Exhibit 10.2
MASTER SERVICES AGREEMENT
This cover page and the attached “Master Services Agreement,” and all Exhibits and attachments hereto, and other documents which are incorporated into this agreement by reference and as such terms may evolve and be modified over time (collectively the “Agreement”) describe the relationship between GlobalLogic Inc. (“GlobalLogic”) and the Client identified below (“Client”), regarding the provision of Services by GlobalLogic to Client. This Agreement will become effective when this cover page is executed by both GlobalLogic and Client (the “Effective Date”). GlobalLogic and Client may individually or collectively be called “Party” or “Parties”.
COMPANY INFORMATION: (“Client”)
Company Name: MOTRICITY INC.
Address: 601 108th Ave NE, Ste 900
Bellevue, WA 98004 USA
Phone: 425 957 6200
Fax: 4259576201
|
ADMINISTRATIVE CONTACT:
|POINT OF CONTACT FOR NOTICES: (§ 10.6)
|Name: ***
|Name: Richard Leigh
|Title: Senior Director - Strategic Outsourcing and Management
|Title: General Counsel
|Phone: ***
|Phone: ***
|Fax: ***
|Fax: ***
|E-mail: ***
|E-mail: Richard.Leigh@motricity.com
|GLOBALLOGIC INC. (‘GlobalLogic’)
|8605 Westwood Center Drive Suite 401
|Phone : ***
|Vienna VA 22182
|Fax : ***
|ADMINISTRATIVE CONTACT:
|POINT OF CONTACT FOR NOTICES: (§ 10.6)
|Name: C. Wayne Grubbs
|Name: ***
|Title: Chief Financial Officer
|Title: AVP-Legal
|Phone: ***
|Phone: ***
|Fax: ***
|Fax: ***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
EFFECTIVE DATE:
December 30, 2008
As of the above Effective Date, the Parties agree that the Master Services Agreement between the Parties dated September 30, 2008, and associated Exhibits and attachments thereto (“Existing Agreement”) will be amended and superseded in their entirety by this Agreement. For the avoidance of doubt, all services provided under the Existing Agreement will be replaced by the Services under this Agreement.
The initial term of the Agreement (“Initial Term”) shall commence on the Effective Date and continue until 11:59 pm on December 29, 2011 (the “Initial Term Expiration Date”), or such earlier date upon which the Agreement may be terminated pursuant to Section 9 (Termination).
At least *** to the expiration of the Initial Term, GlobalLogic will propose terms to Client for renewing the Agreement. GlobalLogic will thereafter negotiate in good faith with respect to the terms and conditions upon which the Parties may renew the Agreement and thereafter execute such renewal (each such renewal a “Renewal Term”). If Client desires to renew the Agreement after the Initial Term or any Renewal Term, Client will provide written Notice to GlobalLogic of its desire to do so at least *** prior to the expiration of the Initial Term or Renewal Term, as applicable, and the Parties will negotiate an agreement for the Renewal Term. In the event the Parties are unable to reach agreement and execute such renewal at least *** prior to the expiration of the Initial Term (or subsequent Renewal Term, as applicable), Client may, at its sole option, extend the Term for *** on the terms and conditions then set forth in the Agreement. The Initial Term, any Renewal Terms, and any Termination Assistance period will be collectively referenced as the “Term.”
IN WITNESS WHEREOF, each of Client and GlobalLogic has caused the Agreement to be signed and delivered by its duly authorized representative as of the Effective Date. This Agreement may be executed in two or more counterparts, each of which shall be deemed an original.
|GLOBALLOGIC INC.
|MOTRICITY INC.
|Signature:
|Signature:
|/s/ Ryan Wuerch
|Name:
|C. Wayne Grubbs
|Name:
|Ryan Wuerch
|Title:
|Chief Financial Officer
|Title:
|Chief Executive Officer
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
GlobalLogic Inc.
GENERAL TERMS AND CONDITIONS
1.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
2.
3.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
4.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
5.
6.
7.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
8.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
9.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
10.
*** This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
11.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
12.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
13.
14.
EXHIBIT A
Pricing Policies
This Exhibit describes GlobalLogic’s pricing policy as applicable to rates, hardware and software, expenses and any other incidental items:
Hardware and Software
GlobalLogic is required to provide Client with a dedicated team of consultants. GlobalLogic will provide Client at no additional cost with standard hardware and software, including Internet connectivity to its off-shore team, in accordance with GlobalLogic’s then-current standard operating procedures as reflected in Exhibit H. Prior written authorization from Client will be obtained by GlobalLogic before incurring any expense.
Expenses
Travel expenses are set forth in Exhibit D. Where a per diem is specified for expenses, per diem will be calculated based on number of days the employee travels to and from the Service Location where Services are performed.
Pricing Policies
The Agreement will set forth one or more of the following rates applicable to Services performed by GlobalLogic there under:
Monthly Rate: *** Upon Client’s request, GlobalLogic will provide Client with a replacement GlobalLogic employee that meets Client’s approval. Hours will be tracked and reported but will not affect the monthly rate unless an individual is assigned to the project for a partial month. For work during a partial month, the monthly rate will be prorated by multiplying the monthly rate by the number of days actually worked divided by twenty standard work days (monthly rate * days worked / 20).
Daily Rate: If a resource is assigned to a project full time, a standard “Person Day” is any time worked *** at any Service Location and will be invoiced as a full day. Any time worked on a weekend or holiday will be billed ***. The terms of this Section are subject to the condition that an employee shall work for no less than ***.
Hourly Rate (Part-Time Resources Only): For a part-time resource, the Hourly Rate will be set forth in Exhibit G and be applied to all hours worked.
Other Policies
Compensatory Time Off: GlobalLogic encourages its employees to work flexible hours to manage their work flow. For example, employees may work on a weekend in order to complete the project on schedule and take compensatory time off with Client project manager’s approval. Client will either be invoiced for the flex time worked on the weekend or compensatory time off at GlobalLogic’s standard rates during the week with no overtime charge for working weekends or beyond a business day, but not both.
Travel Time: GlobalLogic employees will be encouraged to travel on the weekends. If travel on weekends is possible, the Client will not be billed for travel time. If the GlobalLogic employee is requested to travel by Client during week, the Client will be billed for travel time.
Training Client shall bear the expense of training imparted to GlobalLogic team members, which shall be billed to Client after both Parties have mutually agreed to the training in writing.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
Transition Plan Investment:
“Transition Plan Investment” refers to training imparted to GlobalLogic team members newly assigned to the Client account within the *** of the Effective Date of this Agreement. This training will be provided by Client’s employees to GlobalLogic Employees.
The Transition Plan Investment Period shall be as follows:
***
The fee payable for the Transition Plan Investment is as designated as the “Ramp Investment %” set forth in Exhibit G.
Motricity Orientation Training:
After the *** from the Effective Date of the Agreement, GlobalLogic team members newly assigned to the Client account shall undergo “Motricity Orientation Training” administered by GlobalLogic that is customized for each role (Project Manager (PM), Architect, Tech Lead, Sr. Developer, Developer and Quality Assurance (QA). Motricity Orientation Training together with the Transition Plan jointly developed by Client and GlobalLogic as set forth in Exhibit J are intended to minimize team ramp up time. GlobalLogic will not charge Client for new team members while they are in the Motricity Orientation Training program.
GlobalLogic will bear costs for training new team members assigned to the Client account to replace team members removed for cause or as a result of attrition surpassing the attrition level specified in the SLA in Exhibit E.
Notwithstanding anything to the contrary, any changes to this Exhibit, must be mutually agreed to in writing between the Parties.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
EXHIBIT B
GLOBALLOGIC VELOCITYSM:
The GlobalLogic VelocitySM Platform is GlobalLogic’s proprietary method supported by a platform, framework and objects to enable an expedient, global, collaborative product lifecycle management. It facilitates teams to collaboratively define, estimate, automate and measure the assets and the work needed to create software products while a team is developing a product for wide distribution in a rapidly changing environment. GlobalLogic VelocitySM is owned by GlobalLogic and is contained in the connectors used to integrate the various tools and systems. These proprietary connectors are exposed for use and modifications through open Application Interfaces and therefore the Client may make any such required modifications without accessing the source code.
EXHIBIT C
Insurance And Risk of Loss
|1.
|Insurance Coverage.
|A)
|As at the Effective Date and through to February 1, 2009 (“Renewal Date”), GlobalLogic shall maintain in force at least the insurance types and coverages set forth in the insurance certificates already provided to Client on or before the Effective Date.
|B)
|Thereafter:
|(i)
|GlobalLogic shall no later than March 1, 2009 provide to Client, insurance certificates that evidence that GlobalLogic is, as of the Renewal Date and continuing for the Term of this Agreement, insured for the insurance coverages under this Exhibit C, and
|(ii)
|GlobalLogic shall for the remainder of the Term of this Agreement have and maintain in force at least the following insurance coverages:
|(a)
|Employer’s Liability Insurance and Worker’s Compensation Insurance, including coverage for occupational injury, illness and disease, and other similar social insurance in accordance with the laws of the country, state or territory exercising jurisdiction over the employee with minimum limits per employee and per event of *** and a minimum aggregate limit of *** or the minimum limits required by law, whichever limits are greater;
|(b)
|Employment Practices Liability Insurance with minimum limits per employee and per occurrence of *** and a minimum aggregate limit of *** This coverage shall be endorsed to name Client as additional insured;
|(c)
|Comprehensive General Liability Insurance, including Products, Completed Operations, Premises Operations Personal and Advertising Injury, Contractual and Broad Form Property Damage liability coverages, on an occurrence basis, with a minimum combined single limit per occurrence of *** and a minimum combined single aggregate limit of ***. This coverage shall be endorsed to name Client as additional insured;
|(d)
|Property Insurance, including Extra Expense and Business Income coverage, for all risks of physical loss of or damage to buildings, business personal property or other property that is in the possession, care, custody or control of GlobalLogic pursuant to this Agreement. Such insurance shall have a minimum limit adequate to cover risks on a replacement costs basis. This coverage shall be endorsed to name Client as loss payee;
|(e)
|Automotive Liability Insurance covering use of all owned, non-owned and hired automobiles for bodily injury, property damage, uninsured motorist and underinsured motorist liability with a minimum combined single limit per accident of *** or the minimum limit required by law, whichever limit is greater. This coverage shall be endorsed to name Client as additional insured;
|(f)
|Errors and Omissions Liability Insurance covering liability for loss or damage due to an act, error, omission or negligence, or due to machine malfunction, with a minimum limit per event of *** and a minimum combined single aggregate limit of ***
|(g)
|Umbrella Liability Insurance with a minimum limit of *** in excess of the insurance coverage described in Sections 1(a) through (f) and (h) of this Exhibit; and
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
|(h)
|Employee Dishonesty and Computer Fraud coverage, including third party coverage, for loss arising out of, or in connection with, any fraudulent or dishonest acts committed by GlobalLogic or its affiliates, acting alone or with others, including misappropriation of assets of Client or its employees in a minimum amount of *** per occurrence and in annual aggregate.
|2.
|Insurance Terms.
|(a)
|The insurance coverages under Sections 1(a) through (h) of this Exhibit shall be primary, and all coverage shall be non-contributing with respect to any other insurance or self insurance which may be maintained by Client. All coverage required by Section 1 of this Exhibit shall include a waiver of subrogation and a waiver of any insured-versus-insured exclusion regarding Client. To the extent any coverage is written on a claims-made basis, it shall have a retroactive date prior to the Effective Date and shall allow for reporting of claims for at least *** after the Term.
|(b)
|GlobalLogic shall cause its insurers to issue certificates of insurance evidencing that the coverages and policy endorsements required under this Agreement are maintained in force and that not less than *** written notice shall be given to Client prior to any cancellation of the policies. GlobalLogic will provide Client with prompt written Notice regarding any modifications to or non-renewal of the types of insurance and thresholds of insurance coverage set forth under this Exhibit C. The insurers selected by GlobalLogic shall have an *** or, if such ratings are no longer available, with a comparable rating from a recognized insurance rating agency. GlobalLogic shall assure that itself and its subcontractors, if any, maintain insurance coverages as specified in this Exhibit naming Client as an additional insured or loss payee where relevant or GlobalLogic shall assure that its subcontractors, if any, are endorsed as additional insureds on GlobalLogic coverages specified by this Exhibit.
|(c)
|In the case of loss or damage or other event that requires notice or other action under the terms of any insurance coverage specified in this Exhibit, GlobalLogic shall be solely responsible to take such action. GlobalLogic shall provide Client with contemporaneous notice and with such other information as Client may request regarding the event.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
EXHIBIT D
Expenses
Notwithstanding anything to the contrary, all expenses incurred by GlobalLogic must be pre-approved by Client in writing. On and from the Effective Date and subject to the terms of this Exhibit D, the travel expense arrangement under Section (i)(a) in this Exhibit D will apply for expenses incurred by GlobalLogic under the Agreement. At the end of each calendar quarter during the Term, GlobalLogic will provide Client with expense information and reports containing the expenses incurred by GlobalLogic during the prior quarter for cost verification and for Client to evaluate which of the travel expense arrangements under Sections (i)(a) and (b) is more beneficial to Client. Such expense information and reports provided by GlobalLogic will include a summary of expenses for each month for all expenses pertaining to all employees under four or five major categories as applicable (e.g. Travel and visa, per diem, accommodation, transportation). A copy of the complete list of employees who traveled in the prior quarter and the duration of such travel will also be made available. Client may, from time to time, elect either of the two travel expense arrangements under Sections (i)(a) and (b) in its sole discretion. If, at any point in time, Client elects the travel expense arrangement under Section (i)(b), GlobalLogic will provide to Client, the original receipts for the expenses incurred in the prior month in order to be reimbursed for such expenses.
Notwithstanding anything to the contrary, GlobalLogic shall not:
(A) For the initial *** of the Term, incur expenses in excess of *** the total amount of Fees for Services in such *** without the prior written approval from Client’s Chief Financial Officer; and
(B) Thereafter, for every subsequent *** of the Term, incur expenses in excess of *** of the total Fees for Services for each such *** without the prior written approval from Client’s Chief Financial Officer.
(i) (a) Travel Expenses for Onsite Travel by Offshore Team Members
Expenses shall be chargeable by GlobalLogic to Client if pre-approved in writing by Client as follows:
|
Travel Expense
|Cost/Trip
|
Comments
|Short-term business travel to the U.S. from an offshore Service Location for ***
|***
|Per round trip. This covers airfare, visa processing fees, and meals while traveling.
|Per Diem
|***
|This covers accommodation, local transportation, gas, toll, parking, food, laundry, entertainment, personal phone and business phone charges outside office hours, internet connectivity from place of accommodation, visitor health insurance, etc.
(b) Alternative arrangements for Travel Expenses
In lieu of Section (i)(a) above and in its sole discretion, Client may elect to reimburse GlobalLogic in accordance with this Section (i)(b).
|
Travel Expense
|Cost
|
Comments
|Short-term business travel to the U.S. from an offshore Service Location for ***
|***
|Per round trip. This covers air-fare, visa processing fees, and meals while traveling.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
|Accommodation
|***
|This covers accommodation and internet connectivity from place of accommodation. ***
|Local Transportation
|***
|This covers cost of local transportation such as rental car (including insurance), taxi, gas, toll, parking, etc.
|Per Diem
|***
|This covers per diem paid to GlobalLogic for incidental expenses such as food, laundry, entertainment, etc. and other costs incurred directly by GlobalLogic such as cell phone charges while traveling, visitor health insurance, etc.
|*
|Any stay requested of a GlobalLogic team member for more than *** by Client shall be treated as a request for an onsite team member and shall be billed accordingly. Client acknowledges that it is feasible to obtain U.S. visas for off shore team members for short-term business travel purposes as contemplated by this Agreement for up to *** only. The per diem arrangement above shall not apply to such a situation.
|•
|
GlobalLogic will purchase airplane tickets 14 days in advance of travel unless otherwise approved by Client.
|•
|
All travel expenses shall be pre-approved by Client before they are incurred.
|•
|
Expenses shall be billed and payable in accordance with the invoicing schedule described in Section 3.3 of this Agreement.
