Kansas House Bill 2039: Tribal Court Judgments Recognition

Session of 2019 HOUSE BILL No. 2039 By Committee on Judiciary 1-17 1 2 3 4 5 6 7 8 9 10 11 12 13 AN ACT concerning recognition of tribal court judgments. Be it enacted by the Legislature of the State of Kansas: Section 1. (a) Pursuant to rules adopted by the supreme court, the district courts of this state shall extend full faith and credit to the orders, judgments and other judicial acts of the tribal courts of any federally recognized Indian tribe. (b) In adopting rules under subsection (a), the supreme court shall only extend recognition to the judgments of tribal courts that grant full faith and credit to judgments of the courts of the state of Kansas. Sec. 2. This act shall take effect and be in force from and after its publication in the statute book. DESCRIPTI E CATALOGING MAN AL NAME AND SERIES A THORIT RECORDS MLA C M BIBCO M cF C MLA A M 2024 ( ), 3/7/24 e Re CTHISMOPEN , C SOURCE AGREEMENT (“AGREEMENT”) DEFINES THE RIGHTS OF USE, REPRODUCTION, DISTRIBUTION, MODIFICATION AND REDISTRIBUTION OF CERTAIN COMPUTER SOFTWARE ,M 2023-F 2024 ORIGINALLY RELEASED BY THE UNITED STATES GOVERNMENT AS REPRESENTED BY THE GOVERNMENT AGENCY LISTED BELOW ("GOVERNMENT AGENCY"). THE UNITED STATES N F : GOVERNMENT, AS REPRESENTED BY GOVERNMENT AGENCY, IS AN INTENDED THIRD-PARTY M (E M ) BENEFICIARY OF ALL SUBSEQUENT DISTRIBUTIONS OR REDISTRIBUTIONS OF THE SUBJECT A (E M ) REPRODUCES, DISTRIBUTES, MODIFIES OR REDISTRIBUTES THE SOFTWARE. ANYONE WHO USES, SUBJECT SOFTWARE, ASC DEFINED OR ANY PART( THEREOF, IS, A ( L HEREIN, A ) M H .O C ) BY THAT ACTION, ACCEPTING IN FULL THE RESPONSIBILITIES AND OBLIGATIONS CONTAINED IN THIS AGREEMENT. O : M F ( GRANT We a e a OF a RIGHTSf N C -C H ) add a e be ! A NACO- M P ( A. Under Non-PatentMRights: Subject to the terms and conditions of this Agreement, each Contributor, with respect to NMP) F . BIBCO NMP its own contribution to the Subject Software, hereby grants to each Recipient a non-exclusive, world-wide, royaltyI free license to engage in the following activities pertaining to the F Subject Software: , 1. Use BIBCO M F ( Ca a g g & Me ada a C ee - BIBCO - M c L b a A ca ) 2. Distribution 3. Reproduction CMC K B A FAQ , 4. Modification AAP 5. Redistribution 6. Display BIBCO B. Under Patent Rights: Subject to the terms and conditions of this Agreement, each Contributor, with respect to its I ownK contribution -J (Eto the Subject Software, M ) hereby grants to each PCC C Recipient under Covered Patents a non-exclusive, world-wide, royalty-free license to engage in the following activities pertaining to the Subject Software: C BIBCO AAP ( 1. Use ( C ); ) . 2. Distribution 3. Reproduction 4. Sale 1. 5. M Offer for Sale I 14 I 11 I 31 BIBCOM 10 -L 1519201819 1514141211 1213131211 3025232532 M 2019 2020 2021 2022 2023 2024 I 7 2 7 5 5 9 2. BIBCO N : M ( A ), CC BIBC A , F F . L C : BIBCO F 2019) D . , - ( ; M F . BIBCO CC F CC D . BIBCO (382/655/046/ ! - .), 240 , . BIBCO - . C m la i e S a i ic 2015-2023 N : CC 2016. C ( - ) / ; . ., LC/NAF, NA NA . A : F / , .A ( , , , .) . . (1) ha ; . (2) ; . (3) LC , , , . (4) N CON E OCLC; , . ., :C . , , . ., .$ E / NA : NA : LC/ CC , , , $ 1903-1976. $ F , $ 1903-1976. $ F . . A , . ., 3 . A / .A 4 A 1 E a : /245 100 1# $ A . ,I .$ E L ,I .$ E L .$ E B October 2023 400 1# $ A (Va a add d b ca a a d acc ) Introd ction 3 DE C I LC I E CA AL GI G c ca a A ac c : A AL 1 A 16, 1999, ALL , / / / . . S a c d (SAR ) LC ac c : A PCC J 1, 2006, LC A . ac c : . , , . C CC , .F CC - (8 ) , CC , . A - , . ., 1 . A : 1) , , ), 4) / , 5) , 7) ( . ., , ), 2) LC , , 3) , ( , , 6) ( ) , 8) / .A .C . 1983, LC, , , LC LC .H , A , . A . ( ) . .A , , ; . I A , 2008, CC C - . October 2023 Introd ction 4 DE C I I E CA AL GI G A AL 1 . .P , . SAR , - , , .I . . . S .C .E FRBR - .F , (380 ( . ., ( MARC 21 046 3 ) ) E , ). ( ) . , J ca acc . a , 046 , 3 046 1 , 670 . 670 . , .F , "S B " F , 380 046 3 . , 670 . A a c a a c A .N ( . ., , ) . October 2023 Introd ction 5 DESCRIP I E CA ALOGING MAN AL 1 N .M . I / 1 / , .A LC-PCC PS RDA , ( , ). A . C . CIP , , .C , CIP NACO , ; CIP , 670 , . a a 4 .A NAR, LC/NAF Learning ra e Costs are in 2010 US dollars as per Lovering et al. [14]. This paper presents evidence of the disruption of a transition from fossil fuels to nuclear po er, and finds the benefits forgone as a consequence are substantial. Learning rates are presented for nuclear po er in seven countries, comprising 58% of all po er reactors ever built globall . Learning rates and deplo ment rates changed in the late-1960s and 1970s from rapidl falling costs and accelerating deplo ment to rapidl rising costs and stalled deplo ment. Historical nuclear global capacit , electricit generation and overnight construction costs are compared ith the counterfactual that pre-disruption learning and deplo ment rates had continued to 2015. Had the earl rates continued, nuclear po er could no be around 10% of its current cost. The additional nuclear po er could have substituted for 69,000 186,000 TWh of coal and gas generation, thereb avoiding up to 9.5 million deaths and 174 Gt CO2 emissions. In 2015 alone, nuclear po er could have replaced up to 100% of coal-generated and 76% of gas-generated electricit , thereb avoiding up to 540,000 deaths and 11 Gt CO2. Rapid progress as achieved in the past and could be again, ith appropriate policies. Research is needed to identif impediments to progress, and polic is needed to remove them. 2.2. De e ae jec i To calculate the OCC of nuclear po er in 2015 requires a projection of hat the cumulative global capacit of construction starts ould have been. Similarl , to calculate the e tra electricit that ould have been generated at the higher deplo ment rates, and the deaths and emissions that could have been avoided, requires a projection of hat the global capacit of operating reactors ould have been. This projection assumes that, if not for the disruption, the construction period ould have been five ears 5 and the capacit of po er uprates and of reactors permanentl shut do n each ear ould have been unchanged from the actual. Three deplo ment rate scenarios ere anal sed: the actual historical rate and t o projections of earl historical rates. Ac a This is the actual historical deplo ment from 1954 to 2015. The cumulative global capacit of construction starts as 486 GW in 2013 [14]; 11 GW as added in 2014 and 2015, making the total 497 GW in 2015. The actual global capacit in operation in 2015 as 383 GW [22] 6. L ea The capacit of commercial operation starts peaked at 40 GW in 1985 and averaged 30 GW per ear from 1984 to 1986 [22]. The capacit in commercial operation in 1985 as 253 GW [26]. The Linear scenario assumes that commercial operation starts continued at 30 GW per ear from 1985 to 2015, and the capacit of po er uprates and reactors permanentl shutdo n each ear as as per the historical data. (See Appendi A for further e planation of the calculation method and data sources.) Acce e a From 1954 to 1976, the capacit of construction starts as accelerating, then slo ed in 1976 (i.e. about 5 to 10 ears after the reversal points, hich as hen OCC started to increase rapidl ). If the OCC had continued to reduce at the pre-reversal learning rates, it as assumed the deplo ment rate also ould have continued (all else being equal). A defensible assumption is that the rate continued at that prevailing from 1960 to 1976. A pol nomial function as fitted to the data points for 1960 to 1976 and projected to 2015. The cumulative global capacit of commercial operation starts as estimated b subtracting five ears (for the assumed average construction duration) from the cumulative global capacit of construction starts and subtracting the actual capacit of reactors permanentl shut do n. (See Appendi A for further e planation). The Linear and Accelerating scenarios are used to estimate the e tra electricit that ould have been supplied each ear b nuclear po er from 1985 to 2015 (for the Linear) and from 1980 to 2015 (for the Accelerating) scenarios. Click here to e pand... 0. 3. Re a dD c 3.1. Lea i g a e Figure 2 has a chart for each of the seven countries and one for all seven combined; trendlines ere fitted to the data points before and after the trend reversal points. The equation for each trendline is sho n on the charts. 6 of 23 Electronic cop available at: F N c ea P e Lea a d De e Ra e : D a d G ba Be ef F e e 2: OCC (2010 US$/kW) plotted against cumulative global capacit (GW) of nuclear po er reactors, based on construction start dates; regression lines fitted to points before and after trend reversals. 7 of 23 Electronic cop available at: N c ea P e Lea a d De e Ra e : D a d G ba Be ef F e To compare trends for the seven countries, Figure 3 sho s all the regression lines. Japan and France had the fastest pre-reversal learning rate; South Korea had a similar rate since it started building reactors in 1972, although it started from a high OCC after the reversal and initial rapid cost escalation in the other countries. G ba C 24% 19% 28% 16% 23% 2% P e- e e a P ec ed OCC a 497 GW $349 $614 $257 $334 $485 $739 N/A $433 F e 3: Regression lines for seven countries: OCC plotted against cumulative global capacit of construction starts. Table 1 lists the learning rates for both periods in each countr for both the cumulative global and the cumulative countr capacit . The si th column is the reversal point for each countr . The last column is the projected OCC at 497 GW cumulative global capacit if the pre-reversal learning rates had continued. Tab e 1: Learning rates for pre-reversal and post-reversal, reversal point and projected overnight construction cost at 497 GW cumulative global capacit of construction starts. C US 23% CA 27% FR 34% DE 28% JP 35% IN 7% UKRAINE All 24% P - e e a Re e a G ba C , GW -94% -102% 32 -23% -20% 64 -28% -10% 64 -82% -62% 64 -56% -35% 100 -54% -8% 100 33% 12% 100 -23% 32 8 of 23 Electronic cop available at: N c ea P e Lea a d De e Ra e : D a d G ba Be ef F e Learning rates are affected b the gro th of cumulative capacit both globall and locall . Follo ing Lovering et al., cumulative global capacit as used as the reference. Figure 4 plots the learning rates against the time span of the construction starts for each period in each countr . F e 4: Learning rates pre- and post-reversal points vs time span of construction starts. Table 1 and Figure 4 sho that, before the reversal, OCC learning rates ere 23% in the US, 27% to 35% in the other countries e cept India ( here it as 7%), and 24% for all countries combined. At the reversal, learning rates changed abruptl and became negative (-94% in the US, -82% in German , -23% to -56% in the other countries, e cept in South Korea, and -23% for all seven countries); South Korea started building nuclear po er plants after the initial rapid cost-escalation period, achieving a 33% learning rate since 1972. The fact that fast learning rates e isted up to about 1970, and in South Korea since, suggests the could be achieved again 9. The US s post-reversal learning rate as the orst of the seven countries. The reversal occurred t o to four ears later in the other countries and the real cost increase as not as severe as in the US. This suggests the US ma have negativel influenced the development of nuclear po er in all seven countries (and probabl all countries). It also sho s that technolog learning and transition rates can change quickl and disrupt progress, in this case dela ing progress for about half a centur so far. 3.2. De e ae a d jec i 2015 Figure 5 sho s the annual global capacit of construction starts 10 and commercial operation starts from 1954 to 2015 [22]. The capacit of construction starts as accelerating until about 1970, peaked in 1976, then stalled. The annual capacit of commercial operation starts peaked in 1985, averaged 30 GW per ear from 1984 to 1986, then declined rapidl and has not recovered. IAEA 9 of 23 Electronic cop available at: N c ea P e Lea a d De e Ra e : D a d G ba Be ef F e [40] sho s grid connections peaked at 31 GW per ear in 1984 and 1985 and declined rapidl thereafter. 1 Lea ning a e fo 2 Deplo men a e 3 Ac 4 Linea p ojec ion 23% cena io : al 349 246 Accele a ing 177 27% 34% 28% 35% 7% 24% F e 5: Annual global capacit of construction starts and commercial operation starts, 1954 2015. Figure 6 sho s cumulative global capacit of construction starts and commercial operations starts plotted against time (top panel), and projections of hat the ould have been in 2015 if the earl deplo ment rates had continued (bottom panel). 10 of 23 Electronic cop available at: N c ea P e Lea a d De 1 Ac 2 Deplo men 3 Linea 4 3,881 4,000 4,797 5,000 3,676 OCC change f om 2015 ac e Ra e : D a d G ba Be ef F e al OCC a e cena io : Ac al Accele a ing al 2,000 4,022 11% 8% 5% F e6( (B ): Cumulative global capacit of construction starts and of commercial operation starts (sorted b construction start date). ): Cumulative global capacit of construction starts (red and green data points); accelerating projection of 1960 1976 data points (dotted green line); Linear and Accelerating projections of capacit in commercial operation (dashed pink and green lines). 11 of 23 Electronic cop available at: N c ea P e Lea a d De e Ra e : D a d G ba Be ef F e Table 2 summarises the cumulative global capacit of actual and projected construction starts and the capacit in commercial operation at the end of 2015 for each scenario. Tab e 2: Actual and projected cumulative global capacit of construction starts and global capacit in commercial operation in 2015 for the three scenarios. De e a e ce a Actual Linear Accelerating C c a (GW) 497 1,246 2,941 C e ca ea (GW) 383 1,096 2,366 The Linear and Accelerating projections of cumulative global capacit b 2015 in Table 2 represent scenarios calculated on the basis of the stated deplo ment rate assumptions. The increases in projected cumulative global capacit b 2015 compared ith Actual are large. It is useful to compare these scenarios ith projections made in the 1970s. For e ample, the Accelerating deplo ment rate projects a global nuclear capacit of 1,152 GW b 2000. The Workshop on Alternative Energ Strategies (WAES) [12], projected global nuclear capacit in 2000 at bet een 913 GW and 1,722 GW 11. So the present projection is quite consistent ith the outlook of 40 ears ago. ,$6 ,$6 Financial Reporting in Hyperinflationary Economies In April 2001 the International Accounting Standards Board adopted IAS 29 Financial Reporting in Hyperinflationary Economies, which had originally been issued by the International Accounting Standards Committee in July 1989. ,)56)RXQGDWLRQ $ ,$6 &217(176 IURPSDUDJUDSK ,17(51$7,21$/$&&2817,1*67$1'$5' ),1$1&,$/5(3257,1*,1+<3(5,1)/$7,21$5< (&2120,(6 6&23( 7+(5(67$7(0(172)),1$1&,$/67$7(0(176 +LVWRULFDOFRVWƂQDQFLDOVWDWHPHQWV &XUUHQWFRVWƂQDQFLDOVWDWHPHQWV 7D[HV 6WDWHPHQWRIFDVKƃRZV &RUUHVSRQGLQJƂJXUHV &RQVROLGDWHGƂQDQFLDOVWDWHPHQWV 6HOHFWLRQDQGXVHRIWKHJHQHUDOSULFHLQGH[ (&2120,(6&($6,1*72%(+<3(5,1)/$7,21$5< ',6&/2685(6 ())(&7,9('$7( )257+(%$6,6)25&21&/86,2166((3$57&2)7+,6(',7,21 %$6,6)25&21&/86,216 $ ,)56)RXQGDWLRQ ,$6 International Accounting Standard 29 Financial Reporting in Hyperinflationary Economies (IAS 29) is set out in paragraphs 1–41. All the paragraphs have equal authority but retain the IASC format of the Standard when it was adopted by the IASB. IAS 29 should be read in the context of the Basis for Conclusions, the Preface to IFRS Standards and the Conceptual Framework for Financial Reporting. IAS 8 Accounting Policies, Changes in Accounting Estimates and Errors provides a basis for selecting and applying accounting policies in the absence of explicit guidance. ,)56)RXQGDWLRQ $ ,$6 ,QWHUQDWLRQDO$FFRXQWLQJ6WDQGDUG )LQDQFLDO5HSRUWLQJLQ+\SHULQƃDWLRQDU\(FRQRPLHV 6FRSH 1 This Standard shall be applied to the financial statements, including the consolidated financial statements, of any entity whose functional currency is the currency of a hyperinflationary economy. 