ex4-9.htm

Exhibit 4.9

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

1.0 Master Statement of Work

This Master Statement of Work ("MSOW") # 4911013924 adopts and incorporates by reference the terms and conditions of Base Agreement# 4911013920 (“Base Agreement”) between IBM Dalian Global Delivery Co Ltd., IBM Solution & Services (SZ) Co., Ltd. (“Buyer”) and Bejing Camelot Technology Co.,Ltd. (“Supplier”). This MSOW is effective beginning on June 1st 2011 and will remain in effect until May 31st 2015. Transactions performed under this MSOW will be conducted in accordance with and be subject to the terms and conditions of this MSOW and the Base Agreement.

2.0 Definitions

"Authorized Users" are users of Services within and outside of Buyer including, but not limited to, recipient employees, business units, vendors, Customers, contractors, joint ventures, etc.

"Blocked Invoices" means invoices that have been submitted by Supplier and received by Buyer that contain inaccurate invoicing information resulting in the inability of Buyer’s Accounts Payable to effect payment.

"Buyer” means IBM and its Affiliates including but not limited to IBM Dalian Global Delivery Co Ltd., IBM Solution & Services (SZ) Co., Ltd.

"Bypass" means the commencement of work by Supplier or their sub-tier supplier prior to issuance of a valid Buyer WA/PO including extension of services without extension PO in place.

“Contractor Sourcing Application” or “CSA” is a global application to facilitate the procurement of technical services by allowing requesters and buyers to interact with pre-configured suppliers directly.

“Core Supplier” means a supplier that Buyer prefers to use for the Services. However, Buyer makes no commitment of revenue, or business by so classifying a supplier.

“Customer” means customer of Buyer

“Client” means the various IBM divisions and its affiliated companies (such as, but not limited to IBM Dalian Global Delivery Co Ltd., IBM Solution & Services (SZ) Co., Ltd., etc.) individually and collectively.

“Delivery Company” means a wholly owned subsidiary of Supplier in the form of a limited liability company under the Company Law of China. For the purpose of this definition, the Delivery Company shall include all its branch offices and subsidiaries under the Delivery Company. On the Effective Date, the Delivery Company shall include without limitation to Shanghai Camelot Information Technology Co., Ltd. and Kunshan Kesuo Information Consulting Co., Ltd.. and their branch offices and subsidiaries.

"Project Statement of Work" " or "PSOW" means any document that:

1. identifies itself as a statement of work;

2. is signed by both parties;

3. incorporates by reference the terms and conditions of this Base Agreement and MSOW;

4. describes relevant details of the Deliverables and Services, including any requirements, specifications or schedules unique for each project as applicable;

5. describes respective obligations of Supplier and Buyer to be performed in the areas specified in this MSOW;

"Master Statement of Work" or "MSOW" means a document that defines the master scope of work to be accomplished by Supplier and specific responsibilities for various activities / tasks planned to be performed and completed by Supplier under PSOW.

“No show” Not commencing the services for given PO or WA.

"Project Staff" Supplier shall appoint for the Project personnel with suitable training and skills to perform the Services

"Purchase Order" means Buyer’s work authorization for Supplier to start working for the shipment of Deliverables and Services specified by PSOWs and MSOW, which becomes a legally binding contract once Supplier accepts it. Supplier will begin work only after receiving a PO from Buyer.

"Service Level" has the meaning set forth in Section 11.4

"Services" has the meaning given in Section 5.0.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

“Skills” means the skills provided by Supplier’s resources as described in Annexure C to this MSOW

"Software" means Applications Software and Systems Software unless a more specific reference is given.

"Statement of Work" or "SOW" means any document that:

1. identifies itself as a statement of work;

2. is signed by both parties;

3. incorporates by reference the terms and conditions of this Base Agreement; and

4. describes the Deliverables and Services, including any requirements, specifications or schedules.

5. SOW includes both MSOW and PSOW.

“Skill” means the area of knowledge of Personnel provided by Supplier under this SOW, and any other skills or knowledge areas defined in the relevant WA. For example, MVS platform.

3.0 Master Statement of Work

3.1 Introduction

This MSOW defines the master scope of work to be accomplished by Supplier and specific responsibilities for various activities / tasks planned to be performed and completed by Supplier under PSOW. The successful completion of this MSOW depends upon the full commitment and participation of Supplier. Buyer’s obligations, as set out in the MSOW, will be provided to Supplier at no cost. Changes to this MSOW will be processed in accordance with the procedure described in the section Change Control Procedure.

3.2 Annexures

The following Annexures are included in and form part of this MSOW

	Annexure A	Skill definitions
	Annexure B	Rate Table
	Annexure C	Security Policy Guidelines
	Annexure D	Security Policy Guidelines for DC

4.0 Governance and Relationship Model

Executive Relationship	Buyer Executive	Supplier Executive
Program Governance	Buyer Program Manager	Supplier Program Manager
Operational Governance Management	Buyer Operations Manager	Supplier Operations Manager
		Supplier Resources

The Program Governance Model will be structured in a three-tier model.

Executive Relationship – This level will be at the uppermost level with representatives from both the organizations. Governance at this level will manage the relationship and provide corporate leadership to leverage full potential of the program and increase the business value to both parties. Supplier’s

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

		executive will keep abreast of Buyer’s strategic business direction, and monitor requirements within the government and regulatory bodies.

	Ÿ	Program Governance - Will review the overall progress of the program from the contract and financial management point of view. The Program Managers from Buyer and Supplier will lead the program governance team. The team will govern the agreement, review the contract and business commitments and will manage and control changes to the agreement. The Change Control Procedure will be used to document any deviation that has a potential impact on the Program.

	Ÿ	Operational Governance Management – The operational level of governance will be at the project level or committed staff level . The Operations Managers from Buyer and Supplier will lead the governance team and review the performance and solve transactional issues related to the scope of work or commitment to be delivered under this MSOW or related PSOWs. They will periodically review the status, issues and achievements of the services for a specified period.

Governance at program and operational management levels are described below along with roles and responsibilities of Supplier and Buyer governance personnel and the escalation mechanism.

4.1 Program Governance

Program governance includes overall program management responsibilities, control and the associated communication. Buyer will designate a person known as Buyer Program Manager.

4.1.1 Program Management

Prior to the start of this MSOW, Supplier will designate a person known as Supplier Program Manager who will be focal point for all Supplier communications related to this Program and will have authority to act on behalf of Supplier in matters regarding this Program. Program management will involve:

q	Identification, mobilization and placement of resources relevant to the skills required for the execution of the Program

q	Managing the ramp-up, transition and delivery of all services delivered by Supplier

q	Managing Service Level Agreements (“SLAs”) set in the SOW

q	Program escalation process to address critical items (affecting resources, cost or schedule) as well as any potentially critical items, and help resolve or escalate Program issues, as necessary.

q	Administering Program change control with the Buyer Program Manager

q	Risk Management planning and tracking

4.1.2 Program Communication and Reporting

q	Supplier Program Manager and Buyer Program Manager will meet periodically to review the overall Program. Communication which will include:

q	Review and updates to the Program level plan (e.g. Generic Support and Control Plan) within scope of a particular SOW

q	Resolution or further escalation of unresolved issues escalated from the project governance level

q	Periodical review of Supplier performance metrics

q	Review and report customer satisfaction survey results and actions Report program status to the executive management

4.1.3 Program Control

Buyer and Supplier Program Managers will meet at the end of every quarter to review the progress of the Program and to resolve any issues that are hindering the progress of the Program.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

4.2 Operational Governance Management

Buyer and Supplier will work together to define Delivery Company (“DC”)’s Operational processes as the delivery model for in-scope services within this document. Process requirements from the end stakeholders will be integrated to ensure a seamless execution. Normal SEPG (Software Engineering Process Group) and QA (Quality Assurance) cost should be included in the scope of this MSOW, as appropriate. If stakeholder has special needs for QA & process, then additional work will be estimated and added in PSOW. If required a joint SEPG (Software Engineering Processes Group) with Buyer and Supplier will be set up to perform process mapping between Buyer and Buyer’s customer processes.

4.2.1 Operations Management

Prior to the start of a particular SOW, Supplier will designate a person known as Supplier Operations Manager who will be the focal point for all Supplier communications related to services within in scope criteria and will have authority to act on behalf of Supplier in matters regarding the scope. The operations management will involve:

q	Planning, interlocking, and managing the committed scope approved by Buyer

q	Resource utilization and stakeholder skill trainings required for execution of the service

q	Managing resource pool

q	Administering service change control with the Buyer Operations Manager

q	Services risk management

4.2.2 Service Organization

The Service Organization envisaged for the in scope services will be specific and will be defined and agreed as part of the SOW.

4.2.3 Project Office

Supplier will establish a Project Office for the DC. The Project Office will be a single-point of contact for Buyer for both services delivery and all non-delivery matters. Supplier Operations Manager will be the single point of contact for all services related communication and will handle all communication with the on-site team. The Project Office will also have access to other communication channels like FAX and direct telephone lines for quick and easy communication.

Similarly Buyer may also establish a Project Office and identify a single point of contact for all service related issues. If Buyer decides not to establish a Project Office, Buyer will at a minimum identify a single point of contact for all non-delivery issues.

Both Project Offices will have the responsibility of ensuring availability of adequate resources in the form of office facilities; workstations, etc. to team members at respective sites for performing the proposed services.

4.3 Process Governance

Buyer and Supplier will work together to define DC’s Services process as the service delivery model for in-scope services. Process requirements from the stakeholders will be integrated and interlocked for a seamless solution. .

4.4 Escalation

In the event of a disagreement on any issue (pertaining to this document) that cannot be resolved by the designated Supplier and Buyer managers, the escalation path for resolution is given below:

Buyer	Supplier
Buyer Operations manager	Supplier Operations Manager
Buyer Program Manager	Supplier Program Manager
Buyer Executive	Supplier Executive

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

The Supplier organization should nominate immediately after execution of this MSOW and maintain a customer satisfaction representative to address all issues that arise from the program. A specified email ID should be provided by Supplier to receive all such issues. The issues need to be logged and a solution arrived and closed at within a maximum of 5 business days.

4.5 Supplier Responsibilities

4.5.1 Supplier Role

Role	Responsibilities
Supplier Executive	Will be responsible for the overall well being of the relationship between Supplier and Buyer.
Supplier Program Manager	Accountable for all work performed by Supplier, escalation point for Supplier related issues Overall Program performance Status reporting to Supplier and Buyer Executives overseeing the program. Customer satisfaction
Supplier Operations Manager	Will be primary point of contact for queries related to SOW set-up and issue resolution from Supplier side Schedule and attend all planning, status, escalation and other program management meetings Monitor and report status on a regular basis to Buyer and Supplier management team Ensure submission of Operations Metrics data Acting as single point of contact between Buyer and Supplier for all issues
Supplier Operations Manager Merge with Supplier Operations Manager	As defined by SOW, have joint accountability, may include activities listed below: Responsible for the service performance Performance as per the expectations that will be defined within each SOW (quality and timeliness of deliverables, availability/up-time of the application, productivity, etc.) On time delivery of services Quality of deliverables and support for transitioned applications Ensure submission of Service Metrics data Responsible for execution of services within budget and schedules Participate in all technical meetings and conference calls. Coordinate and follow-up on all technical issues addressed in technical conference from Buyer as well as Supplier team to closure. Provide support to Supplier DC team in preparation of test cases / data
Project Office	Functions are the single-point of contact for Buyer for all non-delivery matters Will handle all communication with the on-site team Responsibilities will span multiple SOWs

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

4.5.2 Responsibilities

4.5.2.1 Supplier Technical Resource Pool:

(a) In case there is specific skill requirement and schedule information provided from Buyer to Supplier, Supplier need to prepare accordingly based on those information before a formal resource request is sent;

(b) Supplier should ensure its personnel get necessary foreign language training including but not limited to languages such as, English and Japanese.

(c) Supplier shall provide an average 3 to 5 training days/per year training per person to continuously improve and refresh their skills

4.5.2.2 Change Control:

As appropriate, the responsibility for establishing the IT architecture, standards, methodologies products and strategic direction of Buyer’s Customers shall at all time remain with Buyer. Supplier, in performing the Services, shall conform to and shall support such architecture, standards, products and strategic direction and will use Buyer Change management tools and procedures as directed by Buyer.

4.5.2.3 Loan of Buyer Assets:

In the event that assets are loaned to Supplier or Supplier Personnel, Supplier shall sign Equipment & Program Loan Agreement with Buyer and will be responsible for risk of loss and for the return of those assets to Buyer.

4.5.2.4 US Export Regulation Procedures:

The Supplier and its personnel will ensure compliance with the US Export Regulation and Procedure while handling any information, process, product or service under this agreement.

4.5.2.5 Business Travel:

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

(a) Supplier shall provide necessary support to ensure its personnel get appropriate visa if there is overseas travel required by Buyer (visa application fee can be reimbursed with valid invoice);

(b) Supplier shall provide its personnel sufficient cash in advance or appropriate credit card before business travel happens;

(d) Supplier shall ensure their personnel follow overseas countries’ holiday arrangement during the overseas business trip;

(e) Supplier shall ensure their personnel follow landed countries laws and regulations as pertains to their applicable VISA status in landed country. In addition, personnel have appropriate assimilation training and local wellbeing support in landed country.

(f) Any travel requested by Buyer shall be reimbursed by Buyer as per buyer travel policy. All such travel shall be with prior approval of concerned Project Manager and in line with the Purchase Order issued for the same. The reimbursement shall be against production of invoice accompanied by all supporting documents such as original Bills / ticket jackets/Project manager approval. No other charges / fees will be paid apart from the ones mentioned in the Purchase Order. Air ticket needs to be booked via American Express which is a supplier to Buyer.

For any expenses not covered by the travel policy, Buyer will consider reimbursing Supplier upon Buyer Standard Travel Policy based on project manager's approval

4.6 Buyer Responsibilities

4.6.1 General Responsibilities

Ensure that the following responsibilities of Stakeholder are discharged properly (as applicable):

·	Ensure availability of Customer persons required for discussions, demos, reviews and approvals

Ensure that Customer provides access to suitable office space, office supplies, furniture, telephone, workstations, access badges, mail-IDs, parking, employee cafeteria, and other facilities for Supplier onsite project team member’s equivalent to that available to Buyer staff while working on Customer’s premises, all in accordance with a PSOW.

·	Customer will perform the User Acceptance Testing. Supplier will support these testings by completing defect fixes pertaining to Supplier developed code.

·	All Releases to Production will be carried out by Customer, but will be supported by .Supplier.

·	Customer’s Buyer will provide all existing documentation, which includes the existing test cases, scripts etc. with appropriate detail.

·	Buyer will provide, in the case needed and requested by projects/case, Identified Supplier employees Buyer IDs in Lotus Notes to enable access to areas like SameTime, Team Rooms, etc., based on the specific Project and network access needs.

4.6.2. Head Count Demand Statement:

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

At the start of each year, Buyer will provide Supplier with a yearly Demand forecast, outlining estimated resource requirements for a period of one (1) year. Each month, Buyer will also provide Supplier with 3 months rolling forecast, in terms of numbers of resources and skills required for the next 3 months, commencing on the effectiveness of this MSOW. However, such demand forecast is not a minimum resource or utilization commitment of Buyer.

Supplier is liable to fill demand within the limits set out in the ramp up section and the skills supported by Supplier under this MSOW. Supplier will guarantee AMS 70% fulfillment rate.

Demand is stated in terms of skill requirements and is comprised of the ramp up staffing plans in one or more SOWs. The Demand is fulfilled when Supplier resources are in the Delivery Center pool and are billable to Buyer in the time agreed by the parties.

The actual number of resources supplied to Buyer each month in terms of demand opened to Supplier will be consolidated to determine the actual fulfillment. Once added to the Delivery Center pool it is understood that resources will remain within the Delivery Center, and maintained by Supplier. Removal of the resources from the Delivery Center pool must be authorized by the Buyer. It is expected that the Supplier maintains the quality of the resource pool in the Delivery Center to meet Buyer’s business requirement.

During the contract period in case the number of resources assigned by Supplier to Buyer under POs is less than 600, Buyer will provide the demand of head count with regard the gap to Supplier. Supplier is liable to fill demand and the skills supported by Supplier under this MSOW. Both parties agree that such demand of head count is not a minimum PO commitment of Buyer. Supplier shall provide qualified C&SI resources and get Buyer’ written confirmation within three (3) days after receiving the demands from Buyer. Buyer has the right to send the demand to and place the order with other suppliers in case Buyer does not confirm in writing to the resources provided by Supplier within 3 days following Supplier’s receiving such demand. Supplier shall ensure 50% of C&SI resources with relevant certification. For any project hereunder, there is no project duration commitment from Buyer. Only for Technical Service subcontracting demand of AS business line (the scope of which will defined by Buyer solely) Buyer will provide to Supplier 3 days before Buyer provides such demand to its other Technical Service suppliers. Buyer reserves the right to change or cancel such 3 days priority, in case Supplier materially breach this Agreement and/or the SOW, including without limitation to AMS 70% fulfillment rate guaranteed by Supplier above.

Supplier shall not provide any time and material service to IBM GBS after receiving the written notice from Buyer following the completion of integration of IBM GBS time and material service provided by Camelot information Systems INC and its Affiliate to Buyer.

4.7 Measurement of Relationship

4.7.1 General

Buyer will use a quarterly average of the monthly scores to assign points. Buyer will measure Supplier’s performance, on a semi-annual basis, using the Supplier Performance Report (SPR), including an annual Client Satisfaction Survey (based upon a sampling of requesters’ feedback) to calculate an average score.

In the event Supplier's total is in the top 75% of the total points, Supplier will be considered for contact extension or renewal. Upon notification of a total score below 75% of the total points, Supplier will

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

provide an action plan for improving performance at a national level. Such action plan will include a time frame for the successful execution of the plan. This action plan will be reviewed and approved by Buyer. Supplier's failure to successfully execute the action plan within the agreed upon time frame may result in the substantial or complete reduction of new business awards by Buyer.

Notwithstanding the measurements and subsequent assessments as described in these sections, buyer retains the right to, from time to time, conduct assessments of the supplier's relative performance compared with other suppliers and implement changes to the supplier's status as a core or regional/niche supplier (including volume of business), based on such assessments or supplier's breach of any term of this agreement.

In addition to these measurements of quality and performance against commitments in the following sections, Supplier will attain the objectives detailed in the Technology, Terms and Conditions, and Communications sections of the SPR. The SPR would also be assessing the Suppliers’ conformance to the Buyers’ processes.

Supplier will report to Buyer by the 5th day of the month following the close of each month, its performance against monthly and year-to-date performance measurements for the preceding quarter. The report will be provided in a Microsoft Excel format, a soft copy of which will be provided to Supplier.

This Section of the Agreement may be amended by Buyer from time to time to reflect changes in Buyer’s business goals and objectives.