(ii) Expenses Related to “Good Will Travel”:
Good Will Travel (“GWT”) is travel for purposes other than routine billable Services and which is targeted at enhancing the camaraderie/communication/rapport between onshore and offshore employees as well as between Client and GlobalLogic.
All expenses pertaining to GWT by a Party to the premises of the other Party shall be borne by Party sending its employees to the premises of the other Party subject to the following:
• GWT will be shared equally between the Parties for GWT up to a combined total of 4 times per year in the following manner:
***
Permissible GWT may be by any team member in the following manner:
***
Travel by a Party’s executives/Senior Management participating in Steering Committee Meetings and various other meetings shall not be chargeable to the other Party.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
Motricity
Exhibit E
Service Level Agreement
Table of Contents
|
SECTION 1
|2
|
1.1 PURPOSE OF THIS EXHIBIT
|2
|
1.2 SLA REVIEW PERIOD
|2
|
1.3 DEFINITIONS
|2
|
SECTION 2
|3
|
2.1 MODIFICATIONS AND REVISIONS
|3
|
SECTION 3
|3
|
3.1 WORK FLOW
|3
|
SECTION 4
|5
|
4.1 SERVICE PERFORMANCE
|5
|
4.2 PRIORITY LEVELS
|5
|
4.3 INCIDENT MANAGEMENT
|7
|
4.4 CHANGE MANAGEMENT
|8
|
4.5 PLANNED MAINTENANCE
|8
|
4.6 TECHNICAL AND EXECUTIVE BRIDGES
|8
|
4.7 ESCALATION PROCEDURE
|8
|
SECTION 5
|10
|
5.1 PRODUCTION RESPONSE TIME
|10
|
5.2 PRODUCTION RESTORE TIME
|11
|
5.3 PRODUCTION RESOLUTION TIME
|11
|
5.4 RECRUITING EFFECTIVENESS
|12
|
5.5 STAFF ATTRITION
|13
|
5.6 TRAINING EFFECTIVENESS
|14
|
5.7 SCHEDULE
|15
|
5.8 DELIVERABLE QUALITY
|15
|
5.9 TEAM PRODUCTIVITY
|17
|
SECTION 6
|17
|
SECTION 7
|
SECTION 8
|20
|
8.1 OPERATIONAL ENVIRONMENT
|20
|
8.2 NETWORK CONNECTIVITY
|21
|
SECTION A
|21
|
SECTION B
|22
PAGE 1
Section 1
1.1 PURPOSE OF THIS EXHIBIT
This Exhibit E is entered into under the terms specified in the Agreement.
This Exhibit E identifies the Service Level Metrics for Service Levels, and describes how to analyze and report these Service Level Metrics. It is intended to describe the specific Service Levels (set forth in this Exhibit E) agreed to and accepted by GlobalLogic and Client jointly.
This Exhibit E defines the mutually agreed to level of Service provided by GlobalLogic, clarifies Service Level expectations, and establishes a basis for performance measurement.
1.2 SLA REVIEW PERIOD
This Exhibit E shall be reviewed by the Parties as follows:
|(1)
|Quarterly during the first year, then once a year thereafter
|(2)
|Ninety (90) days prior to the expiration date of the Agreement in anticipation of its renewal; and
|(3)
|In the time periods set forth in Section 4.1(b)(SLA Improvement).
Any amendments to this Exhibit E will need to be mutually agreed between the Parties and in writing in accordance with Section 2.1 below.
1.3 DEFINITIONS
Set forth below are the definitions and their associated meanings used in this Exhibit. Other sections of this Exhibit may define other definitions. Any capitalized terms used in this Exhibit that do not have an associated definition will have the meanings indicated for such terms in the Agreement.
|•
|
“Service Level Metric” means the measurement requirements used to determine whether an SLA has been met. There are Service Level Metrics for each SLA at each of the following performance levels:
|•
|
Significantly Below Service Level;
|•
|
Below Expected Service Level;
|•
|
At Expected Service Level;
|•
|
Above Expected Service Level;
|•
|
Significantly Above Service Level; and
|•
|
Priority Levels.
“Service Level Failure” means for any SLA for a given measurement period, (a) a failure of GlobalLogic to meet the Service Level Metric for “At Expected Service Level”, (b) meeting the Service Level Metric for “Significantly Below Service Level” or “Below Expected Service Level, or (c) a failure to meet the response time, restore time, escalation time or resolution time for a Priority Level.
PAGE 2
Section 2
2.1 MODIFICATIONS AND REVISIONS
GlobalLogic and Client agree to periodically negotiate to add, delete, or modify the existing Service Level Metrics and Service Levels to reflect changes in Client’s business requirements or objectives. The Parties will document all changes resulting from this negotiation in an amendment to this Exhibit. Amendments to this Exhibit will become effective only upon acceptance and execution by the authorized representatives from both GlobalLogic and Client.
Section 3
3.1 WORK FLOW
The following Section is a general representation of day to day Services and demonstrates the Deliverables expected at each stage of development. This diagram is presented as a general depiction of work flow across the enterprise and is not intended as a guide for all development. GlobalLogic will perform the Services in accordance with the variations to this model that Client determines for the specific Services that needs to be accomplished. For the avoidance of doubt, references to “Offshore Supplier” and “Supplier” in the diagram below are references to GlobalLogic.
PAGE 3
Motricity Development Lifecycle
|
Motricity
|
Deliverables
|
Offshore Supplier
|***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 4
Section 4
4.1 SERVICE PERFORMANCE
|a)
|Incident Management: GlobalLogic will diligently resolve any incidents to completion, as quickly as possible, in accordance with the provisions of this Exhibit.
|b)
|SLA Improvement: Client and GlobalLogic expect and understand that certain SLAs will be improved over time. In this event, Client and GlobalLogic will mutually agree on the appropriate increase in the Service Level and corresponding Service Level Metric.
|c)
|Honeymoon Period: For a period of *** following the Effective Date of the Agreement, GlobalLogic’s performance against the SLAs set forth in this Exhibit will be reported by GlobalLogic on a monthly basis but Service Level Credits, Earn Backs and Service Level Incentives will not be incurred. Thereafter for the Term, Section 7 will apply.
4.2 PRIORITY LEVELS
Table 4.2.1 will determine the priorities and corresponding resolution and response times for incidents.
Incidents that are not immediately resolved upon notification to GlobalLogic by Client or upon GlobalLogic becoming aware of the incident, will be prioritized and resolved in accordance with Table 4.2.1.
4.2.1 PRIORITY DEFINITIONS AND REQUIREMENTS
The following priority level requirements will apply to all Production Support.
This table applies to post launch or post release Deliverables
|
Table 4.2.1 – Priority Level Requirements
|
Priority Level
|
Update Method
|
Communication
Requirements
|
GlobalLogic Response
and Resolution Times
|
Priority 1
Priority 1 incidents are conditions that render the Service inoperative and the inability to use the Service has a critical effect on Client operations. This condition would typically impact the Client end users of the Service or cause a significant or adverse impact on the quality of the Services or other work provided to Client’s carrier. This type of condition requires immediate restoration and can carry significant associated penalties. Including but not limited to this incident level being attained include:
• A complete outage of critical Service(s)
• Loss of Service or functionality feature that affects a ***
• A recurring anomaly impacting critical Service(s).
• Inability to provision a Service
|E-mail and 7/24 by phone
|
First update *** following the occurrence of the incident. Subsequent updates *** of the occurrence of the incident.
GlobalLogic will update Client with the following information:
Service affected; start time of incident; current status of repair; impact on Client or carrier;
Description of critical Service or aspect of Client Service that is unavailable to Client customers; and estimated time of repair.
Responding support personnel requirement is for the GlobalLogic offshore Development Lead who managed the end-to-end Services. If this person is unavailable, the GlobalLogic offshore Technical Program Manager will lead response and resolution.
|
*** acknowledgement of incident to Client.
Real-time collaboration with Client personnel. Status updates *** following the occurrence of incident.
Response Time:
*** acknowledgement of incident within *** of the incident in accordance with Section 4.6 below.
Real-time collaboration with the appropriate Client personnel.
Restore Time:
Fix or workaround for the incident *** of the occurrence of incident.
Resolve Time:
Permanent Fix. Provide emergency patch or minor release in less than ***from occurrence of incident.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 5
|
Table 4.2.1 – Priority Level Requirements
|
Priority Level
|
Update Method
|
Communication
Requirements
|
GlobalLogic Response
and Resolution Times
|
Priority 2
Priority 2 incidents are circumstances under which the Service is partially inoperative, but is still usable. The inoperative portion of the Service restricts operations but has a less critical effect than a Priority 1 condition. Examples of this incident level being attained include:
• Loss of Service and/or functionality that affects ***
• Loss of the ability to utilize some aspect of a Deliverable’s features or functionality.
Latency that occurs outside of normal parameters
|E-mail and 7/24 by phone
|
First update within *** following the occurrence of the incident. Subsequent updates will be made ever hour following the occurrence of the incident.
GlobalLogic will update Client with the following information:
Service affected; start time of incident; current status of repair; impact on Client or carriers for all incidents in progress;
Description of critical Service or aspect of Service that is unavailable to Client end users; and estimated time of repair.
The offshore GlobalLogic Development Lead who managed the end-to-end Services will respond and resolve the incident. If
|
Acknowledgement of incident upon the earlier of ***
Response Time:
Acknowledgement of incident within *** of incident occurring in accordance with Section 4.6 below.
Restore Time:
Fix or workaround incident within *** of incident occurring.
Resolve Time:
Permanent Fix: Provide emergency patch or minor release in less than *** of incident occurring.
PAGE 6
|
Table 4.2.1 – Priority Level Requirements
|
Priority Level
|
Update Method
|
Communication
Requirements
|
GlobalLogic Response
and Resolution Times
|this person is unavailable, the offshore GlobalLogic Technical Program Manager will lead response and resolution of the incident.
|*** will be included in the “Resolve Time” Service Level Metric above, unless otherwise agreed to in writing by Client.
|
Priority 3
Priority 3 incidents are generally non-Service affecting circumstances under which the Service is usable and either has no material affect on operations or has very limited affect on operations. The condition is not critical to overall operations, and does not severely restrict such operations. Examples of this incident level being attained include:
• A minor degradation of the Service that affects ***
• Non-Service impacting intermittent system faults.
• Web interface defects that have little or no impact on a Client end user’s ability to utilize Service features and functions.
|
Initial acknowledgement within *** of incident notification. Subsequent updates every ***
GlobalLogic will update Client with the following information:
-Services affected
-Start time of incident.
-Estimated Time of Restoration (ETR).
-Current status of restoration.
Responding Support Personnel should be a senior member of the development team (e.g.: Senior Developer) who was actively involved in the end-to-end Services. If this person is unavailable, the offshore Technical Program Manager will lead response and resolution.
|
Acknowledgement of the incident upon the earlier of ***
First update within ***
Subsequent updates *** or as agreed between the Parties.
Restore Time:
Fix or workaround in ***
Resolve Time –
Permanent Fix: Minor or major release within ***
PAGE 7
|
Table 4.2.1 – Priority Level Requirements
|
Priority Level
|
Update Method
|
Communication
Requirements
|
GlobalLogic Response
and Resolution Times
|
Priority 4
Priority 4 incidents may not be recognized by the Client end user but may affect performance, maintenance, reliability, scalability or the overall efficiency of the application.
|Initial acknowledgement within *** of incident notification. Subsequent updates as requested by Client.
|
Updates as requested by Client
Restore Time: Fix or work around within *** of the occurrence of the incident.
Resolve Time:
Permanent fix for Priority 4 incidents to be coordinated and released ***
PAGE 8
***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 9
***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 10
***
4.3 INCIDENT MANAGEMENT
Client has established an Incident Management Process within its Service Operations Center (SOC). The goal of the Incident Management Process is to restore normal Service operation as quickly as possible and to minimize any adverse impact on business operations.
Client will monitor the systems and be the first to respond to calls from Client’s customers. Client will also coordinate incident isolation with GlobalLogic. During the incident isolation and troubleshooting process, GlobalLogic will communicate incident resolution progress to Client based upon the times specified in Table 4.2.1– Priority Level Requirements. GlobalLogic must provide a response to the incident based on the response times associated with the applicable priority level as specified in Table 4.2.1– Priority Level Requirements. GlobalLogic will resolve the incident within the defined time frame specified in Table 4.2.1 using standard industry practices.
Any reported incident that is caused by a failure that is not within GlobalLogic’s responsibilities as set forth in the Agreement to resolve because the affected systems and environment are not accessible by GlobalLogic, or resolution of the incident is not directly related to GlobalLogic’s delivery of the Services will be returned to Client with an appropriate explanation. Should GlobalLogic determine that an incident being worked by GlobalLogic within Client’s responsibility to resolve, the incident will be closed and returned to Client for proper resolution. Should Client determine that an incident is within GlobalLogic’s responsibilities under the Agreement to resolve because the affected systems and environment are accessible to GlobalLogic, or resolution of the incident is directly related to GlobalLogic’s delivery of the Services, Client will return such incident to GlobalLogic for resolution.
Client, with input from GlobalLogic, will set the initial classification of the incident ticket according to the priority level criteria in Table 4.2.1– Priority Level Requirements and GlobalLogic will resolve the incident in accordance with the response, restore, and resolution times for the assigned priority level in Table 4.2.1, unless a different priority level is mutually agreed between Client and GlobalLogic. In the event that the Parties do not agree to the priority level of an incident, GlobalLogic shall continue to respond, restore and resolve the incident in accordance with the time frames set forth in Table 4.2.1 for the priority level set by the Client and, at the same time, GlobalLogic will escalate the dispute in accordance with Section 4.7, failing resolution of which, the dispute will be resolved through the dispute resolution provisions of the Agreement.
In the event that GlobalLogic does not respond to Client in accordance with the GlobalLogic “Response Time” listed in Table 4.2.1– Priority Level Requirements, Client can change the classification of an incident to a higher priority level. For the avoidance of doubt, at any time and in Client’s discretion, incidents can be escalated to the next contact or priority level, and GlobalLogic will restore and resolve the incident in accordance with the adjusted priority level.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 11
4.4 CHANGE MANAGEMENT
Client has committed to supporting its customer’s formal change and release management process intended to mitigate risk of adversely impacting Service delivery to end consumers. In partnership with Client, GlobalLogic will participate in the coordination and communication of necessary Client customer related maintenance and support activities, ensuring maintenance performed by GlobalLogic is completed at appropriates times, with the appropriate visibility and awareness.
4.5 PLANNED MAINTENANCE
GlobalLogic will leverage change management processes to ensure changes are scheduled at appropriate times, have the support of the appropriate GlobalLogic and Client resources, and are communicated to the appropriate Client stakeholders. GlobalLogic will ensure that any scheduled maintenance events will be executed in a well-coordinated and timely manner.
Maintenance events are defined as any change that could/will result in the loss of Service or be Service impacting. “Scheduled Maintenance” is defined as routine, scheduled maintenance. GlobalLogic will provide *** advance written notification prior to Scheduled Maintenance. GlobalLogic will not complete any Scheduled Maintenance without coordinating these events with Client.
GlobalLogic shall be responsible to test all changes to the GlobalLogic controlled infrastructure and environment. This testing will be performed to ensure the continuation of Services after the change and to reduce the risk of disruptions caused by the change.
All production changes, including solution deployments and maintenance, is conducted only *** unless otherwise mutually agreed to with Client.