2 In a hyperinflationary economy, reporting of operating results and financial position in the local currency without restatement is not useful. Money loses purchasing power at such a rate that comparison of amounts from transactions and other events that have occurred at different times, even within the same accounting period, is misleading. 3 This Standard does not establish an absolute rate at which hyperinflation is deemed to arise. It is a matter of judgement when restatement of financial statements in accordance with this Standard becomes necessary. Hyperinflation is indicated by characteristics of the economic environment of a country which include, but are not limited to, the following: (a) the general population prefers to keep its wealth in non-monetary assets or in a relatively stable foreign currency. Amounts of local currency held are immediately invested to maintain purchasing power; (b) the general population regards monetary amounts not in terms of the local currency but in terms of a relatively stable foreign currency. Prices may be quoted in that currency; (c) sales and purchases on credit take place at prices that compensate for the expected loss of purchasing power during the credit period, even if the period is short; (d) interest rates, wages and prices are linked to a price index; and (e) the cumulative inflation rate over three years is approaching, or exceeds, 100%. 4 It is preferable that all entities that report in the currency of the same hyperinflationary economy apply this Standard from the same date. Nevertheless, this Standard applies to the financial statements of any entity from the beginning of the reporting period in which it identifies the existence of hyperinflation in the country in whose currency it reports. 1 As part of Improvements to IFRSs issued in May 2008, the Board changed terms used in IAS 29 to be consistent with other IFRSs as follows: (a) ‘market value’ was amended to ‘fair value’, and (b) ‘results of operations’ and ‘net income’ were amended to ‘profit or loss’. $ ,)56)RXQGDWLRQ ,$6 7KHUHVWDWHPHQWRIƂQDQFLDOVWDWHPHQWV 5 Prices change over time as the result of various specific or general political, economic and social forces. Specific forces such as changes in supply and demand and technological changes may cause individual prices to increase or decrease significantly and independently of each other. In addition, general forces may result in changes in the general level of prices and therefore in the general purchasing power of money. 6 Entities that prepare financial statements on the historical cost basis of accounting do so without regard either to changes in the general level of prices or to increases in specific prices of recognised assets or liabilities. The exceptions to this are those assets and liabilities that the entity is required, or chooses, to measure at fair value. For example, property, plant and equipment may be revalued to fair value and biological assets are generally required to be measured at fair value. Some entities, however, present financial statements that are based on a current cost approach that reflects the effects of changes in the specific prices of assets held. 7 In a hyperinflationary economy, financial statements, whether they are based on a historical cost approach or a current cost approach, are useful only if they are expressed in terms of the measuring unit current at the end of the reporting period. As a result, this Standard applies to the financial statements of entities reporting in the currency of a hyperinflationary economy. Presentation of the information required by this Standard as a supplement to unrestated financial statements is not permitted. Furthermore, separate presentation of the financial statements before restatement is discouraged. 8 The financial statements of an entity whose functional currency is the currency of a hyperinflationary economy, whether they are based on a historical cost approach or a current cost approach, shall be stated in terms of the measuring unit current at the end of the reporting period. The corresponding figures for the previous period required by IAS 1 Presentation of Financial Statements (as revised in 2007) and any information in respect of earlier periods shall also be stated in terms of the measuring unit current at the end of the reporting period. For the purpose of presenting comparative amounts in a different presentation currency, paragraphs 42(b) and 43 of IAS 21 The Effects of Changes in Foreign Exchange Rates apply. 9 The gain or loss on the net monetary position shall be included in profit or loss and separately disclosed. 10 The restatement of financial statements in accordance with this Standard requires the application of certain procedures as well as judgement. The consistent application of these procedures and judgements from period to period is more important than the precise accuracy of the resulting amounts included in the restated financial statements. ,)56)RXQGDWLRQ $ ,$6 +LVWRULFDOFRVWƂQDQFLDOVWDWHPHQWV 6WDWHPHQWRIƂQDQFLDOSRVLWLRQ 11 Statement of financial position amounts not already expressed in terms of the measuring unit current at the end of the reporting period are restated by applying a general price index. 12 Monetary items are not restated because they are already expressed in terms of the monetary unit current at the end of the reporting period. Monetary items are money held and items to be received or paid in money. 13 Assets and liabilities linked by agreement to changes in prices, such as index linked bonds and loans, are adjusted in accordance with the agreement in order to ascertain the amount outstanding at the end of the reporting period. These items are carried at this adjusted amount in the restated statement of financial position. 14 All other assets and liabilities are non-monetary. Some non-monetary items are carried at amounts current at the end of the reporting period, such as net realisable value and fair value, so they are not restated. All other non-monetary assets and liabilities are restated. 15 Most non-monetary items are carried at cost or cost less depreciation; hence they are expressed at amounts current at their date of acquisition. The restated cost, or cost less depreciation, of each item is determined by applying to its historical cost and accumulated depreciation the change in a general price index from the date of acquisition to the end of the reporting period. For example, property, plant and equipment, inventories of raw materials and merchandise, goodwill, patents, trademarks and similar assets are restated from the dates of their purchase. Inventories of partly-finished and finished goods are restated from the dates on which the costs of purchase and of conversion were incurred. 16 Detailed records of the acquisition dates of items of property, plant and equipment may not be available or capable of estimation. In these rare circumstances, it may be necessary, in the first period of application of this Standard, to use an independent professional assessment of the value of the items as the basis for their restatement. 17 A general price index may not be available for the periods for which the restatement of property, plant and equipment is required by this Standard. In these circumstances, it may be necessary to use an estimate based, for example, on the movements in the exchange rate between the functional currency and a relatively stable foreign currency. 18 Some non-monetary items are carried at amounts current at dates other than that of acquisition or that of the statement of financial position, for example property, plant and equipment that has been revalued at some earlier date. In these cases, the carrying amounts are restated from the date of the revaluation. $ ,)56)RXQGDWLRQ ,$6 19 The restated amount of a non-monetary item is reduced, in accordance with appropriate IFRSs, when it exceeds its recoverable amount. For example, restated amounts of property, plant and equipment, goodwill, patents and trademarks are reduced to recoverable amount and restated amounts of inventories are reduced to net realisable value. 20 An investee that is accounted for under the equity method may report in the currency of a hyperinflationary economy. The statement of financial position and statement of comprehensive income of such an investee are restated in accordance with this Standard in order to calculate the investor’s share of its net assets and profit or loss. When the restated financial statements of the investee are expressed in a foreign currency they are translated at closing rates. 21 The impact of inflation is usually recognised in borrowing costs. It is not appropriate both to restate the capital expenditure financed by borrowing and to capitalise that part of the borrowing costs that compensates for the inflation during the same period. This part of the borrowing costs is recognised as an expense in the period in which the costs are incurred. 22 An entity may acquire assets under an arrangement that permits it to defer payment without incurring an explicit interest charge. Where it is impracticable to impute the amount of interest, such assets are restated from the payment date and not the date of purchase. 23 [Deleted] 24 At the beginning of the first period of application of this Standard, the components of owners’ equity, except retained earnings and any revaluation surplus, are restated by applying a general price index from the dates the components were contributed or otherwise arose. Any revaluation surplus that arose in previous periods is eliminated. Restated retained earnings are derived from all the other amounts in the restated statement of financial position. 25 At the end of the first period and in subsequent periods, all components of owners’ equity are restated by applying a general price index from the beginning of the period or the date of contribution, if later. The movements for the period in owners’ equity are disclosed in accordance with IAS 1. 26 This Standard requires that all items in the statement of comprehensive income are expressed in terms of the measuring unit current at the end of the reporting period. Therefore all amounts need to be restated by applying the change in the general price index from the dates when the items of income and expenses were initially recorded in the financial statements. 6WDWHPHQWRIFRPSUHKHQVLYHLQFRPH ,)56)RXQGDWLRQ $ ,$6 *DLQRUORVVRQQHWPRQHWDU\SRVLWLRQ 27 In a period of inflation, an entity holding an excess of monetary assets over monetary liabilities loses purchasing power and an entity with an excess of monetary liabilities over monetary assets gains purchasing power to the extent the assets and liabilities are not linked to a price level. This gain or loss on the net monetary position may be derived as the difference resulting from the restatement of non-monetary assets, owners’ equity and items in the statement of comprehensive income and the adjustment of index linked assets and liabilities. The gain or loss may be estimated by applying the change in a general price index to the weighted average for the period of the difference between monetary assets and monetary liabilities. 28 The gain or loss on the net monetary position is included in profit or loss. The adjustment to those assets and liabilities linked by agreement to changes in prices made in accordance with paragraph 13 is offset against the gain or loss on net monetary position. Other income and expense items, such as interest income and expense, and foreign exchange differences related to invested or borrowed funds, are also associated with the net monetary position. Although such items are separately disclosed, it may be helpful if they are presented together with the gain or loss on net monetary position in the statement of comprehensive income. &XUUHQWFRVWƂQDQFLDOVWDWHPHQWV 6WDWHPHQWRIƂQDQFLDOSRVLWLRQ 29 Items stated at current cost are not restated because they are already expressed in terms of the measuring unit current at the end of the reporting period. Other items in the statement of financial position are restated in accordance with paragraphs 11 to 25. 6WDWHPHQWRIFRPSUHKHQVLYHLQFRPH 30 The current cost statement of comprehensive income, before restatement, generally reports costs current at the time at which the underlying transactions or events occurred. Cost of sales and depreciation are recorded at current costs at the time of consumption; sales and other expenses are recorded at their money amounts when they occurred. Therefore all amounts need to be restated into the measuring unit current at the end of the reporting period by applying a general price index. *DLQRUORVVRQQHWPRQHWDU\SRVLWLRQ 31 The gain or loss on the net monetary position is accounted for in accordance with paragraphs 27 and 28. 