4.7.2 Quality Measurements:

The following measurements will be used to capture the quality of the transactions conducted under this Agreement.

(a) Turnover: Turnover, due to Supplier’s Personnel whose performance under this Agreement is interrupted as a result of resignation, dismissal or termination for cause, is to be calculated and provided in the Monthly Performance Measurements Report. Monthly Turnover Rate is to be calculated by dividing the total number of Turnover headcount in a given month by the same month’s total headhunt of Supplier’s Personnel including sub tiers. The cumulative Turnover Rate is to be calculated by dividing total year-to-date Turnover headhunt by the total headcount of Supplier’s Personnel, including sub-tiers. Suppliers should maintain a Turnover equal to or less than 7.0% cumulative and equal to or less than 1% every month. The turnover is calculated after the warranty period.

(b) Bypasses: Supplier will make all reasonable efforts to ensure that there are no Bypasses. Bypasses will be measured monthly.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

(c) Process Improvements: Process improvements implemented, supported or suggested by Supplier are a performance measurement criterion, and will be reflected in the SPR by measuring Buyer’s perception of the Supplier's willingness to implement, participate in, or initiate process improvements.

4. 7.3 Performance Against Commitments:

The following measurements will be used to determine the degree to which Supplier consistently meets its commitments to: supply high quality skills; provide timely and accurate delivery (to include meeting the Reports requirements of this Agreement); and maintain Client satisfaction of at least 80%.

(a) Resume Response: The supplier is expected to maintain a 100% quality standard for this category. A response is a minimum of 1 and a maximum of 3 resumes per opening received by the due date specified on the Resource Request Form by the requester.

(b) Resumes Submission Quality: The minimum quality standard for this criterion is 75%. This is measured by dividing the number resumes that match the requirements detailed in the RRF by the total number of resumes submitted in response to Buyer’s Resource Request Forms (RRF).

(c) Resumes Withdrawn: No resumes which are submitted in response to Buyer’s Resource Request Forms wo (RRF) are to be withdrawn during the first 14 days. Supplier is required to give advance notice to the buyer if a resume submitted is being withdrawn after 14 days.

(d) Strike Rate: The supplier is expected to maintain a 50% strike rate. Strike rate is calculated by dividing the number of resumes selected by the buyer by the total number of resumes submitted for interview.

(e) No Shows: A No Show is a resource who failed to join after being selected. There should be no No Shows.

(f) Rate Compliance: Suppliers are expected to maintain 100% rate compliance. Rate compliance is measured by the total number of instances where the suppliers response is not in accordance with the rate classification as detailed in the Buyer’s Resource Request Form

(g) Blocked Invoices: Supplier will ensure a minimum quality standard of no more than 2% of total invoices submitted each month that are unable to be paid by Buyer due to price discrepancies.

(h) Reports: As of the Effective Date, Buyer has determined a set of periodic measurements and reports to be issued by Supplier to Buyer, which shall include the reports set forth through this Section #4.0. Supplier shall participate and provide complete and accurate input on a timely basis as requested by Buyer. Failure to provide complete, accurate, and timely input will adversely affect Supplier’s SPE rating.

4. 7.4 Benchmarking Report:

Supplier will demonstrate its adherence to the Section in the Agreement entitled Pricing by providing a benchmarking report, semi-annually (as part of the second and fourth quarter Performance Reports). The Benchmarking Report will compare Supplier’s direct costs (wages and employee benefits) and operating costs (management expense, selling expense, recruiting expense, G&A, etc.), measured as a percent of revenue, with the direct costs and operating costs of others in the industry, or other criteria as may be mutually agreed upon by the parties.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

5.0 Scope of Work

This section describes the scope of services to be performed by Supplier under this MSOW.

Under this MSOW, Supplier will provide technical services to Buyer AS (Application Service) business line. Buyer has the sole discretion to define AS business line scope that Buyer requires Supplier to provide under this MSOW. AS business line scope may include but not limited to, Software/Application development services, Infrastructure and Maintenance Services and/ or such other activities as may be defined by Buyer to Supplier in the relevant PSOW and/ or WA.

Supplier will also provide to Buyer the Deliverables and Services described below.

DESCRIPTION OF DEVELOPED WORKS AND RELATED DELIVERABLES AND SERVICES

The Services and Deliverables that may be required to be provided under this Agreement, either on Supplier's, Buyer's or Buyer's Customer's premises as specified in a WA, are comprehensive technical services. Accordingly, Supplier will provide a full range of technical personnel who possess Skills, for the following Skills References listed in Appendix No. 1.

Developed Works:

Supplier agrees that all Deliverables, code or materials provided as part of the Services are Developed Works.

5.1 Project Statement of Work

For each service agreement, Supplier and Buyer agree that a PSOW may be signed if needed. Supplier and Buyer will perform all their respective obligations in the areas specified in this MSOW. The PSOW will set out relevant details for the services, as applicable.

5.2 Services

5.2.1 Provision of Services

(a) Commencing on the Effective Date, Supplier shall provide the following Services and perform the following functions and responsibilities, each as they may evolve during the Term and as they may be supplemented, modified enhanced or replaced from time to time:

(i) The services, functions and responsibilities described in this MSOW;

(ii) The services, functions and responsibilities that are of a nature and type that would ordinarily be performed by the Supplier, even if such services, functions and responsibilities are not specifically described in this MSOW;

The comprehensive technical services that may be required to be provided under this SOW, either on Supplier's, Buyer's or Buyer's Customer's premises as specified in a PSOW. Accordingly, Supplier will provide a full range of technical personnel, in accordance with the Skill Classifications detailed in Annexure C.

(iii) Any services, functions, or responsibilities not specifically described in this MSOW that are required for the proper performance and provision of the Services (Such services, functions and responsibilities described in this Section 5.4.1 (a), collectively the "Services").

(b) The Services will be performed by Supplier as necessary to meet Buyer’s business needs using generally acknowledged technological advancements and improvements in the methods of delivering the Services.

(c) Supplier and Supplier's subcontractors shall be obligated to abide by, and comply with Buyer's then-current standards, policies and procedures. Such obligations currently include the obligation to refrain

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

from engaging in any concurrent employment that creates a conflict of interest or interferes with the provision of Services to Buyer. Supplier agrees to advise its employees and subcontractors performing Supplier obligations hereunder, of their responsibilities under this SOW.

(d) Buyer will receive priority above all other Supplier’s customers in providing the Services in the event such other customers require like Services in like markets during the same time periods.

5.2.2. Recipients of the Services

Supplier shall provide the Services to Buyer and its Affiliates to the extent necessary, and upon request by Buyer, to any Customers of Buyer and/or Client ((Buyer and each such recipient of Services described above as "Recipient"). Buyer shall be responsible for paying the charges for Services provided to Recipients to the same extent as if the Services were provided only to Buyer. To the extent Services are characterized in this SOW as to be provided to Buyer, those references will be deemed to include the provision of such Services to other Recipients as requested by Buyer.

5.3 Type of Services

Supplier will provide the fixed price Services and/or Time and Material Services at its best efforts basis upon Buyer’s requests. Buyer will indicate specifically requests with other necessary provisions expressly in the applicable PSOW or WAs.

5.3.1 Fixed Price Services

5.3.1.1

Scope of Work

Detailed in individual PSOWs

5.3.1.2 Roles and Responsibilities

Detailed in individual PSOWs

5.3.1.3 Acceptance Criteria

Detailed in individual PSOWs

6.0 Facilities

This section describes the requirements and responsibilities of Supplier related to the DC site, as appropriate , Buyer’s site, and Buyer’s Customer site. This section also covers Buyer’s responsibilities related to Buyer site.

In case Supplier will utilize space at the DC site for a project with another entity, Supplier will provide Buyer with 30 days written notice, which notice includes the name of the entity and a non-confidential description of the services.

Buyer and Supplier will work together to secure Delivery Center site facilities that align to Buyer's growth plans and negotiate lease terms and conditions that will provide operational flexibility for the Delivery Center and Buyer. Supplier will seek to assign Delivery Center site lease to wholly-owned subsidiary Delivery Company once the Delivery Company is established

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

6.1 DC Site

This section identifies the requirements that Supplier must meet to obtain Buyer approval to perform work at the DC.

Supplier will provide the use of the space in Supplier’s premises that is utilized by Buyer Project Staff together with office furnishings, telephone equipment and services, janitorial services, utilities and office-related equipment and duplicating services reasonably required in connection, as needed per SOW. Any shared services like bus conveyance to DC location, provided to Supplier’s will also be made available to Buyer project staff working at DC at the same terms and conditions that will be applicable to supplier’s employees

6.1.1 General Requirements

Where Supplier co-locates Buyer and non-Buyer projects in the same facility, Supplier will ensure, and Buyer may verify, that Supplier adheres to all requirements of this MSOW and the relevant PSOW, including security and confidentiality requirements.

Building security and workstation security

Safety and electrical requirements

Workstation and space

Buyer will conduct a site visit to determine the readiness of the facility selected by the Supplier. Buyer will produce a report stating the results of their finding and will provide these results to the Supplier. The evaluation will utilize the following checklist:

Site readiness

Workplace requirements

Buyer Well-being requirements

Security

6.1.2. Training

Buyer may from time to time request training services from Supplier for Buyer and / or Customer staff. These services will be requested in a separate PSOW. Supplier will utilize its own training facilities located at its DC or other Supplier specified locations to deliver this training. This training will be charged on a per head basis for the quantity of training delivered under the defined PSOW

For the Suppliers Key personnel or project staff providing to Buyers in DC, basic training shall be completed before being accepted into DC.

The content of the basic training shall be defined and agreed by Supplier’s and Buyer’s Program Managers during transition period. Buyer will not pay for resource cost before they are officially accepted into the DC pool as formal resource.

6.1.3. Buyer Resources Provided to Supplier

Supplier and/or Buyer may decide that to deliver services as defined in a particular PSOW that Buyer resources need to be co-located with Supplier Resources in the DC site. These resources will be known as “Buyer Seconded Resources”.

In the event of such an agreement, Supplier will provide office space, technology infrastructure and facilities for the hotelling of these Buyer Seconded Resources at the DC. The exact nature and costs will be agreed in each PSOW.

The costs for providing these services for Buyer Seconded Resources will be billed on a monthly basis to Buyer.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

6.1.5. Exceptions

Supplier will adhere to all requirements prior to beginning work under any PSOW. If any non-conformances exist, Supplier will rectify those areas identified during the audit by Buyer’s PM.

6.2 Buyer Site and Buyer’s Customer Site

In the event that work for a particular PSOW is to be performed from Buyer’s site, Buyer shall provide at Buyer’s expense, the use of the space in Buyer s premises that is utilized by Supplier Project Staff together with office furnishings, telephone equipment and services, janitorial services, utilities and office-related equipment and duplicating services reasonably required in connection with the performance of the Managed Services as per Staff augmentation contract as needed per specific PSOW.

6.2.1 On Premises Guidelines

These Guidelines shall apply to work performed on either Buyer’s or Buyer’s Customer’s sites.

(a) Access to Premises: Supplier will ensure that when Supplier's Personnel are assigned to work on Buyer's or Buyer's Customer's premises, Supplier will: (i) maintain a current and complete list of the person’s names and ID numbers; (ii) obtain for each person a valid identification badge from Buyer and ensure that it is displayed to gain access to and while on those premises (it is Buyer's policy to deactivate any such badge if not used for one month); (iii) Maintain signed acknowledgement, dated prior to the start of an engagement, that each person will comply with Buyer's Safety & Security Guidelines including search guidelines; (iv) ensure that each person with regular access to Buyer's premises registers their vehicles with Buyer and complies with all parking restrictions; (v) inform Buyer in advance if a former employee of Buyer will be assigned to work under this SOW, such assignment being subject to Buyer approval; (vi) at Buyer's request, for any reason that is not unlawful, remove a person from those premises and not reassign such person to work on those premises (Buyer is not required to provide a reason for such request); and (vii) notify Buyer immediately upon completion or termination of any assignment and return Buyer’s identification badge.

(b) General Business Activity Restrictions: Supplier will ensure that Supplier’s Personnel assigned to work on Buyer’s or Buyer's Customer's premises: (i) will not conduct any non-Buyer related business activities (such as interviews, hiring, dismissal, or personal and personnel solicitations) on those premises; (ii) will not conduct Supplier's Personnel training on those premises, except for on-the-job training; (iii) will not attempt to participate in Buyer’s benefit plans or activities; (iv) will not send or receive non-Buyer related mail through Buyer's mail systems; and (v) will not sell, advertise or market any products or distribute printed, written or graphic materials on Buyer's premises without Buyer's written permission.

(c) Safety and Security: Supplier will ensure that Supplier’s Personnel assigned to work on Buyer’s or Buyer’s Customer’s premises: (i) do not bring weapons of any kind onto those premises; (ii) do not manufacture, sell, distribute, possess, use or be under the influence of controlled substances (for non-medical reasons) or alcoholic beverages while on those premises; (iii) do not have in their possession hazardous materials of any kind on those premises without Buyer's authorization; (iv) acknowledge that all persons, property, and vehicles entering or leaving those premises are subject to search; and (v) remain in authorized areas only (limited to the work locations, cafeterias, rest rooms and, in the event of a medical emergency, Buyer's medical facilities). Supplier will promptly notify Buyer of any accident or security incidents involving loss of or misuse or damage to Buyer's intellectual or physical assets; physical altercations; assaults; or harassment and provide Buyer with a copy of any accident or incident report involving the above. Supplier must coordinate with Buyer access to Buyer’s premises during non-regular working hours.

(d) Asset Control: In the event Supplier’s Personnel have access to information, information assets, supplies or other property, including property owned by third parties but provided to Supplier’s Personnel by Buyer ("Buyer Assets"), Supplier’s Personnel: (i) will not remove Buyer or Buyer's Customer's Assets from Buyer's or Buyer’s

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Customer’s premises without Buyer's authorization; (ii) will use such Assets only for purposes of this SOW and reimburse Buyer for any unauthorized use; (iii) will only connect with, interact with or use programs, tools or routines that Buyer agrees are needed to provide Services; (iv) will not share or disclose user identifiers, passwords, cipher keys or computer dial port telephone numbers; and (v) in the event the Buyer Assets are confidential, will not copy, disclose or leave such assets unsecured or unattended. Buyer may periodically audit Supplier's data residing on Buyer's assets.

7.0 Hardware and Software

This section describes the requirements and responsibilities for both Buyer and Supplier related to hardware and software requirements at the DC. Buyer and Supplier will periodically review hardware and software provided under respective responsibilities on an annual basis as minimum. Such review will be conducted by reflecting upon then current business requirements of Buyer to keep such hardware and software versions updated to customary and prevailing minimum levels. In case additional software and/or hardware are required per Buyer customers’ requirements, such additional requirements and costs will be defined, negotiated, and determined in PSOWs.

7.1 Supplier Responsibilities

7.1.1. Hardware

Supplier will provide each employee with the following hardware configurations, unless otherwise stated in the applicable PSOW.

7.1.1.1 PC Model and configuration

1. Brand: IBM brand manufactured by Lenovo.

2. Desktop or ThinkPad, detailed configuration/model in accordance with project requirement.

3. Software: License of Windows XP Professional, or any other specific requirement from Buyer.

7.1.1.2 Software

Supplier will provide the following IBM software at Buyer’s expense and Non-IBM Software at Supplier’s expense on each desktop and ThinkPad laptop configuration:

IBM software:

Lotus Notes as needed base (refer to PSOW)

Rational Tool as needed base (refer to PSOW)

Non-IBM Software:

·	As specified in the the PSOW

(*) Only Supplier’s project managers, project leads and project administrators need.

7.2 Buyer Responsibilities

7.2.1 Software

Buyer will provide Supplier with any project specific software products that are dictated by the adoption of processes as determined under Section 4.3. This is subject to individual tailoring as part of the PSOW.

The above information is for reference, these are subject to customization for individual projects, and details of the same will be document as part PSOW for every individual Project.

8.0 Staffing

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

8.1 Staff

Supplier shall appoint for the Delivery Center personnel with suitable training and skills to perform the Services (such personnel herein after called as “DC Staff”), as defined in SOW. Supplier shall provide Buyer with a list of all additions or deletions to the DC Staff pool, as they occur, the status of the DC Staff is full-time and the total number of individuals comprising the DC Staff pool. Supplier shall notify Buyer as soon as possible after assigning, dismissing or reassigning any DC Staff whose normal work location is at DC or Buyer specified location

All the changes to the list of the supplier DC staff need to acquire Buyers’ Operation Manager’s agreement.

8.1.1. Services Warranty Period

As specified per SOW, supplier will provide a 30-working day warranty on Services. In the event Supplier’s Personnel ceases performing under a SOW within the first 30 working days for any reason other than Buyer's termination without cause, Buyer will not be billed for Services performed within such 30 working day period. In addition, replacement Supplier’s Personnel (following a Supplier’s Personnel who left during the first 30 working days) will be non-billable during the period for which it takes them to become proficient as a replacement, up to 30 additional working days.

8.1.2 Key Personnel

The Parties agree Buyer will select and designate Key Personnel in the Delivery Center and Supplier is obligated to commit a minimum of [80] % of Delivery Center Project Staff by Customer Account as Key Personnel. There will be minimum of at least [50%] Key Personnel per PSOW. The Parties agree as follows:

1. Supplier shall not: replace, reassign or otherwise remove any Key Personnel with respect to any employee or contractor designated as a Key Personnel unless (a) Buyer consents to such, replacement, reassignment or removal or (b) such Key Personnel (i) voluntarily resigns from Supplier or the applicable subcontractor, (ii) is dismissed by Supplier for Cause, (iii) fails to perform his or her duties and responsibilities pursuant to this Agreement or (iv) dies or is unable to work due to his or her disability. Such consent by Buyer shall not be unreasonable withheld.

2. In the event a Key Personnel is terminated, replaced, reassigned or otherwise removed for any reason. Supplier shall, subject to paragraph (4) of this subsection promptly designate an individual as a replacement for such Key Personnel (each replacement individual, also a Key Personnel).

3. Before designating an individual as a Key Personnel, whether as an initial designation or as a replacement. Supplier shall (a) recommend to Buyer the proposed designation, (b) introduce the individual to appropriate representatives of Buyer and Customer, and (c) provide Buyer with the name of the position or title and a description of the job responsibility of such individual, in accordance with Supplier’s standard employment policies.

4. In the event of a need for rotation or replacement of Key Personnel, Supplier shall ensure that a procedure is in place for identifying backup and replacement Key Personnel. Supplier shall make such procedures available to Buyer on request.