4.6 TECHNICAL AND EXECUTIVE BRIDGES
During the resolution of a Service affecting incident, Client may establish a Technical Bridge and/or an Executive Bridge for any incident. GlobalLogic shall join the Technical Bridge upon *** notice from Client for Priority 1 incident as noted in Table 4.6 below. These bridges are used for team–to-team communication, troubleshooting, triage and escalation. Unless otherwise notified by Client, a Technical Bridge or Executive Bridge will be established as follows:
Table 4.6 - Timelines for Technical and Executive Bridges
|
Action
|Priority 1
|Priority 2
|Priority 3
|
Technical Bridge
|***
|***
|***
***4.7 ESCALATION PROCEDURE
When incidents arise that require prompt attention, the following escalation procedures should be followed to obtain instruction and information for proper resolution.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 12
4.7.1 CLIENT ESCALATION TO GLOBALLOGIC
Escalation procedures are in place at the Client to manage the resolution of incidents when they occur. If a Priority 1 incident is not resolved by Client within *** of when Client was made aware of the incident, the incident may be escalated to GlobalLogic, who will drive escalation and resolution of the incident within Client’s operations and engineering groups, and ensure that Client is kept updated with the incident resolution process. The appropriate Business Development person will also be informed of the occurrence and status of any Priority 1 incident. Within *** of the Effective Date, GlobalLogic will advise Client of the GlobalLogic Contact Data designated in Table 4.7.1.
Table 4.7.1
|
Escalation Level
|
GlobalLogic Escalation Contact Data
|
Priority 1
|
Priority 2
|
Level 1
|GlobalLogic to provide
|***
|***
|
Level 2
|
GlobalLogic to provide
|***
|***
|
Level 3
|
GlobalLogic to provide
|***
|***
4.7.2 GLOBALLOGIC ESCALATION TO CLIENT
In some instances, GlobalLogic may become aware of a priority incident before Client does. In the event that GlobalLogic needs to notify Client of the incident, the escalation Table 4.7.2 below should be used.
For the purposes of clarification, Table 4.7.2 provides escalation timelines for Priority 1 and 2 incidents, based on time after the incident was reported. Priority 3 incidents seldom require escalation but in the event that Client believes that GlobalLogic is not addressing the incident in a timely manner, Client may elevate the priority of the incident after Client sends notification to GlobalLogic. GlobalLogic will promptly acknowledge such notification and treat such incident as a Priority 2 incident.
Table 4.7.2
|
Escalation Level
|
Client Escalation Contact Data
|
Priority 1
|
Priority 2
|
Level 1
|***
|***
|***
|
Level 2
|***
|***
|***
|
Level 3
|***
|***
|***
4.7.3 ADDITIONAL ESCALATION INFORMATION
Client and GlobalLogic will ensure that any additional processes that are required to ensure the smooth escalation of incidents within each organization are clearly communicated to one another in writing, so that the escalation processes within each organization and between the two organizations are clearly understood by both Parties. Client and GlobalLogic will exchange the names and contact information of the personnel who need to be kept informed of progress during the escalation process, utilizing the templates for contact lists set forth in this Exhibit. Both parties are responsible for ensuring that if there are any changes in the contact information the other Party is updated. This information will not be updated and kept current as part of this Exhibit, but will need to be maintained separately by the two Parties outside of this Exhibit.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 13
Section 5
For the avoidance of doubt, the references to Priority levels in this Section 5 have the meanings given to such Priority Levels set forth in Table 4.2.1.
5.1 PRODUCTION RESPONSE TIME
Description
This SLA sets forth the time lines by which Client requires a response from GlobalLogic to investigate a production incident.
Table 5.1 Production Response Time SLA Values
|
***
|
***
|
***
|
***
|
***
|
***
|
Response Time: Priority 1
|***
|***
|***
|***
|***
|
Response Time: Priority 2
|***
|***
|***
|***
|***
|
Response Time: Priority 3
|***
|***
|***
|***
|***
|
Response Time: Priority 4
|***
|***
|***
|***
|***
Reporting Period
GlobalLogic will measure and report on this SLA every month.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 14
Analysis Plan
Measurement period commences upon GlobalLogic receiving an email or call from Client to address a production incident and the time it takes a qualified engineer to call into a conference bridge. This person must have the necessary skills to actually trouble-shoot and resolve the incident.
5.2 PRODUCTION RESTORE TIME
Description
This SLA sets forth the time lines for which Client requires GlobalLogic to restore the production environment to a state prior to the incident and whereby it is in compliance with the Agreement by either work-around or actual or emergency fix.
Table 5.2 Production Restoration Time SLA Values
|
SLA
|
Significantly Below
|
Below Expected
|
At Expected
Service Level
|
Above Expected
|
Significantly Above
|
Restore Time: Priority 1
|***
|***
|***
|***
|***
|
Restore Time: Priority 2
|***
|***
|***
|***
|***
|
Restore Time: Priority 3
|***
|***
|***
|***
|***
|
Restore Time: Priority 4
|***
|***
|***
|***
|***
Reporting Period
GlobalLogic will measure and report on this SLA every month.
Analysis Plan
Measurement period commences upon GlobalLogic receiving an email or call from Client regarding an incident and the time it takes to restore the production environment to a state prior to the incident and in compliance to the Agreement by either work-around or actual or emergency fix.
5.3 PRODUCTION RESOLUTION TIME
Description
This SLA sets forth the time lines by which Client require GlobalLogic to resolve a production incident.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 15
Table 5.3 Production Resolution Time SLA Values
|
SLA
|
Significantly Below
|
Below Expected
|
At Expected
Service Level
|
Above Expected
|
Significantly Above
|
Resolve Time: Priority 1
|***
|***
|***
|***
|***
|
Resolve Time: Priority 2
|***
|***
|***
|***
|***
|
Resolve Time: Priority 3
|***
|***
|***
|***
|***
|
Resolve Time: Priority 4
|***
|***
|***
|***
|***
Reporting Period
GlobalLogic will measure and report on this SLA each month.
Analysis Plan
Measurement period commences upon GlobalLogic receiving an email or call to address a production incident and the time it takes to resolve the incident with a permanent fix.
5.4 RECRUITING EFFECTIVENESS
Description
This SLA sets forth the time lines by which GlobalLogic will fill GlobalLogic resource open positions on Client’s account. The number of weeks to hire a candidate shall determine the effectiveness of GlobalLogic’s recruiting efforts as per the following table.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 16
Table 5.4 Recruiting Effectiveness SLA Values
|
SLA
|
Significantly Below
|
Below Expected
|
At Expected
Service Level
|
Above Expected
|
Significantly Above
|
Recruiting Effectiveness (India at all levels and Ukraine – junior and mid level resources)
|***
|***
|***
|***
|***
|
Recruiting Effectiveness (Ukraine – senior resources)
|***
|***
|***
|***
|***
Reporting Period
GlobalLogic will measure and report on this SLA every month.
Analysis Plan
Measurement period starts when GlobalLogic receives an email or updated spreadsheet from Client about an open position with a job description and requirements for the open position to GlobalLogic and ends when GlobalLogic hires a candidate approved by Client to fill the position.
If the Parties mutually agree that to substantially execute the responsibilities of a position, a rare skill is needed that is not easily sourced in the marketplace, GlobalLogic and Client will mutually agree to the time period for the filling of such position and this SLA will not apply to such position.
5.5 STAFF ATTRITION
Description
GlobalLogic is responsible for maintaining the agreed upon number of resources in order to perform the Services. Voluntary Attrition of the resources on the team must be no more than the “At Expected Service Level” Service Level Metric in the table below.
“Voluntary Attrition” includes:
|•
|
All cases where a GlobalLogic employee or contractor formally resigns from GlobalLogic or their employment or engagement is terminated for whatever or no reason;
|•
|
Any instance of a GlobalLogic employee or contractor being removed from a Client team either through their own request, at the request of GlobalLogic or at the request of Client;
|•
|
Resignations and sabbaticals initiated by GlobalLogic or the individual employee or contractor . GlobalLogic’s employee or contractor promotions and role changes within Client team will not constitute Voluntary Attrition;
|•
|
All cases of attrition due to personal reasons (e.g. marriage/relationships, relocation, higher studies etc).
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 17
Table 5.5 Staff Attrition Levels for Ukraine & India, combined
|
SLA
|
Significantly Below
|
Below Expected
|
At Expected
Service Level
|
Above Expected
|
Significantly Above
|
Staff Attrition
|***
|***
|***
|***
|***
All positions placed by GlobalLogic will be subject to a ***. For all positions placed by GlobalLogic, a *** period will exist in order to ensure a strong fit between the candidate and the role. During this time, GlobalLogic, the resource, and Client will evaluate the person and their performance in this role. Any Client request that GlobalLogic remove or replace this person during the first *** trial period, such removal shall not count towards determining whether GlobalLogic has met this Service Level.
GlobalLogic may not, at any time, remove a resource from the Client team without express written permission of Client. GlobalLogic will have a training program in place and retain a reasonable bench of resources to promptly replace any resources rotated or removed from Client’s account and ready to join as an effective and contributing member of the Client team within a reasonable period of time prior to the departure of a GlobalLogic resource on the Client account.
Reporting Period
GlobalLogic will measure and report on this SLA every quarter. Reporting to be conducted by GlobalLogic at the GlobalLogic/Client Quarterly Review.
Analysis Plan
Measurement period starts from the Effective Date of the Agreement.
To calculate Voluntary Attrition, the number of GlobalLogic resources removed from Client’s account due to Voluntary Attrition during a quarter, will be divided by the total number of GlobalLogic resources on Client’s account during the same quarter.
5.6 TRAINING EFFECTIVENESS
Description
It is important to reduce the ramp-up time of new or replacement GlobalLogic resources on Client projects or team. GlobalLogic will implement an effective training plan which should be followed by new or replacement team members. After finishing the training program, GlobalLogic resources will be ready to perform the Services under the Agreement. In the table below, units of measurement are in number of calendar weeks:
Table 5.6 Training Progress SLA Values
|
SLA
|
Significantly Below
|
Below Expected
|
At Expected
Service Level
|
Above Expected
|
Significantly Above
|
Training Progress
|***
|***
|***
|***
|***
Reporting Period
GlobalLogic will measure and report on this SLA every month, until each individual completes the required training.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 18
Analysis Plan
Measurement period starts from the first day of on-boarding onto Client’s account for new or replacement GlobalLogic resources. During the training period the new or replacement GlobalLogic resource will follow the training plan prepared by GlobalLogic. Each new GlobalLogic team member should then produce at least one (1) functional Deliverable that conforms to Client’s specifications within the first 2 months of being added to the Client team. A functional Deliverable can include, but is not limited to, such items as test plans, test cases, code, tools, and documentation. GlobalLogic Project Manager will assess the output of such new or replacement GlobalLogic resources and submit the Deliverable to Client for approval. Client will either approve or reject the Deliverable in accordance with Section 2.5 of the Agreement.
5.7 SCHEDULE
Schedule For Deliverable
This SLA shows how accurately GlobalLogic meets the delivery schedules of its Deliverables to Client.
Schedule Accuracy SLA measures the on-time delivery of all Deliverables for a given period. Units of measurement are the percentage of Deliverables completed and delivered on time during the month (accuracy to the delivery schedule).
Schedule Deviation SLA measures the number of days in total GlobalLogic deviated from the delivery schedule for any single Deliverable. Units of measure are the aggregate number of days past each interim milestone date, up to the scheduled final delivery date for the Deliverable.
Table 5.7 Schedule SLA Values
|
SLA
|
Significantly Below
|
Below Expected
|
At Expected
Service Level
|
Above Expected
|
Significantly Above
|
Schedule Accuracy (On-time delivery)
|***
|***
|***
|***
|***
|
Schedule Deviation
|***
|***
|***
|***
|***
Reporting Period
GlobalLogic will measure and report on this SLA every month.
Analysis Plan
Types and nature of milestones and Deliverables may vary depending on the project or Service. GlobalLogic and Client will mutually agree on the milestones and schedule for Deliverables for each project or Service. Measurement period starts when GlobalLogic receives and agrees to a schedule for Deliverables from Client.
5.8 DELIVERABLE QUALITY
GlobalLogic’s Quality Engineering group will review and test the Services and Deliverables to determine whether they conform to mutually agreed to specifications in terms of defects (defined by severity and priority as set forth below), hereinafter referred to individually as “Defect” and collectively as “Defects.” For the avoidance of doubt, a Defect is a form of non-conformity.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 19
Unless GlobalLogic is otherwise instructed by Client in writing, the Parties agree that Services or Deliverables will not be released or launched until the following criteria are met:
***
Table 5.8 – Priority / Defect Descriptions
|
Severity
|
Title
|
Definition /Description of Defects
|1
|
Deliverable/Service Prevention Defect
or
Priority 1 Defect
|
Defined as a Defect that:
• Prevents an Service or Deliverable from executing under normal operating conditions;
• Results in the inability to offer the Service;
• Prevents a Service or Deliverable function from being used, no work around, or blocking progress on multiple fronts;
• May present itself to many Client end users of the Service;
• Greatly diminishes the usefulness, usability, or value of the Service or Deliverable; or
• If detected by a single, influential user, or third party provider, would yield unfavorable review of software Deliverable or Service.
|2
|
Deliverable/Service Degrading Defect
or
Priority 2 Defect
|
Defined as a Defect that:
• Prevents function of the Deliverable or Service from being used with no work-around;
• May present itself to many Client end users of the Service; or
• Significantly diminishes usefulness, usability, or value of the Deliverable or Service.
|3
|
Inconvenience Defect
or
Priority 3 Defect
|
Defined as a Defect that:
• Creates an inconvenience to the Client end user, but does not degrade the ability to complete a data transaction or use of a particular Service or Deliverable.
|4
|
Low Severity Defect
or
Priority 4 Defect
|
Defined as a Defect that:
• Is a non-Service affecting Defect such as a misaligned image on the screen, bad screen formatting with a specific application, perceived font incident, etc.
The priority of a Defect refers to how it ranks on the following variables:
***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 20
***
5.9 TEAM PRODUCTIVITY
GlobalLogic team productivity is measured in terms of the utilization of GlobalLogic resources to perform the Services. These may be Services delivered internal to Client or Services which are customer focused. Billable utilization is defined as the time a GlobalLogic resource spends on performing the Services. GlobalLogic will provide weekly reports detailing the resource utilization for all onsite and offshore Services.
Table 5.9 – GlobalLogic Team Productivity
|
SLA
|
Significantly Below
|
Below Expected
|
At Expected
Service Level
|
Above Expected
|
Significantly Above
|
GlobalLogic team Productivity
|***
|***
|***
|***
|***
Section 6
Table 6.1 below designates the SLAs for which Service Level Credits or SLA Incentives may be incurred or achieved.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 21
|
SLA
|
Significantly
Service
Level
|
Below
Expected
Level
|
At
Expected
Level
|
Above
Expected
Level
|
Significantly
Service
Level
|
Allocation
of Pool
250% Pool
|
Service Level
Weighting
Factor
|2
|1
|0
|1
|2
|Response Time: Depending Upon Priority 1-4
|In accordance with Section 5.1
|In accordance with Section 5.1
|In accordance with Section 5.1
|In accordance with Section 5.1
|In accordance with Section 5.1
|***
|RestoreTime: Depending Upon Priority 1-4
|In accordance with Section 5.2
|In accordance with Section 5.2
|In accordance with Section 5.2
|In accordance with Section 5.2
|In accordance with Section 5.2
|***
|Resolution Time: Depending Upon Priority 1-4
|In accordance with Section 5.3
|In accordance with Section 5.3
|In accordance with Section 5.3
|In accordance with Section 5.3
|In accordance with Section 5.3
|***
|Recruiting Effectiveness
|In accordance with Section 5.4
|In accordance with Section 5.4
|In accordance with Section 5.4
|In accordance with Section 5.4
|In accordance with Section 5.4
|***
|Staff Attrition – Ukraine, India combined
|In accordance with Section 5.5
|In accordance with Section 5.5
|In accordance with Section 5.5
|In accordance with Section 5.5
|In accordance with Section 5.5
|***
|Training Effectiveness
|In accordance with Section 5.6
|In accordance with Section 5.6
|In accordance with Section 5.6
|In accordance with Section 5.6
|In accordance with Section 5.6
|***
|Schedule Accuracy (On-time delivery)
|In accordance with Section 5.7
|In accordance with Section 5.7
|In accordance with Section 5.7
|In accordance with Section 5.7
|In accordance with Section 5.7
|***
|Schedule Deviation
|In accordance with Section 5.7
|In accordance with Section 5.7
|In accordance with Section 5.7
|In accordance with Section 5.7
|In accordance with Section 5.7
|***
|
Deliverable Quality
(Prior to launch and per Section 5.8:)
|In accordance with Section 5.8
|In accordance with Section 5.8
|In accordance with Section 5.8
|In accordance with Section 5.8
|In accordance with Section 5.8
|***
|Team Productivity
|In accordance with Section 5.9
|In accordance with Section 5.9
|In accordance with Section 5.9
|In accordance with Section 5.9
|In accordance with Section 5.9
|***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 22
***
Section 7
Client and GlobalLogic have agreed upon enforcing established SLA performance targets as well as Service Level Credits and earn back of Service Level Credits. The goal is for GlobalLogic to reach mutually agreed upon SLA targets, while meeting a high standard required of Client’s customers consistently month over month. The SLA performance targets can be modified as the Client’s business changes or if GlobalLogic is consistently exceeding SLA targets. The following are the mechanisms to calculate Service Level Credits, Service Level Incentives, and Earn Backs.