7D[HV 32 $ The restatement of financial statements in accordance with this Standard may give rise to differences between the carrying amount of individual assets and liabilities in the statement of financial position and their tax bases. These differences are accounted for in accordance with IAS 12 Income Taxes. ,)56)RXQGDWLRQ ,$6 6WDWHPHQWRIFDVKƃRZV 33 This Standard requires that all items in the statement of cash flows are expressed in terms of the measuring unit current at the end of the reporting period. &RUUHVSRQGLQJƂJXUHV 34 Corresponding figures for the previous reporting period, whether they were based on a historical cost approach or a current cost approach, are restated by applying a general price index so that the comparative financial statements are presented in terms of the measuring unit current at the end of the reporting period. Information that is disclosed in respect of earlier periods is also expressed in terms of the measuring unit current at the end of the reporting period. For the purpose of presenting comparative amounts in a different presentation currency, paragraphs 42(b) and 43 of IAS 21 apply. &RQVROLGDWHGƂQDQFLDOVWDWHPHQWV 35 A parent that reports in the currency of a hyperinflationary economy may have subsidiaries that also report in the currencies of hyperinflationary economies. The financial statements of any such subsidiary need to be restated by applying a general price index of the country in whose currency it reports before they are included in the consolidated financial statements issued by its parent. Where such a subsidiary is a foreign subsidiary, its restated financial statements are translated at closing rates. The financial statements of subsidiaries that do not report in the currencies of hyperinflationary economies are dealt with in accordance with IAS 21. 36 If financial statements with different ends of the reporting periods are consolidated, all items, whether non-monetary or monetary, need to be restated into the measuring unit current at the date of the consolidated financial statements. 6HOHFWLRQDQGXVHRIWKHJHQHUDOSULFHLQGH[ 37 The restatement of financial statements in accordance with this Standard requires the use of a general price index that reflects changes in general purchasing power. It is preferable that all entities that report in the currency of the same economy use the same index. (FRQRPLHVFHDVLQJWREHK\SHULQƃDWLRQDU\ 38 When an economy ceases to be hyperinflationary and an entity discontinues the preparation and presentation of financial statements prepared in accordance with this Standard, it shall treat the amounts expressed in the measuring unit current at the end of the previous reporting period as the basis for the carrying amounts in its subsequent financial statements. ,)56)RXQGDWLRQ $ ,$6 'LVFORVXUHV 39 40 The following disclosures shall be made: (a) the fact that the financial statements and the corresponding figures for previous periods have been restated for the changes in the general purchasing power of the functional currency and, as a result, are stated in terms of the measuring unit current at the end of the reporting period; (b) whether the financial statements are based on a historical cost approach or a current cost approach; and (c) the identity and level of the price index at the end of the reporting period and the movement in the index during the current and the previous reporting period. The disclosures required by this Standard are needed to make clear the basis of dealing with the effects of inflation in the financial statements. They are also intended to provide other information necessary to understand that basis and the resulting amounts. (IIHFWLYHGDWH 41 $ This Standard becomes operative for financial statements covering periods beginning on or after 1 January 1990. ,)56)RXQGDWLRQ UNDERSTANDING THE COMPANY AND ITS ENVIRONMENT, INCLUDING ITS INTERNAL CONTROL Thi empla e p o ide an ea o e fo ma ha can be ed o doc men he a di o nde anding of the company and its environment, including its internal control. It is intended that the template would be used in conjunction with the Institute of Certified Public Accountants in Ireland publication “AUDIT WORK PAPERS FOR A NOT FOR PROFIT ENTITY ENGAGED IN COMMUNITY DEVELOPMENT ACTIVITIES . Some example text is included in the template to illustrate the typical type of content that will be included in the final document. An example document is also included in the above publication to illustrate the pical con en of a di pape doc men ing he a di o nde anding of he compan and i environment, including its internal control. It is envisaged that this document will be a permanent document that will be updated annually. It is important that the auditor should amend the template content to reflect the actual audit risk identified and the planned audit response to these risks. As it is intended that these work papers will be used on audit assignments of a small company, it is assumed that the auditor will not place reliance on internal controls and that consequently control risk is high. Guide to using the work papers The name of the firm, client, period end, prepared by and reviewed by can be inserted in the page header and footer and this detail will then appear on each page printed. In certain sections of the documents we have included a suggested text (in red text) that may be appropriate in some assignment cases. The user needs to amend this text to suit the actual assignment situation faced. November 10, 2011 SUBJECT: Request for Proposal (RFP) SA1301-12-RP-IANA Dear Potential Offeror: The United States Department of Commerce (DoC), National Telecommunications and Information Administration (NTIA) intends to award a contract to maintain the continuity and stability of services related to certain interdependent Internet technical management functions, known collectively as the Internet Assigned Numbers Authority (IANA). The anticipated period of performance of this contract is April 1, 2012 March 31, 2015. This solicitation utilizes a Statement of Work (SOW). The SOW describes the work in terms of the required results and reduces the inherent instr ctions regarding ho to accomplish the work. Please send questions regarding the solicitation electronically via email to mdunn@doc.gov. All written questions must be received no later than 4PM Eastern Standard Time, November 18, 2011. The closing date for receipt of proposals is 4PM Eastern Standard Time, December 12, 2011. Thank you in advance and we look forward to reviewing your responses to this RFP! Best regards 1 SeriesStatementsandSeriesAuthorityRecords Session10:MultipartMonographs Summary Thissessionprovidesinformationaboutwhatmultipartmonographsareandhowtheydifferfromother monographicseries.Italsooffersguidelinestohelpthecatalogerdecidewhetherornottoanalyzethe multipartmonograph. Objectives Attheendofthissessionyoushouldbeableto: x Understandwhatamultipartmonographis x Determinewhethertoanalyzethemultipartmonograph x UnderstandthedifferencesbetweenAAPsformultipartmonographsandmonographicseries x Recognizevariousconfigurationsofrecordsformultipartmonographs SeriesTrainingforPCCParticipants Session10:MultipartMonographs TableofContents DeterminingThattheResourceisaMultipartMonograph......................................................................... 1 DefinitionofMultipartMonograph.......................................................................................................... 1 HowisaMultipartMonographDifferentFromaMonographicSeries?.................................................. 1 CluesWhetheraResourceisaMultipartMonographorNot.................................................................. 1 LCͲPCCPS0.0........................................................................................................................................1 TheDecisiontoAnalyzeorNotAnalyze....................................................................................................... 3 RDAInstructionsandLCͲPCCPractice...................................................................................................... 3 BestPractices............................................................................................................................................4 DifferencesinSARs:MultipartMonographsandMonographicSeries........................................................5 Difference#1:MultipartMonographsHaveFewerSARs......................................................................... 5 Difference#2:TheSeriesAuthorizedAccessPointsforMultipartMonographsMoreOftenBeginwith aCreator(MARCFields100,110,111)..................................................................................................... 5 Difference#3:TreatmentofaResourceBearingTitlesofTwoMultipartMonographs..........................6 Difference#4:InitialismastheTitleProper............................................................................................. 8 Difference#5:008/12............................................................................................................................... 9 Difference#6:020Field............................................................................................................................ 9 Difference#7:MoreFrequentUseofthe640field.................................................................................. 9 Difference#8:“Works,”“Selections,”andTranslationswithParallelTexts..........................................10 “Works”............................................................................................................................................... 10 Selections............................................................................................................................................12 TranslationswithParallelTexts.......................................................................................................... 13 ConfigurationsofRecords........................................................................................................................... 15 PossibleConfigurationsofRecords......................................................................................................... 15 MultipartMonographNotAnalyzed................................................................................................... 15 MultipartMonographAnalyzedandClassedasaCollection.............................................................17 MultipartMonographAnalyzedandClassedSeparately...................................................................18 UpdatingtheCollectiveDescription....................................................................................................... 19 PCCStandingCommitteeonTraining Pagei December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs DeterminingThattheResourceisaMultipartMonograph DefinitionofMultipartMonograph “Aresourceissuedintwoormoreparts(eithersimultaneouslyorsuccessively)thatis completeorintendedtobecompletedwithinafinitenumberofparts(e.g.,adictionary intwovolumes,threeaudiocassettesissuedasaset).” (RDAGlossary) HowisaMultipartMonographDifferentFromaMonographicSeries? Unlikeamonographicseries,whichasaserialhasnopredeterminedconclusion,amultipartmonograph iscompleteorisexpectedtobecompletewithinafinitenumberofparts.Determinationofthisdepends somewhatonthecataloger’sjudgment,sincethepublishermaynotstatethatfact,andsomemultipart monographsarepublishedovermanyyears.Seriesthatarecreatedbyaperson(e.g.theNo.1Ladies’ DetectiveAgencynovelsbyAlexanderMcCallSmith)areassumedtobemultipartmonographssincethe expectationistheywillcometoanendwhenthepersondies,ifnotbefore. CluesWhetheraResourceisaMultipartMonographorNot x x x x Sometimesthepublisherprovidesinformationaboutaplannedendtotheresource Sometimestheentireresourceor“set”hasitsownISBN;whilethepresenceofanISBNisnota whollyreliableindicationofaresource’sfinitenature,itisoneclue Thescopeoftheresourcemaybenarrow,implyingthatanytreatmentofitsscopecouldnot continueindefinitely Ifeachpartoftheresourceiscompleteforitsshareofthegeneraltopic,thiscouldimplythat eventuallyallaspectsofthegeneraltopicwillbecovered LCǦPCCPS0.0 LCͲPCCPS0.0givessomepracticaladvicefordeterminingifaseriesisamultipartmonographora monographicseries(i.e.,aserial) x Frequencyofpublication. o Doesithaveastatedfrequencyofpublication(e.g.“weekly”)?Ifsoitisprobablyaserial. o Isthefrequencystatedintermsofeditions?Ifneweditionscomeouteveryoneortwo yearsitisprobablyamonographicseries;iftheycomeoutlessfrequentlyitisprobably amultipartmonograph. o Note:astatedfrequencyisrareforseries. x Presenceandtypeofnumbering.Bothmonographicseriesandmultipartmonographsmayexist withorwithoutnumbering.Howeverifthereisnumbering,thetypeofnumberingmaybeaclue (e.g.doesitincludechronologicaldesignations?) x Istherenolikelihoodofapredeterminedconclusion?Ifnot,itisprobablyamonographicseries. PCCStandingCommitteeonTraining Page1 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs TheDecisiontoAnalyzeorNotAnalyze RDAInstructionsandLCǦPCCPractice Onceithasbeendeterminedthataresourceisamultipartmonograph,theseconddecisioniswhether ornottoanalyzeitsparts.RDA2.1.3providesgeneralinstructionsonhowtocreateanalytical descriptions,butitdoesnotgiveguidanceonwhethertodoso. LCͲPCCPS2.1.3presentsLCͲPCCpracticeregardinganalysis: “WhenapublicationthatisapartofaclassifiedͲseparatelymultipartmonographlacksa titleotherthanthatofthecomprehensivetitleorhasatitlethatisdependentonthe comprehensivetitle,prepareaseparatebibliographicrecordforthatpublicationorpart, regardlessofwhetheritisnumberedornot.” NOTE: IfaPCCinstitutionchoosestoclassifythesamemultipartmonographtogether asacollection,thisPSwouldnotapply. LCͲPCCPS2.1.3alsopresentsLCpractice,statingthatLCanalyzesandclassifiesseparatelyallpartsof monographicseriesandofmultipartmonographswiththeexceptionofthosecategorieslistedinDCM M5.OtherPCCinstitutionscanmakeotherseriestreatmentdecisions. PCCStandingCommitteeonTraining Page3 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs BestPractices Herearesomebestpracticestoconsiderwhendecidingwhetherornottoanalyzeamultipart monograph. x DoesthecomprehensivetitleofthemultipartmonographappearonalessͲprominentsource thandoesthetitleoftheindividualpart? o Thenprobablyanalyze. x Isthetitleoftheindividualpartdistinctive?(Pleasenote:thisisnotthesamequestionas,"Does theindividualparthaveitsowntitle?") o Thenprobablyanalyze. TypesofnonͲdistinctivetitles: x Alphabeticornumericdivision(e.g.,v.1,2;partA,B,C) x Chronologicalsubdivision(e.g.,years;centuries) x Alphabeticsubdivisionofcontent(e.g.,AͲL,MͲZ) x Geographicsubdivision(e.g.,continents;countries) x Phrasethatomitsessentialpieceofinformationfoundinthemultipartitemtitle(e.g.,"Teeth" asapartof"Dinosaurrelics") x Generalterm(e.g.,atlas,glossary) NOTE: Catalogingagenciesinsomecountrieshaveanationalbibliographyrequirementtomakean analyticdescriptionforeachpartofamultipartmonograph PCCStandingCommitteeonTraining Page4 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs DifferencesinSARs:MultipartMonographsandMonographicSeries Difference#1:MultipartMonographsHaveFewerSARs AmultipartmonographwillhaveonlyoneSARregardlessofchangesincreatorand/ortitleproper(RDA 2.3.2.12.1andRDA18.4.2.1).Conversely,suchchangesforamonographicseriescouldnecessitate additionalSARs. x x x Formultipartmonographs,basetheseriesauthorizedaccesspoint(1XXinSAR)onthefirst (numbered)orearliest(unnumbered)part(RDA2.1.2.3) Givesubsequentchangesincreatorand/ortitleproperforlaterpartsas4XXvariantaccess pointsintheSAR Updatethedescriptionofamultipartmonographifanearlierpartisreceivedlater(LCͲPCCPS 2.17.13.3) Example:OnlyoneSARformultipartmonographwithchanges 1001#$aPhillips,Jolene.