5. In the event that the Project Staff is reduced such that the Key Personnel exceed 90 percent of the then-current Project Staff, upon Supplier’s request, Supplier may reduce the number of Key Personnel to no less than [80] percent of the then-current Project Staff, provided, that prior to any individuals no longer being designated as Key Personnel, Supplier shall (a) notify Buyer of the individuals proposed to be no longer so designated, (b) provide Buyer with the names of the positions or titles and descriptions of the job responsibilities of such individuals, in accordance with Supplier’s standard employment policies and (c) obtain Buyer’s approval,

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

provided that Buyer will cooperate with Supplier to reduce the number of Key Personnel to [80] percent of the Project Staff.

6. In the event that the Project Staff increases such that the Key Personnel are less than 80 percent of the then-current Project Staff, Supplier and Buyer shall designate additional members of the Project Staff as "key" in accordance with paragraph (4) of this subsection, such that the Key Personnel comprise at least 80 percent of the then-current Project Staff.

8.2 Staffing Baseline

When Supplier responds to a demand Statement and Buyer and Supplier agree to proceed with the issuance of a PSOW, a monthly staffing baseline will be set for the duration of the PSOW. The Staffing Baseline will include:

·	The expected number of resources including Key resources Supplier is expected to have on the project

·	The Scope of Work expected to be performed, e.g., maintenance, production support, enhancements. The mechanism for additions and reductions of the monthly baseline will be defined within each PSOW.

The staffing requirements and levels will be reviewed monthly for the succeeding month, and on a quarterly basis, the yearly baseline will be generated.

8.3 Termination of the MSOW, a PSOW and/or a Purchase Order

Buyer may, upon written notice to Supplier, terminate the MSOW, a PSOW and/or a Purchase Order:

1. with Cause effective immediately; or

2. without Cause effective immediately or as otherwise specified in such notice.

3. Buyer reserves the right to terminate a PO’s issued without cause by giving the Supplier written notice of 5 working days in advance or payment of 40 hrs or 5 days which is applicable in lieu thereof.

8.3.1 Without Cause

Upon termination without Cause, in accordance with the direction by Buyer’s advance notice (for termination of the MSOW, 60-day advance notice is required and for the termination of a PSOW and a PO, written notice of 5 working days in advance in needed) in writing, As appropriate, Supplier will immediately:

1. start transition of work to Buyer;

2. prepare and submit to Buyer an itemization of all completed and partially completed Deliverables and Services;

3. deliver upon request any work in process. Buyer will compensate Supplier for the actual and reasonable expenses incurred by Supplier for work in process up to and including the date of termination, provided such expenses do not exceed the Prices.

4. deliver to Buyer Deliverables satisfactorily completed up to the date of termination at the agreed upon Prices in the MSOW, the relevant PSOW and the relevant Purchase Order.

Buyer may terminate the MSOW, a PSOW and/or a Purchase Order without any penalty or other liability to Supplier upon written notice to Supplier.

Where Buyer terminates a PSOW without Cause, Supplier Personnel headcount ramp down will take place at a rate of 25% of the then current project staff starting from the notice date so as to complete the ramp down within 4 months as guideline. Each month Buyer shall pay to Supplier the services charges for Supplier resources who remain. Should the termination require immediate cessation of all services, subject to the notice period above, Buyer shall pay to Supplier the aggregate of the labor costs according to the ramp down plan described above. However, the actual execution of ramp down % and duration in each project will be subject to Buyers’ plan.

Buyer may offer to hire Supplier Personnel without any additional charges to Buyer, piror to Buyer approaching Supplier’s personnel , with the consent in writing from Supplier not to be unreasonably withheld.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

8.3.2 With Cause

Upon termination with Cause, in accordance with Buyer’s written direction, Supplier will immediately:

1. start transition of work to Buyer;

2. prepare and submit to Buyer an itemization of all completed and partially completed Deliverables and Services;

3. deliver upon request any work in process.

4. deliver to Buyer Deliverables satisfactorily completed up to the date of termination at the agreed upon Prices in the MSOW, relevant PSOW and the relevant Purchase Order.

Where Buyer terminates a PSOW and/or a Purchase Order with Cause as provided in Section 15.2 of Base Agreement, then Buyer will not be liable for any termination charges, costs or penalties. In order to facilitate the transition of the projects from Supplier to Buyer, without any additional cost to Buyer, Supplier will maintain the Delivery Company ties for a four month period. During this period, Supplier will not be allowed to ramp down their personnel at a rate more than [25]% (per month) of the project staff at the time of notice. Supplier will not be liable for any costs for such transition.

Conditions for non-solicitation of employees between Supplier and Buyer are defined in BA and in Section 11.5.2 of MSOW. Supplier will give Buyer reasonable access to Supplier Personnel to facilitate Buyer making offers.

8.4 Subcontractors

Supplier will not subcontract any of its work under this Agreement to any third party or Affiliate without Buyer's written consent. For any subcontractor Supplier proposes, Supplier will conduct all reviews and complete and submit any documentation as requested by Buyer to evaluate the subcontractor. For any subcontractor approved by Buyer, Supplier will also conduct reviews and complete and submit documentation as requested by Buyer on an annual basis to reevaluate the subcontractor. Buyer has no obligation to approve any subcontractor. Under no circumstances will Supplier permit any subcontractor that has been approved by Buyer to subcontract further. Upon Buyer's request, Supplier will immediately stop using a subcontractor that Buyer has previously approved.

In no event does this clause relieve Supplier of meeting its obligations under the MSOW or relevant PSOW(s).

a) Supplier shall require any third-party vendor chosen to provide products or deliver services as a subcontractor, to adhere to the standards, policies and procedures in effect at the time, whether such standards, policies and procedures pertain to Buyer or Supplier. Supplier shall not insert into any subcontract any provision, the effect of which would be to limit the ability of a subcontractor to contract directly with Buyer. In addition, Supplier shall use commercially reasonable efforts to have the prospective subcontractor agree to waive or forego any rights under agreements with the subcontractor's personnel that might restrict the ability of Buyer or its Customers to recruit or hire such personnel. If Supplier is not able to cause a proposed Supplier subcontractor to so waive such rights, Supplier shall notify Buyer of its inability to cause such waiver and shall not enter into such subcontract without the prior written consent of Buyer.

b) Supplier shall remain responsible for all obligations performed by subcontractors to the same extent as if such obligations were performed by Supplier, and for purposes of this MSOW, such work shall be deemed work performed by Supplier. Supplier shall be Buyer's sole point of contact regarding the Services, including with respect to payment. Supplier shall not disclose Buyer Confidential Information to a subcontractor unless and until such subcontractor has agreed, in writing, to protect the confidentiality of Confidential Information through an appropriate nondisclosure agreement that contains terms substantially consistent with this MSOW, and then only to the extent necessary for the subcontractor to perform Services.

c) To the extent subcontractors, agents, representatives and other entities perform Services, or otherwise provide support to Supplier related to the Services, Supplier shall cause such entities to comply with the obligations and restrictions applicable to Supplier under this MSOW. Without limiting the generality of the foregoing, Supplier shall include in all of its subcontracts, as flow down provisions, without limiting, provisions substantially similar to those provisions of this MSOW relating to (i) intellectual

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

property/proprietary rights, (ii) performance standards, (iii) audit rights, (iv) confidentiality, and (v) representations and warranties. Supplier's subcontractors may not assign or transfer their obligations under this MSOW without Buyer's consent.

d) Except as otherwise expressly provided in this MSOW, Buyer shall have no responsibility for any termination charges or cancellation fees charged to Supplier by any third party, including Supplier’s subcontractors and Buyer’s Affiliates, that are applicable to third party service contracts or any other contract then used to provide the Services, as a result of any withdrawal or cessation of Services authorized under this MSOW.

8.5 Staff Rotation

If per PSOW Supplier is responsible to deliver a project. Supplier can have a policy of rotating resources including Key Personnel out of the DC on completion of 18-month on a project. A rotation plan will be drawn up by Supplier every 3 months and consent of Buyer obtained. The roll-off of resources from a project will be planned and tracked.

If Supplier wishes to re-assign a member of the Project, before 18 months on a project, prior written consent of Buyer would be obtained and Buyer would respond to such request within 10 business days. All rotation costs and transition of Supplier resources are to be born by Supplier. However, Buyer has right to request for staff rotation at any point of time during the project duration upon mutual agreement.

In the event of an End customer contract requiring retention of resources for a longer period of time, Buyer has the right to deny approval for rotation on completion of 18 months on a project.

8.6 Work Hours

Specific Customer requirements will be defined within the PSOW.

8.7 Workforce Management

The following table explains the standards for evaluation of resources working within DC. Specific Customer requirements will be defined within the PSOW.

1	Low Performance	Buyer can request replacement of a low performing resource. The cost of replacement is born by Supplier. The Cost of Replacement includes but not limited to · Travel cost · Lease Breakage for onsite resources Shadowing / Project transition Period to be mutually agreed based on the Role/Responsibility not exceeding 4 weeks
2	Turnover Backfills	Cost of turnover back-fill at DC locations or onsite will be born by Supplier Replacement must be done with in 5 work days at their Place/location of work as per SOW.
3	Resource Confirmation	All Resources will be reveiwed and confirmed/approved by Buyer. Billing will be done only with a valid PSOW or PO Billing Start Date. The Buyer will be billed for the resource on the position from the start date that was recorded in PSOW and/or WA at the time of the

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

		resource confirmation. However Supplier will bill the resource only on completion of knowledge transfer wherever applicable, based on confirmation from Buyer PM, with confirmed billing date. Re-scheduling Start Date If the start date is re-scheduled after resource confirmation, Buyer will inform the revised start date to the Supplier. Supplier will only bill at the end of transition date. Buyer and Supplier will mutually agree whether a confirmed resource should be released and therefore unconfirmed, if the reschedule start date is more than 4 weeks from original date. Cancelling Confirmed Request In the event the resource request is cancelled after confirmation, Supplier will bill Buyer for a maximum of 10 business days or until the resource is redeployed whichever is earlier. In the event the confirmed resource has incurred any specific cost (travel, training etc) as per the PSOW the costs will be billed to Buyer.
4	Reserved Resources	Supplier is expected to keep a reserved pool of resources to make sure that there is no disruption to the DC resource pool or Project due to turnover/absence/unexpected events where a performing employee abstains from work.
5	Customer Holidays	Buyer is obligated to inform Supplier of Customer holidays that effect both onsite and DC work schedules in advance of the contract signing or as soon as these are known to .Buyer. Buyer and Supplier will work together to accommodate these Customer holidays into the work schedule by mutual agreement.

9.0 Charges

The PSOW will set out the basis of the charges. The parties may agree to change the cost basis as a Project progresses. The cost does not include any special infrastructure (dedicated link, dedicated LAN, Cell Phones, VPN connectivity & usage charges provided onsite) or tools. Charges for the services to be performed are estimated in RMB, and paid in RMB.

Depending on Supplier’s ability to meet its obligations and the business need, Supplier and Buyer intend to work on various Projects during the term of this MSOW. Supplier’s prices will reflect its ability to recover costs over a longer-term relationship and the need to be competitive. Supplier’s prices will be no higher than the prices in the Annexure B – Rate Table.

Unless the requirements of the Project lead Supplier to incur more cost than anticipated in the Base Agreement. Supplier’s price shall have factored in the following cost breakdown items:

No	Cost Item
1.	Average Salary
2.	Average Bonus
3.	Hiring
4.	Training
5.	IT services
6.	Workplace Cost
7.	Occupancy and General services

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

8.	Back-office
9.	Minus Marketing/sales Expense
10.	Taxes
11.	Others

·	Office cost includes transportation cost, T&L, office consumable material, and communication cost.

·	Occupancy and Gen Services include renting, building administration, furniture depreciation, and air condition cost.

10.0 Billing and Payments

10.1 Payments

All billing inputs will be based on monthly billing sheets that Supplier Operations Manager will provide to Buyer Operations Manager. It will be the responsibility of Supplier to ensure that labor hours are accurate and correct.

Supplier Operations Manager will submit the invoice at the end of the Claim month for actual services performed, after the timesheets have been approved by Buyer. Claim month commences from the Monday before the last

Wednesday of the previous month, or later if the project started at a later date till the Friday immediately preceding the last Wednesday of the current month.

All invoices should be submitted along with the necessary supporting information to Buyer’s Accounts Payables Department.. The payment shall be made with Payment Term of 60 days from the date of receipt of a valid invoice from the Supplier.

Supplier shall provide a copy of the invoice with all supporting documents to Buyer Operations Manager

Invoices for the services rendered should be raised in the same currency as per the Purchase Order released from time to time. Invoices raised in a currency, which is different to the currency mentioned in the Purchase Order, will not be processed for payments.

10.2 Invoicing

(a) Supplier shall invoice Buyer once per month per PO, by means of an electronic file, for all amounts due under this MSOW no later than the 10th workday of each month.

(b) Invoices to Buyer must include the following:

 PO Number

 Applicable PO line Item Numbers

 Terms of Payment as stated below

 Exact Billing Period Dates

 Name & Skill Classification of Supplier’s Personnel performing invoiced Services

 Number of Months Supplier’s Personnel performing invoiced services

 Applicable Bill Rates

 Other Authorized Costs (e.g., business travel)

 Total Amount Invoiced

 Other Required Data, if any.

(c) To the extent a refund, credit or other rebate may be due Buyer (either for goods or services paid for by Buyer or otherwise pursuant to this MSOW), Supplier shall provide Buyer with an appropriate credit against amounts then due and owing on the invoice following the month in which the credit is determined to be owed; if no further payments are due to Supplier, Supplier shall pay such amounts to Buyer within sixty (60) calendar days.

(d) Supplier will not get paid for resources starting to work without PO issued by Buyer.

10.3 Visa Expense Reimbursements

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Buyer would reimburse the visa fees associated with obtaining business visa (for short term travel), Supplier should provide the copy of valid invoice to Buyer for process..

10.4 Expense Reimbursements

Expense reimbursements in addition to those mentioned in this section and will be reimbursed as per standard Buyer or Buyer Affiliated Company’s policies, Supplier shall provide copy of valid invoice to Buyer for process. All such travel shall be with prior approval of concerned Project Manager and First Line Manager and in line with the Purchase Order issued for the same. The reimbursement shall be against production of invoice accompanied by all supporting documents such as original Bills / ticket jackets. No other charges / fees will be paid apart from the ones mentioned in the Purchase Order.

10.5 Payment Term

Invoices are due and payable net 60 days from receipt of an acceptable invoice provided

10.6 Accountability

(a) Supplier shall maintain complete and accurate records of, and supporting documentation for, all amounts chargeable to, and payments made by, Buyer under this MSOW, in accordance with generally accepted accounting principles applied on a consistent basis, and shall retain such records in accordance with Buyer's records retention policy as this policy may be adjusted from time to time.

(b) Supplier agrees to provide Buyer with documentation and other information with respect to each invoice as may be reasonably requested by Buyer to verify that Supplier’s charges are accurate, correct, and valid in accordance with the provisions of this MSOW. To the extent that Supplier fails to provide such documentation or other information requested by Buyer and Buyer so notifies Supplier of such failure, the due date for payment of the related charge shall be tolled until Supplier provides such documentation or other information.

10.7 Taxes and Duties

The rates are inclusive of all taxes including business tax. All taxes, duties or fees of any nature whatsoever levied by any Government or local authority in China on or pertaining to the work to be performed or materials supplied under this Agreement are to be born and paid by Supplier unless agreed otherwise in the PO. Provided however that Buyer shall withhold any taxes leviable on the payments to be received by Supplier from Buyer for the work performed by Supplier hereunder according to the applicable tax laws and regulations.

11.0 Other Terms & Conditions

11.1 List of Deliverables

Documents	Mode of Delivery	To Whom
DC Master Transition Plan	One Soft copy by E- mail	Buyer Program Manager
High Level Risk Management Plan	One Soft copy by E- mail	Buyer Program Manager
Staffing Ramp up Plan	One Soft copy by E- mail	Buyer Program Manager
H/W, S/W requirement	One Soft copy by E- mail	Supplier Program Manager
Updated Staffing Plan	One Soft copy by E- mail	Buyer Operations Manager
Weekly Status Report	One Soft copy by E- mail	Buyer Operations Manager
Monthly Status Report	Monthly basis by E-mail	Buyer Operations Manager
Change Request (if any)	One soft copy by E-mail	Buyer Operations Manager

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

All the follow on management and tracking reports will be defined between Buyer’s and Supplier’s Program managers as see required

11.2 Completion Criteria

Supplier shall have fulfilled its obligation under this MSOW when any one of the following first occurs:

Supplier accomplishes all the tasks as described under “Supplier Responsibilities” in accordance with their completion criteria. The term of the MSOW has been reached. Supplier provides the number of hours or dollars of services to Buyer as specified in the agreed cost baseline for the Program. Buyer and Supplier mutually terminate the MSOW in accordance with the termination provisions of this MSOW.

11.3 Acceptance Criteria

With the exception of Status Reports (both weekly and monthly, as described in PSOW), each deliverable document item, as defined in Section 11.1, will be approved in accordance with the following procedure:

·	One (1) draft of the deliverable material will be submitted to Buyer Project Manager. It is Buyer Project Manager’s responsibility to make and distribute additional copies to any other reviewers.

Within five (5) business days Buyer Project Manager will either approve the deliverable Material or provide Supplier Project Manager a written list of requested changes, defects or non-complete work. If no response from Buyer Project Manager is received within five (5) business days then the deliverable material shall be deemed approved and Supplier will send the one (1) copy of the final version of the document.

If a written list of requested changes, defects or non-complete work is received within five (5) business days, Supplier Project Manager will make the agreed upon revisions and will, within five (5) business days, resubmit the updated final version to the Buyer Project Manager. When Supplier has completed the agreed upon changes, then document will be deemed accepted.

11.4 SLAs on Deliverables:

Sl. No.	Criteria	Planned Estimate / Comment
1	Turnover & No-shows	Should be less than Buyer standard or an industry average published by HR, whichever is lesser and will be revalidated every 6 months.
2	Key resource retention	Equal to or better than Supplier’s target for key resource retention across the company and to be validated every 6 months
3	Fulfillment	As per the monthly actual demand plan Supply qualified C&SI resources and get Buyer’s confirmation within 3 days after CSA request is created. Supply AMS resources with 70% fulfillment rate
4	Deliverables (as appropriate per PSOW)	Critical deliverables and work products for each project will be identified during the transition phase by Buyer PM and project SLAs will be evolved against which Supplier will have to comply.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

All computation of the penalties, except that associated with the key resource retention would be on a quarterly basis. Exceptions include any delay or failure to comply with these criteria due to any act beyond the control of Supplier, excluding labor disputes, provided Supplier notifies Buyer of actual occurrence of such exceptions immediately.