Subject to Section 4.1(c) (Honeymoon Period), for each Service Level Failure of a SLA listed in Table 6.1 of Section 6 above, GlobalLogic shall incur Service Level Credits that will be computed in accordance with Subsection a) below.
a) Service Level Credits
|i)
|For each month, there is a maximum at risk amount of *** for that month (“At Risk Amount”).
Subject to Section 7(d) below, for each Service Level Failure of a SLA listed in Table 6.1 of Section 6 above within the Reporting Period, Global Logic shall incur Service Level credits that will be computed in accordance with the following formula (“Service Level Credit”):
***
|ii)
|SLAs are weighted based upon the importance of the SLA to Client as outline in Section 6. Service Levels are weighted depending upon how much GlobalLogic’s performance deviates from “Expected Service Levels”.
b) Earn Back Calculation
|i)
|Subject to Section 4.1(c) (Honeymoon Period) and in the event any Service Level Credits are assessed for an individual SLA, GlobalLogic will have an opportunity to earn back the Service Level Credits for such SLA, if the “At Expected Service Level” performance level for such SLA is consistently satisfied for the designated number of consecutive months set forth in Subsections 1 and 2 below (“Earn Back Period”). GlobalLogic will not be able to earn back the Service Level Credit for a particular Service Level that GlobalLogic incurred a Service Level Failure until the applicable Earn Back Period for such SLA has successfully passed as noted in Sections 7(b)(i)(1) and (2) below.
***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 23
***
c) Service Level Incentive
|i)
|Subject to Section 4.1(c) (Honeymoon Period), and if, for any SLA in Table 6.1 above, GlobalLogic meets the “Above Expected Service Level” or “Significantly Above Service Level” performance level within the Reporting Period (e.g. monthly) for such SLA, it will earn an incentive amount that will be computed in accordance with the following formula (“Service Level Incentive”):
***
|ii)
|GlobalLogic will not earn a Service Level Incentive with respect to any particular Service Level during any applicable Earn Back Period following a Service Level Default for such Service Level as set forth in Sections 7(b)(i)(1) and (2) above.
|iii)
|Subject to Section 7(d) below, GlobalLogic may credit any Service Level Incentive amount earned by GlobalLogic against any Service Level Credit incurred by GlobalLogic during the Term of the Agreement.
d) Service Level Credit Reconciliation
|i)
|Subject to Section 4.1(c) (Honeymoon Period) and at the end of each calendar quarter, the Service Level Credits, Earn Back or Service Level Incentives, if any, for each SLA will be calculated by GlobalLogic in accordance with Sections 7(a) to (c) above.
|ii)
|A) Subject to Section 9.3.3 of the Agreement and upon the anniversary of the Effective Date, Service Level Credits earned by Client for the immediately preceding calendar quarter will be totaled and any applicable Earn Back or Service Level Incentive amounts earned during such calendar quarter will be credited against such total Service Level Credit amount. The foregoing adjustment shall be complete within thirty (30) days after the end of such calendar quarter.
B) Following the adjustment in Section 7(d)(ii)(A) above, the resulting balance of any Service Level Credit amounts will be set off against the next month’s invoice (i.e. the invoice issued immediately following such adjustment).
C) Subject to Section 9.3.3 of the Agreement and if following the adjustment in Subsection 7(d)(ii)(A) above, any remaining Service Level Incentives or Earn Back amounts are not applied against any accrued Service Level Credits, such Service Level Incentives or Earn Back amounts will be rolled over to the following calendar quarter.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 24
|iii)
|For the avoidance of doubt, at no time shall Client be obligated to pay an Earn Back or Service Level Incentive amount to GlobalLogic. Earn Backs and Service Level Incentives can only be applied against an accrued Service Level Credit.
|iv)
|The Parties acknowledge and agree than an Earn Back, Service Level Incentive, and Service Level Credits are good faith estimates of the harm caused to Client as a result of a Service Level Failure and the Service Level Credits, Service Level Incentive, and Earn Back shall not constitute liquidated damages or penalty for the corresponding failure to perform, and Client shall be free to pursue any and all remedies available under the Agreement or at law or equity with respect thereto.
Section 8
8.1 OPERATIONAL ENVIRONMENT
GlobalLogic’s security protections depends on the operational security controls associated with GlobalLogic’s pertinent processes and procedures. Pertinent means having a business impact on Client under this Agreement and having a strong bearing on (a) the confidentiality, integrity, and availability of Client and its customers’ data as well as (b) the availability and integrity of Client’s Service. GlobalLogic will meet the following security requirements:
|i)
|Include in GlobalLogic’s Security Program, documented Configuration and Change Management, Vulnerability Management, Security Monitoring, Incident Response, Data Handling, Access Management, Virus Management, Key Management, Patch Management processes and Physical security. The aforementioned security assessment should include each of these areas. GlobalLogic shall provide reasonable details of the measures it is taking in each of these areas, including, but not limited to, a detailed security policy; an overview of the supporting operational processes; attesting to the use of current documented methods and compliance to internal policy.
|ii)
|GlobalLogic will provide a liaison who will work with Client on matters of security compliance and risk management.
|iii)
|Establish and maintain a documented escalation process for security incident response, including procedures for engaging Client in the event of a security incident related to the system or the applications resident on it.
|iv)
|GlobalLogic may be asked to comply with some or all of the standards defined in the Client ISO A.5 Information Security Policy document and to participate in internal security processes such as security awareness training, application development, and vulnerability management. The standards and processes specific to the engagement will be provided by Client.
|v)
|Back-up of Code, documentation, and Client Work Product: ***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 25
8.2 NETWORK CONNECTIVITY
During the Term of the Agreement, GlobalLogic and Client may decide that it is mutually beneficial to establish network connectivity between their two companies. Such connections must only be used for their expressed business purpose.
If the connection is to be used by individual employees or agents of GlobalLogic, GlobalLogic will notify Client whenever any such employees or authorized agents of GlobalLogic terminate employment. Additionally, if access to Client assets is no longer a business requirement for access, GlobalLogic will notify Client in a timely manner of the same.
GlobalLogic shall notify Client in writing upon a change in the user base for the work performed over the network connection or whenever a change in the connection and/or functionality requirements of the network connection is necessary.
Client reserves the right to monitor all activity over such connections to ensure appropriate use. GlobalLogic may be required to install a Client vulnerability scanner on any network(s) dedicated to supporting this engagement which will connect to Client.
GlobalLogic will be required to provide network separation between those resources supporting this engagement and those supporting other clients. Additionally, workstations and laptops must be configured to meet specific security standards defined by Client.
Section A
The following Escalation tables are to be used as templates for the attachments to this document. Both Client and GlobalLogic will exchange this contact information. Each Part will keep this data accurate and up to date for all purposes.
Table A1 – Escalation Core Group Contact Data – For Portal Services Teams
|
Escalation Level
|
Response Time
|
Contact Name and Title
|
Contact
Number After
Hours
|
Priority 1
|Within *** notification of incident. Updates required via email every *** until incident is resolved
|See attached document
|See attached document
|
Priority 2
|*** notification if no satisfaction and or resolution.
|See attached document
|See attached document
|
Priority 3
|Within *** of notification
|See attached document
|See attached document
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 26
Table A2– Escalation Core Group Contact Data – For Search Teams
|
Escalation Level
|
Response Time
|
Contact Name and Title
|
Contact
Number After
Hours
|
Priority 1
|*** notification of incident. Updates required via email every *** until incident is resolved
|See attached document
|See attached document
|
Priority 2
|*** after notification if no satisfaction and or resolution.
|See attached document
|See attached document
|
Priority 3
|Within *** of notification
|See attached document
|See attached document
Table A3– Escalation Core Group Contact Data – For Storefront
|
Escalation Level
|
Response Time
|
Contact Name and Title
|
Contact
Number After
Hours
|
Priority 1
|Within *** of notification of incident. Updates required via email every *** until incident is resolved
|See attached document
|See attached document
|
Priority 2
|*** after notification if no satisfaction and or resolution.
|See attached document
|See attached document
|
Priority 3
|Within *** of notification
|See attached document
|See attached document
Section B
Reporting Schedule
Reports regarding individual projects and Services, as well as the overall engagement are expected from GlobalLogic at regular intervals.
Each week, unless otherwise agreed upon, GlobalLogic will provide Client with a “Weekly Project Status Report” indicating the overall progress and success of the GlobalLogic offshore teams are engaged in. The audience for this report will be all active Client stakeholders of all current projects and Services.
This report should contain the following information:
|•
|
Summary information on all projects including:
***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
PAGE 27
Each month, GlobalLogic will provide Client with a “Monthly Service Level Report” indicating the Service performance against the SLAs for the Services provided during previous month. This report will contain performance reporting for the SLAs listed in Section 5. The audience for this report will include the senior staff at Client such as department heads.
GlobalLogic shall supply the Monthly Service Level Report no later than the tenth (10th) business day of each month for the SLA performance reporting of the immediately preceding month.
The Monthly Service Level Report shall provide reasonable detail regarding GlobalLogic’s performance against the Service Level Metrics for each SLA.
Each quarter, GlobalLogic will provide Client with a “Quarterly Business Review Report” indicating the overall success of the engagement, the accomplishments from the prior quarter and the areas of improvement and focus needed for the next reporting period. The audience for this report will be the Client executives and should include an in-person presentation as well.
PAGE 28
EXHIBIT G
RATE SHEET
|Motricity Cost Plus Price Model
|
Team Ramp-up Plan
|Q1
|Q2
|Q3
|Q4
|Q5
|Q6
|Q7
|Q8
|Total
|
QTR ending head count
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|***
|
Billed person months
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|***
|
Ramp Investment FTE
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|*
|**
|US Costs
|
***
|
|*
|**
|
Item 3 in Exhibit D of the Agreement
|
|***
|*
|**
|
***
|
|*
|**
|
Exhibit A of the MSA
|
|***
|*
|**
|
***
|
|*
|**
|***
|*
|**
|
***
|
|*
|**
|***
|***
|*
|**
|
***
|
|*
|**
|***
|***
|*
|**
|
***
|
|Noida (India)
|Kharkiv (Ukraine)
|Kyiv (Ukraine)
|Mykolaiv (Ukraine)
|Monthly Overhead Per
Billed Resource
|
|1,420
|
|1,691
|
|1,849
|
|1,510
|
|
Designation/Seniority
|Typical Years
of
Experience
|Typical Team Composition
|Direct Cost
|Motricity Cost
Plus Price
|Direct Cost
|Motricity
Cost Plus
Price
|Direct Cost
|Motricity Cost
Plus Price
|Direct Cost
|Motricity
Cost Plus
Price
|Developer, Automated Testing, Performance Testing, Business Analyst/Product Management, Usability Expertise, Database Administrator/Programmer, Level 3 support. etc)
|
Engineer I
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
Engineer II
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
Lead Engineer I
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
Lead Engineer II
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
Engineering Manager
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
Solutions Architect
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|Tester, Technical Writer, UI Design, Level 1 & 2 Support
|
Analyst I
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
Analyst II
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
Lead Analyst I
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
Lead Analyst II
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|Durham (USA)
|Bellevue (USA)
|Noida
|Kyiv
|Mykolaiv
|Total
|769
|769
|—
|
Designation/Seniority
|Salary + Bonus
|Direct Cost
|Motricity Cost Plus Price
|Salary + Bonus
|Direct Cost
|Motricity Cost Plus Price
|Recommended Mix
|***
|***
|***
|***
|***
|***
|
Engineer I
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
Engineer II
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
Lead Engineer I
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
Lead Engineer II
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
Engineering Manager
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
Solutions Architect
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|***
|***
|***
|***
|***
|***
|
Analyst I
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
Analyst II
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
Lead Analyst I
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
Lead Analyst II
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
***
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
***
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
***
|***
|***
|***
|***
|***
|***
|*
|**
|*
|**
|*
|**
|*
|**
|
***
|***
|***
|***
|***
|***
|***
|
Monthly Rate/Person
|
|*
|**
|
***
|***
|***
|***
|***
|***
|***
|
Equivalent Hourly Rate
|
|*
|**
Notes and Other Terms
Bill Rate for a Resource will be calculated using = ***
Direct Compensation includes salary, bonus & commissions***
***
The above monthly rates only apply for***
The rates shown above for direct cost are***
***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
EXHIBIT H
GlobalLogic Standard Hardware and Software Configuration
Each Team Member in GlobalLogic is provided one desktop with the following specifications as standard equipment. Senior managers are entitled to a laptop as standard equipment. One extra server with server class configuration, (one for every five Team Members) will be provided by GlobalLogic to assist in development and testing without any extra charge. Additional hardware or software or IT support Services for the functioning of the hardware or software requested in the table at the end of this Exhibit must be mutually agreed to between the Parties in writing.
Standard Developer Desktop
***
Standard Laptop for Developer and Manager
***
Standard Server Configuration
***
Other software normally installed on user machines include:
***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
ADDITIONAL CHARGES TABLE:
|
Category
|
Description
|
Charges
|
Communication
|***
|***
|
***
|***
|***
|
***
|***
|***
|
Capital Equipment
|***
|***
|
***
|***
|***
|
***
|***
|***
|
***
|***
|***
For the communication and capital equipment set forth in the “Additional Charges Table” above that is not listed as “included in the base offshore rate” or “at no additional cost”, GlobalLogic will notify Client in writing that such equipment is needed and the cost of procuring such equipment through GlobalLogic. Client will investigate as to whether such equipment can be procured at a lower price from a third party supplier. If Client, elects to obtain such equipment from a third party supplier, then GlobalLogic shall not charge Client for the provision of such equipment. Any amendments to this Exhibit H will be mutually agreed to between the Parties in writing.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
EXHIBIT I
Service Locations
B-34/1, Sector 59,
Noida 201301 (U.P)
India
Harihar Nagar, Besa,
Nagpur, 441108
India
(Noida satellite)
25 Nikolskaya St.
Mykolaiv, 54030
Ukraine
(Kyiv satellite)
Bozhenko 86D,
Kyiv, 03150
Ukraine
8605 Westwood Center Drive, Suite 401
Vienna, VA 22182
Phone: (+1) 703.847.5900
Fax: (+1) 703.847.5901
(GlobalLogic headquarters and also location of GlobalLogic on-shore mobile testing lab should it be needed)
EXHIBIT J
Transition Methodology
|
Name
|
End Date
|Offshore
Resource?
|Offshore
Start Date
|Transition
(Days)
|Onshore-
offshore Rate
|Duration On-
shore
|Total Per
Diem
|
***
|
***
|***
|***
|***
|***
|***
|***
|****
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|
***
|***
|***
|***
|***
|***
|***
|***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
EXHIBIT K
Policies and Procedures
Attached herein are the Policies and Procedures.