$tPreschoolvocabularybuildingactivities 430#0$aPreschoolvocabularybuildingactivities 430#0$aPreschoolvocabularyactivities 4001#$aBolling,Diane.$tPreschoolvocabularyactivities 670##$aPhillips,J._______$b(Preschoolvocabularybuildingactivities;v.1) 670##$aPhillips,J._______$b(Preschoolvocabularyactivities;v.3) 670##$aBolling,D._______$b(Preschoolvocabularyactivities;v.4) 670##$aInfofrompublisher$b(JolenePhillipswasauthorofv.1Ͳ3;v.4Ͳ5byDianeBolling) Difference#2:TheSeriesAuthorizedAccessPointsforMultipartMonographs MoreOftenBeginwithaCreator(MARCFields100,110,111) Duetothedifferentnatureofmonographicandserialresources,multipartmonographsmorelikelyto havepersons,families,corporatebodies(includingconferences)ascreatorsthanaremonographic series x Thefollowingtypesofseriescreatedbycorporatebodiesarelikelytobemultipartmonographs o Collectiveactivityofasingleconference,etc.(RDA19.2.1.1.1c) o Cartographicmaterials(RDA19.2.1.1.1e) o Collectivethoughtofbody(RDA19.2.1.1.1b) PCCStandingCommitteeonTraining Page5 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs Examples:SeriesAAPsformultipartmonographsthatincludeAAPsofcreator 1112#$aPressureVesselsandPipingConference$d(1985:$cNewOrleans,La).$tProceedings ofthe1985PressureVesselsandPipingConference 1001#Donegan,Beth.$tCookingmadeeasy! Difference#3:TreatmentofaResourceBearingTitlesofTwoMultipart Monographs Iftheresourcebears,inadditiontotheanalyzabletitleofthemanifestation,titlesoftwomultipart monographs(andisthereforepartofboth),thesetitlesareusuallynottreatedasmainseriesand subseries(i.e.,asoneentity).Rather,theyaretreatedastwoseparateseries. Ifthetwotitlespresentontheresourceinadditiontotheanalyzabletitleofthemanifestationrepresent twomultipartmonographs,LCͲPCCPS2.12.10tellsustoapplyRDA6.27.2todetermineifthetwotitles aretobetreatedasoneentityorastwoseparateseries(seeexceptionfornonͲdistinctivetitles). Iftheyaretreatedastwoseparateseries: x Recordtwoseriesstatements(intwo490fields)inanalyticrecord x ThepreferredtitleportionoftheseriesAAPforthesmallermultipartisnottreatedasa subseriesof(i.e.,subordinateto)thelargermultipartitem’sseriesAAP PCCStandingCommitteeonTraining Page6 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs Example:largerandsmallermultipartitems Exploring South America’s History Looking at Brazil’s Past Volume 13 in a set of 40 volumes Brazil’s History and its Future Volume 1 of 2 by _______ __________ 2003 seriestitlepage analytictitlepage TheanalyticrecordhastwoseriesstatementsandtwoseriesAAPs:oneforthelargerandoneforthe smallermultipartmonograph: 4901#$aExploringSouthAmerica’shistory;$vvolume13 4901#$aBrazil’shistoryanditsfuture;$vvolume1 830#0$aExploringSouthAmerica’shistory;$vv.13. 830#0$aBrazil’shistoryanditsfuture;$vv.1. Not: 4901#$aExploringSouthAmerica’shistory;$vvolume13. 490#1$aBrazil’shistoryanditsfuture;$vvolume1 830#0$aExploringSouthAmerica’shistory;$vv.13. 830#0$aExploringSouthAmerica’shistory.$pBrazil’shistoryanditsfuture;$vv.1. PCCStandingCommitteeonTraining Page7 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs Difference#4:InitialismastheTitleProper Forsituationsinwhichthesourceofinformationbearsatitleinmorethanoneform,andbothorallof thetitlesareinthesamelanguageorscript,thegeneralinstructionat2.3.2.5tellsustochoosethetitle properonthebasisofthesequence,layout,ortypographyofthetitlesonthesourceof information.Theexceptionforserialsandintegratingresources(alwaystochoosethefullformasthe titleproperoveranacronymorinitialism,ifbothappearonthepreferredsource)appliesto monographicseries,butnottomultipartmonographs.Soformultipartmonographs,unlikefor monographseries,thefullformwillbechosenasthetitleproperoveranacronymorinitialismalso appearingonthepreferredsourceonlyifthatchoiceisindicatedbythesequence,layoutortypography. Examples: Seriestitlepageofamultipartmonograph: FCI FloraoftheCanadianIslands v.15 Titleproperofmultipartmonograph:FCI. Seriestitlepageofamonographicseries: AWE AdvancesinWorldEconomics v.11 Titleproperofmonographicseries:Advancesinworldeconomics. PCCStandingCommitteeonTraining Page8 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs Difference#5:008/12 Usecode“b”(formultipartitem),not“a”(formonographicseries).Beespeciallycarefullytoreviewthis, becausemanycatalogingtemplatesincludecodingforamonographicseries(i.e.,code“a”). Difference#6:020Field Formultipartmonographs,ISBNsforthecomprehensivesetcanberecordedintheSAR’s020field. TheMARC21FormatforAuthorityDataprovidesthisfielddefinitionandscopefortheSAR020: “InternationalStandardBookNumber(ISBN),termsofavailability,andany canceled/invalidISBNcopiedfromfield020ofaMARCbibliographicrecordfora multipartitemthatiscatalogedasaset.” Difference#7:MoreFrequentUseofthe640field Formultipartmonographs,field640intheSAR(SeriesDatesofPublicationand/orVolumeDesignation) isusedmoreoftentorecordtheextentoftheresource.Suchinformationisespeciallyhelpfultoother catalogerswhenthemultipartisclassifiedseparately,becausetheSARistheonlyplacetorecordthis information. PCCpracticeregardingrecordingdatainthe640isstatedinDCMZ1: “Donotsearchjusttoprovideinformationforthisfield;givetheinformationifitis availablefromtheiteminhandorincidentallyfromthepublisher.” Examples: 6401#$aCompletein15v. 6401#$aProjectedin6v.$zv.1,p.316 PCCStandingCommitteeonTraining Page9 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs Difference#8:“Works,”“Selections,”andTranslationswithParallelTexts Duetothenatureofmultipartmonographs,acatalogermayencountersomethatare1)compilationsof worksofoneperson,family,orcorporatebodies;and2)translationswithparalleltexts.Thesetypesof resourceshavespecialinstructionsforwhichLCͲPCCpracticeisstillevolving. “Works” FollowinstructionsinRDA6.2.2.10.1: “RecordtheconventionalcollectivetitleWorksasthepreferredtitleforacompilationof worksthatconsistsof,orpurportstobe,thecompleteworksofaperson,family,or corporatebody.” Differentresourcescontaininganauthor’scompleteworksareconsideredtobethesameaggregate work.Differentiationbetweenversions,ifnecessary,isdoneattheexpressionlevel. x Datein$f Donotautomaticallyaddadateafter“Works.”ThiswasaNACOpracticeunderAACR2thatwasnot extendedintoRDA.Inmostcasesanauthor’scompleteworksarenotproducedmorethanonce,andso thereisnoneedtodifferentiatebetweenversions(expressions).However,ifthereismorethanone expressionofanauthor’scompleteworks(e.g.variousseparatepublications,ortranslations),use judgmentindeterminingthemostappropriatequalifier.Consideringtheneedofdatabaseusersto recognizeanddistinguishbetweenversions,datemightinfactbetheleastappropriatequalifiertous. However,ifdateisusedasaqualifier,choosetheearliestdateassociatedwiththeexpression.Thiswill usuallybethedateoftheearliestknownmanifestationoftheversion(RDA6.10.1.1) Example: 1001#$aGoethe,JohannWolfgangvon,$d1749Ͳ1832.$tWorks.$f1997 643##$aKöln$bKönemann 670##$aDieLeidendesjungenWerthers,1997:$bser.t.p.(JohannWolfgangvonGoethe/ WerkausgabeinzehnBanden/Band1) x Provisionalcoding Ifdatehasbeenusedtodistinguishbetweenexpressionsandthedateofthefirstpartofthemultipart monographisn’tknownbecausetheearliestpartisn’tavailable,codetheSARasprovisionalandupdate itwhenthefirstpartisavailable. PCCStandingCommitteeonTraining Page10 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs x Furtherqualification Ifmorethanonequalifierisneeded,itmaybeadded. Example: “Works”(Samepublisherpublishestwoversionsinthesameyear): 1001#$aTwain,Mark,$d1835Ͳ1910.$tWorks$s(WhitingPublishingCompany) 643##$aNewYork$bWhitingPublishingCompany 1001#$aTwain,Mark,$d1835Ͳ1910.$tWorks$s(WhitingPublishingCompany:Annotated edition) 643##$aNewYork$bWhitingPublishingCompany 4XXVariantaccesspoints x FollowspecificinstructionsinLCͲPCCPS6.27.4foralternativeforms. Example: 1001#$aTwain,Mark,$d1835Ͳ1910.$tWorks.$f1996 430#0$aOxfordMarkTwain.$f1996 4001#$aTwain,Mark,$d1835Ͳ1910.$tOxfordMarkTwain.$f1996 643##$aNewYork$bOxfordUniversityPress 670##$aThe$30,000bequestandotherstories,1996:$bCIPser.t.p.(TheOxfordMarkTwain) PCCStandingCommitteeonTraining Page11 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs Selections Forseriesthatconsistofselectionsofthecompleteworksofacreator,follow6.2.2.10.Iftheseriesis commonlyidentifiedbyaparticulartitle,usethattitleasthepreferredtitlefortheseries.Ifnot,follow thealternativetoRDA6.2.2.10.3andusethepreferredtitle,“Works.Selections“.Thisconventional collectivetitleisusedfortwoormoreworks(butnotall)invariousforms.Donotapplyittotwoor moreworksinoneform,evenifthecreatorisknowntoworkinonlyoneform;insuchcases,$tconsists oftheform,listedinRDA6.2.2.10.2. NOTE: “Selections”shouldnotbeusedbyitself(i.e.,in$t),aswaspermissibleunderAACR2.Selections mayonlybea‘part’ofsomeform,usedin$a.Assuch,itshouldalwaysbecodedas$k. Unlikethecaseof“Works”,forwhichdifferentversionsaredifferentiatedattheexpressionlevel, variouscollectionsofselectedworksofanauthor(asrepresentedby“Works.Selections”)willalwaysbe differentaggregateworks,andso“Works.Selections”shouldbedifferentiatedattheworklevel. Variouscollectionsofselectedworksofanauthorinaspecificform(e.g.,“Plays”,“Essays”)aredifferent aggregateworksaswell,andshouldalsobedifferentiatedattheworklevel. Examples: Yan,Lianke,‫ۥ‬d1958Ͳ‫ۥ‬tWorks.‫ۥ‬kSelections(Jiangsurenminchubanshe) Yan,Lianke,‫ۥ‬d1958Ͳ‫ۥ‬tWorks.‫ۥ‬kSelections(Wanjuanchubangongsi) RuizNegre,Antoni.‫ۥ‬tPlays.‫ۥ‬kSelections(ComediasdeAntonioRuizNegre) RuizNegre,Antoni.‫ۥ‬tPlays.‫ۥ‬kSelections(OtrascomediasdeAntonioRuizNegre) NameAuthorityRecordorSeriesAuthorityRecord? Becausecatalogerssometimeshaveachoiceofcatalogingmultipartmonographsasacollectedset(with theauthorizedaccesspointforthemultipartmonographasarelatedwork)orcatalogingthemon analyticrecords(withanauthorizedaccesspointforthemultipartmonographasaseries),anonͲseries authorityrecordmayhavebeencreatedforthesamemultipartmonographyounowwanttotreatasa series.Thiscanhappenwithanyseries.Whatdoyoudo? x IftheNARyoudiscoverisforthesamemultipartmonographyouarecataloging,reviseittobe anSAR.Therecordcanthenbeusedtoauthorizetheauthorizedaccesspointeitherasaseries accesspointinananalyticrecordorasa“name”accesspointinacollectedsetrecord. x IftheNARisforadifferentmultipartmonograph,addaqualifyingterminsubfield$sinthe seriesAAPinanewSAR x Youmayneedtoconsultbibliographicrecordstodeterminewhichoftheabovesituationsyou have,sincetheNARmaynotprovideenoughinformation(e.g.,nameofpublisher) PCCStandingCommitteeonTraining Page12 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs Example: ExistingNAR(thebibliographicrecordhas260:$aDenver$bM.Smith): 1001#$aTwain,Mark,$d1835Ͳ1910.$tWorks.$f2002 ThenewSARforadifferentmultipartmonographpublishedthesameyearneedsadifferent qualifier: 1001#$aTwain,Mark,$d1835Ͳ1910.$tWorks$s(IngesonPublishingCompany) 643##$aEvanston,IL$bIngesonPublishingCompany TranslationswithParallelTexts Whentheoriginalexpressionandonetranslationareinacompilation,giveananalytical authorizedaccesspointforeachexpression.Ifacompilationcontainstheoriginal expressionandmorethanonetranslation,giveanalyticalauthorizedaccesspointsfor theoriginalexpressionandatleastonetranslation.(LCͲPCCPS6.27.3,labeledLC Practice) ThisreplacestheAACR2practiceofprovidinguniformtitleswithsubfield$l“[Language]&[Language]” additions.TheformerAACR2practiceofrecording“Polyglot”in$lisalsonowobsolete. Followingthisinstruction(LCpractice),thecomprehensivedescriptionforamultipartmonograph containingatranslationwithparalleltextswouldlooklikethis: 1000#$aDanteAlighieri,‫ۥ‬d1265Ͳ1321. 24514$aThedivinecomedyofDanteAlighieri. 300##$a3volumes 546##$aEnglishandItalianonfacingpages. 5050#$apart1.Inferno–part2.Purgatorio–part3.Paradiso. 70002$iContainerof(work):$aDanteAlighieri,$d1265Ͳ1321.$tDivinacommedia. 70002$iContainerof(expression):$aDanteAlighieri,$d1265Ͳ1321.$tDivinacommedia.$l English. Applicationofthisinstructiontoseriesmeansthatthedifferentlanguageexpressionsoftheseries shouldbegivenseparateaccesspointsinanalyticrecords. CurrentLCpractice,asseenintheaboveexample,isnotinfacttorecordanAAPfortheoriginal expression,butinsteadtofollowAACR2practiceandusetheAAPfortheworktorepresentall expressionsintheoriginallanguageandtouseanAAPwiththenameofthelanguageaddedto representallexpressionsinthatlanguage.ThishasneitherbeenacceptednorrejectedasPCCpractice, thoughitdoesseeminconsistentwithRDAprinciples.However,theLCpracticeisparticularly PCCStandingCommitteeonTraining Page13 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs problematicinthecaseofseries,whichhaveinthepastandcontinuetoneeddistinguishingfromother expressionsinthesamelanguage.TheSeriesPolicyTaskGroupthereforerecommendsthatinthecase ofseries(includingmultipartmonographs),particularexpressionsofworksalwaysbeassignedunique AAPs(seeRDA6.27.3).Sotheanalyticrecordforpart1oftheDanteexampleabovewouldlooklikethis: 1000#$aDanteAlighieri,$d1265Ͳ1321,$eauthor. 24010$aInferno.$lEnglish$s([nameoftranslatororanotherdistinguishingelement]) 24510$aInferno… 4901#$aThedivinecomedyofDanteAlighieri;$vpart1 546##$aTheItaliantextwithanEnglishversetranslation 8000#$aDanteAlighieri,$d1265Ͳ1321.$tDivinacommedia.$lItalian$s([nameofeditoror anotherdistinguishingelement]);$vpt.1. 8000#$aDanteAlighieri,$d1265Ͳ1321.$tDivinacommedia.$lEnglish$s([nameoftranslatoror anotherdistinguishingelement]);$vpt.1. InthiscasetheseriesworkisDante’sDivinaCommedia,amultipartmonograph.TheSeriesPolicyTask GrouprecommendsthatcatalogerscreateworkͲlevelauthorityrecordformultipartmonographs,and asmanyexpressionͲlevelauthorityrecords(createdbyaddingthelanguageandothernecessary distinguishingelementstotheAAPfortheworkͲlevelrecord)asneeded.TheexpressionͲlevelAAPs wouldbeaddedasappropriatetobibliographicrecords.TheTaskGroupforwardedthisissuetothePCC StandingCommitteeonStandardsinfall2015forfurtheranalysisandrecommendations.Staytunedto PCCcommunicationsaboutpolicies. PCCStandingCommitteeonTraining Page14 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs ConfigurationsofRecords PossibleConfigurationsofRecords Thereareseveralpossibleconfigurationsofrecordsforthedifferenttypesofmultipartmonographs, dependingonwhetherthemultipartisanalyzedandhowthemultipartitemsareclassified.Someofthe configurationsareexemplifiedonthefollowingpages. MultipartMonographNotAnalyzed Formultipartmonographsthatarenotanalyzed,thesearethepossibleapproaches: x Acomprehensivedescription(i.e.,acollectedsetrecord) x Sometimes,a505contentsnote x Noanalyticdescriptions(i.e.,noanalyticrecords) x CreationofSARisoptional Example1: 5th International Symposium on Plasma Chemistry 5th International Symposium on Plasma Chemistry Symposium Proceedings Symposium Proceedings Volume 1 Volume 2 Titlepageofv.1 Titlepageofv.2 Approach:Collectivedescriptionwithoutacontentsnote: 1112#$aInternationalSymposiumonPlasmaChemistry$n(5th:$d1981:$cEdinburgh, Scotland) 24510$a5thInternationalSymposiumonPlasmaChemistry... 