11.5 Hiring and Solicitation

11.5.1 Hiring of Supplier Employees

1.Buyer is entitled to hire no more than 300 head count under all WAs every two years during the contract period and any time during renewal term with 3 months' prior notice. Buyer may hire at any time but not more than 4 times every year. Buyer will not hire any resources under all WAs within 6 months from the latest onboarding date of such resource. If Buyer hires any resource within 3 months from his/her lastest onboarding date, Buyer will pay compensation to Supplier, and the amount of such compensation will equal to Monthly Base Salary of such resource provided by Buyer’s HR. Supplier is not allowed to prevent such hiring and do counter hiring or provide better offer to retain any resource.

2.Buyer, its Affiliates and/or Buyer’s supplier have the option to hire all resources under all WAs without any compensation to Supplier if the Base Agreement and/or the MSOW are early terminated by Supplier with or without cause. All resources under all WAs are eligible for hiring by Buyer. Supplier is not allowed to prevent such hiring and do counter hiring or provide better offer to retain any resource.

3. In any situation, Buyer or any Buyer affiliate shall not be precluded from hiring any employee of Supplier who

(i) initiates discussions regarding such employment without any direct or indirect solicitation by Buyer or any Buyer affiliate,

(ii) responds to any public advertisement placed by the Buyer or any Buyer affiliate in a publication of general circulation, or

(iii) has been terminated by Supplier prior to the commencement of employment discussion between the Buyer or any Buyer affiliate and such personnel.

4. The Supplier acknowledges and agrees that Buyer's remedies at law for breach of any of the provisions of this Section 11.5.1 would be inadequate and, in recognition of this fact, the Supplier agrees that, in the event of such breach, in addition to any remedies at law it may have, Buyer shall be entitled to obtain other remedy that may be available. The Supplier further acknowledges that should the Supplier violate any of the provisions of this Section, it will be difficult to determine the amount of damages resulting to Buyer or its Affiliates and that in addition to any other remedies Buyer may have, Buyer shall be entitled to attorneys’ fees.

11.5.2 Solicitation of Buyer’s Employees

Supplier shall not solicit, directly or indirectly, nor hire any exsiting employees of Buyer and its Affiliates or .the employees who quite from Buyer or its Affiates less than six (6) months.

11.6 Contract Changes

11.6.1. Cancellation Options

Withdrawal by any party to this document for any reason requires mutual agreement including addressing all financial considerations

11.6.2. Contract Changes

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Both parties agree that changes to this document and any PSOWs issued under this document, pursuant to any changes to the contract between Buyer and End customer, will be made in accordance with the Change Control Procedure; and all commitment to the End customer that in any way affect the performance under the contract will be the responsibility of Buyer.

11.6.3 Amendments

Project execution amendments to the document may be required. It will be the responsibility of the initiator of the amendment to obtain concurrence and agreement of the other organization affected prior to such amendment being written into the document.

12.0 Change Control Procedure

During the course of this MSOW, either party may request a change to this MSOW. A Project Change Request (PCR) will be the vehicle for communicating change. The PCR must describe the change; the rationale for the change and the effect the change will have on the Project. All such requests will be submitted in writing. Any change to a MSOW may result in a change in the Deliverable Items or Charges.

Depending on the extent and complexity of the requested change Supplier may charge for the effort required to analyze a requested change. In such instances, Supplier will notify Buyer in writing of the estimated cost of such analysis.

The changes will be in effect when both parties sign a written Change Authorization. The Change Authorization will modify and take precedence over any inconsistent terms of the applicable MSOW or any previous Change Authorization and will reflect as an amendment to this MSOW. The following provides a detailed process to follow if a change to this MSOW is required.

12.1 Investigation of Change Request

12.1.1. Part I Investigation of Change Request

a.	The designated Manager of the requesting party will review the proposed change and determine whether to submit the request to the other party.

b.	Both the Managers reviews the PCR and either reject it or authorize further investigation to estimate and price the effort. Such rejection or authorization will be documented on the PCR and signed by both parties.

If authorization for further investigation is granted, it will be assigned to the appropriate individual for estimation. Upon completion of this effort, the PCR will then be returned to the Managers for their review. If the investigation is authorized then both the Managers will sign the PCR, which will constitute approval for the investigation charges. The investigation will determine the effect that the implementation of the PCR will have on Scope, Schedule, and Resource requirements

d.	The results of the investigation will be documented, and the PCR will be provided to the Buyer Operations Manager for review and authorization for implementation.

12.1.2. Part II Change Implementation

a.	Once Buyer Operations manager approves the PCR, Buyer and Supplier Program Managers will review the PCR and either reject or approve it for implementation by having authorized representatives of both parties sign the PCR.

b.	Appropriate funding documentation must be issued prior to the implementation of any change.

c.	Both Supplier and Buyer Managers will review and provide implementation status and any related issues to the Delivery Manager(s) until the PCR is fully implemented and closed.

13.0 Transition Assistance

At the termination of a Transaction Document and/or upon termination of this Agreement, Supplier shall reasonably cooperate with Buyer to orderly, timely and efficiently transfer the Services to Buyer, Buyer’s

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Customer or the Customer’s replacement service provider, as applicable. Buyer shall have the option to continue purchasing Services from Supplier, for up to 12 months following termination, on the then current pricing, terms and conditions of this Agreement, including applicable Service Levels. Notwithstanding the foregoing, if this Agreement is terminated by Supplier due to Buyer's failure to timely pay fees for Services rendered, Buyer will first provide financial security and/or guarantees of performance that are reasonable and satisfactory to Supplier before Supplier continues to provide such Services.

14.0 Annual Renewal

1. Upon the expiration of the initial 4 year services contract, Buyer would have right to automatically annually renew the contract under substantially the same terms and conditions.

2. Upon the expiration of the initial 4 year services contract, Buyer shall have the right to transition Client work back to Buyer.

15.0 Agreement

Authorized Signatures/Approvers:

The parties acknowledge that they have read this MSOW, understand it and agree to be bound by its terms and conditions. Furthermore, the parties agree that the complete and exclusive statements of the agreement between the parties relating to the services described herein consist of (1) the Base Agreement, (2) this MSOW and (2) any applicable PSOWs and authorized PCRs signed by both parties.

Upon the effectiveness of this MSOW, Buyer has right to terminate TSA# 4908009099 and/or MSOW# 4908009104 and any PO thereunder. Buyer reserves the right to place a PO under this MSOW and Base Agreement with regard to any resource and Personnel under MSOW# 4908009104 and its PO, Supplier shall not reject such request and must accept the related POs.

16.0 Non Compete

Supplier agrees that during the term of this MSOW and for a period of eighteen (18) months following the termination of the Base Agreement and MSOW (such period shall be referred to hereinafter as the “Non-competition Period”), Supplier shall not disrupt or attempt to disrupt any past, present or prospective Customer relationship of Buyer or its Affiliates by competing with Buyer or its Affiliates in the field of SAP consulting services, including but not limited to any related application development, application maintenance, application implementation, application enhancement, application testing and production support services (the “Non-Compete Scope”) for any existing or future business opportunity from Buyer’s existing Customers that is either continual or relating to any Services that are provided by Supplier or the Delivery Company under this Agreement prior to the termination of the Base Agreement and MSOW. However, this Non-Compete undertakings does not restrict or prevent Supplier from competing with Buyer or its Affiliates for any existing customers of Supplier within the Non-Competition Period on the Non-Compete Scope provided that i) such competition can only exist prior to Supplier’s agreement to sign a PSOW with Buyer for the same customer on the same project; and ii) the burden of proof of such existing customer of Supplier shall be on Supplier.

Supplier further agrees that during the term of this MSOW, Supplier shall not:

Communicate directly with the Customer for whom Supplier is providing (directly or indirectly) Services and/or Deliverables under this SOW for the purpose of receiving instructions, obtaining clarification, or requesting further information regarding the Services provided by Supplier hereunder, without written consent from Buyer.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Solicit business substantially similar to the Services and/or Deliverables being provided by Supplier hereunder directly from the Customer for whom Supplier is providing (directly or indirectly) Services and/or Deliverables under this MSOW (including without limitation through bidding on a Customer’s RFP, RFI or RFQ as a prime contractor or as a subcontractor to another entity), without the prior written consent of Buyer.

Solicit business substantially similar to the Services and/or Deliverables being provided by Supplier hereunder directly from a Prospect (including without limitation through bidding on a Prospect’s RFP, RFI or RFQ as a prime contractor or as a subcontractor to another entity), without the prior written consent of Buyer;

Supplier further agrees that all information regarding the Services provided by Supplier hereunder, the Customers for whom such Services are provided (either directly by Supplier or indirectly) and the Bids, including but not limited to Customer opportunities, status of negotiations, pricing and Services proposed in the Bid, shall be kept confidential by Supplier in accordance with the terms and conditions of Procurement Agreement for the Exchange of Confidential Information #4906C21803 (signed between Supplier and IBM Solution & Services (SZ) Co., Ltd.) and #4910016449 (signed between Supplier and IBM Dalian Global Delivery Co Ltd.).

The term “Prospect” means an entity that issued an RFP, RFI, RFQ or similar document for which Buyer has submitted a bid as a prime contractor where either (a) Supplier has been indicated in such bid as a subcontractor to Buyer that will provide (directly or indirectly) Services and/or Deliverables to Prospect in the event the bid is awarded to Buyer or (b) Buyer and Supplier have agreed in writing that Supplier will provide the Services and/or Deliverables as a subcontractor to Buyer in the event the bid is awarded to Buyer, even though the Bid itself may not mention Supplier.

Note:

RFP refer to request for price or request for proposal

RFI refers request for information

RFQ refers to request for Quotation.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

The respective responsibilities of each organizational representative are hereby acknowledged and accepted by:

ACCEPTED AND AGREED TO:			ACCEPTED AND AGREED TO:
IBM Dalian Global Delivery Co Ltd.			Bejing Camelot Technology Co.,Ltd.
By:			By:
Buyer Signature		Date	Supplier Signature	Date


Printed Name			Printed Name

Title & Organization			Title & Organization


Buyer Address:			Supplier Address:
No. 269 Wu Yi Road, Dalian, P.R. China. 116023			11th FL Zhejiang Tower 26 North Ring 3 Road 100029

ACCEPTED AND AGREED TO:

IBM Solution & Services (SZ) Co., Ltd.
By:
Buyer Signature	Date


Printed Name

Title & Organization

Buyer Address: 6/F, Liming Building Keji Rd.1.S, South Area, Shenzhen Hi-tech Industrial Park, Nanshan District, Shenzhen P.R.C.518057

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Annexure A – Skills Definition

Skills Definition

A. Castle C&SI SAP Function Skill

a. Common skill: FI, CO, SD, MM, PP module

b. Niche skill: all other SAP function skill except Common skills

B. Castle AMS skills: any skills except SAP skills

C. Castle Non-domestic ABAP

D. Castle Domestic ABAP

AMS is short for Application Management Services.

C&SI is short for Consultant and System Integration

Common skill list will be reviewed and updated when needed in a yearly base.

Resources with common skill will apply to T(Traditional) module rate.

Resources with Niche skill will apply to N(New Dimension) Module rate.

Education：Bachelor or above for all resources

Language Capability: Fluent in reading & writing Eng or Jap

Service years: please refer to rate table.

Certification: SAP Certificate preferred for band 7 and above. Supplier will ensure 50% of C&SI resources with relevant Certification.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Annexure B –Rate Table

Castle C&SI SAP Function Skills
Castle Band	Year of Experience	T Module (RMB/Day)	T Module (RMB/Hour)	N Module (RMB/Day)	N Module (RMB/Hour)
Band 90 L1	0.5-1	371	46.4	371	46.4
Band 6 L	1-2	698	87.3	698	87.3
Band 6 H	2-3	1,378	172.3	1,724	215.5
Band 7	3-4	1,909	238.6	2,247	280.9
Band 8 L	4-5	2,264	283	2,609	326.1
Band 8 H	5-6	2,384	298	2,729	341.1
Band 9 L	6-7	2,816	352	3,160	395
Band 9 H	7-8	2,960	370	3,304	413
Band 10	8-10	3,585	448.1	3,598	449.8
Band 11	>10	4,137	517.1	4,061	507.6

Castle AMS Skills (include Oracle all skills, exclude SAP skills)
Castle Band	Year of Experience	Tier A Rate (RMB/Hour)	Tier B Rate (RMB/Hour)	Tier C Rate (RMB/Hour)
Band 90	0.5-1	43	32	28
Band 6 L	1-2	55	47	41
Band 6 H-1	2-3	68	62	52
Band 6 H-2	3-4	75	69	62
Band 7L	4-5	89	83	72
Band 7H	5-6	94	86	76
Band 8L	6-7	100	92	82
Band 8H	7-10	108	99	92
Band 9	>10	133	122	113

Castle Non-domestic SAP ABAP

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Castle Band	Year of Experience	Proposed Rate (RMB/Hour)
Band 90	0.5-1	69
Band 6 L	1-2	78
Band 6 H-1	2-3	85
Band 6 H-2	3-4	110
Band 7 L	4-5	136
Band 7 H	5-6	140
Band 8 L	6-7	150
Band 8 H	7-10	200
Band 9	>10	300

Castle Domestic SAP ABAP
Castle Band	Year of Experience	Proposed Rate (RMB/Day)	Proposed Rate (RMB/Hour)
Band 90	0.5-1	696	87
Band 6 L	1-2	936	117
Band 6 H-1	2-3	1,136	142
Band 6 H-2	3-4	1,256	157
Band 7 L	4-5	1,496	187
Band 7 H	5-6	1,536	192
Band 8	6-7	1,736	217
Band 9 L	7-10	2,016	252
Band 9 H	>10	3,176	397

Note:

1) Rate table is in RMB

2) For some special projects that supplier is not required to provide PC, PC cost should be excluded from above rates. PC cost is 2CNY/hr, 16CNY/day.

3) Above service rate includes business and other tax, with 60 days payment term. ALL related tax should be born by supplier.

4) Buyer will reimburse Supplier with hourly rate for Castle C&SI SAP Function Skills and Castle Domestic ABAP skill when working hours is less than 8 per day.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

5) Resource unit base annual days per year equals 249 days or 1992 hours per year.

6) Castle Band refers to years of relevant experience, not equal to IBM band.

7) One year experience in external SAP consulting is to be taken as full service year. One year in internal consulting is to be taken half year in count. SAP end-user experience is not taken in count.

Buyer may ask Supplier to provide 7×24 service. Buyer agrees to compensate Supplier according to IBM’s policy in case Buyer request Supplier to provide service in some special situations. IBM reserves the right to changes the policy from time to time.

Tier A City: 北京BJ、上海SH、广州GZ、深圳SZ、厦门XM、汕头ST、珠海ZH、重庆CQ、宁波NB、青岛QD、拉萨LS、昆明KM、海口HK

Tier B City: 大连 DL

Tier C City: Other cities except Tier A & B

Annexure C –JRSS List

Below JRSS is for reference purpose. If JRSS to be purchased by Buyer can’t be located in below list, the JRSS will follow its categorized Line Category’s price. Line category will be decided by Buyer.

Skill Reference for AS Castle

Line Category	Competency	JR#	SS#	Job Code	Skill Set
AMS	I&DM	40684	S0830	Application Developer	BI Reporting Tools
AMS	I&DM	40684	S1853	Application Developer	COGNOS
AMS	I&DM	41600	S0111	Data Specialist	ETL.DataStage
AMS	I&DM	41600	S0112	Data Specialist	ETL.Informatica
AMS	I&DM	40685	S0080	Database Administrator	DB2

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

AMS	I&DM	40685	S0253	Database Administrator	Oracle Database
AMS	I&DM	40632	S0153	Package Solution Consultant	Hyperion
AMS	I&DM	40684	S2827	Application Developer	FileNet
AMS	I&DM	41600	S0618	Data Specialist	Master Data Management
AMS	I&DM	40632	S3391	Package Solution Consultant	Cognos BPM
AMS	I&DM	40662	S0079	Information Architect	Database
AMS	I&DM	40684	S0060	Application Developer	Content Management
AMS	I&DM	40681	S0040	Business Analyst	Business Intelligence
AMS	I&DM	40684	S1854	Application Developer	BusinessObjects
AMS	I&DM	41600	S0078	Data Specialist	Data Modeling
AMS	I&DM	40685	S0450	Database Administrator	SQL
AMS	I&DM	40670	S0040	Project Manager	Business Intelligence
AMS	I&DM	40684	S0557	Application Developer	Adabas
AMS	I&DM	40684	S0450	Application Developer	SQL
AMS	LD	45010	S1030	Learning Developer	Content & Solutions Development
AMS	LD	45010	S1107	Learning Developer	Media Design
AMS	LD	45010	S1028	Learning Developer	Courseware Tools
AMS	LD	45010	S1031	Learning Developer	Instructional Design
AMS	LD	40707	S0190	Learning Consultant	Learning Strategy
AMS	MES/PLM	40661	S3004	Application Architect	Embedded Systems
AMS	MES/PLM	40684	S3004	Application Developer	Embedded Systems
AMS	MES/PLM	40661	S3499	Application Architect	Manufacturing Execution Systems (MES)
AMS	MES/PLM	40632	S2182	Package Solution Consultant	PLM Systems
AMS	MF, AS400, UNIX	40684	S0006	Application Developer	AIX/UNIX
AMS	MF, AS400, UNIX	40684	S0016	Application Developer	AS/400 IBM System i
AMS	MF, AS400, UNIX	40684	S0045	Application Developer	C
AMS	MF, AS400, UNIX	40684	S0074	Application Developer	C++
AMS	MF, AS400, UNIX	40684	S0054	Application Developer	COBOL
AMS	MF, AS400, UNIX	40684	S0181	Application Developer	JCL
AMS	MF, AS400, UNIX	40684	S0192	Application Developer	Linux
AMS	MF, AS400, UNIX	40684	S0233	Application Developer	MVS
AMS	MF, AS400, UNIX	40684	S0295	Application Developer	PL1
AMS	MF, AS400, UNIX	40684	S0561	Application Developer	RPG
AMS	MF, AS400, UNIX	40684	S0051	Application Developer	CICS