GLOBALLOGIC INFORMATION AND
SECURITY MANAGEMENT – CURRENT
STATUS
Submitted to
By
Version : 1.0
DOCUMENT CONTROL
|Reference No
|Response to request for information for offshore product development outsourcing.
|Security Classification
|Confidential
|Author
|***
|Reviewed By
|Approved By
|Distribution List
|Intended Users
|Last Reviewed Date
|Document Creation Date
|August 27, 2008
|Document Last Updated
|August 27, 2008
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
CONFIDENTIAL INFORMATION
This document and the information contained herein are confidential to and the property of GlobalLogic. Unauthorized access, copying and replication are prohibited. This document must not be copied in whole or part by any means, for any purpose. If a contract is awarded to GlobalLogic as a result of or in connection with the submission of this data, the client or prospective client shall have the right to duplicate, use, or disclose this data to the extent provided in the contract. This restriction does not limit the client’s or prospective client’s right to use the information contained in the data if it is obtained from another source without restriction. The data subject to this restriction is contained in all marked sheets.
TABLE OF CONTENTS
|1
|Executive Summary
|1
|2
|About globallogic
|1
|3
|Response to queries
|3
|3.1
|Security assurance and compliance
|3
|3.2
|Platform hardening and patching
|8
|3.3
|Segregation of Motricity Data and Assets
|9
|3.4
|Remote Access
|9
|3.5
|Malware controls
|10
|3.6
|Vulnerability scanning
|11
|3.7
|Intrusion detection and security monitoring
|11
|3.8
|Incident response
|11
|3.9
|data management
|12
|3.10
|Key management
|12
|3.11
|Administrative controls
|12
|3.12
|Protection of motricity assets
|15
|3.13
|Physical security
|15
|4
|Appendix
|17
|4.1
|GlobalLogic information security management system PPT
|17
|4.2
|application security checklist
|17
|4.3
|Windows software update policy
|18
|4.4
|VPN Access policy
|18
|4.5
|VLAN POLICY
|18
|4.6
|Exit Policy and clearance form
|18
|4.7
|Clearance form
|18
|4.8
|Remote Administration policy
|19
|4.9
|Antivirus-antispyware policy
|19
|4.10
|IDS/IPS management policy
|19
|4.11
|Incident management policy
|19
|4.12
|Data backup policy
|19
|4.13
|Cryptography key management policy
|20
|4.14
|nda AGREEMENT TEMPLATE
|20
|4.15
|Security manual for india
|20
|4.16
|Physical access policy for ukraine
|20
|4.17
|Reference checklist
|20
|4.18
|Security bootcamp PPT
|21
|4.19
|Information exchange policy
|21
|1
|EXECUTIVE SUMMARY
This document presents GlobalLogic’s preparedness on information and security related topics. Motricity is in the process of collecting data from all its existing and future potential partners in this consistent manner (as outlined in the spreadsheet) to help them better evaluate and communicate with all. This data may be used to evaluate the potential partners to establish an outsourced Offshore Development Center (ODC), which will be responsible for development, testing, and on-going maintenance of all or part of the Motricity’s various product lines and systems.
Motricity is in the process of evaluating the potential partners who can value add both in terms of cost savings and quality of service in its IT initiatives.
In general the objectives in creating an outsourced ODC are:
|1.
|To create stable teams that can and will contribute to the development of the Partner’s service through technical innovation;
|2.
|To leverage the supplier’s knowledge, systems, and processes that enable them to create quality products in a repeatable, systematized fashion;
|3.
|To retain teams of highly qualified and experienced engineers at effective cost;
|4.
|To gain access to a large pool of highly qualified and trained talent.
|2
|ABOUT GLOBALLOGIC
The leader in global product development, GlobalLogic, Inc. partners with start-up, emerging, and established technology companies to help them bring great software products to market in less time and at less cost. GlobalLogic has developed a unique model of partnering with technology companies to create a dedicated global delivery center. By leveraging GlobalLogic’s global facilities and world-class engineers, companies can increase quality while dramatically reducing timelines and operating costs.
Through the GlobalLogic Velocity™ method and platform, the company is also a pioneer in distributed Agile methods and open source platform. These tools and methodologies shorten product development cycles while ensuring that the right features are implemented on time, every time. GlobalLogic has completed more than 800 major product releases, including 300 in the last 12 months with a better than 95 percent on-time delivery record.
Mission
GlobalLogic’s mission is to partner with the world’s emerging software leaders to help them bring great products to market in less time and at less cost.
GlobalLogic provides complete design, engineering and maintenance services that are vertically integrated with component capabilities to optimize its customer’s operations and time to market.
Global Presence
GlobalLogic is headquartered in the Washington DC area with growing development centers in India, Ukraine, China, and the US and nearly 3000 professionals worldwide.
The company has set out to address the growing commercial software business needs to reduce the time and expense required to develop and maintain increasingly complex software solutions. GlobalLogic is
1
defining the future of commercial grade dual-shore applications development and services through a combination of its proven methodology, high caliber engineers, unparalleled quality and a commitment to complete customer satisfaction.
Dedicated Global Delivery Centers
GlobalLogic has developed a unique model of Partnering with companies to create a dedicated global delivery center. By leveraging its global facilities and world-class engineers, a partnership with GlobalLogic increases quality while dramatically reducing timelines and operating costs.
GlobalLogic is a pioneer in distributed Agile methods that shorten product cycles while ensuring that the right capabilities are implemented.
Active Partnerships
Today, GlobalLogic has active Partnerships with over *** software product companies in a wide range of markets, including ***.
Recent Recognitions
|v
|InfoWorld Award Winner for Agile Innovation
|v
|Global Services 100 – recognized for Leadership, Innovation, and Outstanding Performance
|v
|Inc.500 – ranked 91st in 2006, 5th in Software Sector
|v
|Deloitte & Touche Fast 50 – Ranked #1 as the fastest growing firm in Maryland, Virginia, and DC for the 5 year period thru 2006
|Industry
|Commercial Grade, Dual Shore Development Services
|AUDITOR
|Price Waterhouse Coopers
|LAW FIRM
|Cooley Godard Kronish, LLP
|OUTSIDE INVESTORS
|New Atlantic Ventures (part of the DFJ network), Sequoia Capital, New Enterprise Associates (NEA)
|GLOBAL PRESENCE
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
2
|3
|RESPONSE TO QUERIES
|3.1
|SECURITY ASSURANCE AND COMPLIANCE
|1.
|Will you provide a liaison to work with Motricity on matters of security compliance and risk management?
Yes, we will provide a liaison on the matters of security compliance and risk management.
|2.
|Has your company arranged to have a third-party audit performed on its operational security controls (i.e., its day-to-day security practices)? Have you arranged to have a third-party audit of the technical security controls supporting the application development environment (e.g., firewall, platform hardening, remote administration, physical security)? Was this a SAS70 audit, and, if so, what were the assertions? What were the audit results? Please attach your latest SAS70 results to your reply.
***, we have engaged a third party security consultant to carry out audits. The consultant is a certified and experienced security specialist selected from the best in the Industry. *** an audit scope and plan which we can share with you later if required.
*** This auditing will be done by the consultant who is helping us to implement this framework. *** We will choose and engage with the certification body in the fifth month of our project plan (there is no point engaging with them at this stage).
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
3
After completing our implementation in ***, we will have to generate log sheets which will be audited by the certification body. Keeping this requirement and availability of auditors from the selected certification body, we foresee the final certification achieved in ***.
***, we are working on getting the directions and approvals. A team in US is in the process of engaging an external party.
***
Please refer to the section 4.1 in the Appendix for a detailed PPT on our Information security assessment policy and procedures.
|3.
|Are you certified as ISO 27001 compliant?
We have very strong and effective security controls within our organization. *** We can share our project plan if desired.
Please refer to the section 4.1 in the Appendix for a detailed PPT on our Information security assessment policy and procedures.
|4.
|Are audits of technical and operational security controls conducted periodically? If so, at what frequency?
We do conduct regular assessments of control effectiveness within our organization. The effectiveness assessment is conducted by senior security experts within our organization. The frequency is not fixed but at least *** is definitely done. These assessors are currently not a part of a formal panel of auditors. We in the process of creating a formal auditing system with the help of an external consultant.
Please refer to the section 4.1 in the Appendix for a detailed PPT on our Information security assessment policy and procedures.
|5.
|What assurance is performed on the application code to eliminate or mitigate the threat of implementation flaws such as buffer overflows, cross-site scripting, and input manipulation attacks?
Overall we apply TDD (Test driven design) approach besides code inspection, manual (code review) and extensive usage of code analyzers to ensure high quality of deliverables leading to substantial reduction of security flaws caused by programmer’s errors. In majority of cases we follow either customer proprietary coding standards or the standard best practices which are prevalent for a particular platform or technology.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
4
The core approach that is used to track code safety is extensive utilization of code analysis tools. Along with Agile software development practices, code analysis is the fastest mean to catch potential vulnerability issues within the developed code. Based on software target market (embedded software for various devices and equipments, mission-critical software, hard-to-test software, quality-sensitive software), different management techniques and tools are used.
Enterprise static code analysis software provides development and management teams with variety of reports and checklists to focus on specific security issues in product development.
Some of the ways in which we counter specific issues listed above are as under:
|•
|
Buffer Overflows: Buffer overflow vulnerabilities can lead to denial of service attacks or code injection. A denial of service attack causes a process crash; code injection alters the program execution address to run an attacker’s injected code. ***
|•
|
Cross Site Scripting (XSS): An XSS attack can cause arbitrary code to run in a user’s browser while the browser is connected to a trusted Web site. The attack targets your application’s users and not the application itself, but it uses your application as the vehicle for the attack. The following countermeasures are used: ***.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
5
|•
|
***
|•
|
SQL Injection: A SQL injection attack exploits vulnerabilities in input validation to run arbitrary commands in the database. It can occur when your application uses input to construct dynamic SQL statements to access the database. It can also occur if your code uses stored procedures that are passed strings that contain unfiltered user input. The following countermeasures are used:
|•
|
***
|•
|
***
|•
|
***
|•
|
Canonicalization: Different forms of input that resolve to the same standard name (the canonical name), is referred to as canonicalization. Code is particularly susceptible to canonicalization issues if it makes security decisions based on the name of a resource that is passed to the program as input. Files, paths, and URLs are resource types that are vulnerable to canonicalization because in each case there are many different ways to represent the same name. The following counter measures are used:
|•
|
***
|•
|
***
|•
|
***
|•
|
Input manipulation: Since every secured service operation is intercepted by security layer
|•
|
***
|•
|
***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
6
|•
|
***
|•
|
Parameter Validation: ***
|•
|
***
|•
|
***
|•
|
***
Since we are into offshore product development, we strongly believe in automation up to its maximum potential. Some of the tools on which we have expertise are:
|•
|
HP DevInspect:
It is a tool to find and fix security defects in application right from the application development time throughout the life cycle of application. It can be installed on developer’s system and can be used as Eclipse Plugin. It uses techniques like source code inspection and black box testing to indentify security defects in web services & applications.
|•
|
HP WebInsepct:
It finds security vulnerabilities in Web 2.0 technologies like AJAX & JavaScript.Both the above tools are used to early identify security flaws and fix them.
Qualys appliance:
This is an Audit and Vulnerability Management Product that is used to manage vulnerabilities and achieve compliance. This is on demand service which helps companies to quickly and cost-effectively meet compliance with Section 404 of Sarbanes-Oxley* by providing SOX-specific reports to measure, reduce and document ongoing efforts to safeguard electronic systems and data. It makes sure that data and financial reports are secure and processes are fully maintained so that there is no risk of scandals and security lapses.
*SOX (Sarbanes-Oxley Act):
This is basically a United States federal law that helps protect investors from scandals in security (capital) market. Law defines a set of standards to be followed by public company boards, management, and public accounting firms. Being SOX Compliant means the person/body follows those standards. There are governing bodies in US to check & execute these standards.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
7
|6.
|How many of your application programmers are certified as having demonstrated mastery of the security knowledge and skills needed to deal with the common programming errors that lead to most security problems *** Please identify the specific certifications.
We are a company which is dealing with over *** active partners and we do understand that IP protection and application security is of paramount importance to our partners. Application Security is something which is fine-grained into our delivery model and we have the necessary tools, hardware and training infrastructure to ensure that any new and existing applications do not have security flaws. We are well equipped to handle all the aspects of Java application security. The application securities checks are informally built in into our development process and we are working towards making it a part of our audit process.
Some of our capabilities are as under:
|•
|
***
|•
|
***
|•
|
***
|•
|
***
|•
|
***
|•
|
***
|•
|
***
|•
|
***
Just to elaborate, we have a substantial percentage of our team Java certified and handling the security aspects in the Java applications on a regular basis. We can ramp up a team of resources certified on security aspects at a very short notice as we have all the desired skills and infrastructure internally available.
A detailed snapshot of a security checklist which depicts the areas which are taken care of across our projects is attached in Appendix 4.2.
|3.2
|PLATFORM HARDENING AND PATCHING
|7.
|Describe how you keep the patch levels of the operating system up-to-date and consistently applied. What is your process for assessing and applying emergency patches for serious security vulnerabilities? What tools do you use for patch management on servers and network devices?
We use *** as a tool to keep our workstations and servers updated with latest critical and security patches. The workstations are configured to automatically download and install updates from ***. The servers are configured to download all the patches and inform administrator about availability of the new patches. The Administrator then runs testing of the new patches on test servers. In case any issues are found, the patches are rolled back. ***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
8
Please refer to section 4.3 of Appendix for the windows software update policy.
|3.3
|SEGREGATION OF MOTRICITY DATA AND ASSETS
|8.
|Explain how and the degree to which the Motricity application development environment and Motricity data will be segregated from those of other customers. Consider in your answer network access, web servers, application servers, databases, backup and storage, and management infrastructure.
GlobalLogic has a structured system for segregation of the Project environments of our Customers. The development servers, testing servers, Code Repository servers and development workstations are deployed on ***
Please refer to Section 4.5 of Appendix for our VLAN Policy.
|3.4
|REMOTE ACCESS
|9.
|Do you have written procedures for authorizing, controlling, and auditing remote administrative access to your computing environment?
Remote access to Corporate Network is provided through the ***. For administrators in specific, such an access is provided via ***. The administrators having remote access are ***.
Please refer to Section 4.4 of Appendix for our VPN access policy.
|10.
|If support services require remote access, how can Motricity be assured of timely notification when one of your employees leaves the company or transfers to a new job function?
From the HR side, We have a well-defined exit process which starts with the resignation by the employee. Immediate manager and People Partner looks at the reasons for employee’s resignation and aim at retention of the employee. In case the retention attempts do not work, information about the employee’s relieving date is ***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
9
Please refer to Section 4.6 and 4.7 of Appendix for our Exit Policy and Clearance Form respectively.
From the IT side, Remote Administration is revoked immediately on resignation of a support employee ***. If a decision to *** has been taken, the privileges will ***. These transactions are *** managed by ***. We can establish a process whereby ***.
Please refer to Section 4.8 of Appendix for our Remote administration policy.
|11.
|What anti-virus controls do you implement within your support environment and among your support staff? What controls prevent a virus infection or worm from spreading to Motricity?
We use *** security for *** with centralized auto updates. ***.
Please refer to Section 4.9 of Appendix for our Antivirus-Antispyware policy.
|3.5
|MALWARE CONTROLS
|12.
|What technical controls and operational procedures do you have in place for preventing, detecting, and responding to viruses and worms on the platforms storing Motricity data or supporting Motricity services?
We have *** deployed on all computers. The Antivirus server is configured to ***.
Please refer to Section 4.10 of Appendix for our IDS/IPS management policy.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
10
|3.6
|VULNERABILITY SCANNING
|13.
|Is vulnerability scanning of your development environments that will interface with Motricity a regular and ongoing process? Briefly describe the process, and provide the names of vulnerability testing tools used.