300##$a2volumes:$billustrations;$c21cm PCCStandingCommitteeonTraining Page15 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs Example2: StudiesinMediterraneanArchaeology Vol.LXXII ͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲͲ SurveyofRockͲCutChamber TombsinCaria PART1 SouthͲEasternCariaandthe LycoͲCarianBorderland ByPaavoRoos Göteborg P.Åströms 1985 Approach:Collectivedescriptionwithacontentsnote: 1001#$aRoos,Paavo. 24510$aSurveyofrockͲcutchambertombsinCaria/$cbyPaavoRoos. 264#1$aGöteberg:P.Åstroms,1985Ͳ 4901#$aStudiesinMediterraneanarcheology;$vvol.LXXII 5051#$apt.1.SouthͲeasternCariaandtheLycoͲCarianborderland. 830#0$aStudiesinMediterraneanarcheology;$vv.72. PCCStandingCommitteeonTraining Page16 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs MultipartMonographAnalyzedandClassedasaCollection Formultipartmonographsthatareanalyzedandclassedasacollection,thesearethepossible approaches: x Comprehensivedescription(i.e.,acollectedsetrecord) x 505contentsnote x Analyticdescriptions(i.e.,analyticrecords) x SARoptionalforPCC(unlesstheauthorizedaccesspointfortheseriesisrecordedin8XX) Example: HANDBOOKOF CHEMICALNEUROANATOMY Volume1: MethodsinChemical Neuroanatomy Göteborg P.Åströms 1985 Approach:Threerecords:SAR,Analyticdescription,Comprehensivedescription: SAR: 130#0$aHandbookofchemicalneuroanatomy 642##$av.1$5DLC 644##$af$5DLC 646##$ac$5DLC Analyticdescription: 24500$aMethodsinchemicalneuroanatomy... 4901#$aHandbookofchemicalneuroanatomy;$vvolume1 830#0$aHandbookofchemicalneuroanatomy;$vv.1. Comprehensivedescription: 24500$aHandbookofchemicalneuroanatomy... 5051#$avolume1.Methodsinchemicalneuroanatomy. PCCStandingCommitteeonTraining Page17 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs MultipartMonographAnalyzedandClassedSeparately Formultipartmonographsthatareanalyzedandclassedseparately,thesearethepossibleapproaches: x Analyticdescriptions(i.e.,analyticrecords) x SARoptionalforPCC(unlesstheauthorizedaccesspointfortheseriesisrecordedin8XX) Example: THESOLARSYSTEM Volume4: TheMysteriesofMars ByKentJacobsson [city publisher] [date] Approach:Tworecords:SAR,Analyticdescription: SAR: 130#0$aSolarsystem 642##$av.4$5DLC 644##$af$5DLC 646##$as$5DLC Analyticdescription: 1001#$aJacobsson,Kent. 24514$aThemysteriesofMars... 4901#$aThesolarsystem;$vvolume4 830#0$aSolarsystem;$vv.4. PCCStandingCommitteeonTraining Page18 December2015 SeriesTrainingforPCCParticipants Session10:MultipartMonographs UpdatingtheCollectiveDescription Ifthemultipartmonographisclassedasacollectionandacomprehensivebibliographicdescription(i.e. acollectedsetrecord)exists,addand/orupdatethefollowinginformationonthecomprehensive descriptionaslaterpartsarereceived: x 020 x 246forchangesintitleproper x 264$c–and008Dates x 300$a x 362ifyouhaveinformationaboutthebeginningdate x 4XX/8XXsubfield$vifthemultipartmonographisinaseries x 505 x 5XX/7XXforchangesintheresponsibleperson,family,orbody Example: 24500$aFloraandfaunainthecentralUnitedStates/$cMidwesternBiologicalSociety. 2460#$iVolumes3Ͳ7havetitle:$aMidwesternfloraandfauna 264#1$aAmes,Iowa:$bRLPPublishingCompany,$c1999Ͳ2004. 300##$a7volumes:$billustrations;$c29cm. 4901#$aMidwesternbiologicalpublications;$vv.13Ͳ14,22,25Ͳ28 550##$aVolumes1Ͳ4issuedbytheMidwesternBiologicalSociety;volumes5Ͳ7bytheSociety forMidwesternBiology. 5050#$a________________________ 7102#$aMidwesternBiologicalSociety. 7102#$aSocietyforMidwesternBiology. 830#0$aMidwesternbiologicalpublications;$vv.13Ͳ14,22,25Ͳ28. PCCStandingCommitteeonTraining Page19 December2015 LAW ENFORCEMENT REQUEST FOR EMERGENCY DISCLOSURE OF ATLASSIAN CUSTOMER INFORMATION Please complete the form below in detail to assist Atlassian in evaluating whether to disclose customer information pursuant to 18 U.S.C. § 2702(b)(8) and § 2702(c)(4) and send this form to lawenforcement@atlassian.com. Requesting Law Enforcement Agency Agency Name City/State/Province/Country Phone Number Requesting Officer Officer Name Title/Rank/Badge ID Email Address Phone Number The undersigned law enforcement official hereby requests that Atlassian voluntarily disclose the customer information requested below based upon the provisions of 18 U.S.C. § 2702. Specifically, the undersigned hereby represents that there is an emergency involving danger of death or serious physical injury to a person that requires disclosure without delay of information relating to the emergency. The undersigned law enforcement official provides the following information to assist Atlassian in forming a good faith belief that disclosure of the customer information requested is warranted. 1. What is the nature of the emergency involving death or serious physical injury? 2. Whose death or serious physical injury is threatened? 3. What is the imminent nature of the threat? Please provide information that suggests there is a specific deadline before which it is necessary to receive the requested information and/or that suggests there is a specific deadline on which the act stated in response to Question 1 will occur (e.g., tonight, tomorrow at noon). 4. What specific information are you requesting from Atlassian? Please identify the relevant Atlassian products and accounts (by name, address, email address, etc.). 5. Please explain how the information you are requesting will assist in averting the specified emergency. ATTESTATION The undersigned affirms that this request is made solely as a result of an emergency involving danger of death or serious physical injury to a person; that this emergency requires disclosure without delay of the accounts (by name, address, email address, etc.). 5. Please explain how the information you are requesting will assist in averting the specified emergency. ATTESTATION The undersigned affirms that this request is made solely as a result of an emergency involving danger of death or serious physical injury to a person; that this emergency requires disclosure without delay of the information sought above; and that the information sought relates to the emergency. The undersigned affirms that the information shall not be obtained, shared, or disseminated for any unlawful or harmful purpose. Signature of Requesting Officer Date Atlassian’s Technical and Organisa2onal Security Measures Introduc2on Security is an essen-al part of Atlassian’s offerings. This page describes Atlassian’s security program, cer-fica-ons, policies, and physical, technical, organiza-onal and administra-ve controls and measures to protect Customer Data from unauthorized access, destruc-on, use, modifica-on or disclosure (the “Security Measures“). The Security Measures are intended to be in line with the commonly-accepted standards of similarly-situated soHware-as-a-service providers (“industry standard“), including NIST 800-53 controls. Any capitalized terms used but not defined have the meanings set out in the Agreement or the Data Processing Addendum. Further details on Atlassian’s security posture can be found in our Trust Center and Compliance Resource Center. 1. Access Control Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for the appropriate access control and protec-on of Customer Data, which include: • • • • • • • • 2. Access management policy addressing access control standards, including the framework and the principles for user provisioning. Designated cri-cality -ers based on a Zero Trust Model architecture, including the requirements for mul--factor authen-ca-on on higher--er services. User provisioning for the access to Atlassian systems, applica-ons and infrastructure based on the relevant job role and on the least privilege principle that is enforced through the authen-ca-on processes. Strict role-based access controls for Atlassian staff, allowing access to Customer Data only on a need-to-know basis. Segrega-on of du-es including but not limited to (i) access controls reviews, (ii) HR-applica-on managed security groups, and (iii) workflow controls. A prior approval of all user accounts by Atlassian’s management before gran-ng access to data, applica-ons, infrastructure, or network components based on the data classifica-on level; regular review of access rights as required by relevant role. Use of technical controls such as virtual private network (VPN) and mul--factor authen-ca-on (MFA) where relevant based on informa-on classifica-on and Atlassian‘s Zero Trust Model architecture. Centrally managed mobile device management (MDM) solu-on, including defined lockout periods and posture checks for endpoints and mobile devices. Awareness and Training Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for conduc-ng appropriate trainings and security awareness ac-vi-es, which include: • • • • • • • 3. Extensive awareness training on security, privacy, and compliance topics for all employees at induc-on and annually, u-lizing diverse formats (online, in-person, and pre-recorded sessions, phishing simula-ons). Targeted role-specific training for employees with elevated privileges to address relevant risks and enhance their specific knowledge base. Maintaining of all training records in a designated learning management system. An automated reminder for training deadlines, with a built-in escala-on process to respec-ve managers. Con-nuous security awareness trainings (extending to contractors and partners), covering current threats and best security prac-ces. Secure coding trainings by security champions embedded within engineering teams. Annual mandatory security trainings and events to reinforce security principles through different ac-vi-es, emphasizing the collec-ve responsibility for security. Audit and Accountability Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for proper audi-ng and accountability purposes, which include: • • • • Comprehensive logging standards as part of Atlassian's policy management framework, with annual reviews and senior management approvals. Secure forwarding and storage of relevant system logs to a centralized log plaaorm of the cloud infrastructure with read-only access. Monitoring of security audit logs to detect unusual ac-vity, with established processes for reviewing and addressing anomalies. Regular updates to the logging scope of informa-on and system events for Cloud Products and related infrastructure in order to address new features and changes. 1 • 4. U-lizing -me sync services from relevant cloud service providers (e.g. AWS or MicrosoH Azure) for reliable -mekeeping across all deployed instances. Assessment, Authorisation and Monitoring Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for consistent system monitoring and security assessments, which include: • • • • • • • • 5. Extensive audit and assurance policies with annual reviews and updates. A centralized internal policy program categorising the global policies into different domains including annual review, and senior management approval of the program. Audit management encompassing the planning, risk analysis, security control assessment, conclusion, remedia-on schedules, and review of past audit reports. Internal and independent external audits conduc-ng annual evalua-ons of legal and contractual requirements, as well as effec-veness of controls and processes to validate compliance. Ongoing verifica-on of compliance against relevant standards and regula-ons, e.g. ISO 27001 or SOC 2. Systema-cally addressing any nonconformi-es found through audit findings taking into account the root-cause analysis, severity ra-ng, and correc-ve ac-ons, all documented and tracked me-culously. Annual penetra-on tes-ng on Products and proac-ve bug bounty programs for the detec-on and mi-ga-on of vulnerabili-es. Con-nuous vulnerability scanning, with iden-fied vulnerabili-es remediated in line with Atlassian's policy. Configuration Management Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate configura-on management, which include: • • • • • • • • • 6. Change management policies covering the risk management for all internal and external asset changes, reviewed annually. Standard procedures for change management applicable to encryp-on and cryptography for the secure handling of data (e.g. encryp-on keys) according to its security classifica-on. A centralized internal policy program categorising the global policies into different domains including annual review, and senior management approval of the program. Stringent policies encompassing (i) encryp-on, (ii) cryptography, (iii) endpoint management, and (iv) asset tracking inline with industry standards. Established baselines and standards for change control that require tes-ng documenta-on prior to implementa-on and authorized approval. A peer review and green build process requiring mul-ple reviews and successful tes-ng for produc-on code and infrastructure changes. A strict post-implementa-on tes-ng and approval process for emergency changes to the code. Comprehensive automated system supplemented by an Intrusion Detec-on System (IDS), managing and protec-ng against unauthorized changes. Me-culous cataloguing and tracking of all physical and logical assets with annual reviews ensuring up-to-date asset management. Contingency Planning Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate con-ngency planning for business con-nuity and disaster recovery purposes, which include: • • • • • • • • A skilled workforce and robust IT infrastructure, including telecommunica-ons and technology essen-al for Product delivery. Business con-nuity and disaster recovery plans (“BCDR Plans”) including defined recovery -me objec-ves (RTOs) and recovery point objec-ves (RPOs). Business con-nuity plans encompassing data storage and con-nuity of use, reasonably designed to prevent interrup-on to access and u-liza-on. Geographic diversity as a result of our global workforce and cloud infrastructure. Reinforcing business opera-ons through resilience controls, such as daily backups, annual restora-on tes-ng, and alterna-ve cloud infrastructure storage sites. A resilience framework and procedures for response and remedia-on of cyber events to maintain business con-nuity. Quarterly disaster recovery tests and exercises to enhance the response strategies, with post-test analyses for con-nuous improvement in line with the applicable BCDR Plans. Con-nuous capacity management across Products, with internal monitoring and adjustments to maintain service availability and processing capacity, for example (distributed) denial-of-service akack (DDoS) mi-ga-on for Cloud Products and related infrastructure. 