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

AMS	MF, AS400, UNIX	45022	S0006	Infrastructure Specialist	AIX/UNIX
AMS	MF, AS400, UNIX	40661	S0006	Application Architect	AIX/UNIX
AMS	MF, AS400, UNIX	40661	S1013	Application Architect	Custom Development.Legacy
AMS	MF, AS400, UNIX	45022	S0233	Infrastructure Specialist	MVS
AMS	MF, AS400, UNIX	40684	S0013	Application Developer	Assembler
AMS	MF, AS400, UNIX	40684	S0491	Application Developer	TSO/ISPF
AMS	MF, AS400, UNIX	40661	S0263	Application Architect	OS/400
AMS	MF, AS400, UNIX	45022	S0192	Infrastructure Specialist	Linux
AMS	MF, AS400, UNIX	40684	S0097	Application Developer	EDI
AMS	Test Services	41633	S0482	Test Specialist	Test Execution
AMS	Test Services	41633	S0483	Test Specialist	Test Planning
AMS	Web Development	40661	S0071	Application Architect	Custom Development
AMS	Web Development	40661	S0081	Application Architect	Digital Media
AMS	Web Development	40661	S0179	Application Architect	J2EE
AMS	Web Development	40661	S0180	Application Architect	Java
AMS	Web Development	40661	S0223	Application Architect	Microsoft
AMS	Web Development	40661	S0303	Application Architect	Portals.WebSphere
AMS	Web Development	40666	S0140	Application Consultant	GUI
AMS	Web Development	40684	S3469	Application Developer	C#.NET
AMS	Web Development	40684	S0179	Application Developer	J2EE
AMS	Web Development	40684	S3537	Application Developer	J2EE (Weblogic)
AMS	Web Development	40684	S0180	Application Developer	Java
AMS	Web Development	40684	S0200	Application Developer	Lotus Domino
AMS	Web Development	40684	S0201	Application Developer	Lotus Notes
AMS	Web Development	40684	S0302	Application Developer	Portals
AMS	Web Development	40684	S0303	Application Developer	Portals.WebSphere
AMS	Web Development	40684	S3538	Application Developer	VB.NET
AMS	Web Development	40684	S0497	Application Developer	Visual Basic
AMS	Web Development	40684	S0505	Application Developer	Web Technologies
AMS	Web Development	40684	S0508	Application Developer	WebSphere Commerce Suite
AMS	Web Development	40681	S0322	Business Analyst	Rational
AMS	Web Development	41917	S1552	Business Area Manager	Application Services
AMS	Web Development	42400	S0223	Technical Team Leader	Microsoft
AMS	Web Development	45022	S0322	Infrastructure Specialist	Rational

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

AMS	Web Development	40661	S0095	Application Architect	eCommerce
AMS	Web Development	45022	S0223	Infrastructure Specialist	Microsoft
AMS	Web Development	40681	S0478	Business Analyst	Technical Requirements
AMS	EI	40684	S0555	Application Developer	Web Services/SOA
AMS	EI	40666	S0505	Application Consultant	Web Technologies
AMS	EI	40684	S0509	Application Developer	WebSphere MQ Series
AMS	EI	45021	S2888	Systems Engineering Professional	Application/System Integration
AMS	EI	40684	S1925	Application Developer	WebSphere Process Server
AMS	EI	40670	S1014	Project Manager	System Integration
AMS	EI	40684	S2829	Application Developer	Websphere ESB
AMS	EI	45022	S0474	Infrastructure Specialist	Systems Management
AMS	EI	40661	S0555	Application Architect	Web Services/SOA
AMS	EI	40684	S1533	Application Developer	WebSphere Business Integration Message Broker
AMS	EI	45022	S3535	Infrastructure Specialist	Application Server Administration
AMS	EI	40661	S0505	Application Architect	Web Technologies
AMS	EI	41627	S0104	Technical Solution Architect	Enterprise Architecture
AMS	EI	45022	S0473	Infrastructure Specialist	System Products
AMS	EI	40684	S0506	Application Developer	WebMethods
AMS	BAM	40684	S2702	Application Developer	Migration
AMS	BAM	40684	S2714	Application Developer	Application Modernization
AMS	Oracle	40632	S0255	Package Solution Consultant	Oracle.Financials
AMS	Oracle	40684	S0270	Application Developer	JDE
AMS	Oracle	40684	S0267	Application Developer	PeopleSoft
AMS	Oracle	40684	S0437	Application Developer	Siebel
AMS	Oracle	40632	S0257	Package Solution Consultant	Oracle.Manufacturing
AMS	Oracle	40632	S0278	Package Solution Consultant	PeopleSoft.HR
AMS	Oracle	40685	S0252	Database Administrator	Oracle Applications
AMS	Oracle	40632	S0273	Package Solution Consultant	JDE.Distribution
AMS	Oracle	40661	S0437	Application Architect	Siebel
AMS	Oracle	40632	S0276	Package Solution Consultant	JDE.Manufacturing
AMS	Oracle	40632	S0279	Package Solution Consultant	PeopleSoft.Payroll
AMS	Oracle	40632	S0274	Package Solution Consultant	JDE.Financials
AMS	Oracle	40661	S0252	Application Architect	Oracle Applications
AMS	Oracle	40632	S0258	Package Solution Consultant	Oracle.Order to Cash

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

AMS	Oracle	40632	S0259	Package Solution Consultant	Oracle.Procure to Pay
AMS	Other	40684	S0833	Application Developer	IBM Maximo
AMS	Other	40684	S0185	Application Developer	Lawson
AMS	Other	40632	S0529	Package Solution Consultant	i2
C&SI ABAP	SAP	40661	S0333	Application Architect	SAP
C&SI ABAP	SAP	40684	S0391	Application Developer	SAP.NW.EP
C&SI ABAP	SAP	40661	S2549	Application Architect	SAP.NW.Security
C&SI ABAP	SAP	40684	S0397	Application Developer	SAP.NW.XI
C&SI ABAP	SAP	40684	S3057	Application Developer	SAP.NW.ABAP.WebUI
C&SI ABAP	SAP	40661	S0389	Application Architect	SAP.NW.Basis
C&SI ABAP	SAP	40684	S0388	Application Developer	SAP.NW.ABAP
C&SI ABAP	SAP	40684	S3054	Application Developer	SAP.NW.ABAP.APO
C&SI ABAP	SAP	40684	S3053	Application Developer	SAP.NW.ABAP.CRM
C&SI ABAP	SAP	40684	S0824	Application Developer	SAP.NW.ABAP.HR
C&SI ABAP	SAP	40684	S3055	Application Developer	SAP.NW.ABAP.SRM
C&SI ABAP	SAP	40684	S3056	Application Developer	SAP.NW.ABAP.Workflow
C&SI ABAP	SAP	40684	S0390	Application Developer	SAP.NW.BI
C&SI ABAP	SAP	42400	S0388	Technical Team Leader	SAP.NW.ABAP
C&SI Function	SAP	40632	S0340	Package Solution Consultant	SAP.CRM.Sales
C&SI Function	SAP	40632	S0337	Package Solution Consultant	SAP.CRM
C&SI Function	SAP	40632	S0344	Package Solution Consultant	SAP.FIN

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

C&SI Function	SAP	40632	S0347	Package Solution Consultant	SAP.FIN.BI
C&SI Function	SAP	40632	S0349	Package Solution Consultant	SAP.FIN.CO
C&SI Function	SAP	40632	S0354	Package Solution Consultant	SAP.FIN.SEM
C&SI Function	SAP	40632	S0356	Package Solution Consultant	SAP.HR
C&SI Function	SAP	40632	S0827	Package Solution Consultant	SAP.HR Time Management
C&SI Function	SAP	40632	S1021	Package Solution Consultant	SAP.HR.Comp Mgt
C&SI Function	SAP	40632	S0358	Package Solution Consultant	SAP.HR.Payroll
C&SI Function	SAP	40632	S1022	Package Solution Consultant	SAP.HR.Self Serve
C&SI Function	SAP	40632	S0831	Package Solution Consultant	SAP.IS (Other Industries)
C&SI Function	SAP	40632	S0361	Package Solution Consultant	SAP.IS Aerospace & Defense
C&SI Function	SAP	40632	S0380	Package Solution Consultant	SAP.IS Oil & Gas
C&SI Function	SAP	40632	S0384	Package Solution Consultant	SAP.IS Retail
C&SI Function	SAP	40632	S3428	Package Solution Consultant	SAP.IS Utilities
C&SI Function	SAP	40632	S0390	Package Solution Consultant	SAP.NW.BI
C&SI Function	SAP	40632	S0394	Package Solution Consultant	SAP.NW.MDM
C&SI Function	SAP	40632	S0395	Package Solution Consultant	SAP.NW.ME
C&SI Function	SAP	40632	S0398	Package Solution Consultant	SAP.PLM
C&SI Function	SAP	40632	S0401	Package Solution Consultant	SAP.PLM.PM
C&SI Function	SAP	40632	S0402	Package Solution Consultant	SAP.PLM.PS

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

C&SI Function	SAP	40632	S0403	Package Solution Consultant	SAP.PLM.QM
C&SI Function	SAP	40632	S0834	Package Solution Consultant	SAP.SCM.APO
C&SI Function	SAP	40632	S0406	Package Solution Consultant	SAP.SCM.APO.DP
C&SI Function	SAP	40632	S0411	Package Solution Consultant	SAP.SCM.APO.PPDS
C&SI Function	SAP	40632	S0415	Package Solution Consultant	SAP.SCM.APO.SNP
C&SI Function	SAP	40632	S0408	Package Solution Consultant	SAP.SCM.GTS
C&SI Function	SAP	40632	S0409	Package Solution Consultant	SAP.SCM.MM
C&SI Function	SAP	40632	S0410	Package Solution Consultant	SAP.SCM.PP
C&SI Function	SAP	40632	S0413	Package Solution Consultant	SAP.SCM.SD
C&SI Function	SAP	40632	S2650	Package Solution Consultant	SAP.SCM.SD.VC
C&SI Function	SAP	40632	S0414	Package Solution Consultant	SAP.SCM.SM
C&SI Function	SAP	40632	S2661	Package Solution Consultant	SAP.SCM.TPVS
C&SI Function	SAP	40632	S0417	Package Solution Consultant	SAP.SCM.WMS
C&SI Function	SAP	40632	S0418	Package Solution Consultant	SAP.SRM
C&SI Function	SAP	40710	S3781	Strategy Consultant	Organizational Change.SAP

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Annexure D – Security Policy Guidelines for DC

Table of Contents

1.	INTRODUCTION	2
2.	INTENDED AUDIENCE	2
3.	ENFORCEMENT	2
4.	REVIEW OF POLICY	2
5.	SCOPE	2
6.	ORGANIZATIONAL SECURITY	2
6.1	Security Organization	2
6.1.1	Organization Structure	3
6.1.2	Roles and Responsibilities	3
6.2	IT Procurement	3
6.3	Audit	3
6.4	Third Party	3
7.	ASSET CLASSIFICATION AND CONTROL	3
7.1.1	Asset Inventory	3
8.	PHYSICAL SECURITY	4
8.1	Security Guards	4
8.2	Access Control	4
8.2.1	Clients Specific Areas	4
9.	LOGICAL SECURITY	4
9.1	Protecting system and application integrity	5
9.1.1	User ID’s and Passwords	5
9.2	Operating System Resources	5
10.	BUSINESS CONTINUITY MANAGEMENT	6
10.1	Harmful Code	6
10.2	Security Advisory Patch	6
11.	HARDWARE SECURITY	7
12.	CHANGE CONTROL MANAGEMENT	8
13.	CLEAR DESK POLICY	8
14.	E-MAIL POLICY	8

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

1.0 Introduction

The security policy should clearly define its purpose and management direction for the security of information.

Through the policy the management should demonstrate their support for information security through the issue of a Company information security policy. The owner of the policy should be clearly defined.

2.0 Intended Audience

The policy should clearly mention the personnel to whom the policy applies.

3.0 Enforcement

The policy should define the process of its enforcement and the consequences of its breach if any.

4.0 Review Of Policy

The process for reviewing the policy document should be clearly defined. The process should define the minimum review period and the personnel responsible for conducting the review. The process to updating or modifying the document should be defined including the authorizing agency.

The review process should encompass the following.

-	Regular reviews of policy and standards

-	Regular review of security responsibilities

-	Monitoring significant changes in the exposure of information assets to major threats

-	Regular reviews and monitoring of security incidents

-	Regular reviews of exposure to threats

-	Approve initiatives for enhancing information security

5.0 Scope

The scope of the policy should clearly outline all aspects of Information security that will come under its preview. The scope of the policy should contain definitions of specific and general responsibilities for all aspects of information security Typically the scope should encompass but not limited to the following.

-	Organizational Security

-	Asset, classification and control

-	Personnel Security

-	Incident reporting

-	Physical Security

-	Logical Security

-	Business Continuity management.

-	Education & awareness

-	Compliance & audit

6.0 Organizational Security

6.1 Security Organization

The security organization should support the management of Information Security within the enterprise.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

6.1.1 Organization Structure

A management framework (i.e. defined responsibilities and communication channels within the organization) should be established to initiate and control the implementation of Information Security within the organization.

A senior Security Management Forum should be established to approve Information Security policy, assign security roles and responsibilities, and to co-ordinate the implementation of all aspects of security throughout the Company. It is expected that the DC should have an identified focal point (Manager) for information security this will however depend on the size of the DC.

6.1.2 Roles and Responsibilities

Roles and responsibilities for the protection of individual assets and for carrying out specific security processes should be explicitly defined and allocated.

The owners of all information assets should be identified and their acceptance of the associated responsibilities should be recorded.

6.2 IT Procurement

The security policy should ensure the process to ensure that all purchases and installation of IT equipment and services are properly authorized and approved to ensure that there is a clear business purpose for the equipment and also that its installation will not adversely affect existing security measures and that new equipment or services are provided with a sufficient level of security.

6.3

Audit

All processes related to the security of the organizations should have measurable components and process compliance should be audited at regular frequencies. The audit reports should be documented in predefined templates and should be submitted to the Client.

6.4 Third Party

Risks associated with third parties should be identified and assessed with respect to:

physical access

Logical Access

Non disclosure agreements with third parties should be signed

7.0 Asset Classification and Control

The security policy should ensure processes that will enable appropriate protection for Company and customer assets. Examples of assets associated with Information Technology are:Information assets: databases, files, documentation etc.

Software assets: system software, applications, development tools etc.

Physical assets: computer equipment, tapes, disks, power supplies etc.

Services: computing and communications services, heating, lighting etc.

All major information assets should be accounted for and should have a nominated owner. If appropriate an information classification system should be implemented to ensure that information receives the correct level of protection.

Accountability for assets helps ensure that adequate security protection is maintained. Owners should be identified for major assets and assigned responsibility for the maintenance of appropriate security measures. Responsibility for implementing such measures may be delegated but accountability may not.

7.1.1 Asset Inventory

Each asset should be clearly identified with the help of a unique asset ID.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Each asset should have a location and owner assigned.

The ownership of the asset should be documented and reviewed regularly.

Transfer of assets should be tracked and documented.

Issue of assets should be properly authorized and documented.

Inventories for all major IT assets should be maintained.

Security classification labels should be used to identify the classifications of sensitive data contained in reports, files, screen displays, diskettes, tapes or other media.

8.0 Physical Security

Physical access to information technology service resources exposes them to unauthorized disclosure or erasure of Client Confidential/personal information, and to interruption of Client business processes. The physical security policy should ensure that all IT assets and information should be protected with in the confines of the DC. The policy should clearly define the process to control the physical movement of assets and people.

8.1 Security Guards

The security policy should ensure that entry and exit points should be manned by security guards at all points in time. The security guards should be clearly instructed as to the process of disallowing entry to unauthorized personnel. The roles and responsibilities of the security personnel should be clearly defined and documented.

8.2 Access Control

The policy should ensure that there is proper identification of various areas with in the premises of the company. The access to the various areas should be clearly defined and controlled through the use of electronic equipment like magnetic cards etc.

The policy should also ensure some of the following points.

·	Clear location and documentation of Controlled access areas

·	Defined use and standards of equipments to be used for controlling access.

·	Process to define authorization levels to grant access to various areas

·	Process to check and validate authorized access lists with in a specified time frame.

·	Process to ensure that When people have their access authorization revoked, either by request or implicitly through termination of employment, are they immediately removed from the area access lists

·	Process to ensure logs of non-routine area accesses kept which reflect the visitor’s name, time of entry, the escort or authorizer, and the fact of exit

8.2.1 Clients Specific Areas

The policy should ensure that there is a process by which Client specific areas are demarked and access controlled for personnel identified by the Client. The policy should define process by which records of access to Client specific areas are maintained and presented to the Client at the time of an audit.

9.0 Logical Security

The security policy must include appropriate logical access control measures designed to protect system and application integrity by preventing unauthorized changes to software, and to prevent unauthorized access to Client Confidential information, and personal information about Client employees, Client business partners or end customers.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

9.1 Protecting system and application integrity

The security policy should clearly outline the processes and systems that will ensure data integrity and information security. The following points have to be clearly incorporated in the policy and the processes to maintain them have to be auditable.

9.1.1 User ID’s and Passwords

The security policy should ensure a process by which each authorized user should be assigned a unique user ID. The composition of the user ID should be clearly defined in the policy.

The policy should ensure the revalidation of login names is performed with in a predetermined time frame.

The policy should ensure that default passwords shipped with operating systems and program products for use during system and product installation and setup are to be changed as soon as possible during or following their initial use.

The policy should ensure that adequate protection should be in place to ensure that If passwords are used for access, not more than certain number of failures (recommended 3) are to prevent unlimited tries for access.

The policy should clearly define the process and authorization hierarchy for resetting the passwords that are used for access and those which are locked as a result of a certain number of unsuccessful attempts.

The policy should ensure that the authorization process for access to a application must be based on business need and should be in the control of the application owner. Specially in cases when access to an application, including customer Confidential information managed by the application, has to be specifically requested.

The security policy should ensure the appropriate use of technology to ensure that each user's identity must be verified (authenticated) when the user attempts to logon to the system or application/middleware.

The security policy should lay down processes to ensure that in the event of separation of support staff member from the organization, leave of absence and is not expected to return to regular employment, or no longer has a valid business need, further access by the member to systems/application is to be prevented.

The policy should ensure that the organization should adhere to the following:

-	Passwords are allocated on an individual basis.

-	Passwords are kept confidential.

-	Paper records of passwords are avoided unless they are stored securely.

-	Users are instructed to change passwords if compromise is suspected.

-	Not based on anything somebody could easily guess

-	Free of consecutive identical characters

-	Users are instructed not to use trivial or obvious passwords.

-	Passwords are changed on a regular basis.

-	The frequency of change is based on the degree of access the user has.

Password policy:

The password policy should define the following

-	Minimum length of the password in terms of number of characters (recommended 8 characters)

-	Predefined composition of the password like for example the password should contain a mix of alphabetic and non-alphabetic characters (numbers, punctuation or special characters) or a mix of at least two types of non-alphabetic characters.

-	The policy should define the expiry time of each type of password and this expiry time should be system driven.

9.2 Operating System Resources

Operating system resources are those data objects, which are part of the system control program and its access control mechanism, subsystems, applications and program products supported by the Vendor. The security policy needs to ensure that proper processes are laid down to ensure user access at the operating system level is properly managed and controlled.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

The policy has to ensure the following.

·	That no operating system resources can be updated by a general user, except where required for normal system operation on a approval from reporting manager.

·	That no general user can read operating system resources which would assist the user to bypass security controls.

·	Where logging is technically possible, the process should ensure that logs are kept of all unauthorized access attempts to operating system resources for a minimum period of time (recommended 3 months).