***. We are using *** as our IDS and IPS. Details about *** as a system is available on the link provided.
Please refer to Section 4.10 of Appendix for our IDS/IPS management policy.
|3.7
|INTRUSION DETECTION AND SECURITY MONITORING
|14.
|Describe how intrusion detection (prevention) will be employed to detect (respond to) attacks against hosted Motricity assets?
We are using *** as our IDS and IPS.
Please refer to Section 4.10 of Appendix for our IDS/IPS management policy.
|15.
|Is security monitoring a continuous process? Describe how it is handled operationally? How are alerts triaged and classified? How is monitoring tuned?
We follow PDCA cycle and continuously work on security improvement using various tools to monitor and get alerts to name few ***.
|3.8
|INCIDENT RESPONSE
|16.
|Describe your escalation process for security incident response. Describe your procedures for engaging Motricity in the event of a security incident. Do you have a documented incidence response procedure in place for worm/virus, DoS, and other security attack violations? How is this procedure/process invoked, and who responsible for managing the process? How often is this procedure reviewed?
IT team isolates the affected asset and starts working immediately on protecting the further spread of any attack as soon as its detection. ***
Please refer to Section 4.11 of Appendix for our incident management policy.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
11
|3.9
|DATA MANAGEMENT
|17.
|Do you have a data management policy/procedure in place that covers backups, recovery, restoration, off-site storage, and retention periods? Does the policy include media handling and logging procedures? How does the data management process ensure confidentiality by separating customer A’s data from that of customer B?
We take a full backup ***. We send our tapes offsite ***.
Please refer to Section 4.12 of Appendix for our data backup policy.
|3.10
|KEY MANAGEMENT
|18.
|Do you have policies and procedures for the management of cryptographic keys – e.g., their generation, handling, and the response to improper disclosure?
Yes, we have a proper procedure for management of cryptographic keys as well as their generating, handling and response to their improper disclosure.
Please refer to Section 4.13 of Appendix for our Cryptography key management policy.
|3.11
|ADMINISTRATIVE CONTROLS
|19.
|Will you use subcontractors to support this engagement in any way? If so, what controls do you have in place for ensuring background checks for these subcontractors?
We will manage this entire engagement using ***. We have a distributed setup with development centers ***
We believe that *** really brings many advantages like ***
|20.
|What kinds of background checks do you perform for your employees, especially those with privileged access to Motricity systems and data?
GlobalLogic has a very extensive process of selection which starts from a detailed screening of any prospective employee, comprehensive technical & behavioral interviews concluding with extensive background checks.
We perform at least ***. These *** are performed by ***.
The *** is done with at least one *** and the same is done ***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
12
Please refer to Section ***
In our endeavor to further strengthen this process*** If need be, we are today geared up to ***
To further strengthen the issue of misuse of data, we have an agreement of confidentiality and non disclosure drafted as a legal requirement which each employee is required to abide by to affirm his employment with GlobalLogic. We are extremely particular about this and take all the necessary steps to maintain client confidentiality.
All employees sign NDA. All employees having privileged access to systems and data ***
Please refer to Section 4.14 of Appendix for our NDA agreement template.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
13
|21.
|What training do employees receive before they are entrusted with the management of applications or systems hosted for Motricity? What types of security training do employees receive? What is the frequency of that training?
To ensure smooth transition of every new joinee into the GlobalLogic environment and equip him/her with requisite knowledge to perform his job effectively, we have a rigorous induction program known as the ‘Boot Camp’. As a part of the Boot camp, there are sessions conducted by various department representatives highlighting the major policies & processes in their area of working.
The boot camp includes a detailed session with the IT team whereby IT infrastructure and security policies are shared with the new comers. Strong emphasis is made on security *** This session also includes ***
At the level of every project, the managers / leads also do a project specific training and project induction to ensure that the individual is brought up-to-date with the specific aspects of the client requirements and expectations vis-à-vis the security issues.
Information about major security aspects is shared on the day of joining. Formal boot camps sessions are organized on a fortnightly basis and / or depending upon the number of joinees, this frequency may be higher or lower.
Each employee passes company “Boot camp” training and project specific trainings. Information Security Training is delivered as a separate module. We use internal experts as well as invite external experts to deliver security trainings. These trainings include:
|•
|
***
|•
|
***
|•
|
***
|•
|
***
Please refer to Section 4.18 of Appendix for security boot camp PPT.
|22.
|Describe the experience, certifications (if any) and number of full-time security staff your company employs, including the number 100% dedicated to security.
We have *** people who have participated in security training programs conducted by external specialists and are working towards getting certified. *** These trained employees
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
14
also take regular guidance from external consultants and security portals such as www.windowssecurity.com, http://sectools.org and http://www.owasp.org. We use *** as an internal platform to collaborate knowledge and ideas on technical/process/people aspects including Information Security.
|3.12
|PROTECTION OF MOTRICITY ASSETS
|23.
|Does the vendor maintain Internet or extranet websites or FTP sites to share Motricity data or analysis with authorized Motricity employees? If so, how are these sites secured? Do they use secure, encrypted protocols for transferring proprietary data? Are they regularly patched against vulnerabilities, especially those that could lead to the remote exploit of the server? Are they configuration hardened? Does the configuration have a documented design?
We utilize proven and secured methods to exchange information with customers. All of methods ensure encrypted information flow. These methods are:
|•
|
***
|•
|
***
|•
|
***
|•
|
***
|•
|
***
Please refer to Section 4.19 of Appendix for our information exchange policy.
|3.13
|PHYSICAL SECURITY
|24.
|What physical security measures are employed at the sites where application development work will occur (corporate work areas, data centers)? ***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
15
Following are physical security measures at multiple locations where application development work will occur:
Noida:
|•
|
***
|•
|
***
|•
|
***
|•
|
***
|•
|
***
Pune
|•
|
***
|•
|
***
|•
|
***
|•
|
***
|•
|
***
|•
|
***
Nagpur
|•
|
***
|•
|
***
Ukraine
All the employees have ***
|25.
|What access control system is being used?
|•
|
Noida: ***
|•
|
Pune: ***
|•
|
Nagpur: ***
|•
|
Ukraine: ***
|26.
|Is there manned security at the entrance to the building?
|•
|
Noida: ***
|•
|
Pune: ***
|•
|
Nagpur: ***
|•
|
Ukraine: ***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
16
|27.
|Do you respond to intrusion alarms? Can we forward you the alarms from our system?
Noida: ***
Ukraine: ***
|28.
|Does your company have written procedures for authorizing, controlling, and auditing physical access to its facilities and equipment room?
|•
|
Please refer to Section 4.15 of Appendix for our security policy document for India centric locations.
|•
|
Please refer to Section 4.16 of Appendix for our physical access policy document for Ukraine centric locations.
|4
|APPENDIX
|4.1
|GLOBALLOGIC INFORMATION SECURITY MANAGEMENT SYSTEM PPT
*** [Embedded document redacted]
|4.2
|APPLICATION SECURITY CHECKLIST
*** [Embedded document redacted]
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
17
|4.3
|WINDOWS SOFTWARE UPDATE POLICY
*** [Embedded document redacted]
|4.4
|VPN ACCESS POLICY
*** [Embedded document redacted]
|4.5
|VLAN POLICY
*** [Embedded document redacted]
|4.6
|EXIT POLICY AND CLEARANCE FORM
*** [Embedded document redacted]
|4.7
|CLEARANCE FORM
*** [Embedded document redacted]
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
18
|4.8
|REMOTE ADMINISTRATION POLICY
*** [Embedded document redacted]
|4.9
|ANTIVIRUS-ANTISPYWARE POLICY
*** [Embedded document redacted]
|4.10
|IDS/IPS MANAGEMENT POLICY
*** [Embedded document redacted]
|4.11
|INCIDENT MANAGEMENT POLICY
*** [Embedded document redacted]
|4.12
|DATA BACKUP POLICY
*** [Embedded document redacted]
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
19
|4.13
|CRYPTOGRAPHY KEY MANAGEMENT POLICY
*** [Embedded document redacted]
|4.14
|NDA AGREEMENT TEMPLATE
*** [Embedded document redacted]
|4.15
|SECURITY MANUAL FOR INDIA
*** [Embedded document redacted]
|4.16
|PHYSICAL ACCESS POLICY FOR UKRAINE
*** [Embedded document redacted]
|4.17
|REFERENCE CHECKLIST
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
20
*** [Embedded document redacted]
|4.18
|SECURITY BOOTCAMP PPT
*** [Embedded document redacted]
|4.19
|INFORMATION EXCHANGE POLICY
*** [Embedded document redacted]
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
21
Motricity
Building Security Policies
Version 2.0
Security Level: External
Proprietary & Confidential Data:
Information in this document is for use by Motricity, its employees, contractors, supplier, and customers under license only.
Contents
|
Access Cards
|1
|
Visitors
|1
The following is an overview of the building and office security policies for Motricity. All employees, contractors, suppliers, and visitors are expected to follow these policies.
ACCESS CARDS
|•
|
***
|•
|
***
|•
|
***
|•
|
***
|•
|
***
|•
|
***
VISITORS
If you expect or arrange for a visitor to see you, please instruct them to go to the 9th floor reception lobby and sign-in with the receptionist. You will receive an email notification when they arrive.
If an access card was not brought to work, the following process should be followed:
|1.
|***
|2.
|***
|3.
|***
|4.
|***
|5.
|***
***If your access card was lost or is not functioning, please call ***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
Motricity
Building Security Policies
Version 2.0
Security Level: External
Proprietary & Confidential Data:
Information in this document is for use by Motricity, its employees, contractors, supplier, and customers under license only.
***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
|Motricity
|GlobalLogic
EXHIBIT L
CHANGE CONTROL PROCEDURES
1. OVERVIEW
1.1 General This Exhibit describes the process and procedures to be followed by Client and GlobalLogic when either Party wishes to make a Change (the “Change Control Procedures”). The Parties may, by joint agreement, amend or waive any part of the Change Control Procedures in writing including, but not limited to, where the Parties agree that shorter or longer time frames are more appropriate.
1.2 Definitions.
(a) “Change” means any change with respect to the terms of the Agreement, including without limitation, changes to the Services, Fees, Service Levels or the Parties’ other obligations under the Agreement.
(b) “Change Control Procedures” has the meaning given in Section 0 above.
(c) “Change Proposal” has the meaning given in Section (c) below.
(d) “Change Order” has the meaning given in Section 1.2 of the Agreement.
(e) “Change Request” has the meaning given in Section (a) below.
(f) “Mandatory Change” has the meaning set forth in Section 0 below.
(g) “New Service” means any new service or other service outside the scope of the Services requested by Client: (1) that is in addition to and materially different from the Services; (2) that require materially different levels of effort or resources from GlobalLogic; (3) for which there is no current charging methodology; and (4) that is part of GlobalLogic’s general commercial offering.
1.3 Objectives. The objectives of the Change Control Procedures are as follows:
(a) To review each request for a Change (a “Change Request”) to determine whether such Change is appropriate;
(b) To determine whether a Change is within the scope of the Services or constitutes a New Service or is considered to be a change to the in-scope Services without constituting a change in the scope;
(c) To prepare a more detailed proposal to implement a Change Request (such proposal, a “Change Proposal”);
(d) To prioritize all Change Requests and Change Proposals;
-2-
|Motricity
|GlobalLogic
(e) To minimize the risk of exceeding both time and cost estimates, if any, associated with the requested Change by identifying, documenting, quantifying, controlling, managing and communicating: (i) Change Requests, (ii) the preparation of Change Proposals, and (iii) their disposition;
(f) To identify the different roles, responsibilities and actions that will be assumed and taken by the Parties to define and implement the Changes; and
(g) To document a Change whether or not such Change results in any extra Charge.
Each Party will be responsible for all costs and expenses incurred by its employees, agents and subcontractors with respect to its participation in, and responsibilities and obligations under, Change Control Procedures, unless expressly agreed otherwise in writing by both Parties.
2. CHANGE REQUESTS. Either Globallogic or client may initiate a Change Request by delivering to the other Party’s responsible executive or his/her nominated representative, a document that describes the Change and sets forth the reasons for it. Each Change Proposal that may be prepared for a Change Request will be tracked by reference to the Change Request to which it relates. Each Party’s respective responsible executive or his/her nominated representatives will be responsible for reviewing and considering any Change Request, and will approve it for further investigation, if deemed necessary. If the parties agree that the change request requires further investigation, the responsible executives will authorize such investigation, which will be performed as required by Globallogic and/or Client.
2.1 Preliminary Change Report.
(a) Preliminary Change Report Preparation. For each Change Request that the Parties have approved for further investigation, regardless of which Party has proposed the Change, GlobalLogic will prepare and submit to Client within seven (7) calendar days (or as otherwise agreed), with Client’s reasonable cooperation and provision of any information reasonably requested by GlobalLogic, a preliminary written report. Such preliminary report will contain the costs, implementation timeframe, preliminary technical rationale, resources (including without limitation human resources, hardware, software and other equipment) and associated charges, if any, required for implementing the Change and an initial analysis of the potential risks (if any) to Client or GlobalLogic if the Change is not implemented. GlobalLogic will bear the costs of preparing the preliminary report as set forth in this Section 2.1(a) and will provide such report as part of the Services.
(b) Report Review. Client and GlobalLogic will review the preliminary report and Client will, within seven (7) calendar days after delivery of such preliminary report in writing, either (1) instruct GlobalLogic to prepare a comprehensive Change Proposal as set forth in Section 2.1(b)(i) below, (2) notify GlobalLogic that it does not wish to proceed with the Change, or (3) proceed with the Change on the material terms set forth in the preliminary report and other mutually-agreed terms as necessary to reasonably complete the Change Order.
(i) Comprehensive Change Proposals. Where Client has instructed GlobalLogic to prepare a comprehensive Change Proposal, thirty (30) calendar days (or as otherwise agreed) after receiving such instruction, GlobalLogic will prepare a Change Proposal including the following elements of the Agreement; scope of the Services, Service Levels, charges for the Change, resources (including without limitation human resources, hardware, software and other equipment) required for implementing the Change, timeline,
-3-
|Motricity
|GlobalLogic
milestones, and delivery dates for implementing the Change, acceptance testing and acceptance criteria (which must be included in the final Change Order), any impacts on Client’s, GlobalLogic’s or any third party’s software, hardware, systems, business operations, personnel requirements or other services, any related technical or human resource systems/procedures, any legal and regulatory compliance issues; any other matter reasonably requested by Client at the time of preparation of the impact analysis or reasonably considered by GlobalLogic to be relevant, and any Changes to the contractual terms and conditions of the Agreement. GlobalLogic will bear the costs of preparing the comprehensive Change Proposal as set forth in this Section 2.1(b)(i), and will provide such comprehensive Change Proposal as part of the Services.
(ii) Change Proposal Review. Once submitted by GlobalLogic, Client will review the Change Proposal and as soon as reasonably practicable, and in any event not more than thirty (30) calendar days (or as otherwise agreed) after receipt of the Change Proposal, either:
(iii) Client may notify GlobalLogic that it does not wish to proceed with the Change, in which case no further action will be taken in respect of the Change Proposal; or
(iv) either Party may request that it and the other Party meet to discuss the Change Proposal (such meeting to be referred to as the “Change Proposal Meeting”).
In the event that the Parties agree to proceed in accordance with one of the options detailed in Section 2.1(b)(i) above, then the Parties will gather any necessary information and/or GlobalLogic will prepare a revised version of the relevant Change Proposal, upon which the Parties will decide whether to proceed in accordance with Section 2.1(b)(i) above. The Parties will continue to go through the process detailed above until such time as a final resolution is made by the Parties. The Parties will act in good faith at all times during such process. The Parties anticipate that not all Changes will result in increases in the Fees. Nevertheless, the Parties intend that all material Changes will be documented under this Exhibit L. Additional Fees for Changes will apply in general when GlobalLogic reasonably demonstrates that the implementation or adoption of the Change requires GlobalLogic to supply additional resources or perform work that is not otherwise covered by the existing Fees and such additional Fees (if any) are mutually agreed with Client.