2 • • 7. A centralized internal policy program for annual reviews and updates of all global policies related to business con-nuity. Robust backup protocols, including (i) data encryp-on, (ii) redundancy across data centers, and (iii) regular tes-ng to bolster con-ngency planning. Identification and Authentication Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate iden-fica-on and authen-ca-on purposes which include: • • • • • 8. Employee iden-fica-on uniquely through ac-ve directory, u-lising single sign-on (SSO) for applica-on access. U-lising of MFA for secure access, specifically for VPN and applica-on launch via SSO based on Atlassian’s Zero Trust Model architecture. Password policies following the NIST 800-63B guidelines, focusing on the security aspects of password crea-on and management. Ensuring the security of stored creden-als using advanced encryp-on methods, e.g. password and secret management systems. Documented approvals, regular reviews of users and accounts, and automa-c syncs between the relevant iden-ty system and HR systems to maintain the integrity and accuracy of iden-fica-on data. Security Incident Response Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate Security Incident response purposes, which include: • • • • • • • • • 9. Security Incident response plans emphasizing preparedness, containment, eradica-on and recovery, as well as focus on data protec-on and other regulatory requirements. Dedicated cross-func-onal teams handling Security Incidents, ensuring effec-ve communica-on and collabora-on, including well-defined processes for triaging security events. Regular tes-ng of response plans with established metrics to track and improve Security Incident management effec-veness. Annual reviews of company-wide incident response plans and policies to reflect and share current best prac-ces across the company. Post-incident review (PIR) with root cause analysis conducted for high-severity Security Incidents, focusing on systemic improvements and learning. Incident response procedures and plans embedded in cri-cal business processes to minimize down-me and security risks. Published system availability informa-on to aid in Security Incident handling and repor-ng at hkps://status.atlassian.com/, and hkps://www.loomstatus.com/, as applicable. The ability for Customer to report incidents, vulnerabili-es, bugs, and issues, ensuring prompt aken-on to concerns related to system defects, availability, security, and confiden-ality. Commitment to Customer no-fica-on of the Security Incident without undue delay under Atlassian’s Data Processing Addendum, including the obliga-on to assist the Customer with necessary informa-on for compliance with Applicable Data Protec-on Laws. Maintenance Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for con-nued effec-veness of its Cloud Products, which include: • • • 10. Regular tes-ng of BCDR Plans with quarterly evalua-ons, validated by external auditors. Real--me monitoring of the availability of mul-ple regions with performing of regular tests for infrastructure availability and reliability. Measures outlined in Sec-on 4 (Assessment, Authorisa-on and Monitoring), Sec-on 6 (Con-ngency Planning) and Sec-on 18 (System and Communica-ons Protec-on). Media Protection Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces to ensure the protec-on of media (internal and external), which include: • • • Using reliable 3rd party services (e.g. MicrosoH Azure or AWS) to operate the physical infrastructure for processing Customer Data as a Sub-processor. Sani-za-on and degaussing of used equipment by the 3rd party cloud service providers, including hard drives with Customer Data in line with industry standards (e.g. ISO 27001). Full disk encryp-on using industry standards (e.g. AES-256) employed for data drives on servers and databases storing Customer Data, and on endpoint devices. 3 • • 11. Internal bring your own device (BYOD) policy ensuring access to Customer Data is only possible via secure and compliant devices; restric-ng the access with technical controls (e.g. VPN) for all devices following Atlassian’s Zero Trust Model architecture. Unakended workspaces are required to have no visible confiden-al data, aligning with the secure workplace guidance. Physical and Environmental Protection Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for the physical and environmental protec-on of Customer Data, which include: • • • • • • 12. A safe and secure working environment with controls implemented globally at Atlassian's offices. Employing badge readers, camera surveillance, and -me-specific access restric-ons for enhanced security. Implemen-ng and maintaining access logs at office buildings for inves-ga-ve purposes. Mul-ple compliance cer-fica-ons and robust physical security measures, including biometric iden-ty verifica-on and onpremise security, implemented by 3rd party data center providers. Controlled access points and advanced surveillance systems as well as protec-ve measures for power and telecommunica-on cables, alongside with environmental control systems, implemented by 3rd party data center providers. Posi-oning cri-cal equipment in low-risk environmental areas for added safety (both by Atlassian and its 3rd party data center providers). Planning Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate planning of business opera-ons, which include: • • • • 13. Ac-ve monitoring and documenta-on by legal and compliance teams on regulatory obliga-ons. A detailed system security plan with comprehensive documenta-on on system boundaries and product descrip-ons. Communica-on to internal users and customers about significant changes to key products and services. Periodic reviews and updates of the security management program. Program Management Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for appropriate program management, which include: • • • • • • • • • • 14. Suppor-ng the security management program at the execu-ve level, encompassing all security-related policies and prac-ces. Documented informa-on security policies, including (i) defined roles, (ii) risk mi-ga-on, and (iii) service provider security management program. Periodic risk assessments of systems processing Customer Data, with prompt reviews of Security Incidents for correc-ve ac-on. Formal security controls framework aligning to standards such as SOC 2, ISO27001, and NIST 800-53. Processes for iden-fying and quan-fying security risks, with mi-ga-on plans approved by the Chief Trust Officer and regular tracking of implementa-on. Comprehensive and diverse approach to security tes-ng to cover a wide range of poten-al akack vectors. Regular review, tes-ng and upda-ng of the security management program (annually, at a minimum). Development program for security staff with regular trainings; organiza-onal chart that delinea-ng roles and responsibili-es. Serng and review of strategic opera-onal objec-ves by the execu-ve management. Annual review of the Enterprise Risk Management (ERM) framework, including the risk management policy, risk assessments, and fraud risk assessments, by the Head of Risk and Compliance. Personnel Security Atlassian has implemented and will maintain a comprehensive set of formal policies, controls and prac-ces for the security of all Atlassian’s employees who have access to Customer Data, which include: • • • • • Pre-hire background checks, including criminal record inquiries, especially thorough for senior execu-ve and accoun-ng roles to the extent permissible under applicable local laws. An extensive onboarding process including confiden-ality agreements, employment contracts, and acknowledgement of various policies and codes of conduct. Global and local employment policies, maintained and reviewed annually. Processes for role changes and termina-ons including automa-c de-provisioning and checklists for employee exits, with managerial approval required for re-provisioning the access. Ongoing security and compliance training for employees, with targeted training for specific roles and the presence of security champions in teams. 4 • • 15. Hos-ng of annual security awareness month to reinforce security educa-on and celebrate achievements in maintaining organiza-onal security. Established disciplinary processes to manage viola-ons of Atlassian's policies. Personal Data Processing and Transparency Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for the compliance of personal data processing in line with Applicable Data Protec-on Laws, which include: • • • • • • • • 16. A global privacy compliance program for reviewing and adap-ng to data protec-on laws including necessary safeguards and processes. Maintaining an internal personal data processing policy with clear defini-ons of personal data categories, processing purposes, and processing principles. Detailed standards for processing of various categories of personal data covering the topics such as processing principles, applicable legal basis, reten-on, destruc-on etc. An established method to create pseudonymised data sets using industry standard prac-ces and appropriate technical and organisa-onal measures governing the systems capable of remapping pseudonymous iden-fiers. Transparent privacy policies for its users and customers, as well as internal guidelines for employees. Comprehensive compliance documenta-on, including but not limited to (i) processing ac-vi-es, (ii) privacy impact assessments, (iii) transfer impact assessments, (iv) consents, and (v) data processing agreements with customers and vendors. Secure development prac-ces across all development lifecycle stages, focusing on security and data protec-on from the ini-al design phase. Respec-ng the individual’s rights to access, correct, and delete their personal data in line with relevant data protec-on laws. Risk Assessment Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for a robust Informa-on Security Management System, which include: • • • • • 17. A comprehensive risk management program for iden-fying, assessing, and addressing various risks to support informed risk management decisions. A policy program aligning company-wide policies with ISO 27001 and other relevant standards to mi-gate associated risks. Con-nuous security tes-ng, including (i) penetra-on tests, (ii) bug boun-es, and (iii) proac-ve threat mi-ga-on. Processes and metrics for repor-ng vulnerability management ac-vi-es. Thorough security evalua-ons, including independent external and internal audits. System and Services Acquisition Atlassian has implemented and will maintain a structured, security-centric methodology for the system development, maintenance, and change management, which include: • • • • • • • • • 18. An agile secure soHware development life cycle for the adaptability, and efficiency, as well as thorough review and documenta-on of system and infrastructure changes. Secure, standardized applica-on deployment with automated processes for system configura-on changes and deployment. Defined development process with peer-reviewed pull requests and mandatory automated tests prior to merging. Segregated responsibili-es for change management among designated employees. Emergency change processes, including "break glass" procedures, ensuring readiness for rapid response during cri-cal incidents. Robust compliance serngs in Atlassian’s source code and deployment systems (e.g. Bitbucket Cloud) preven-ng unauthorized altera-ons. Clear documenta-on and monitoring of all configura-on changes, with automa-c alerts for non-compliance or altera-ons in peer review enforcement. Strict controls over modifica-ons to vendor soHware. Regular scanning and updates of third-party or open-source libraries as well as ongoing scanning of the code base. System and Communications Protection Atlassian has implemented and will maintain a comprehensive set of formal policies, controls, and prac-ces for system and communica-on protec-on which include: • • Cryptographic mechanisms to safeguard sensi-ve informa-on stored and transmiked over networks, including public internet, using reliable and secure encryp-on technologies. Encryp-on of Customer Data at rest and in transit using TLS 1.2+ with Perfect Forward Secrecy (PFS) across public networks. 5 • • • • • • 19. Zone restric-ons and environment separa-on limi-ng connec-vity between produc-on and non-produc-on environments. Con-nuous management of worksta-on assets including (i) security patch deployment, (ii) password protec-on, (iii) screen locks, and (iv) drive encryp-on through asset management soHware. Restric-ng access to only known and compliant devices enrolled in the MDM plaaorm, adhering to the principles of Zero Trust Model architecture. Maintaining firewalls at corporate edges for both plaaorm and non-plaaorm hosted devices for addi-onal layers of security. Network and host defense including opera-ng system hardening, network segmenta-on, and data loss preven-on technologies. Established measures to ensure Customer Data is kept logically segregated from other customers' data. System and Information Integrity Atlassian has implemented and will maintain formally established policies and prac-ces that include the following controls and safeguards relevant for system and informa-on integrity, in par-cular: • • • • • • • 20. Ongoing vulnerability scans to ensure prompt iden-fica-on and remedia-on of vulnerabili-es. Adherence to stringent data disposal protocols in line with applicable laws, reasonably ensuring that data from storage media is irrecoverable post-sani-za-on. Strict policies to prevent the use of produc-on data in non-produc-on environments, ensuring the data integrity and segrega-on. Centrally managed, read-only system logs; monitoring for Security Incidents; reten-on policies aligned with security best prac-ces. Managing endpoint compa-bility with systems and applica-ons, enhancing network security and reliability. Deploying an--malware strategies on the relevant infrastructure and Atlassian devices for robust protec-on against malware threats with regular updates to malware protec-on policies and detec-on tools. Unique iden-fiers and token-based access control ensure logical isola-on and secure, limited access to Customer Data. Supply Chain Risk Management Atlassian has implemented and will maintain formally established policies and prac-ces for supply chain risk management, which include: • • • • • • • A formal framework for managing vendor rela-onships, aligning the security, availability, and confiden-ality standards of suppliers throughout their lifecycle. A robust third party risk management (TPRM) assessment process including risk assessments, due diligence, contract management, and ongoing monitoring of all third par-es Dedicated teams, including legal, procurement, security, and risk departments for the review of contracts, SLAs, and security measures to manage risks related to security and data confiden-ality. Func-onal risk assessments for suppliers before onboarding and periodically, based on risk levels, with revisions during policy renewals or significant rela-onship changes. An inventory of all suppliers detailing ownership and risk levels associated with the services provided to Atlassian. Yearly review of audit reports (e.g. SOC 2) and regular reviews of IT governance policies and security assessments of supply chain to ensure controls are both, appropriate and effec-vely compliant. Measures to secure third-party endpoints, focusing on compliance monitoring and selec-ve restric-ons based on the mobile & bring your own device policy. 