10.0. Business Continuity Management

The policy should ensure adequate protection of the IT infrastructure from external factors that could harm the regular working of the organization. Some of the important points that should be covered in the policy are listed below.

10.1 Harmful Code

The security policy has to ensure that proper systems are put in place to prevent the propagation and execution of harmful code / Virus.

Some of the important aspects that need to be covered by the policy are as follows.

·	Ensure that anti-virus programs are available on all the operating systems.

·	All the anti-virus programs are configured to scan for viral signatures daily.

·	All anti-virus programs, used are configured to obtain and install virus signature updates on real-time basis.

·	Configure the anti-virus program to scan full system at least once a week.

·	If a system becomes infected by a computer virus. Should ensure that controls in place to minimize the damage caused by the virus.

10.2 Security Advisory Patch

A Security/Integrity Advisory is a warning of an exposure in a program or process that allows unauthorized users to gain privileged authority on a system, to bypass access controls, or to gain unauthorized access to data. The security policy should ensure that a Security/Integrity Advisory process should be followed to install the fixes. The core requirements for this process are:

Ÿ	Determination of risk severity based on vulnerability rating and exploitation category.

Ÿ	Notification of fix availability

Procedure to determine the schedule for application of the security/integrity fixes. Only advisories with available fixes should be installed.

Security/Integrity Advisories should be assigned severities that will be used to determine the implementation time. The following are some of the criteria that can be used for assigning the severity.

Vulnerability Rating:

High: Bypassing access control systems or gaining access to a user ID with system or security administrative authority without the need for a general user ID

Medium: Bypassing access control systems or gaining access to a user ID with system or security administrative authority from an existing general user ID or unauthorized access to data without the need for a general user ID

Low: Unauthorized access to data from a general user ID or a denial of service attack

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Once a Security/Integrity Fix is available, the IT Security Team will notify of it along with the details and severity rating.

Security/Integrity Fix Notification Schedule	Recommended Value	Remarks
High Severity	3 business days
Medium Severity	10 business days
Low Severity	30 business days

Once the security patches have been identified the policy should ensure a proper implementation methodology along with schedules. The following table can be used as an example to create and track a implementation schedule.

Implementation Schedule

Implementation Schedule	Recommended Value	Remarks
Implementation Schedule	Agreed to schedule must be documented
When will default implementation times be used	No implementation schedule created within 14 days of notification
High Severity default implementation time beginning 14 days after notification	60 days
Medium Severity default implementation time beginning 14 days after notification	90 days
Low Severity default implementation time beginning 14 days after notification	180 days

If the security advisory patch is not installed /or cannot be installed for technical reason. The Client should be notified and deviations have to be documented. Risk Acceptance to be documented and registered.

11.0 Hardware security

The security policy should clearly define the level of security and the method of securing hardware used with in the IT and infrastructure framework. The hardware with in the organization should be secured physically as well as through the deployment of technology. The policy should set minimum standards for the use of passwords and software to ensure security of hardware and the data or information contained in them.

Some of key issues that need to be addressed by the policy are listed below.

·	Protection of BIOS through use of password

·	Access to Client networks to be allowed through specific workstations.

·	Writeable IO devices such as floppy drives, ZIP and CD-RW drives will be internally disabled or removed.

·	All PC’s should be installed with Client specific OS image.

·	An approved anti-virus server located on the Internet or the PROVIDER enterprise network to allow for updates to Anti Virus software installed on the development desktops.

·	Workstations to be OS password protected for logging into the system. IBM password polices will be followed.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

·	PCs should have anti virus software with compulsory weekly scheduled scans. Updates of virus definitions will be accomplished as described above.

·	The systems will have screen saver passwords

The policy should ensure that the IT team with in the organizations submits the workstation compliance report at periodic interval and the report should cover but not be limited to the following

·	List of software installed on each workstation

·	Power on password status (enabled/disabled)

·	Hard disk password Status (enabled/disabled

·	Screen saver password (enabled /disabled)

·	Live update

·	File sharing

·	Personal firewall

·	Lotus Notes local database encryption

·	Microsoft windows account (user account)

12.0 Change Control Management

The security policy needs to address the process of change with respect to systems and processes. Change is a very important aspect from a security standpoint as it ensures systems being updated continuously as per latest standards.

Change control spreads across the entire organization however for IT security its control is very essential for the following.

·	Systems (server and desktop management)

Networks

Change control has to be the outcome of regular reviews and should be scheduled with in the framework of the policy. The policy should also allow for unscheduled change control, which arises of a particular business need.

Change control of any kind should be documented and tracked to closure. Change control should follow fixed methodologies and these methodologies should be captured in standard templates.

13.0 Clear Desk Policy

The security policy should lay guidelines for a clear desk culture, to be practiced by employees, contractors in order to protect and adhere to the data security policies and Information security policies. The organization should ensure that this policy is made aware to all its employees, contractors and consultants who are using Client related resources, information and data proprietary to and held by the company in order to perform their day-to-day business activities.

The policy should make the employees aware as to their responsibility towards data protection under their control, which may be in the form of documents, or soft ware applications that are housed in desktops and or laptop computers.

The policy should direct employees towards the process that one must follow in the event of disposal of any kind of information.

14.0 E-mail Policy

The policy should provide guidelines for the usage of company owned or Client provided common mail services provided for the use of business interest of the company or Client to the employees.

The policy should clearly outline guidelines to employees having access to official email for the use of business.

The policy should also ensure the use of appropriate email ID conventions.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

The policy should detail the rights and privileges of the employees who have been provide official email.

The policy should ensure that the company follows standard mail configuration across all users to enable easy maintenance and control.

The policy should ensure Retention of mails by employees at an individual level to ensure that a record of data it maintained and made available at all points in time. The retentions of mail should be classified depending on the kind of information that the mails contain.

Automatic Forwarding or reply of Email should be controlled to ensure that company confidential data is not let out by mistake.

Exhibit 4.10

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

1.0 Master Statement of Work

(“Supplier”). This MSOW is effective beginning on June 1st 2011 and will remain in effect until May 31st 2015. Transactions performed under this MSOW will be conducted in accordance with and be subject to the terms and conditions of this MSOW and the Base Agreement.

2.0 Definitions

"Authorized Users" are users of Services within and outside of Buyer including, but not limited to, recipient employees, business units, vendors, Customers, contractors, joint ventures, etc.

"Buyer” means IBM and its Affiliates including but not limited to IBM Dalian Global Delivery Co Ltd., IBM Solution & Services (SZ) Co., Ltd.

"Bypass" means the commencement of work by Supplier or their sub-tier supplier prior to issuance of a valid Buyer WA/PO including extension of services without extension PO in place.

“Core Supplier” means a supplier that Buyer prefers to use for the Services. However, Buyer makes no commitment of revenue, or business by so classifying a supplier.

“Customer” means customer of Buyer

"Project Statement of Work" " or "PSOW" means any document that:

1. identifies itself as a statement of work;

2. is signed by both parties;

3. incorporates by reference the terms and conditions of this Base Agreement and MSOW;

4. describes relevant details of the Deliverables and Services, including any requirements, specifications or schedules unique for each project as applicable;

5. describes respective obligations of Supplier and Buyer to be performed in the areas specified in this MSOW;

“No show” Not commencing the services for given PO or WA.

"Project Staff" Supplier shall appoint for the Project personnel with suitable training and skills to perform the Services

"Service Level" has the meaning set forth in Section 11.4

"Services" has the meaning given in Section 5.0.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

“Skills” means the skills provided by Supplier’s resources as described in Annexure C to this MSOW

"Software" means Applications Software and Systems Software unless a more specific reference is given.

"Statement of Work" or "SOW" means any document that:

1. identifies itself as a statement of work;

2. is signed by both parties;

3. incorporates by reference the terms and conditions of this Base Agreement; and

4. describes the Deliverables and Services, including any requirements, specifications or schedules.

5. SOW includes both MSOW and PSOW.

“Skill” means the area of knowledge of Personnel provided by Supplier under this SOW, and any other skills or knowledge areas defined in the relevant WA. For example, MVS platform.

3.0 Master Statement of Work

3.1 Introduction

3.2 Annexures

The following Annexures are included in and form part of this MSOW

	Annexure A	Skill definitions
	Annexure B	Rate Table
	Annexure C	Security Policy Guidelines
	Annexure D	Security Policy Guidelines for DC

4.0 Governance and Relationship Model

Executive Relationship	Buyer Executive	Supplier Executive
Program Governance	Buyer Program Manager	Supplier Program Manager
Operational Governance Management	Buyer Operations Manager	Supplier Operations Manager
		Supplier Resources

The Program Governance Model will be structured in a three-tier model.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

		executive will keep abreast of Buyer’s strategic business direction, and monitor requirements within the government and regulatory bodies.

	Ÿ	Program Governance - Will review the overall progress of the program from the contract and financial management point of view. The Program Managers from Buyer and Supplier will lead the program governance team. The team will govern the agreement, review the contract and business commitments and will manage and control changes to the agreement. The Change Control Procedure will be used to document any deviation that has a potential impact on the Program.

	Ÿ	Operational Governance Management – The operational level of governance will be at the project level or committed staff level . The Operations Managers from Buyer and Supplier will lead the governance team and review the performance and solve transactional issues related to the scope of work or commitment to be delivered under this MSOW or related PSOWs. They will periodically review the status, issues and achievements of the services for a specified period.

Governance at program and operational management levels are described below along with roles and responsibilities of Supplier and Buyer governance personnel and the escalation mechanism.

4.1 Program Governance

Program governance includes overall program management responsibilities, control and the associated communication. Buyer will designate a person known as Buyer Program Manager.

4.1.1 Program Management

q	Identification, mobilization and placement of resources relevant to the skills required for the execution of the Program

q	Managing the ramp-up, transition and delivery of all services delivered by Supplier

q	Managing Service Level Agreements (“SLAs”) set in the SOW

q	Program escalation process to address critical items (affecting resources, cost or schedule) as well as any potentially critical items, and help resolve or escalate Program issues, as necessary.

q	Administering Program change control with the Buyer Program Manager

q	Risk Management planning and tracking

4.1.2 Program Communication and Reporting

q	Supplier Program Manager and Buyer Program Manager will meet periodically to review the overall Program. Communication which will include:

q	Review and updates to the Program level plan (e.g. Generic Support and Control Plan) within scope of a particular SOW

q	Resolution or further escalation of unresolved issues escalated from the project governance level

q	Periodical review of Supplier performance metrics

q	Review and report customer satisfaction survey results and actions Report program status to the executive management

4.1.3 Program Control

Buyer and Supplier Program Managers will meet at the end of every quarter to review the progress of the Program and to resolve any issues that are hindering the progress of the Program.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

4.2 Operational Governance Management

4.2.1 Operations Management

q	Planning, interlocking, and managing the committed scope approved by Buyer

q	Resource utilization and stakeholder skill trainings required for execution of the service

q	Managing resource pool

q	Administering service change control with the Buyer Operations Manager

q	Services risk management

4.2.2 Service Organization

The Service Organization envisaged for the in scope services will be specific and will be defined and agreed as part of the SOW.

4.2.3 Project Office

4.3 Process Governance

4.4 Escalation

In the event of a disagreement on any issue (pertaining to this document) that cannot be resolved by the designated Supplier and Buyer managers, the escalation path for resolution is given below:

Buyer	Supplier
Buyer Operations manager	Supplier Operations Manager
Buyer Program Manager	Supplier Program Manager
Buyer Executive	Supplier Executive

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

4.5 Supplier Responsibilities

4.5.1 Supplier Role

Role	Responsibilities
Supplier Executive	Will be responsible for the overall well being of the relationship between Supplier and Buyer.
Supplier Program Manager	Accountable for all work performed by Supplier, escalation point for Supplier related issues Overall Program performance Status reporting to Supplier and Buyer Executives overseeing the program. Customer satisfaction
Supplier Operations Manager	Will be primary point of contact for queries related to SOW set-up and issue resolution from Supplier side Schedule and attend all planning, status, escalation and other program management meetings Monitor and report status on a regular basis to Buyer and Supplier management team Ensure submission of Operations Metrics data Acting as single point of contact between Buyer and Supplier for all issues
Supplier Operations Manager Merge with Supplier Operations Manager	As defined by SOW, have joint accountability, may include activities listed below: Responsible for the service performance Performance as per the expectations that will be defined within each SOW (quality and timeliness of deliverables, availability/up-time of the application, productivity, etc.) On time delivery of services Quality of deliverables and support for transitioned applications Ensure submission of Service Metrics data Responsible for execution of services within budget and schedules Participate in all technical meetings and conference calls. Coordinate and follow-up on all technical issues addressed in technical conference from Buyer as well as Supplier team to closure. Provide support to Supplier DC team in preparation of test cases / data
Project Office	Functions are the single-point of contact for Buyer for all non-delivery matters Will handle all communication with the on-site team Responsibilities will span multiple SOWs

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

4.5.2 Responsibilities

4.5.2.1 Supplier Technical Resource Pool:

(b) Supplier should ensure its personnel get necessary foreign language training including but not limited to languages such as, English and Japanese.

(c) Supplier shall provide an average 3 to 5 training days/per year training per person to continuously improve and refresh their skills

4.5.2.2 Change Control:

4.5.2.3 Loan of Buyer Assets:

4.5.2.4 US Export Regulation Procedures:

The Supplier and its personnel will ensure compliance with the US Export Regulation and Procedure while handling any information, process, product or service under this agreement.

4.5.2.5 Business Travel:

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

(a) Supplier shall provide necessary support to ensure its personnel get appropriate visa if there is overseas travel required by Buyer (visa application fee can be reimbursed with valid invoice);

(b) Supplier shall provide its personnel sufficient cash in advance or appropriate credit card before business travel happens;

(d) Supplier shall ensure their personnel follow overseas countries’ holiday arrangement during the overseas business trip;

For any expenses not covered by the travel policy, Buyer will consider reimbursing Supplier upon Buyer Standard Travel Policy based on project manager's approval

4.6 Buyer Responsibilities

4.6.1 General Responsibilities

Ensure that the following responsibilities of Stakeholder are discharged properly (as applicable):

·	Ensure availability of Customer persons required for discussions, demos, reviews and approvals

·	Customer will perform the User Acceptance Testing. Supplier will support these testings by completing defect fixes pertaining to Supplier developed code.

·	All Releases to Production will be carried out by Customer, but will be supported by .Supplier.

·	Customer’s Buyer will provide all existing documentation, which includes the existing test cases, scripts etc. with appropriate detail.

·	Buyer will provide, in the case needed and requested by projects/case, Identified Supplier employees Buyer IDs in Lotus Notes to enable access to areas like SameTime, Team Rooms, etc., based on the specific Project and network access needs.

4.6.2. Head Count Demand Statement:

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Supplier is liable to fill demand within the limits set out in the ramp up section and the skills supported by Supplier under this MSOW. Supplier will guarantee AMS 70% fulfillment rate.

4.7 Measurement of Relationship

4.7.1 General

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

This Section of the Agreement may be amended by Buyer from time to time to reflect changes in Buyer’s business goals and objectives.

4.7.2 Quality Measurements:

The following measurements will be used to capture the quality of the transactions conducted under this Agreement.

(b) Bypasses: Supplier will make all reasonable efforts to ensure that there are no Bypasses. Bypasses will be measured monthly.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

4. 7.3 Performance Against Commitments:

(e) No Shows: A No Show is a resource who failed to join after being selected. There should be no No Shows.

(g) Blocked Invoices: Supplier will ensure a minimum quality standard of no more than 2% of total invoices submitted each month that are unable to be paid by Buyer due to price discrepancies.

4. 7.4 Benchmarking Report:

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

5.0 Scope of Work

This section describes the scope of services to be performed by Supplier under this MSOW.

Supplier will also provide to Buyer the Deliverables and Services described below.

DESCRIPTION OF DEVELOPED WORKS AND RELATED DELIVERABLES AND SERVICES

Developed Works:

Supplier agrees that all Deliverables, code or materials provided as part of the Services are Developed Works.

5.1 Project Statement of Work

5.2 Services

5.2.1 Provision of Services

(i) The services, functions and responsibilities described in this MSOW;

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

(d) Buyer will receive priority above all other Supplier’s customers in providing the Services in the event such other customers require like Services in like markets during the same time periods.

5.2.2. Recipients of the Services

5.3 Type of Services

5.3.1 Fixed Price Services

5.3.1.1

Scope of Work

Detailed in individual PSOWs

5.3.1.2 Roles and Responsibilities

Detailed in individual PSOWs

5.3.1.3 Acceptance Criteria

Detailed in individual PSOWs

6.0 Facilities

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

6.1 DC Site

This section identifies the requirements that Supplier must meet to obtain Buyer approval to perform work at the DC.

6.1.1 General Requirements

Building security and workstation security

Safety and electrical requirements

Workstation and space

Site readiness

Workplace requirements

Buyer Well-being requirements

Security

6.1.2. Training

For the Suppliers Key personnel or project staff providing to Buyers in DC, basic training shall be completed before being accepted into DC.

6.1.3. Buyer Resources Provided to Supplier

The costs for providing these services for Buyer Seconded Resources will be billed on a monthly basis to Buyer.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

6.1.5. Exceptions

Supplier will adhere to all requirements prior to beginning work under any PSOW. If any non-conformances exist, Supplier will rectify those areas identified during the audit by Buyer’s PM.

6.2 Buyer Site and Buyer’s Customer Site

6.2.1 On Premises Guidelines

These Guidelines shall apply to work performed on either Buyer’s or Buyer’s Customer’s sites.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

7.0 Hardware and Software

7.1 Supplier Responsibilities

7.1.1. Hardware

Supplier will provide each employee with the following hardware configurations, unless otherwise stated in the applicable PSOW.

7.1.1.1 PC Model and configuration

1. Brand: IBM brand manufactured by Lenovo.

2. Desktop or ThinkPad, detailed configuration/model in accordance with project requirement.

3. Software: License of Windows XP Professional, or any other specific requirement from Buyer.

7.1.1.2 Software

Supplier will provide the following IBM software at Buyer’s expense and Non-IBM Software at Supplier’s expense on each desktop and ThinkPad laptop configuration:

IBM software:

Lotus Notes as needed base (refer to PSOW)

Rational Tool as needed base (refer to PSOW)

Non-IBM Software:

·	As specified in the the PSOW

(*) Only Supplier’s project managers, project leads and project administrators need.

7.2 Buyer Responsibilities

7.2.1 Software

The above information is for reference, these are subject to customization for individual projects, and details of the same will be document as part PSOW for every individual Project.

8.0 Staffing

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

8.1 Staff

All the changes to the list of the supplier DC staff need to acquire Buyers’ Operation Manager’s agreement.

8.1.1. Services Warranty Period

8.1.2 Key Personnel

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

provided that Buyer will cooperate with Supplier to reduce the number of Key Personnel to [80] percent of the Project Staff.