2.2 Effectiveness of a Change.
(a) Signed Change Orders. Upon the signature of a Change Proposal by both responsible executives, the contents of such Change Proposal will be deemed to be agreed and incorporated into the Agreement on the date of the last signature or as the Parties may otherwise agree (each such accepted Change Proposal will become a Change Order). All services added or modified by a Change Order will be “Services” under the Agreement, and the performance of Change Orders will in all respects be governed by the Agreement. Except as expressly provided herein, no part of the discussions or interchanges between the Parties will obligate the Parties to approve any Change or will constitute an amendment or waiver of the Agreement unless and until reflected in a Change Proposal and adopted in accordance with this Exhibit L. Disputes regarding a Change will be subject to the dispute resolution process set forth in the Agreement.
2.3 Emergency Change Process. In the event that either Party requires a Change in order to respond to an emergency and such Change would, in the reasonable opinion of the requesting Party, if it was not implemented until Change Control Procedures had been followed, have a detrimental effect generally on Client, including without limitation Client’s financial interests, customer welfare or public safety, or specifically impacting
-4-
|Motricity
|GlobalLogic
GlobalLogic’s ability to meet its obligations pursuant to the Agreement, the requesting Party will make all reasonable efforts to contact the other Party’s responsible executive, and if the requesting Party is unable to contact the other Party’s responsible executive after reasonable efforts, the requesting Party will, where appropriate and practical, make all reasonable efforts to contact the other Party’s designated member. If the requesting Party is unable to contact either the other Party’s responsible executive, the requesting Party may make temporary Changes to the Services without the prior consent of the other Party. The requesting Party will notify the other Party as soon as practicable but no later than forty-eight (48) hours after the event of such Change and will, as soon as reasonably practicable (but no later than two (2) business days thereafter) document and report in writing on such Changes to the other Party. Any agreed Change as a result will be agreed in accordance with Change Control Procedures. Disputes regarding any extra Fees for Changes under this Section are subject to the Agreement.
2.4 Mandatory Changes. Notwithstanding the Change consideration and implementation process outlined in this Exhibit L, if a Change requested by Client is a Mandatory Change (as defined hereafter), GlobalLogic shall immediately begin implementing the Change upon request by Client. GlobalLogic shall also prepare and deliver to Client a Change Proposal related to the Mandatory Change on an expedited basis, where appropriate, and the Parties shall work together in good faith to determine the impact on the Agreement (including without limitation, any impact on the Fees) as a result of implementing the Mandatory Change. If the Parties are unable to agree on the impact on the Agreement within thirty (30) days after Client has received the Change Proposal from GlobalLogic, either Party may consider such failure to agree to be a dispute, and may escalate such dispute for resolution in accordance with the Agreement. A “Mandatory Change” shall be any Change requested by Client, that, in the reasonable judgment of Client, (a) that is reasonably required to comply with any Law or collective bargaining agreement; (b) for GlobalLogic to perform services critical to Client’s business where such services are not within the scope of the Services, but are not materially different in nature or kind from the Services; (c) any change to Client policies, standards or procedures disclosed or referenced in the Agreement or Exhibit to the Agreement; (d) is critical to Client’s business objectives; (e) is required to protect Client’s customers’ welfare or public safety; or (f) without reference to (a)-(e) above, are otherwise described as a Mandatory Change in the Agreement.
-5-
|Motricity
|GlobalLogic
EXHIBIT M
BENCHMARKING AND ANNUAL REVIEW PROCEDURES
|1.
|Annual Price Reviews
(a) No more than ***, GlobalLogic may adjust the overhead cost rates in accordance with Section 3.9.1 of the General Terms and Conditions. For the avoidance of doubt, such adjusted charges shall not be applied retroactively to past invoices issued or Services performed prior to the adjustment date set forth in Section 3.9.1.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
-2-
(b) In the event that the Parties do not agree with respect to a proposed adjustment of the overhead costs set forth in Section 3.9.1 of the General Terms and Conditions, Client may seek to resolve the dispute in accordance with the dispute resolution procedures of the Agreement. In the event that such dispute is resolved in Client’s favor, GlobalLogic shall adjust the charges with retroactive application to the relevant adjustment date set forth in Section 3.9.1 of the General Terms and Conditions.
|2.
|*** Technology Reviews
Within *** of the Effective Date, GlobalLogic shall, in accordance with procedures agreed upon by the Parties, identify for Client any technologies that have emerged ***, that, if implemented by Client *** would ***. If requested by Client, within sixty (60) days, GlobalLogic shall provide Client with proposals for the implementation of such technology or technologies in a manner consistent with, as applicable, the Change Control Procedures or new Services requirements set forth in the Agreement. If approved by Client, GlobalLogic shall implement such technology or technologies on behalf of Client ***. The cost of new technologies implemented on the basis of the annual technology review shall be ***.
|3.
|Annual Best Practices Reviews
Within *** of the Effective Date, GlobalLogic shall, in accordance with procedures agreed upon by the Parties, identify for Client any best practices that have emerged ***, that, if implemented by Client *** would ***. If requested by Client, within sixty (60) days, GlobalLogic shall provide Client with proposals for the implementation of such best practices in a manner consistent with, as applicable, the Change Control Procedures or new Services requirements of the Agreement. If approved by Client, GlobalLogic shall make commercially reasonable efforts to implement such best practices on behalf of Client ***. The cost of additional best practices implemented on the basis of the Annual Best Practices Review shall be ***.
-3-
|4.
|Benchmarking Process
(a) The benchmarking process shall be an objective measurement and comparison process agreed by the Parties that will measure the price of the benchmarked Services as compared to the price of services of a similar nature, volume, location, expertise and scope provided by other top tier off-shoring vendors (collectively, the “Benchmarking Process”). The Benchmarking Process shall include reasonable normalization factors agreed by the Parties, including elements to account for amounts associated with the management and integration of Services across numerous Service areas, if applicable. The Parties, in conjunction with the Benchmarker, shall determine the Benchmarking Process within ***. If the Parties fail to agree to the Benchmarking Process within ***, the Benchmarker shall resolve such dispute in its professional judgment.
(b) The Benchmarking Process shall be conducted by an independent third-party benchmarker (“Benchmarker”) ***, provided that Client shall not initiate the Benchmarking Process until the ***. Client may initiate the Benchmarking Process under this Section 4 *** but no more than ***.
(c) The Benchmarker’s data used for the Benchmarking Process shall be no more than *** (as measured against the date that Client provided notice initiating a Benchmarking Process) unless the Parties agree that older data may be used.
(d) The Benchmarking Process shall be a comparison between the prices within the *** of market prices and costs (***) for services of a similar nature, volume, location, expertise and scope to the Services offered by top tier off-shoring service providers generally (the “Target Market”) and the charges agreed in the Agreement in order to ascertain whether such charges are in the *** of the Target Market at the date of Client’s notice of commencement of the Benchmarking Process. The Benchmarker shall use its judgment, together with a range of prices and tolerances to decide whether such objective has been met.
(e)*** shall pay the fees charged by the Benchmarker to conduct the Benchmark Process. ***. If the Benchmarkers are no longer providing the services required to conduct the Benchmarking Process at the time Client elects to conduct the Benchmarking Process, or if Client and GlobalLogic agree that an alternative Benchmarker should be used, the Parties shall promptly designate a replacement Benchmarker. If the Parties do not agree *** on a replacement Benchmarker, ***
(f) GlobalLogic shall at its expense cooperate with and assist the Benchmarker and any other third parties involved in the Benchmarking Process, including meeting with Client and the Benchmarker before and throughout the Benchmarking Process and providing data relating to the provision of the Services (excluding internal cost data or data of other GlobalLogic customers), as requested by Client or the Benchmarker.
(g) The Benchmarker shall sign a confidentiality agreement in favor of both GlobalLogic and Client in which the Benchmarker agrees: (i) that the information and data obtained or produced by the Benchmarker in connection with the Benchmarking Process (including the results of the Benchmarking Process and any related reports) constitutes the Confidential Information of Client and GlobalLogic, (ii) that it will not use or disclose such
-4-
confidential information and ***, and (iii) the Benchmarker will conduct the Benchmarking Process in a manner that does not unreasonably interfere with GlobalLogic’s ongoing service operations or impair GlobalLogic’s ability to achieve the Service Levels under the Agreement.
|5.
|Benchmarking Review and Adjustments
(a) Client and GlobalLogic shall review the results of the Benchmarking Process during the *** (the “Benchmark Review Period”) following receipt by Client and GlobalLogic of such results. The Parties shall confirm during the Benchmark Review Period that the Benchmarking Process was followed. If either Party has reason to believe that the Benchmarker’s report contains material errors (each, a “Claim”), such Party shall notify the Benchmarker during the Benchmark Review Period of such errors and shall provide any documentation and information necessary to support the Claim and shall copy the other Party on all such correspondence. The Benchmarker will review any Claims and meet with both Parties for a time period reasonably determined by the Benchmarker to resolve the Claims and make corresponding adjustments to the Benchmarker’s findings, if any, prior to issuing the final benchmarking report (“Benchmarking Report”).
(b) GlobalLogic and Client shall mutually decide upon ***.
(c) If at any point during the Term the Parties agree that the annual review mechanisms described in this Agreement have operated effectively to assure Client that the charges are, on a consistent basis, within the *** of market prices for comparable services within the Target Market, Client may, in its sole discretion, agree to retire, on a prospective basis, the benchmarking rights contained in Sections 4 and 5 of this Exhibit M. In such event, in order to give effect to such retirement, Client shall deliver a notice to GlobalLogic stating that, effective as of the date specified in the notice, such benchmarking rights will no longer remain in effect (a “Benchmarking Retirement Election”).
-5-
|Motricity
|GlobalLogic
EXHIBIT N
Audits
|1.
|AUDIT SCOPE, LIMITATIONS, AND PROCEDURES
1.1 Authorized Auditors, Audit Access Rights, and Audit Purposes.
(a) GlobalLogic shall provide access for audits in accordance with this Exhibit N for the Audit Purposes (as defined below) during the Term and through the end of the Termination Assistance period, and for up to an additional three (3) months after the end of the Termination Assistance period for:
(i) Client Staff;
(ii) Client’s internal and external auditors (as listed in Attachment N-1 and Client may amend such Attachment from time to time in its sole discretion provided that any proposed new external auditors may not have a material conflict of interest with GlobalLogic due to its retention by GlobalLogic as an external auditor in the prior six (6) months);
(iii) Client’s authorized agents and representatives with a reasonable nexus to the Audit Purpose; and
(iv) any regulatory or governmental authority which has provided Client with a written request for an audit.
The persons in (i) - (iv) above shall be collectively referred to as the “Authorized Auditors.” Client will appoint an Authorized Auditor as GlobalLogic’s point of contact for audits (“Client’s Audit Point Of Contact”).
(b) Solely in relation to the Audit Purposes as defined below, GlobalLogic shall provide each of the Authorized Auditors with (collectively, the “Audit Access Rights”):
(i) a right and license of reasonable access to GlobalLogic Locations and other sites from which GlobalLogic performs its obligations under the Agreement and the facilities of any subcontractor as it relates to the Services performed for Client only. For the avoidance of doubt, Client shall not have audit rights in any manner to other GlobalLogic customer accounts as they constitute confidential information pertaining to such customer;
(ii) access to the Client data and Client’s Confidential Information held on any system, including all requested extracts from such systems regarding (x) Client’s Confidential Information and (y) such Client data pertaining to Services provided under the terms and conditions of this Agreement and any Statement of Work;
(iii) read-only electronic access to the problem records/tickets relating to the Services;
(iv) reasonable access to GlobalLogic employees, contractors, and personnel and subcontractors engaged in the provision of the Services, including for the purpose of providing reasonable assistance in understanding or interpreting information pertaining to any Audit Purpose in a manner that is not disruptive to ongoing Services; and
-1-
|Motricity
|GlobalLogic
(c) The Authorized Auditors may use the Audit Access Rights for the following audit purposes (each, an “Audit Purpose” and collectively, the “Audit Purposes”):
(i) examine, evaluate, and verify GlobalLogic’s compliance with obligations with respect to the performance of the Services for Client under this Agreement;
(ii) examine, evaluate, and verify the integrity of Client data;
(iii) examine, evaluate, and verify the systems that process, store, support and transmit the Client data;
(iv) examine, evaluate, and verify GlobalLogic internal controls, processes and procedures (e.g., financial controls, organizational controls, input/output controls, system modification controls, processing controls, system design controls, and access controls) and the security, disaster recovery and back-up practices and procedures associated with the Services; examine, evaluate, and verify GlobalLogic’s performance of the Services;
(v) examine, evaluate, and verify GlobalLogic’s reported operational performance against the applicable Service Levels;
(vi) examine, evaluate, and verify the accuracy of GlobalLogic’s invoices to Client; and
(vii) enable Client to meet the regulatory, financial reporting, and other requirements imposed upon Client by applicable Laws.
1.2 Audit Limitations
Notwithstanding anything in this Exhibit N:
(a) audits shall occur not more than once each calendar year for each individual Audit Purpose relating to a particular segment of Client’s business (e.g., a audit relating to Client’s business unit) unless:
(i) agreed by the Parties;
(ii) required by Client regulatory bodies or applicable Laws; or
(iii) upon discovery of any adverse results from a prior audit or other reasonable grounds for suspecting fraud or other illegal activity by GlobalLogic or its subcontractors; and
(b) audits shall not be permitted to the extent they materially interfere with GlobalLogic’s ability to perform the Services in accordance with the Service Levels, unless Client relieves GlobalLogic from meeting the applicable Service Levels for the relevant audit activity period to the extent such obligations are hindered by the audit activity.
1.3 Parties’ Point of Contact
Each Party shall nominate a contact person for each audit who shall be the central communication point and organizer for the performance of GlobalLogic’s responsibilities under this Exhibit N. That point of contact shall be:
For GlobalLogic: Johan Broekhuysen VP, Financial Control
For Client: Allyn Hebner, CFO
-2-
|Motricity
|GlobalLogic
1.4 Client Obligations
The Client’s Audit Point of Contact and the individual Authorized Auditors shall at all times:
(a) provide reasonable notice to GlobalLogic which shall be no less than thirty (30) days (unless such notice period is inconsistent with an applicable Law or an agreement between Client and the Authorized Auditor) identifying the applicable Authorized Auditor(s), applicable Audit Purpose(s), the audit location(s), and the audit date(s); provided, however, no such notice shall be required where such notice would reasonably undermine the purpose of the audit (e.g., fraud investigation);
(b) comply with reasonable security and other site regulations for the premises at which the audit activities are conducted; and
(c) cause non-regulatory and non-governmental Authorized Auditors to be subject to confidentiality conditions substantially similar to those identified in the Agreement.
|2.
|RECORDS AND ASSISTANCE
2.1 Record Maintenance and Availability
GlobalLogic shall, and shall require that its subcontractors shall:
(a) maintain accurate and complete records of and supporting documentation for all Fees, all Client data and all transactions, authorizations, reports, data or information created, collected, processed or stored by GlobalLogic in the performance of it’s obligations under this Agreement (the “Service Records”). GlobalLogic shall ensure that such Service Records shall be kept in accordance with generally accepted accounting standards, rules and principles and all Laws for each relevant jurisdiction; and
(b) GlobalLogic shall retain the Service Records in accordance with applicable Laws and in compliance with Client’s written record retention policy and as provided to GlobalLogic and as modified by Client from time-to-time as a Mandatory Change.
