision of the Services provided to Aspen

during the Term for seven (7) years after the termination or expiry of the Agreement and make the same available to Aspen and its auditors.

29.14 The Service Provider shall provide all reasonable assistance and information in relation to the conduct of the audit at its own cost. For the avoidance of doubt such information shall not include the provision of any background cost or overhead information or any of the Service Provider internal reports relating to the Services (although the Service Provider shall act reasonably in this regard).

29.15 Operational Risk:

29.15.1 Service Provider must notify Aspen immediately when Service Provider becomes aware of the potential for or a material deficiency in the provision of the Services or this Agreement, including in relation to conformity to the Performance Metrics and compliance with applicable laws and regulatory requirements ("Operational Risk").

29.15.2 Aspen will inform Service Provider immediately when Aspen becomes aware of an Operational Risk in the provision of the Services or this Agreement.

29.15.3 Service Provider will register and maintain a risk register of all Operational Risks raised by either Service Provider or Aspen.

29.15.4 Within five (5) working days of the Operational Risk being registered in the risk register Service Provider will provide, for agreement with Aspen, a mitigation plan to mitigate the Operational Risk.

Internal Audit

29.16 The Service Provider shall establish and maintain a system of internal audits to provide management with assurance that a quality assurance system is being utilised, is effective, meets customer and business needs and continues to improve ("Internal Audits").

29.17 The Service Provider shall maintain internal controls lists in a manner consistent with Good Industry Practice and provide confirmation of the same at least once per year.

29.18 Where specifically requested by Aspen, the Service Provider shall also provide a copy of its:

29.18.1 internal independent audit reports concerning (i) International Standard on Assurance Engagements No. 3402 (ISAE 3402) Assurance Reports on Controls at a Service Organisation, (ii) HIPAA and (iii) PCI DSS;

29.18.2 Statement on Standards for Attestation Engagements No. 18 (SSAE 18); and/or

29.18.3 SOC 2 Type 2 Report prepared in accordance with AT-C320 issued by the AICPA, to Aspen within a reasonable time after any such reports are completed (provided the Service Provider is not required to provide copies of reports which cover or refer to other clients of the Service Provider) and shall make all documents regarding such audits available to any applicable Regulator, to Aspen within a reasonable time after any such reports are completed. If Service Provider does not undertake such internal audits then Aspen acknowledges it shall have no right to require the same pursuant to this clause.

29.19 Should any Internal Audit identify an overcharge, the provisions of clauses 29.9 and 29.10 shall apply.

30. DISPUTE RESOLUTION PROCEDURE

30.1 Disputes relating to this Agreement will be escalated in accordance with paragraph 9 of Schedule 3 (Governance).

30.2 If the matter in dispute has not been resolved within 30 days of the commencement of the discussions and negotiations described in clause 30.1, either Party shall be entitled to refer the dispute to a mediator to be agreed by both Parties or, in default of such agreement, to be appointed by the Centre for Effective Dispute Resolution, to attempt resolution by way of mediation.

30.3 Subject always to clause 30.5, in the event that the Parties are unable to resolve a dispute within 60 days of the commencement of the mediation, either Party may (but shall not be obliged to) issue legal proceedings.

30.4 The Service Provider shall continue to supply the Services and Aspen shall continue to pay undisputed invoices in accordance with the terms of this Agreement until a dispute has been resolved.

30.5 Nothing in this clause 30 shall prevent either Party from applying at any time for injunctive or other equitable relief on the grounds of breach, or threatened breach, of the other Party's obligations of confidentiality contained in clause 23 of this Agreement or on the grounds of infringement, or threatened infringement, of the applicant's Intellectual Property Rights.

31. PUBLICITY

31.1 The Service Provider shall not publicise the terms or existence of this Agreement or use the name of Aspen or an Aspen Affiliate or any trade name or trade mark used by Aspen, or refer to Aspen in any other way in any promotional literature, publications or advertising material without the prior written consent of Aspen.

32. CORPORATE SOCIAL RESPONSIBILITY

32.1 The Service Provider shall:

32.1.1 ensure that it complies, and its sub-contractors comply, with the provisions of the International Labour Organisation's core standards; the provisions of the United Nations Universal Declaration of Human Rights; and the provisions of the Modern Slavery Act 2015 in respect of both its direct employees and its suppliers and ensure that neither it nor its supply chain makes use of slavery, forced or bonded labour or human trafficking;

32.1.2 ensure that it and its suppliers demonstrate a set of environmental standards with a commitment to environmentally sustainable working practices and materials;

32.1.3 ensure that its staff and any agents and contractors employed by it in respect of this Agreement will comply with appropriate ethical standards;

32.1.4 ensure that it does not, whether as an employer or supplier of the Services, engage in any act or omission that would contravene the Equality Legislation and takes all reasonable endeavours to ensure that the Service Provider's Team does not unlawfully discriminate within the meaning of the Equality Legislation.

33. HEALTH AND SAFETY

33.1 The Service Provider shall ensure that it and the Service Provider's Team at all times comply strictly with the provisions of all statutory and regulatory provisions applicable to the Services. The Service Provider shall ensure that it does nothing to cause Aspen to be in breach of same.

33.2 The Service Provider shall supply to Aspen written evidence that any necessary assessments for works and activities comprising or relating to the Services under statute or regulation have been carried out and that appropriate actions necessary as a result of such assessments have been taken before the commencement of the Services.

33.3 The Service Provider will do nothing which might reasonably be expected to place Aspen or an Aspen Affiliate in breach of its obligations owed to a landlord or owner of the Premises.

33.4 Each Party shall supply to the other any appropriate information to enable the other to meet its obligations under all applicable statutory and regulatory provisions and all leases and property rental agreements.

34. RELATIONSHIP OF THE PARTIES

34.1 Nothing in this Agreement shall create, or be deemed to create, a partnership or joint venture between the Parties, or make a Party the agent or representative of the other Party except as expressly stated.

34.2 It is understood and agreed that in the performance of the Service Provider's duties under this Agreement each member of the Service Provider’s Team will be an employee or contractor of the Service Provider and that nothing in this Agreement shall be construed as creating any contract of employment pursuant to the Employment Rights Act 1996 (including any amending or replacement legislation in the field of employee's rights from time to time) or the relationship of principal and agent between Aspen and any member of the Service Provider's Team or the Service Provider. In particular but without prejudice to the generality of the foregoing, no member of the Service Provider's Team will be covered by, nor will any member of the Service Provider's Team seek, any personal accident, medical or other insurance policies or any other benefits which Aspen provides or may provide for its employees.

34.3 Unless specifically authorised in writing by Aspen, neither the Service Provider nor Service Provider's Team will make any purchase or incur any liability on behalf of Aspen or pledge the credit of Aspen or in any way bind Aspen or do anything likely to cause third parties to consider the Service Provider or Service Provider's Team as acting as an agent of Aspen.

35. NON-SOLICITATION

35.1 During the course of this agreement and until the expiry of six months from the earlier of the date of termination of this Agreement or the date on which a Relevant Person ceases to be a Party's employee or contractor, neither Aspen nor the Service Provider shall directly or indirectly (either alone or jointly or in partnership with any other person, firm or company) induce or seek to induce any such Relevant Person to leave the other's employment or to cease to be a contractor to such Party.

35.2 Nothing in this clause shall prevent either Party from placing job advertisements in the general press or from making offers of employment to any Relevant Person in response to unsolicited enquiries.

36. GENERAL

36.1 Any waiver of a breach of any provision of this Agreement shall not be considered as a waiver of any subsequent breach of the same of any other provision.

36.2 Any variation to this Agreement must be in writing and signed on behalf of both Aspen and the Service Provider.

36.3 Notice given under this Agreement shall be in writing (including by email), sent for the attention of the other Party's nominated representative (Aspen's Contract Manager or the Service Provider Contract Manager, as the case may be), and shall be delivered in person or sent by email or by registered post or recorded delivery.

36.4 This Agreement shall be governed by and construed in accordance with English law and the Parties submit to the exclusive jurisdiction of the English courts.

36.5 This Agreement sets out the entire agreement and understanding between the Parties relating to the Services to be provided and replaces any prior correspondence or representations.


SIGNED for and on behalf of

Aspen Insurance UK Services Limited

			/s/ Rob Houghton

(Signature)

Name: Rob Houghton

Title: Group COO

Date: June 1, 2022



SIGNED for and on behalf of

Mindtree Limited

			/s/ Amit Shinde

(Signature)

Name: Amit Shinde

Title: Associate

General Counsel

Date: May 27, 2022