8.2 Staffing Baseline

·	The expected number of resources including Key resources Supplier is expected to have on the project

·	The Scope of Work expected to be performed, e.g., maintenance, production support, enhancements. The mechanism for additions and reductions of the monthly baseline will be defined within each PSOW.

The staffing requirements and levels will be reviewed monthly for the succeeding month, and on a quarterly basis, the yearly baseline will be generated.

8.3 Termination of the MSOW, a PSOW and/or a Purchase Order

Buyer may, upon written notice to Supplier, terminate the MSOW, a PSOW and/or a Purchase Order:

1. with Cause effective immediately; or

2. without Cause effective immediately or as otherwise specified in such notice.

8.3.1 Without Cause

1. start transition of work to Buyer;

2. prepare and submit to Buyer an itemization of all completed and partially completed Deliverables and Services;

4. deliver to Buyer Deliverables satisfactorily completed up to the date of termination at the agreed upon Prices in the MSOW, the relevant PSOW and the relevant Purchase Order.

Buyer may terminate the MSOW, a PSOW and/or a Purchase Order without any penalty or other liability to Supplier upon written notice to Supplier.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

8.3.2 With Cause

Upon termination with Cause, in accordance with Buyer’s written direction, Supplier will immediately:

1. start transition of work to Buyer;

2. prepare and submit to Buyer an itemization of all completed and partially completed Deliverables and Services;

3. deliver upon request any work in process.

4. deliver to Buyer Deliverables satisfactorily completed up to the date of termination at the agreed upon Prices in the MSOW, relevant PSOW and the relevant Purchase Order.

8.4 Subcontractors

In no event does this clause relieve Supplier of meeting its obligations under the MSOW or relevant PSOW(s).

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

8.5 Staff Rotation

In the event of an End customer contract requiring retention of resources for a longer period of time, Buyer has the right to deny approval for rotation on completion of 18 months on a project.

8.6 Work Hours

Specific Customer requirements will be defined within the PSOW.

8.7 Workforce Management

The following table explains the standards for evaluation of resources working within DC. Specific Customer requirements will be defined within the PSOW.

1	Low Performance	Buyer can request replacement of a low performing resource. The cost of replacement is born by Supplier. The Cost of Replacement includes but not limited to · Travel cost · Lease Breakage for onsite resources Shadowing / Project transition Period to be mutually agreed based on the Role/Responsibility not exceeding 4 weeks
2	Turnover Backfills	Cost of turnover back-fill at DC locations or onsite will be born by Supplier Replacement must be done with in 5 work days at their Place/location of work as per SOW.
3	Resource Confirmation	All Resources will be reveiwed and confirmed/approved by Buyer. Billing will be done only with a valid PSOW or PO Billing Start Date. The Buyer will be billed for the resource on the position from the start date that was recorded in PSOW and/or WA at the time of the

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

		resource confirmation. However Supplier will bill the resource only on completion of knowledge transfer wherever applicable, based on confirmation from Buyer PM, with confirmed billing date. Re-scheduling Start Date If the start date is re-scheduled after resource confirmation, Buyer will inform the revised start date to the Supplier. Supplier will only bill at the end of transition date. Buyer and Supplier will mutually agree whether a confirmed resource should be released and therefore unconfirmed, if the reschedule start date is more than 4 weeks from original date. Cancelling Confirmed Request In the event the resource request is cancelled after confirmation, Supplier will bill Buyer for a maximum of 10 business days or until the resource is redeployed whichever is earlier. In the event the confirmed resource has incurred any specific cost (travel, training etc) as per the PSOW the costs will be billed to Buyer.
4	Reserved Resources	Supplier is expected to keep a reserved pool of resources to make sure that there is no disruption to the DC resource pool or Project due to turnover/absence/unexpected events where a performing employee abstains from work.
5	Customer Holidays	Buyer is obligated to inform Supplier of Customer holidays that effect both onsite and DC work schedules in advance of the contract signing or as soon as these are known to .Buyer. Buyer and Supplier will work together to accommodate these Customer holidays into the work schedule by mutual agreement.

9.0 Charges

Unless the requirements of the Project lead Supplier to incur more cost than anticipated in the Base Agreement. Supplier’s price shall have factored in the following cost breakdown items:

No	Cost Item
1.	Average Salary
2.	Average Bonus
3.	Hiring
4.	Training
5.	IT services
6.	Workplace Cost
7.	Occupancy and General services

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

8.	Back-office
9.	Minus Marketing/sales Expense
10.	Taxes
11.	Others

·	Office cost includes transportation cost, T&L, office consumable material, and communication cost.

·	Occupancy and Gen Services include renting, building administration, furniture depreciation, and air condition cost.

10.0 Billing and Payments

10.1 Payments

Wednesday of the previous month, or later if the project started at a later date till the Friday immediately preceding the last Wednesday of the current month.

Supplier shall provide a copy of the invoice with all supporting documents to Buyer Operations Manager

10.2 Invoicing

(a) Supplier shall invoice Buyer once per month per PO, by means of an electronic file, for all amounts due under this MSOW no later than the 10th workday of each month.

(b) Invoices to Buyer must include the following:

 PO Number

 Applicable PO line Item Numbers

 Terms of Payment as stated below

 Exact Billing Period Dates

 Name & Skill Classification of Supplier’s Personnel performing invoiced Services

 Number of Months Supplier’s Personnel performing invoiced services

 Applicable Bill Rates

 Other Authorized Costs (e.g., business travel)

 Total Amount Invoiced

 Other Required Data, if any.

(d) Supplier will not get paid for resources starting to work without PO issued by Buyer.

10.3 Visa Expense Reimbursements

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Buyer would reimburse the visa fees associated with obtaining business visa (for short term travel), Supplier should provide the copy of valid invoice to Buyer for process..

10.4 Expense Reimbursements

10.5 Payment Term

Invoices are due and payable net 60 days from receipt of an acceptable invoice provided

10.6 Accountability

10.7 Taxes and Duties

11.0 Other Terms & Conditions

11.1 List of Deliverables

Documents	Mode of Delivery	To Whom
DC Master Transition Plan	One Soft copy by E- mail	Buyer Program Manager
High Level Risk Management Plan	One Soft copy by E- mail	Buyer Program Manager
Staffing Ramp up Plan	One Soft copy by E- mail	Buyer Program Manager
H/W, S/W requirement	One Soft copy by E- mail	Supplier Program Manager
Updated Staffing Plan	One Soft copy by E- mail	Buyer Operations Manager
Weekly Status Report	One Soft copy by E- mail	Buyer Operations Manager
Monthly Status Report	Monthly basis by E-mail	Buyer Operations Manager
Change Request (if any)	One soft copy by E-mail	Buyer Operations Manager

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

All the follow on management and tracking reports will be defined between Buyer’s and Supplier’s Program managers as see required

11.2 Completion Criteria

Supplier shall have fulfilled its obligation under this MSOW when any one of the following first occurs:

11.3 Acceptance Criteria

·	One (1) draft of the deliverable material will be submitted to Buyer Project Manager. It is Buyer Project Manager’s responsibility to make and distribute additional copies to any other reviewers.

11.4 SLAs on Deliverables:

Sl. No.	Criteria	Planned Estimate / Comment
1	Turnover & No-shows	Should be less than Buyer standard or an industry average published by HR, whichever is lesser and will be revalidated every 6 months.
2	Key resource retention	Equal to or better than Supplier’s target for key resource retention across the company and to be validated every 6 months
3	Fulfillment	As per the monthly actual demand plan Supply qualified C&SI resources and get Buyer’s confirmation within 3 days after CSA request is created. Supply AMS resources with 70% fulfillment rate
4	Deliverables (as appropriate per PSOW)	Critical deliverables and work products for each project will be identified during the transition phase by Buyer PM and project SLAs will be evolved against which Supplier will have to comply.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

11.5 Hiring and Solicitation

11.5.1 Hiring of Supplier Employees

3. In any situation, Buyer or any Buyer affiliate shall not be precluded from hiring any employee of Supplier who

(i) initiates discussions regarding such employment without any direct or indirect solicitation by Buyer or any Buyer affiliate,

(ii) responds to any public advertisement placed by the Buyer or any Buyer affiliate in a publication of general circulation, or

(iii) has been terminated by Supplier prior to the commencement of employment discussion between the Buyer or any Buyer affiliate and such personnel.

11.5.2 Solicitation of Buyer’s Employees

Supplier shall not solicit, directly or indirectly, nor hire any exsiting employees of Buyer and its Affiliates or .the employees who quite from Buyer or its Affiates less than six (6) months.

11.6 Contract Changes

11.6.1. Cancellation Options

Withdrawal by any party to this document for any reason requires mutual agreement including addressing all financial considerations

11.6.2. Contract Changes

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

11.6.3 Amendments

12.0 Change Control Procedure

12.1 Investigation of Change Request

12.1.1. Part I Investigation of Change Request

a.	The designated Manager of the requesting party will review the proposed change and determine whether to submit the request to the other party.

b.	Both the Managers reviews the PCR and either reject it or authorize further investigation to estimate and price the effort. Such rejection or authorization will be documented on the PCR and signed by both parties.

d.	The results of the investigation will be documented, and the PCR will be provided to the Buyer Operations Manager for review and authorization for implementation.

12.1.2. Part II Change Implementation

a.	Once Buyer Operations manager approves the PCR, Buyer and Supplier Program Managers will review the PCR and either reject or approve it for implementation by having authorized representatives of both parties sign the PCR.

b.	Appropriate funding documentation must be issued prior to the implementation of any change.

c.	Both Supplier and Buyer Managers will review and provide implementation status and any related issues to the Delivery Manager(s) until the PCR is fully implemented and closed.

13.0 Transition Assistance

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

14.0 Annual Renewal

1. Upon the expiration of the initial 4 year services contract, Buyer would have right to automatically annually renew the contract under substantially the same terms and conditions.

2. Upon the expiration of the initial 4 year services contract, Buyer shall have the right to transition Client work back to Buyer.

15.0 Agreement

Authorized Signatures/Approvers:

16.0 Non Compete

Supplier further agrees that during the term of this MSOW, Supplier shall not:

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Note:

RFP refer to request for price or request for proposal

RFI refers request for information

RFQ refers to request for Quotation.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

The respective responsibilities of each organizational representative are hereby acknowledged and accepted by:

ACCEPTED AND AGREED TO:			ACCEPTED AND AGREED TO:
IBM Dalian Global Delivery Co Ltd.			Bejing Camelot Technology Co.,Ltd.
By:			By:
Buyer Signature		Date	Supplier Signature	Date


Printed Name			Printed Name

Title & Organization			Title & Organization


Buyer Address:			Supplier Address:
No. 269 Wu Yi Road, Dalian, P.R. China. 116023			11th FL Zhejiang Tower 26 North Ring 3 Road 100029

ACCEPTED AND AGREED TO:

IBM Solution & Services (SZ) Co., Ltd.
By:
Buyer Signature	Date


Printed Name

Title & Organization

Buyer Address: 6/F, Liming Building Keji Rd.1.S, South Area, Shenzhen Hi-tech Industrial Park, Nanshan District, Shenzhen P.R.C.518057

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Annexure A – Skills Definition

Skills Definition

A. Castle C&SI SAP Function Skill

a. Common skill: FI, CO, SD, MM, PP module

b. Niche skill: all other SAP function skill except Common skills

B. Castle AMS skills: any skills except SAP skills

C. Castle Non-domestic ABAP

D. Castle Domestic ABAP

AMS is short for Application Management Services.

C&SI is short for Consultant and System Integration

Common skill list will be reviewed and updated when needed in a yearly base.

Resources with common skill will apply to T(Traditional) module rate.

Resources with Niche skill will apply to N(New Dimension) Module rate.

Education：Bachelor or above for all resources

Language Capability: Fluent in reading & writing Eng or Jap

Service years: please refer to rate table.

Certification: SAP Certificate preferred for band 7 and above. Supplier will ensure 50% of C&SI resources with relevant Certification.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Annexure B –Rate Table

Castle C&SI SAP Function Skills
Castle Band	Year of Experience	T Module (RMB/Day)	T Module (RMB/Hour)	N Module (RMB/Day)	N Module (RMB/Hour)
Band 90 L1	0.5-1	371	46.4	371	46.4
Band 6 L	1-2	698	87.3	698	87.3
Band 6 H	2-3	1,378	172.3	1,724	215.5
Band 7	3-4	1,909	238.6	2,247	280.9
Band 8 L	4-5	2,264	283	2,609	326.1
Band 8 H	5-6	2,384	298	2,729	341.1
Band 9 L	6-7	2,816	352	3,160	395
Band 9 H	7-8	2,960	370	3,304	413
Band 10	8-10	3,585	448.1	3,598	449.8
Band 11	>10	4,137	517.1	4,061	507.6

Castle AMS Skills (include Oracle all skills, exclude SAP skills)
Castle Band	Year of Experience	Tier A Rate (RMB/Hour)	Tier B Rate (RMB/Hour)	Tier C Rate (RMB/Hour)
Band 90	0.5-1	43	32	28
Band 6 L	1-2	55	47	41
Band 6 H-1	2-3	68	62	52
Band 6 H-2	3-4	75	69	62
Band 7L	4-5	89	83	72
Band 7H	5-6	94	86	76
Band 8L	6-7	100	92	82
Band 8H	7-10	108	99	92
Band 9	>10	133	122	113

Castle Non-domestic SAP ABAP

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Castle Band	Year of Experience	Proposed Rate (RMB/Hour)
Band 90	0.5-1	69
Band 6 L	1-2	78
Band 6 H-1	2-3	85
Band 6 H-2	3-4	110
Band 7 L	4-5	136
Band 7 H	5-6	140
Band 8 L	6-7	150
Band 8 H	7-10	200
Band 9	>10	300

Castle Domestic SAP ABAP
Castle Band	Year of Experience	Proposed Rate (RMB/Day)	Proposed Rate (RMB/Hour)
Band 90	0.5-1	696	87
Band 6 L	1-2	936	117
Band 6 H-1	2-3	1,136	142
Band 6 H-2	3-4	1,256	157
Band 7 L	4-5	1,496	187
Band 7 H	5-6	1,536	192
Band 8	6-7	1,736	217
Band 9 L	7-10	2,016	252
Band 9 H	>10	3,176	397

Note:

1) Rate table is in RMB

2) For some special projects that supplier is not required to provide PC, PC cost should be excluded from above rates. PC cost is 2CNY/hr, 16CNY/day.

3) Above service rate includes business and other tax, with 60 days payment term. ALL related tax should be born by supplier.

4) Buyer will reimburse Supplier with hourly rate for Castle C&SI SAP Function Skills and Castle Domestic ABAP skill when working hours is less than 8 per day.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

5) Resource unit base annual days per year equals 249 days or 1992 hours per year.

6) Castle Band refers to years of relevant experience, not equal to IBM band.

Tier A City: 北京BJ、上海SH、广州GZ、深圳SZ、厦门XM、汕头ST、珠海ZH、重庆CQ、宁波NB、青岛QD、拉萨LS、昆明KM、海口HK

Tier B City: 大连 DL

Tier C City: Other cities except Tier A & B

Annexure C –JRSS List

Skill Reference for AS Castle

Line Category	Competency	JR#	SS#	Job Code	Skill Set
AMS	I&DM	40684	S0830	Application Developer	BI Reporting Tools
AMS	I&DM	40684	S1853	Application Developer	COGNOS
AMS	I&DM	41600	S0111	Data Specialist	ETL.DataStage
AMS	I&DM	41600	S0112	Data Specialist	ETL.Informatica
AMS	I&DM	40685	S0080	Database Administrator	DB2

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

AMS	I&DM	40685	S0253	Database Administrator	Oracle Database
AMS	I&DM	40632	S0153	Package Solution Consultant	Hyperion
AMS	I&DM	40684	S2827	Application Developer	FileNet
AMS	I&DM	41600	S0618	Data Specialist	Master Data Management
AMS	I&DM	40632	S3391	Package Solution Consultant	Cognos BPM
AMS	I&DM	40662	S0079	Information Architect	Database
AMS	I&DM	40684	S0060	Application Developer	Content Management
AMS	I&DM	40681	S0040	Business Analyst	Business Intelligence
AMS	I&DM	40684	S1854	Application Developer	BusinessObjects
AMS	I&DM	41600	S0078	Data Specialist	Data Modeling
AMS	I&DM	40685	S0450	Database Administrator	SQL
AMS	I&DM	40670	S0040	Project Manager	Business Intelligence
AMS	I&DM	40684	S0557	Application Developer	Adabas
AMS	I&DM	40684	S0450	Application Developer	SQL
AMS	LD	45010	S1030	Learning Developer	Content & Solutions Development
AMS	LD	45010	S1107	Learning Developer	Media Design
AMS	LD	45010	S1028	Learning Developer	Courseware Tools
AMS	LD	45010	S1031	Learning Developer	Instructional Design
AMS	LD	40707	S0190	Learning Consultant	Learning Strategy
AMS	MES/PLM	40661	S3004	Application Architect	Embedded Systems
AMS	MES/PLM	40684	S3004	Application Developer	Embedded Systems
AMS	MES/PLM	40661	S3499	Application Architect	Manufacturing Execution Systems (MES)
AMS	MES/PLM	40632	S2182	Package Solution Consultant	PLM Systems
AMS	MF, AS400, UNIX	40684	S0006	Application Developer	AIX/UNIX
AMS	MF, AS400, UNIX	40684	S0016	Application Developer	AS/400 IBM System i
AMS	MF, AS400, UNIX	40684	S0045	Application Developer	C
AMS	MF, AS400, UNIX	40684	S0074	Application Developer	C++
AMS	MF, AS400, UNIX	40684	S0054	Application Developer	COBOL
AMS	MF, AS400, UNIX	40684	S0181	Application Developer	JCL
AMS	MF, AS400, UNIX	40684	S0192	Application Developer	Linux
AMS	MF, AS400, UNIX	40684	S0233	Application Developer	MVS
AMS	MF, AS400, UNIX	40684	S0295	Application Developer	PL1
AMS	MF, AS400, UNIX	40684	S0561	Application Developer	RPG
AMS	MF, AS400, UNIX	40684	S0051	Application Developer	CICS