2.2 GlobalLogic Assistance
GlobalLogic shall give all reasonable assistance to Client and its Authorized Auditors in understanding or interpreting GlobalLogic’s records and performing audits hereunder.
|3.
|SERVICE PROVIDER INTERNAL AUDITS
3.1 If, during the Term, at GlobalLogic’s sole cost, GlobalLogic obtains a SAS 70 Type II examination of any of the Service Locations that cover the common processes and controls for any such facility or location (“SAS 70 Audit”), GlobalLogic will provide a copy of the SAS 70 Audit report resulting from the SAS 70 Audit to Client at no cost within thirty (30) days of GlobalLogic receiving such report. For the avoidance of doubt, GlobalLogic shall not be required to perform a SAS 70 Audit under this Agreement; except, in the event a SAS 70
-3-
|Motricity
|GlobalLogic
Audit is performed by GlobalLogic on its own accord, GlobalLogic shall provide a copy of the SAS 70 Audit report to Client within the aforesaid timeframe.
3.2 Client will be entitled to provide to third parties a copy of the SAS 70 Audit report (if any) as necessary to evidence Client’s internal control structure, provided that any such third party enters into a confidentiality agreement with terms no less stringent than the Agreement or other confidentiality agreement as may be approved by GlobalLogic (such approval not to be unreasonably withheld or delayed).
3.3 If any:
(a) SAS 70 Audit report identifies exceptions in the Service delivery environment or any GlobalLogic internal control that prevents GlobalLogic’s auditors from issuing an unqualified SAS 70 Audit report concerning the Services; or
(b) Internal audit performed by Client identifies material exceptions in the Service delivery environment or any GlobalLogic internal control;
(each an “Exception”), then GlobalLogic will:
(i) promptly develop a plan and schedule for GlobalLogic to take all necessary corrective action to resolve the Exception;
(ii) present such corrective plan to Client and adopt all reasonable comments from Client; and
(iii) promptly implement such approved corrective plan and ensure that the Exception has been resolved.
3.4 Client will be obligated to pay the costs, if any, for remedial actions necessary to correct Exceptions:
(a) that previously existed in Client’s legacy systems and processes and where Client requires the continued use of such legacy systems and processes by GlobalLogic to perform Services during the Term; and
(b) that are associated with any Client control points that Client mandated GlobalLogic compliance in the delivery of the Services.
3.5 GlobalLogic will be obligated to pay the costs, if any, for remedial actions necessary to correct Exceptions, other than those for which Client is obligated to pay in Section 3.4 above.
3.6 Internal Audits
If GlobalLogic (or any person on its behalf) conducts an audit of any aspect of its (or any subcontractor’s) operations applicable to the performance of the Services and as a result of the audit or through the audit process, a breach of GlobalLogic’s obligation(s) under the Agreement is identified, GlobalLogic shall promptly:
(a) Provide Client with written notice identifying the breach; and
-4-
|Motricity
|GlobalLogic
(b) Take action to remedy such breach at its own cost and expense.
|4.
|COST OF EXAMINATION
4.1 GlobalLogic shall bear its own costs related to its compliance with this Exhibit N, except where otherwise specified in this Exhibit.
4.2 Client shall bear its own costs and those of its Authorized Auditors for any audit or examination undertaken by them pursuant to this Exhibit N, except as provided in Sections 4.3 or 4.5 below.
4.3 If any audit or examination reveals that GlobalLogic’s invoices for the Services for the audited period are not correct for such period, GlobalLogic shall promptly credit Client for the amount of any such overcharges within two (2) invoice cycles. In the event of an overcharge by GlobalLogic under this Agreement is in excess of *** in any month subject to audit, GlobalLogic will reimburse Client’s reasonable audit expenses incurred by Client to identify such overcharge. In the event any audit reveals that GlobalLogic undercharged Client under this Agreement in any month subject to the audit, GlobalLogic may invoice and Client shall reimburse GlobalLogic for the amount of the undercharge; provided Client has not already made payment for the value of the undercharge and GlobalLogic reimburses Client for any reasonable audit expenses incurred by Client to identify such undercharge.
4.4 Any disputes raised by either Party with respect to this Exhibit N will be escalated and resolved in accordance with the dispute resolution process set forth in Section 10.9 of the General Terms and Conditions of this Agreement.
4.5 To the extent any audit or examination exceed historical levels of effort or complexity and such additional levels of effort or complexity is attributable solely to GlobalLogic’s failure to comply with this Agreement (e.g., account reconciliation or inter-company transactions relating to the Services are not performed in accordance with the Agreement and could result in a material weakness finding without such additional audit efforts), the additional costs and expenses arising from such GlobalLogic failure shall be borne by GlobalLogic. If GlobalLogic disputes the extent to which the foregoing applies, then such matter shall be escalated in accordance with the dispute resolution process set forth in the Agreement.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
-5-
|Motricity
|GlobalLogic
EXHIBIT N-1
EXTERNAL AUDITORS
***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
-6-
EXHIBIT O
Recovery of Unamortized Investments
GlobalLogic will recover the value of the ramp investment by amortizing it across *** following the Effective Date (“Investment Period”) as set forth in Exhibit G.
Termination For Convenience
1. If the Agreement is terminated during the Investment Period by Client for convenience under Section 9.1 of the Agreement, then GlobalLogic will be reimbursed for (“Termination Recovery Amount”) *** between:
***
Reduction of GlobalLogic Headcount Below *** During The Investment Period
***
***
3. GlobalLogic may equitably adjust the “Ramp Investment %” and “Required mark-up” percentage set forth in Exhibit G to allow GlobalLogic to recover the Termination Recovery Amount and Headcount Recovery Amount set forth in Sections 1 and 2 above.
4. If requested by Client, GlobalLogic will provide Client with supporting documentation that demonstrates how GlobalLogic calculated the Termination Recovery Amount and Headcount Recovery Amount so that Client may verify the calculation.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
Exhibit P
Client Competitors, Customers and Lines of Business
1. Client’s lines of business are:
“Lines of Business” for the purposes of Section 10.1.3 of the Agreement and this Exhibit P are defined as the design, development, deployment, and management of data services applications. Such applications are varied, including but not limited to, applications with the functionality and capabilities of Portals, Storefronts, Managed Web, Search and Gateway or such similar applications and the associated sub-applications, such as content.
2. Client’s competitors are:
|
PORTAL
|
MANAGED WEB
|
GATEWAY
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|
***
|
STOREFRONT
|***
|***
|***
|***
|***
|***
|***
|***
|
SEARCH
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
3. Client’s customers are:
|
CANADA
|***
|***
|***
|***
|
SWITZERLAND
|
EGYPT
|***
|***
|***
|***
|***
|
FRANCE
|***
|***
|***
|***
|
UNITED KINGDOM
|
GERMANY
|***
|***
|***
|***
|***
|
IRELAND
|***
|***
|***
|***
|***
|
NETHERLANDS
|***
|***
|***
|***
|
UNITED STATES
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
FIRST AMENDMENT
TO THE
MASTER SERVICES AGREEMENT
This First Amendment (“Amendment”) is entered into as of July 1, 2009 (“Amendment Effective Date”) by and between Motricity, Inc. (“Client”) and GlobalLogic, Inc. (“GlobalLogic”).
A. Client and GlobalLogic entered into that certain Master Services Agreement dated December 30, 2008 (“Agreement”); and
B. The parties now desire to amend the Agreement to modify pricing of the Services and other terms as set forth in this Amendment.
The parties therefore agree as follows:
1. Definitions. Capitalized terms used but not defined in this Amendment shall have the same meaning ascribed to them in the Agreement.
2. Section 3.9.1 (Annual Review of Relationship) is hereby deleted in its entirety and replaced with the following:
3.9.1 Pricing Review.
Every ***, at the written request of either Party given at least *** prior to the end of such *** period, the parties shall discuss and may agree to adjust labor rates in Exhibit G (the “Labor Rates”) upward or downward. The first date on which such adjustment of labor rates may take place is the first anniversary of the Effective Date (the “First Anniversary”), and will repeat every *** from such First Anniversary.
In addition, each year, at the written request of either party given at least 60 days before each anniversary of the Effective Date, the parties may adjust billing rates upward or downward.
Unless acute or extraordinary market changes require otherwise, any upward adjustment in Labor Cost plus Overhead Cost (the “Adjustable Costs”) will be ***
GlobalLogic will work with Client to create a budget for salary increases or decreases for individuals. Market survey data will be used to create the salary and benefit adjustment budget. The Parties shall collaborate to manage any annual adjustment upward to the Adjustable Costs ***. This will include managing the average experience level, location mix, and skills mix of the resources providing Services to Client.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
All changes to Fees in this Section must be mutually agreed in writing and signed by both Parties.
3. Section 3.9.3 is hereby deleted in its entirety and replaced with the following:
3.9.3 Forecast/Reduction of Resources. Client will provide GlobalLogic a rolling 90-day forecast of resource needs (“Forecast”). This Forecast is for resource management only and will not bind Motricity to any particular level of resource use.
“Flex Resources” are those team members who are designated by Motricity as being Flex Resources and who have spent less than *** on Motricity projects. After *** of continuous service on Motricity projects, a Flex Resource shall automatically become a Regular Resource. Motricity may elect to reduce Flex Resources for any Statement of Work for its convenience upon *** notice. Flex Resources shall not provide production support.
“Regular Resources” are those team members 1) who are resources on Motricity Projects on the Effective Date of that certain First Amendment between the parties dated July 1, 2009 (the “First Amendment”), 2) who are new resources not designated a Flex Resources, and 3) who have spent *** or more on Motricity projects. Motricity may elect to reduce Regular Resources for any Statement of Work for its convenience upon *** notice for a reduction of up to *** of all full time equivalent Regular Resources and upon *** notice for a reduction of over *** of the team of Regular Resources. The notice periods in this paragraph do not apply to the roll-off of resources that is consistent with expectations from Motricity’s commitments with its customers on its projects that GlobalLogic is supporting or that is consistent with the Motricity Forecast.
In the event the notice required in this Section 3.9.3 is not provided and the team is reduced immediately for Client’s convenience, Client will be invoiced for *** for the individuals that cannot be redeployed to another client account for the duration of the notice period or until such individual is redeployed (whichever occurs first), so long as GlobalLogic uses commercially reasonable efforts to deploy the resources to another client account and GlobalLogic continues to pay such individual his or her salary. The foregoing will not apply in the event that such individuals were terminated for cause.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
For all proposed additions or removals of any nature of a given GlobalLogic resources from the Client account by GlobalLogic, GlobalLogic will provide Client with at least *** of written notice prior to the suggested removal date, for the removal of such resource from the Client team.
4. Exhibit A, Pricing Policies section, a new subsection is added as follows:
Exception for Current Resources. Notwithstanding Exhibit G (Rate Sheet) the fees for the following resources (the team as of the effective date of the First Amendment, the “Current Resources”) is ***:.
***
If any member of the Current Resources must be replace by a replacement resource for any reason (including attrition), the rates charged for such replacement resource shall be as described below:
|•
|
Resource with less than eight (8) years’ experience: ***
|•
|
Resource with more than eight (8) years’ experience: ***
|•
|
Resource possessing specialty skills: ***
5. Exhibit A, Motricity Orientation Training section, the last sentence in the first paragraph (beginning with “GlobalLogic will not charge…”) is deleted and replaced with:
GlobalLogic will not charge Client for new team members while they are in the Motricity Orientation Training program, except that GlobalLogic may charge for up to *** of training for Flex Resources so long as Motricity agrees such resources require the training.
6. Exhibit A, a new section is added to the end of the exhibit as follows:
Pre-Sales Support:
Upon Client’s written request, GlobalLogic will provide additional resources to support Client’s sales activities, including pre-sale engineering, development, and presentation support (the “Pre-Sale Resources”) for potential new customers of Client and potential new work for existing customers. All such work performed prior to a commitment between Client and its customer for on-going services will be billed ***
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
7. Exhibit E, Section 5.4 (Recruiting Effectiveness) a new sentence is added to the end of the section as follows:
This SLA shall not apply to those Flex Resources who are not expected to become Regular Resources.
8. Exhibit E, Section 5.5 (Staff Attrition) a new sentence is added to the end of the section as follows:
This SLA shall not apply to Flex Resources.
9. Exhibit E, Section 5.8 (Deliverable Quality) the following is added to the end of the section:
SLA for Deliverable Quality
This SLA shows the quality of GlobalLogic deliverables (the “Deliverable Quality SLA”). Deliverable Quality SLA is measured as total number of Severity 1 (P1) and Severity 2 (P2) Defects open at the end of UAT. Units of measurement are the number of P1 and P2 Defects.
Table 5.8 Deliverable Quality SLA Values
|
Deliverable Quality SLA
|
Significantly Below
|Below Expected
Service Level
|At Expected Service
Level
|Above Expected
Service Level
|Significantly Above
Service Level
|
Number/Priority of Defects
|***
|***
|***
|***
|***
10. Exhibit G (Rate Sheet) is hereby deleted in its entirety and replaced with a new Exhibit G Rate Sheet attached as Exhibit 1 to this Amendment.
11. General. Except as expressly set forth in this Amendment, all of the terms and conditions of the Agreement remain in full force and effect. If there are any inconsistencies between the provisions of this Amendment and the provisions of the Agreement, then the provisions of this Amendment will control.
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
12. Entire Agreement. The Agreement, including SOWs, Exhibits or Attachments to the Agreement, and this Amendment constitute the entire agreement between the parties and supersedes all previous agreements, oral or written, between the parties concerning the subject matter of the Agreement and this Amendment. No modification or amendment of the terms of the Agreement or this Amendment is effective except by a writing executed by both parties.
Both Parties represent that they have read this Amendment in its entirety, understand it and agree to be bound by all the terms and conditions stated in it.
|Motricity, Inc.
|GlobalLogic Inc.
|By:
|/s/ Bopsy Sharvelyn
|By:
|/s/ James R.Smith
|Name:
|Bopsy Sharvelyn
|Name:
|James R.Smith
|Title:
|SVP & GM
|Title:
|President & COO
|Date:
|September 11, 2009
|Date:
|September 16, 2009
STATEMENT OF WORK
GlobalLogic Team Profile –Product Engineering Labs
SOW #MOTR0802
|***
|This redacted material has been omitted pursuant to a request for confidential treatment, and the material has been filed separately with the Commission.
This Statement of Work #MOTR0802 (for the purposes of this document, the “SOW”) is incorporated into the Agreement dated December 30, 2008 and is entered by and between GlobalLogic and Client. This SOW describes the profile of the team, to be provided by GlobalLogic to Client for Services to be conducted and at the rates specified in the Agreement. All capitalized terms used and not expressly defined in this SOW are defined in the General Terms and Conditions of the Agreement.
|1.
|Project Coordinators:
Client: ***
GlobalLogic: ***
|2.
|Resource/Team Size Commitment and Expectations
|By 1H09
|By End 09
|
Committed resources1
|***
|***
|
Expected resources1
|***
|***
***
|3.
|Following Table Provides Expected Initial Team Composition
|
Designation/Seniority
|Typical Years of Experience
|Team Composition
|Motricity Cost Plus Price
|
Developer, Automated Testing, Performance Testing, Business Analyst/Product Management, Usability
Expertise, Database Administrator/Programmer, Level 3 support
|
Engineer I
|***
|***
|***
|
Engineer II
|***
|***
|***
|
Lead Engineer I
|***
|***
|***
|
Lead Engineer II
|***
|***
|***
|
Engineering Manager
|***
|***
|***
|
Solutions Architect
|***
|***
|***
|
Tester, Technical Writer, UI Design, Level 1 & 2 Support
|
Analyst I
|***
|***
|***
|
Analyst II
|***
|***
|***
|
Lead Analyst I
|***
|***
|***
|
Lead Analyst II
|***
|***
|***
|4.
|Services:
See General Terms and Conditions for detail of payment terms.
***
|5.
|Schedule of Services:
Start Date: January 1, 2009
End Date: Until terminated in accordance with the terms of the Agreement.
|GlobalLogic Inc.
|Motricity Inc.
|By:
|
|By:
|
|Name:
|
|Name:
|
|Title:
|
|Title:
|
|Date:
|
|Date:
|