6 Atlassian Data Processing Addendum Effec%ve star%ng: the earlier of (i) October 6, 2024 and (ii) the date the Atlassian Intelligence and Rovo Product-Specific Terms are effec%ve. This Data Processing Addendum (“DPA”) supplements the Atlassian Customer Agreement, or other agreement in place between Customer and Atlassian covering Customer’s use of Atlassian’s Products and related Support and Advisory Services (the “Agreement”). Unless otherwise defined in this DPA or in the Agreement, all capitalized terms used in this DPA will have the meanings given to them in SecGon 9 of this DPA. 1. Scope and Term. 1.1. Roles of the ParGes. (a) Customer Personal Data. Atlassian will Process Customer Personal Data as Customer’s Processor in accordance with Customer’s instrucGons as outlined in SecGon 2.1 (Customer InstrucGons). (b) (c) (d) Atlassian Account Data. Atlassian will Process Atlassian Account Data as a Controller for the following purposes: (i) to provide and improve the Products; (ii) to manage the Customer relaGonship (communicaGng with Customer and Users in accordance with their account preferences, responding to Customer inquiries and providing technical support, etc.), (iii) to facilitate security, fraud prevenGon, performance monitoring, business conGnuity and disaster recovery; and (iv) to carry out core business funcGons such as accounGng, billing, and filing taxes. Atlassian Usage Data. Atlassian will Process Atlassian Usage Data as a Controller for the following purposes: (i) to provide, opGmize, secure, and maintain the Products; (ii) to opGmize user experience; and (iii) to inform Atlassian’s business strategy. DescripGon of the Processing. Details regarding the Processing of Personal Data by Atlassian are stated in Schedule 1 (DescripGon of Processing). 1.2. Term of the DPA. The term of this DPA coincides with the term of the Agreement and terminates upon expiraGon or earlier terminaGon of the Agreement (or, if later, the date on which Atlassian ceases all Processing of Customer Personal Data). 1.3. Order of Precedence. If there is any conflict or inconsistency among the following documents, the order of precedence is: (1) the applicable terms stated in Schedule 2 (Region-Specific Terms including any transfer provisions); (2) the main body of this DPA; and (3) the Agreement. 2. Processing of Personal Data. 2.1. Customer InstrucGons. Atlassian must Process Customer Personal Data in accordance with the documented lawful instrucGons of Customer as stated in the Agreement (including this DPA) and respecGve Orders, as necessary to (i) provide the Products and related Support and Advisory Services to Customer and enable the use of various features and funcGonaliGes in accordance with the DocumentaGon (including as directed by Users through the Cloud Products), (ii) invesGgate Security Incidents and enforce the Acceptable Use Policy (e.g. enforce the prohibiGon on illegal content such as child sexual abuse material), or (iii) comply with its legal obligaGons. Atlassian will noGfy Customer if it becomes aware, or reasonably believes, that Customer’s instrucGons violate Applicable Data ProtecGon Law. 2.2. ConfidenGality. Atlassian must treat Customer Personal Data as Customer’s ConfidenGal InformaGon under the Agreement. Atlassian must ensure personnel authorized to Process Personal Data are bound by wriVen or statutory obligaGons of confidenGality. 3. Security. 3.1. Security Measures. Atlassian has implemented and will maintain appropriate technical and organizaGonal measures designed to protect the security, confidenGality, integrity and availability of Customer Data and protect against Security Incidents. Customer is responsible for configuring the Products and using features and funcGonaliGes made available by Atlassian to maintain appropriate security in light of the nature of Customer Data. Atlassian’s current technical and organizaGonal measures are described here. Customer acknowledges that the Security Measures are subject to technical progress and development and that Atlassian may update or modify the Security Measures from Gme to Gme, provided that such updates and modificaGons do not materially decrease the overall security of the Cloud Products during a SubscripGon Term. 3.2. Security Incidents. Atlassian must noGfy Customer without undue delay and, where feasible, no later than seventy-two (72) hours a[er becoming aware of a Security Incident. Atlassian must make reasonable efforts to idenGfy the cause of the Security Incident, miGgate the effects and remediate the cause to the extent within Atlassian’s reasonable control. Upon Customer’s request and taking into account the nature of the Processing and the informaGon available to Atlassian, Atlassian must assist Customer by providing informaGon reasonably necessary for Customer to meet its Security Incident noGficaGon obligaGons under Applicable Data ProtecGon Law. Atlassian’s noGficaGon of a Security Incident is not an acknowledgment by Atlassian of its fault or liability. 4. Sub-processing. 1 Atlassian Data Processing Addendum October 2024 Version 4.1. General AuthorizaGon. By entering into this DPA, Customer provides general authorizaGon for Atlassian to engage Subprocessors to Process Customer Personal Data. Atlassian must: (i) enter into a wriVen agreement with each Sub-processor imposing data protecGon terms that require the Sub-processor to protect Customer Personal Data to the standard required by Applicable Data ProtecGon Law and to the same standard provided by this DPA; and (ii) remain liable to Customer if such Sub-processor fails to fulfill its data protecGon obligaGons with regard to the relevant Processing acGviGes under the Agreement. 4.2. NoGce of New Sub-processors. Atlassian maintains an up-to-date list of its Sub-processors here, which contains a mechanism for Customer to subscribe to noGficaGons of new Sub-processors. Atlassian will provide such noGce, to those emails subscribed, at least thirty (30) days before allowing any new Sub-processor to Process Customer Personal Data (the “Subprocessor No@ce Period”). 4.3. ObjecGon to New Sub-processors. Customer may object to Atlassian’s appointment of a new Sub-processor during the Subprocessor NoGce Period. If Customer objects, Customer, as its sole and exclusive remedy, may terminate the applicable Order for the affected Cloud Product and related Support and Advisory Services in accordance with SecGon 12.2 (TerminaGon for Convenience) of the Agreement. 5. Assistance and Coopera@on Obliga@ons. 5.1. Data Subject Rights. Taking into account the nature of the Processing, Atlassian must provide reasonable and Gmely assistance to Customer to enable Customer to respond to requests for exercising a data subject’s rights (including rights of access, recGficaGon, erasure, restricGon, objecGon, and data portability) in respect to Customer Personal Data. 5.2. CooperaGon ObligaGons. Upon Customer’s reasonable request, and taking into account the nature of the Processing, Atlassian will provide reasonable assistance to Customer in fulfilling Customer’s obligaGons under Applicable Data ProtecGon Law (including data protecGon impact assessments and consultaGons with regulatory authoriGes), provided that Customer cannot reasonably fulfill such obligaGons independently with help of available DocumentaGon. 6. 5.3. Third Party Requests. Unless prohibited by Law, Atlassian will promptly noGfy Customer of any valid, enforceable subpoena, warrant, or court order from law enforcement or public authoriGes compelling Atlassian to disclose Customer Personal Data. Atlassian will follow its law enforcement guidelines in responding to such requests. In the event that Atlassian receives an inquiry or a request for informaGon from any other third party (such as a regulator or data subject) concerning the Processing of Customer Personal Data, Atlassian will redirect such inquiries to Customer, and will not provide any informaGon unless required to do so under applicable Law. Dele@on and Return of Customer Personal Data. 6.1. During SubscripGon Term. During the SubscripGon Term, Customer and its Users may, through the features of the Cloud Products, access, retrieve or delete Customer Personal Data. 7. 6.2. Post TerminaGon. Following expiraGon or terminaGon of the Agreement, Atlassian must, in accordance with the DocumentaGon, delete all Customer Personal Data. Notwithstanding the foregoing, Atlassian may retain Customer Personal Data (i) as required by Applicable Data ProtecGon Law or (ii) in accordance with its standard backup or record retenGon policies, provided that, in either case, Atlassian will maintain the confidenGality of, and otherwise comply with the applicable provisions of this DPA with respect to retained Customer Personal Data and not further Process it except as required by Applicable Data ProtecGon Law. Audit. 7.1. Audit Reports. Atlassian is regularly audited by independent third-party auditors and/or internal auditors, including as described here. Upon request, and on the condiGon that Customer has entered into an applicable non-disclosure agreement with Atlassian, Atlassian will supply a summary copy of relevant audit report(s) (“Report”) to Customer, so Customer can verify Atlassian’s compliance with the audit standards against which it has been assessed, and this DPA. If Customer cannot reasonably verify Atlassian’s compliance with the terms of this DPA, Atlassian will provide wriVen responses (on a confidenGal basis) to all reasonable requests for informaGon made by Customer related to its Processing of Customer Personal Data, provided that such right may be exercised no more than once every twelve (12) months. 7.2. On-site Audits. Only to the extent Customer cannot reasonably saGsfy Atlassian’s compliance with this DPA through the exercise of its rights under SecGon 7.1 above, or where required by Applicable Data ProtecGon Law or a regulatory authority, Customer, or its authorized representaGves, may, at Customer’s expense, conduct audits (including inspecGons) during the term of the Agreement to assess Atlassian’s compliance with the terms of this DPA. Any audit must (i) be conducted during Atlassian’s regular business hours, with reasonable advance wriVen noGce of at least sixty (60) calendar days (unless Applicable Data ProtecGon Law or a regulatory authority requires a shorter noGce period); (ii) be subject to reasonable confidenGality controls obligaGng Customer (and its authorized representaGves) to keep confidenGal any informaGon disclosed that, by its nature, should be confidenGal; (iii) occur no more than once every twelve (12) months; and (iv) restrict its findings to only informaGon relevant to Customer. 2 Atlassian Data Processing Addendum October 2024 Version 8. Interna@onal Provisions. To the extent Atlassian Processes Personal Data protected by Applicable Data ProtecGon Laws in one of the regions listed in Schedule 2 (Region-Specific Terms), the terms specified for the applicable regions will also apply, including the provisions relevant for internaGonal transfers of Personal Data (directly or via onward transfer). 9. Defini@ons. “Applicable Data Protec@on Law” means all Laws applicable to the Processing of Personal Data under the Agreement. “Atlassian Account Data” means Personal Data relaGng to Customer’s relaGonship with Atlassian, including: (i) Users’ account informaGon (e.g. name, email address, or Atlassian’s account ID (AAID)); (ii) billing and contact informaGon of individual(s) associated with Customer’s Atlassian account (e.g. billing address, email address, or name); (iii) Users’ device and connecGon informaGon (e.g. IP address); and (iv) content/descripGon of technical support requests (excluding aVachments) alongside with the Support EnGtlement Number (SEN). “Atlassian Usage Data” means Personal Data relaGng to or obtained in connecGon with the use, performance, operaGon, support or use of the Products, including via their connecGon to Third-Party Products. Atlassian Usage Data may include event name (i.e. what acGon Users performed), event Gmestamps, browser informaGon, diagnosGc data, data types, file sizes, and similar informaGon associated with data from the Products and Third-Party Products that Customer connects to the Products. For clarity, Atlassian Usage Data does not include Customer Personal Data. “Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. “Customer Personal Data'' means Personal Data contained in Customer Data and/or Customer Materials that Atlassian Processes under the Agreement solely on behalf of Customer. For clarity, Customer Personal Data includes any Personal Data included in the aVachments provided by Customer or its Users in any technical support requests. “Personal Data” means informaGon about an idenGfied or idenGfiable natural person, or which otherwise consGtutes “personal data”, “personal informaGon”, “personally idenGfiable informaGon” or similar terms as defined in Applicable Data ProtecGon Law. “Processing” (and “Process”) means any operaGon or set of operaGons which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collecGon, recording, organizaGon, structuring, storage, adaptaGon or alteraGon, retrieval, consultaGon, use, disclosure by transmission, disseminaGon or otherwise making available, alignment or combinaGon, restricGon, erasure, or destrucGon. “Processor” means the enGty which Processes Personal Data on behalf of the Controller. “Security Incident'' means any breach of security leading to the accidental or unlawful destrucGon, loss, alteraGon, unauthorized disclosure of, or access to Customer Data Processed by Atlassian and/or its Sub-processors. “Sub-processor” means any third party (inc. Atlassian Affiliates) engaged by Atlassian to Process Customer Personal Data. 3 Atlassian Data Processing Addendum October 2024 Version Schedule 1 Descrip@on of Processing 1. Categories of data subjects whose Personal Data is Processed: Customer and its Users. 