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

AMS	MF, AS400, UNIX	45022	S0006	Infrastructure Specialist	AIX/UNIX
AMS	MF, AS400, UNIX	40661	S0006	Application Architect	AIX/UNIX
AMS	MF, AS400, UNIX	40661	S1013	Application Architect	Custom Development.Legacy
AMS	MF, AS400, UNIX	45022	S0233	Infrastructure Specialist	MVS
AMS	MF, AS400, UNIX	40684	S0013	Application Developer	Assembler
AMS	MF, AS400, UNIX	40684	S0491	Application Developer	TSO/ISPF
AMS	MF, AS400, UNIX	40661	S0263	Application Architect	OS/400
AMS	MF, AS400, UNIX	45022	S0192	Infrastructure Specialist	Linux
AMS	MF, AS400, UNIX	40684	S0097	Application Developer	EDI
AMS	Test Services	41633	S0482	Test Specialist	Test Execution
AMS	Test Services	41633	S0483	Test Specialist	Test Planning
AMS	Web Development	40661	S0071	Application Architect	Custom Development
AMS	Web Development	40661	S0081	Application Architect	Digital Media
AMS	Web Development	40661	S0179	Application Architect	J2EE
AMS	Web Development	40661	S0180	Application Architect	Java
AMS	Web Development	40661	S0223	Application Architect	Microsoft
AMS	Web Development	40661	S0303	Application Architect	Portals.WebSphere
AMS	Web Development	40666	S0140	Application Consultant	GUI
AMS	Web Development	40684	S3469	Application Developer	C#.NET
AMS	Web Development	40684	S0179	Application Developer	J2EE
AMS	Web Development	40684	S3537	Application Developer	J2EE (Weblogic)
AMS	Web Development	40684	S0180	Application Developer	Java
AMS	Web Development	40684	S0200	Application Developer	Lotus Domino
AMS	Web Development	40684	S0201	Application Developer	Lotus Notes
AMS	Web Development	40684	S0302	Application Developer	Portals
AMS	Web Development	40684	S0303	Application Developer	Portals.WebSphere
AMS	Web Development	40684	S3538	Application Developer	VB.NET
AMS	Web Development	40684	S0497	Application Developer	Visual Basic
AMS	Web Development	40684	S0505	Application Developer	Web Technologies
AMS	Web Development	40684	S0508	Application Developer	WebSphere Commerce Suite
AMS	Web Development	40681	S0322	Business Analyst	Rational
AMS	Web Development	41917	S1552	Business Area Manager	Application Services
AMS	Web Development	42400	S0223	Technical Team Leader	Microsoft
AMS	Web Development	45022	S0322	Infrastructure Specialist	Rational

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

AMS	Web Development	40661	S0095	Application Architect	eCommerce
AMS	Web Development	45022	S0223	Infrastructure Specialist	Microsoft
AMS	Web Development	40681	S0478	Business Analyst	Technical Requirements
AMS	EI	40684	S0555	Application Developer	Web Services/SOA
AMS	EI	40666	S0505	Application Consultant	Web Technologies
AMS	EI	40684	S0509	Application Developer	WebSphere MQ Series
AMS	EI	45021	S2888	Systems Engineering Professional	Application/System Integration
AMS	EI	40684	S1925	Application Developer	WebSphere Process Server
AMS	EI	40670	S1014	Project Manager	System Integration
AMS	EI	40684	S2829	Application Developer	Websphere ESB
AMS	EI	45022	S0474	Infrastructure Specialist	Systems Management
AMS	EI	40661	S0555	Application Architect	Web Services/SOA
AMS	EI	40684	S1533	Application Developer	WebSphere Business Integration Message Broker
AMS	EI	45022	S3535	Infrastructure Specialist	Application Server Administration
AMS	EI	40661	S0505	Application Architect	Web Technologies
AMS	EI	41627	S0104	Technical Solution Architect	Enterprise Architecture
AMS	EI	45022	S0473	Infrastructure Specialist	System Products
AMS	EI	40684	S0506	Application Developer	WebMethods
AMS	BAM	40684	S2702	Application Developer	Migration
AMS	BAM	40684	S2714	Application Developer	Application Modernization
AMS	Oracle	40632	S0255	Package Solution Consultant	Oracle.Financials
AMS	Oracle	40684	S0270	Application Developer	JDE
AMS	Oracle	40684	S0267	Application Developer	PeopleSoft
AMS	Oracle	40684	S0437	Application Developer	Siebel
AMS	Oracle	40632	S0257	Package Solution Consultant	Oracle.Manufacturing
AMS	Oracle	40632	S0278	Package Solution Consultant	PeopleSoft.HR
AMS	Oracle	40685	S0252	Database Administrator	Oracle Applications
AMS	Oracle	40632	S0273	Package Solution Consultant	JDE.Distribution
AMS	Oracle	40661	S0437	Application Architect	Siebel
AMS	Oracle	40632	S0276	Package Solution Consultant	JDE.Manufacturing
AMS	Oracle	40632	S0279	Package Solution Consultant	PeopleSoft.Payroll
AMS	Oracle	40632	S0274	Package Solution Consultant	JDE.Financials
AMS	Oracle	40661	S0252	Application Architect	Oracle Applications
AMS	Oracle	40632	S0258	Package Solution Consultant	Oracle.Order to Cash

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

AMS	Oracle	40632	S0259	Package Solution Consultant	Oracle.Procure to Pay
AMS	Other	40684	S0833	Application Developer	IBM Maximo
AMS	Other	40684	S0185	Application Developer	Lawson
AMS	Other	40632	S0529	Package Solution Consultant	i2
C&SI ABAP	SAP	40661	S0333	Application Architect	SAP
C&SI ABAP	SAP	40684	S0391	Application Developer	SAP.NW.EP
C&SI ABAP	SAP	40661	S2549	Application Architect	SAP.NW.Security
C&SI ABAP	SAP	40684	S0397	Application Developer	SAP.NW.XI
C&SI ABAP	SAP	40684	S3057	Application Developer	SAP.NW.ABAP.WebUI
C&SI ABAP	SAP	40661	S0389	Application Architect	SAP.NW.Basis
C&SI ABAP	SAP	40684	S0388	Application Developer	SAP.NW.ABAP
C&SI ABAP	SAP	40684	S3054	Application Developer	SAP.NW.ABAP.APO
C&SI ABAP	SAP	40684	S3053	Application Developer	SAP.NW.ABAP.CRM
C&SI ABAP	SAP	40684	S0824	Application Developer	SAP.NW.ABAP.HR
C&SI ABAP	SAP	40684	S3055	Application Developer	SAP.NW.ABAP.SRM
C&SI ABAP	SAP	40684	S3056	Application Developer	SAP.NW.ABAP.Workflow
C&SI ABAP	SAP	40684	S0390	Application Developer	SAP.NW.BI
C&SI ABAP	SAP	42400	S0388	Technical Team Leader	SAP.NW.ABAP
C&SI Function	SAP	40632	S0340	Package Solution Consultant	SAP.CRM.Sales
C&SI Function	SAP	40632	S0337	Package Solution Consultant	SAP.CRM
C&SI Function	SAP	40632	S0344	Package Solution Consultant	SAP.FIN

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

C&SI Function	SAP	40632	S0347	Package Solution Consultant	SAP.FIN.BI
C&SI Function	SAP	40632	S0349	Package Solution Consultant	SAP.FIN.CO
C&SI Function	SAP	40632	S0354	Package Solution Consultant	SAP.FIN.SEM
C&SI Function	SAP	40632	S0356	Package Solution Consultant	SAP.HR
C&SI Function	SAP	40632	S0827	Package Solution Consultant	SAP.HR Time Management
C&SI Function	SAP	40632	S1021	Package Solution Consultant	SAP.HR.Comp Mgt
C&SI Function	SAP	40632	S0358	Package Solution Consultant	SAP.HR.Payroll
C&SI Function	SAP	40632	S1022	Package Solution Consultant	SAP.HR.Self Serve
C&SI Function	SAP	40632	S0831	Package Solution Consultant	SAP.IS (Other Industries)
C&SI Function	SAP	40632	S0361	Package Solution Consultant	SAP.IS Aerospace & Defense
C&SI Function	SAP	40632	S0380	Package Solution Consultant	SAP.IS Oil & Gas
C&SI Function	SAP	40632	S0384	Package Solution Consultant	SAP.IS Retail
C&SI Function	SAP	40632	S3428	Package Solution Consultant	SAP.IS Utilities
C&SI Function	SAP	40632	S0390	Package Solution Consultant	SAP.NW.BI
C&SI Function	SAP	40632	S0394	Package Solution Consultant	SAP.NW.MDM
C&SI Function	SAP	40632	S0395	Package Solution Consultant	SAP.NW.ME
C&SI Function	SAP	40632	S0398	Package Solution Consultant	SAP.PLM
C&SI Function	SAP	40632	S0401	Package Solution Consultant	SAP.PLM.PM
C&SI Function	SAP	40632	S0402	Package Solution Consultant	SAP.PLM.PS

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

C&SI Function	SAP	40632	S0403	Package Solution Consultant	SAP.PLM.QM
C&SI Function	SAP	40632	S0834	Package Solution Consultant	SAP.SCM.APO
C&SI Function	SAP	40632	S0406	Package Solution Consultant	SAP.SCM.APO.DP
C&SI Function	SAP	40632	S0411	Package Solution Consultant	SAP.SCM.APO.PPDS
C&SI Function	SAP	40632	S0415	Package Solution Consultant	SAP.SCM.APO.SNP
C&SI Function	SAP	40632	S0408	Package Solution Consultant	SAP.SCM.GTS
C&SI Function	SAP	40632	S0409	Package Solution Consultant	SAP.SCM.MM
C&SI Function	SAP	40632	S0410	Package Solution Consultant	SAP.SCM.PP
C&SI Function	SAP	40632	S0413	Package Solution Consultant	SAP.SCM.SD
C&SI Function	SAP	40632	S2650	Package Solution Consultant	SAP.SCM.SD.VC
C&SI Function	SAP	40632	S0414	Package Solution Consultant	SAP.SCM.SM
C&SI Function	SAP	40632	S2661	Package Solution Consultant	SAP.SCM.TPVS
C&SI Function	SAP	40632	S0417	Package Solution Consultant	SAP.SCM.WMS
C&SI Function	SAP	40632	S0418	Package Solution Consultant	SAP.SRM
C&SI Function	SAP	40710	S3781	Strategy Consultant	Organizational Change.SAP

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Annexure D – Security Policy Guidelines for DC

Table of Contents

1.	INTRODUCTION	2
2.	INTENDED AUDIENCE	2
3.	ENFORCEMENT	2
4.	REVIEW OF POLICY	2
5.	SCOPE	2
6.	ORGANIZATIONAL SECURITY	2
6.1	Security Organization	2
6.1.1	Organization Structure	3
6.1.2	Roles and Responsibilities	3
6.2	IT Procurement	3
6.3	Audit	3
6.4	Third Party	3
7.	ASSET CLASSIFICATION AND CONTROL	3
7.1.1	Asset Inventory	3
8.	PHYSICAL SECURITY	4
8.1	Security Guards	4
8.2	Access Control	4
8.2.1	Clients Specific Areas	4
9.	LOGICAL SECURITY	4
9.1	Protecting system and application integrity	5
9.1.1	User ID’s and Passwords	5
9.2	Operating System Resources	5
10.	BUSINESS CONTINUITY MANAGEMENT	6
10.1	Harmful Code	6
10.2	Security Advisory Patch	6
11.	HARDWARE SECURITY	7
12.	CHANGE CONTROL MANAGEMENT	8
13.	CLEAR DESK POLICY	8
14.	E-MAIL POLICY	8

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

1.0 Introduction

The security policy should clearly define its purpose and management direction for the security of information.

2.0 Intended Audience

The policy should clearly mention the personnel to whom the policy applies.

3.0 Enforcement

The policy should define the process of its enforcement and the consequences of its breach if any.

4.0 Review Of Policy

The review process should encompass the following.

-	Regular reviews of policy and standards

-	Regular review of security responsibilities

-	Monitoring significant changes in the exposure of information assets to major threats

-	Regular reviews and monitoring of security incidents

-	Regular reviews of exposure to threats

-	Approve initiatives for enhancing information security

5.0 Scope

-	Organizational Security

-	Asset, classification and control

-	Personnel Security

-	Incident reporting

-	Physical Security

-	Logical Security

-	Business Continuity management.

-	Education & awareness

-	Compliance & audit

6.0 Organizational Security

6.1 Security Organization

The security organization should support the management of Information Security within the enterprise.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

6.1.1 Organization Structure

6.1.2 Roles and Responsibilities

Roles and responsibilities for the protection of individual assets and for carrying out specific security processes should be explicitly defined and allocated.

The owners of all information assets should be identified and their acceptance of the associated responsibilities should be recorded.

6.2 IT Procurement

6.3

Audit

6.4 Third Party

Risks associated with third parties should be identified and assessed with respect to:

physical access

Logical Access

Non disclosure agreements with third parties should be signed

7.0 Asset Classification and Control

Software assets: system software, applications, development tools etc.

Physical assets: computer equipment, tapes, disks, power supplies etc.

Services: computing and communications services, heating, lighting etc.

7.1.1 Asset Inventory

Each asset should be clearly identified with the help of a unique asset ID.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Each asset should have a location and owner assigned.

The ownership of the asset should be documented and reviewed regularly.

Transfer of assets should be tracked and documented.

Issue of assets should be properly authorized and documented.

Inventories for all major IT assets should be maintained.

Security classification labels should be used to identify the classifications of sensitive data contained in reports, files, screen displays, diskettes, tapes or other media.

8.0 Physical Security

8.1 Security Guards

8.2 Access Control

The policy should also ensure some of the following points.

·	Clear location and documentation of Controlled access areas

·	Defined use and standards of equipments to be used for controlling access.

·	Process to define authorization levels to grant access to various areas

·	Process to check and validate authorized access lists with in a specified time frame.

·	Process to ensure that When people have their access authorization revoked, either by request or implicitly through termination of employment, are they immediately removed from the area access lists

·	Process to ensure logs of non-routine area accesses kept which reflect the visitor’s name, time of entry, the escort or authorizer, and the fact of exit

8.2.1 Clients Specific Areas

9.0 Logical Security

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

9.1 Protecting system and application integrity

9.1.1 User ID’s and Passwords

The security policy should ensure a process by which each authorized user should be assigned a unique user ID. The composition of the user ID should be clearly defined in the policy.

The policy should ensure the revalidation of login names is performed with in a predetermined time frame.

The policy should ensure that the organization should adhere to the following:

-	Passwords are allocated on an individual basis.

-	Passwords are kept confidential.

-	Paper records of passwords are avoided unless they are stored securely.

-	Users are instructed to change passwords if compromise is suspected.

-	Not based on anything somebody could easily guess

-	Free of consecutive identical characters

-	Users are instructed not to use trivial or obvious passwords.

-	Passwords are changed on a regular basis.

-	The frequency of change is based on the degree of access the user has.

Password policy:

The password policy should define the following

-	Minimum length of the password in terms of number of characters (recommended 8 characters)

-	Predefined composition of the password like for example the password should contain a mix of alphabetic and non-alphabetic characters (numbers, punctuation or special characters) or a mix of at least two types of non-alphabetic characters.

-	The policy should define the expiry time of each type of password and this expiry time should be system driven.

9.2 Operating System Resources

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

The policy has to ensure the following.

·	That no operating system resources can be updated by a general user, except where required for normal system operation on a approval from reporting manager.

·	That no general user can read operating system resources which would assist the user to bypass security controls.

·	Where logging is technically possible, the process should ensure that logs are kept of all unauthorized access attempts to operating system resources for a minimum period of time (recommended 3 months).

10.0. Business Continuity Management

10.1 Harmful Code

The security policy has to ensure that proper systems are put in place to prevent the propagation and execution of harmful code / Virus.

Some of the important aspects that need to be covered by the policy are as follows.

·	Ensure that anti-virus programs are available on all the operating systems.

·	All the anti-virus programs are configured to scan for viral signatures daily.

·	All anti-virus programs, used are configured to obtain and install virus signature updates on real-time basis.

·	Configure the anti-virus program to scan full system at least once a week.

·	If a system becomes infected by a computer virus. Should ensure that controls in place to minimize the damage caused by the virus.

10.2 Security Advisory Patch

Ÿ	Determination of risk severity based on vulnerability rating and exploitation category.

Ÿ	Notification of fix availability

Procedure to determine the schedule for application of the security/integrity fixes. Only advisories with available fixes should be installed.

Security/Integrity Advisories should be assigned severities that will be used to determine the implementation time. The following are some of the criteria that can be used for assigning the severity.

Vulnerability Rating:

High: Bypassing access control systems or gaining access to a user ID with system or security administrative authority without the need for a general user ID

Low: Unauthorized access to data from a general user ID or a denial of service attack

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

Once a Security/Integrity Fix is available, the IT Security Team will notify of it along with the details and severity rating.

Security/Integrity Fix Notification Schedule	Recommended Value	Remarks
High Severity	3 business days
Medium Severity	10 business days
Low Severity	30 business days

Implementation Schedule

Implementation Schedule	Recommended Value	Remarks
Implementation Schedule	Agreed to schedule must be documented
When will default implementation times be used	No implementation schedule created within 14 days of notification
High Severity default implementation time beginning 14 days after notification	60 days
Medium Severity default implementation time beginning 14 days after notification	90 days
Low Severity default implementation time beginning 14 days after notification	180 days

11.0 Hardware security

Some of key issues that need to be addressed by the policy are listed below.

·	Protection of BIOS through use of password

·	Access to Client networks to be allowed through specific workstations.

·	Writeable IO devices such as floppy drives, ZIP and CD-RW drives will be internally disabled or removed.

·	All PC’s should be installed with Client specific OS image.

·	An approved anti-virus server located on the Internet or the PROVIDER enterprise network to allow for updates to Anti Virus software installed on the development desktops.

·	Workstations to be OS password protected for logging into the system. IBM password polices will be followed.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

·	PCs should have anti virus software with compulsory weekly scheduled scans. Updates of virus definitions will be accomplished as described above.

·	The systems will have screen saver passwords

The policy should ensure that the IT team with in the organizations submits the workstation compliance report at periodic interval and the report should cover but not be limited to the following

·	List of software installed on each workstation

·	Power on password status (enabled/disabled)

·	Hard disk password Status (enabled/disabled

·	Screen saver password (enabled /disabled)

·	Live update

·	File sharing

·	Personal firewall

·	Lotus Notes local database encryption

·	Microsoft windows account (user account)

12.0 Change Control Management

Change control spreads across the entire organization however for IT security its control is very essential for the following.

·	Systems (server and desktop management)

Networks

Change control of any kind should be documented and tracked to closure. Change control should follow fixed methodologies and these methodologies should be captured in standard templates.

13.0 Clear Desk Policy

The policy should direct employees towards the process that one must follow in the event of disposal of any kind of information.

14.0 E-mail Policy

The policy should provide guidelines for the usage of company owned or Client provided common mail services provided for the use of business interest of the company or Client to the employees.

The policy should clearly outline guidelines to employees having access to official email for the use of business.

The policy should also ensure the use of appropriate email ID conventions.

Technical Services Agreement

Master Statement of Work

Base Agreement #4911013920

Master SOW #4911013924

The policy should detail the rights and privileges of the employees who have been provide official email.

The policy should ensure that the company follows standard mail configuration across all users to enable easy maintenance and control.

Automatic Forwarding or reply of Email should be controlled to ensure that company confidential data is not let out by mistake.