2. Categories of Personal Data Processed: Atlassian Account Data, Atlassian Usage Data, and Customer Personal Data. 3. Sensi@ve data transferred: Atlassian Account Data and Atlassian Usage Data do not contain data (i) revealing racial or ethnic origin, poliGcal opinions, religious or philosophical beliefs, or trade union membership, (ii) geneGc data, biometric data Processed for the purposes of uniquely idenGfying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientaGon, or (iii) relaGng to criminal convicGons and offences (altogether “Sensi@ve Data”). Subject to SecGon 6.3 of the Agreement (SensiGve Health InformaGon and HIPAA), Customer or its Users may upload content to the Cloud Products which may include SensiGve Data, the extent of which is determined and controlled solely by Customer. 4. The frequency of the transfer: ConGnuous. 5. Nature of the Processing: Atlassian will Process Personal Data in order to provide the Products and related Support and Advisory Services in accordance with the Agreement, including this DPA. AddiGonal informaGon regarding the nature of the Processing (including transfer) is described in respecGve Orders for relevant Products and DocumentaGon referring to technical capabiliGes and features, including but not limited to collecGon, structuring, storage, transmission, or otherwise making available of Personal Data by automated means. 6. Purpose(s) of the Processing: 6.1. Customer Personal Data: Atlassian will Process Customer Personal Data as Processor in accordance with Customer’s instrucGons as set out in SecGon 2.1 (Customer InstrucGons). 6.2. Atlassian Account Data and Atlassian Usage Data: Atlassian will Process Atlassian Account Data and Atlassian Usage Data for the limited and specified purposes outlined in SecGon 1.1 (Roles of the ParGes). 7. 8. Dura@on of Processing: 7.1. Customer Personal Data: Atlassian will Process Customer Personal Data for the term of the Agreement as outlined in SecGon 6 (DeleGon and Return of Customer Personal Data). 7.2. Atlassian Account Data and Atlassian Usage Data: Atlassian will Process Atlassian Account Data and Atlassian Usage Data only as long as required (a) to provide Products and related Support and Advisory Services to Customer in accordance with the Agreement; (b) for Atlassian’s legiGmate business purposes outlined in SecGon 1.1 (Roles of the ParGes); or (c) by applicable Law(s). Transfers to Sub-processors: Atlassian will transfer Customer Personal Data to Sub-processors as permiVed in SecGon 4 (Subprocessing). 4 Atlassian Data Processing Addendum October 2024 Version Schedule 2 Region-Specific Terms Unless otherwise defined in this DPA or in the Agreement, all capitalized terms used in this Schedule will have the meanings given to them in SecGon 4 of this Schedule. 1. Europe, United Kingdom and Switzerland. 1.1. Customer InstrucGons. In addiGon to SecGon 2.1 (Customer InstrucGons) of the DPA above, Atlassian will Process Customer Personal Data only on documented instrucGons from Customer, including with regard to transfers of such Customer Personal Data to a third country or an internaGonal organisaGon, unless required to do so by Applicable Data ProtecGon Law to which Atlassian is subject; in such a case, Atlassian shall inform Customer of that legal requirement before Processing, unless that law prohibits such informaGon on important grounds of public interest. Atlassian will promptly inform Customer if it becomes aware that Customer's Processing instrucGons infringe Applicable Data ProtecGon Law. 1.2. European Transfers. Where Personal Data protected by the EU Data ProtecGon Law is transferred, either directly or via onward transfer, to a country outside of Europe that is not subject to an adequacy decision, the following applies: (a) The EU SCCs are hereby incorporated into this DPA by reference as follows: (i) Customer is the “data exporter” and Atlassian is the “data importer”. (ii) Module One (Controller to Controller) applies where Atlassian is Processing Atlassian Account Data or Atlassian Usage Data. (iii) Module Two (Controller to Processor) applies where Customer is a Controller of Customer Personal Data and Atlassian is Processing Customer Personal data as a Processor. Module Three (Processor to Processor) applies where Customer is a Processor of Customer Personal Data and Atlassian is Processing Customer Personal Data as another Processor. (iv) (v) (b) By entering into this DPA, each party is deemed to have signed the EU SCCs as of the commencement date of the Agreement. For each Module, where applicable: (i) In Clause 7, the opGonal docking clause does not apply. (ii) (iii) In Clause 9, OpGon 2 applies, and the Gme period for prior noGce of Sub-processor changes is stated in SecGon 4 (Subprocessing) of this DPA. In Clause 11, the opGonal language does not apply. (iv) In Clause 17, OpGon 1 applies, and the EU SCCs are governed by Irish law. (v) In Clause 18(b), disputes will be resolved before the courts of Ireland. (vi) The Appendix of EU SCCs is populated as follows: • The informaGon required for Annex I(A) is located in the Agreement and/or relevant Orders. • The informaGon required for Annex I(B) is located in Schedule 1 (DescripGon of Processing) of this DPA. • The competent supervisory authority in Annex I(C) will be determined in accordance with the Applicable Data ProtecGon Law; and • The informaGon required for Annex II is located here. 1.3. Swiss Transfers. Where Personal Data protected by the Swiss FADP is transferred, either directly or via onward transfer, to any other country that is not subject to an adequacy decision, the EU SCCs apply as stated in in SecGon 1.2 (European Transfers) above with the following modificaGons: (a) All references in the EU SCCs to “RegulaGon (EU) 2016/679” will be interpreted as references to the Swiss FADP, and references to specific ArGcles of “RegulaGon (EU) 2016/679” will be replaced with the equivalent arGcle or secGon of the Swiss FADP; all references to the EU Data ProtecGon Law in this DPA will be interpreted as references to the FADP. (b) In Clause 13, the competent supervisory authority is the Swiss Federal Data ProtecGon and InformaGon Commissioner. (c) In Clause 17, the EU SCCs are governed by the laws of Switzerland. (d) In Clause 18(b), disputes will be resolved before the courts of Switzerland. (e) All references to Member State will be interpreted to include Switzerland and Data Subjects in Switzerland are not excluded from enforcing their rights in their place of habitual residence in accordance with Clause 18(c). 5 Atlassian Data Processing Addendum October 2024 Version 1.4. United Kingdom Transfers. Where Personal Data protected by the UK Data ProtecGon Law is transferred, either directly or via onward transfer, to a country outside of the United Kingdom that is not subject to an adequacy decision, the following applies: (a) The EU SCCs apply as set forth in SecGon 1.2 (European Transfers) above with the following modificaGons: (i) Each party shall be deemed to have signed the UK Addendum. (ii) (b) (iii) For Table 1 of the UK Addendum, the parGes’ key contact informaGon is located in the Agreement and/or relevant Orders. For Table 2 of the UK Addendum, the relevant informaGon about the version of the EU SCCs, modules, and selected clauses which this UK Addendum is appended to is located above in SecGon 1.2 (European Transfers) of this Schedule. (iv) For Table 3 of the UK Addendum: • • The informaGon required for Annex 1A is located in the Agreement and/or relevant Orders. The InformaGon required for Annex 1B is located in Schedule 1 (DescripGon of Processing) of this DPA. • The informaGon required for Annex II is located here; and • The informaGon required for Annex III is located in SecGon 4 (Sub-processing) of this DPA. In Table 4 of the UK Addendum, both the data importer and data exporter may end the UK Addendum. 1.5. Data Privacy Framework. Atlassian parGcipates in and cerGfies compliance with the Data Privacy Framework. As required by the Data Privacy Framework, Atlassian (i) provides at least the same level of privacy protecGon as is required by the Data Privacy Framework Principles; (ii) will noGfy Customer if Atlassian makes a determinaGon it can no longer meet its obligaGon to provide the same level of protecGon as is required by the Data Privacy Framework Principles, and (iii) will, upon wriVen noGce, take reasonable and appropriate steps to remediate any unauthorized Processing of Personal Data. 2. United States of America. The following terms apply where Atlassian Processes Personal Data subject to the US State Privacy Laws: 2.1. To the extent Customer Personal Data includes personal informaGon protected under US State Privacy Laws that Atlassian Processes as a Service Provider or Processor, on behalf of Customer, Atlassian will Process such Customer Personal Data in accordance with the US State Privacy Laws, including by complying with applicable secGons of the US State Privacy Laws and providing the same level of privacy protecGon as required by US State Privacy Laws, and in accordance with Customer's wriVen instrucGons, as necessary for the limited and specified purposes idenGfied in SecGon 1.1(a) (Customer Personal Data) and Schedule 1 (DescripGon of Processing) of this DPA. Atlassian will not: (a) retain, use, disclose or otherwise Process such Customer Personal Data for a commercial purpose other than for the limited and specified purposes idenGfied in this DPA, the Agreement, and/or any related Order, or as otherwise permiVed under US State Privacy Laws; (b) "sell" or “share” such Customer Personal Data within the meaning of the US State Privacy Laws; and (c) retain, use, disclose or otherwise Process such Customer Personal Data outside the direct business relaGonship with Customer and not combine such Customer Personal Data with personal informaGon that it receives from other sources, except as permiVed under US State Privacy Laws. 2.2. Atlassian must inform Customer if it determines that it can no longer meet its obligaGons under US State Privacy Laws within the Gmeframe specified by such laws, in which case Customer may take reasonable and appropriate steps to prevent, stop, or remediate any unauthorized Processing of such Customer Personal Data. 2.3. To the extent Customer discloses or otherwise makes available DeidenGfied Data to Atlassian or to the extent Atlassian creates DeidenGfied Data from Customer Personal Data, in each case in its capacity as a Service Provider, Atlassian will: 3. (a) adopt reasonable measures to prevent such DeidenGfied Data from being used to infer informaGon about, or otherwise being linked to, a parGcular natural person or household; (b) publicly commit to maintain and use such DeidenGfied Data in a de-idenGfied form and to not aVempt to reidenGfy the DeidenGfied Data, except that Atlassian may aVempt to re-idenGfy such data solely for the purpose of determining whether its de-idenGficaGon processes are compliant with the US State Privacy Laws; and (c) before sharing DeidenGfied Data with any other party, including Sub-processors, contractors, or any other persons (“Recipients”), contractually obligate any such Recipients to comply with all requirements of this SecGon 2.3 (including imposing this requirement on any further Recipients). South Korea. 3.1. Customer agrees that it has provided noGce and obtained all consents and rights necessary under Applicable Data ProtecGon Law for Atlassian to Process Atlassian Account Data and Atlassian Usage Data pursuant to the Agreement (including this DPA). 3.2. To the extent Customer discloses or otherwise makes available DeidenGfied Data to Atlassian, Atlassian will: 6 Atlassian Data Processing Addendum October 2024 Version 4. (a) maintain and use such DeidenGfied Data in a de-idenGfied form and not aVempt to re-idenGfy the DeidenGfied Data; and (b) before sharing DeidenGfied Data with any other party, including Sub-processors, contractors, or any other persons (“Recipients”), contractually obligate any such Recipients to comply with all requirements of this SecGon 3.2 (including imposing this requirement on any further Recipients). Defini@ons. 4.1. Where Personal Data is subject to the laws of one the following regions, the definiGon of “Applicable Data Protec@on Law” includes: (a) Australia: the Australian Privacy Act; (b) Brazil: the Brazilian Lei Geral de Proteção de Dados (General Personal Data ProtecGon Act); (c) (d) Canada: the Canadian Personal InformaGon ProtecGon and Electronic Documents Act; Europe: (i) the RegulaGon 2016/679 of the European Parliament and of the Council on the protecGon of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data ProtecGon RegulaGon, or GDPR) and (ii) the EU e-Privacy DirecGve (DirecGve 2002/58/EC) as amended, superseded or replaced from Gme to Gme (“EU Data Protec@on Law”); (e) (f) Japan: the Japanese Act on the ProtecGon of Personal InformaGon; Singapore: the Singapore Personal Data ProtecGon Act; (g) South Korea: the South Korean Personal InformaGon ProtecGon Act (“PIPA”) and the Enforcement Decrees of PIPA; (h) Switzerland: the Swiss Federal Act on Data ProtecGon and its implemenGng regulaGons as amended, superseded, or replaced from Gme to Gme (“Swiss FADP”); (i) The United Kingdom: the Data ProtecGon Act 2018 and the GDPR as saved into United Kingdom law by virtue of SecGon 3 of the United Kingdom's European Union (Withdrawal) Act 2018 as amended, superseded or replaced from Gme to Gme (“UK Data Protec@on Law”); and (j) The United States: all state laws relaGng to the protecGon and Processing of Personal Data in effect in the United States of America, which may include, without limitaGon, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implemenGng regulaGons (“CCPA”), the Colorado Privacy Act, the ConnecGcut Data Privacy Act, the Utah Consumer Privacy Act and the Virginia Consumer Data ProtecGon Act (“US State Privacy Laws”). 4.2. “Deiden@fied Data” means data that cannot reasonably be used to infer informaGon about, or otherwise be linked to, a data subject. 4.3. “Data Privacy Framework” means the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework self-cerGficaGon program operated by the US Department of Commerce. 4.4. “Europe” includes, for the purposes of this DPA, the Member States of the European Union and European Economic Area. 4.5. “EU SCCs” means the contractual clauses annexed to the European Commission's ImplemenGng Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to RegulaGon (EU) 2016/679 of the European Parliament and of the Council, as amended, superseded, or replaced from Gme to Gme. 4.6. “Service Provider” has the same meaning as given in the CCPA. 4.7. “UK Addendum” means the InternaGonal Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK InformaGon Commissioner, Version B1.0, in force 21 March 2022, as amended, superseded or replaced from Gme to Gme. 7 Atlassian Data Processing Addendum October 2024 Version

Kansas House Bill 2039: Tribal Court Judgments Recognition

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib