Add to collection(s) Add to saved
  1. Business

Dated 2009 NHS BUSINESS SERVICES AUTHORITY AND

advertisement 
Dated
2009
NHS BUSINESS SERVICES AUTHORITY
AND
RELIANCE SECURE TASK MANAGEMENT LIMITED
FRAMEWORK AGREEMENT
for the provision of Lone Worker Services
Contents
Clause
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
10-404788-3
Page
Definitions and Interpretation .....................................................................................................1
Scope of this Framework Agreement.........................................................................................2
Implementation Plan ..................................................................................................................3
The Available Services...............................................................................................................3
Standards and Regulations ........................................................................................................4
Ordering Procedures ..................................................................................................................4
Charges for Services..................................................................................................................5
Representatives .........................................................................................................................6
Governance ................................................................................................................................6
Business Continuity....................................................................................................................6
Management Information ...........................................................................................................7
Amendments to this Framework Agreement .............................................................................7
Marketing ...................................................................................................................................7
Communications ........................................................................................................................7
Financial standing of the Supplier ..............................................................................................8
Term, suspension and termination.............................................................................................9
Consequences of termination and expiry.................................................................................11
Force Majeure ..........................................................................................................................12
Warranties and representations ...............................................................................................13
Limitation of liability ..................................................................................................................14
Complaints handling.................................................................................................................16
Authority Data ..........................................................................................................................16
Data Protection ........................................................................................................................17
Personnel Security ...................................................................................................................19
Intellectual Property Rights ......................................................................................................19
Confidentiality...........................................................................................................................20
Publicity ....................................................................................................................................22
Dispute resolution ....................................................................................................................22
Insurance .................................................................................................................................22
Recovery of sums due .............................................................................................................22
Statutory requirements .............................................................................................................22
Environmental requirements ....................................................................................................23
Discrimination...........................................................................................................................23
Corrupt gifts and payments of commission ..............................................................................23
Granting of Trade Marks ..........................................................................................................24
Transfer and sub-contracting ...................................................................................................24
Rights of Third Parties..............................................................................................................26
Audit .........................................................................................................................................27
Freedom of information ............................................................................................................28
Customer satisfaction monitoring.............................................................................................29
Legislative change ...................................................................................................................29
Statutory invalidity ....................................................................................................................30
Severability ...............................................................................................................................30
Waiver ......................................................................................................................................30
Non-exclusivity .........................................................................................................................30
Law and Jurisdiction.................................................................................................................31
Entire agreement......................................................................................................................31
Schedule
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
10-404788-3
Definitions ................................................................................................................................33
Model Contracts .......................................................................................................................40
Part 1 - Model Contract (Customer funded) .............................................................................40
Part 2 - Model Contract (Authority part funded) .......................................................................42
The Available Services, Service Management, Minimum Service Levels and Standard
Service Credits .........................................................................................................................44
Part 3.1 - Service Management ...............................................................................................44
Part 3.2 - User Training ............................................................................................................57
Part 3.3 - Alarm Receiving Centre (ARC) ................................................................................64
Part 3.4 - User Devices ............................................................................................................72
Part 3.5 - Networks ..................................................................................................................77
Part 3.6 - Account Management ..............................................................................................80
Part 3.7 - Supplier Innovation and Continuous Improvement ..................................................83
Part 3.8 - Invoicing Mechanism ................................................................................................84
Part 3.9- Service Levels and Service Credits ..........................................................................87
Part 3.10 – Service Levels and Service Credits ......................................................................90
Part 3.11 - Operational Reporting ..........................................................................................108
Delays and Implementation ...................................................................................................112
Part 1 - Delays .......................................................................................................................112
Part 2 - Implementation Plan .................................................................................................114
The Maximum Charges ..........................................................................................................117
Ordering Procedures ..............................................................................................................128
Part 1 – Joint Funded .............................................................................................................130
Part 2 – Direct Funded ...........................................................................................................131
Management Information .......................................................................................................132
Agreement Change Procedure ..............................................................................................137
Maximum Charges Variation Procedure ................................................................................141
Sub-Contractors .....................................................................................................................145
Model Self Audit Certificate ....................................................................................................154
Governance ............................................................................................................................155
Solution ..................................................................................................................................163
Security Policy........................................................................................................................173
Marketing and Communications ............................................................................................208
Part 1 - Exit Assistance ..........................................................................................................214
Part 2 – Staff Transfer ............................................................................................................216
Standards and Regulations ....................................................................................................226
Insurance Requirements ........................................................................................................229
This Framework Agreement is made on
2009
Between
(1)
The NHS Business Services Authority (as agent for the Department of Health) (Authority);
and
(2)
Reliance Secure Task Management Limited (No. 2057887) whose registered office is at
Boundary House, Cricketfield Road, Uxbridge, Middlesex UB8 1QG (Supplier).
Whereas
(A)
On 27 May 2008 the Authority placed a contract notice, reference 2008/5 101-135947 in the
Official Journal of the European Union seeking expressions of interest from Suppliers for the
provision of services to public sector bodies under a framework agreement;
(B)
Following the subsequent procurement process the Authority selected the Supplier to enter
into a Framework Agreement;
(C)
The Supplier has agreed to enter into this Framework Agreement with the Authority for the
provision of Services;
(D)
The Department of Health has designated central funds to support the provision of Services
within the NHS. These funds may be made available to Customers for procuring Services
under this Framework Agreement and where such funds are available the Authority shall, in
addition to a Customer, enter into a Contract with the Supplier for the provision of Services
but solely for the purpose of making certain payments in respect of the Services; and
(E)
This Framework Agreement provides that Customers may enter into separate Contracts with
the Supplier by placing an Order.
It is agreed
1
Definitions and Interpretation
1.1
As used in this Framework Agreement:
(a)
the terms and expressions set out in schedule 1 (Definitions) shall have the meanings
set out therein;
(b)
the masculine includes the feminine and the neuter;
(c)
the singular includes the plural and vice versa; and
(d)
the words "include", "include"; and "including" are to be construed as if they were
immediately followed by the words "without limitation".
1.2
A reference to any statute, enactment, order, regulation or other similar instrument shall be
construed as a reference to the statute, enactment, order, regulation or instrument as
amended by any subsequent statute, enactment, order, regulation or instrument or as
contained in any subsequent re-enactment thereof.
1.3
A reference to any document other than as specified in clause 1.2 shall be construed as a
reference to the document as at the date of execution of this Framework Agreement.
10-404788-3
1
1.4
Headings are included in this Framework Agreement for ease of reference only and shall not
affect the interpretation or construction of this Framework Agreement.
1.5
References to "clauses" and "schedules" other than in schedule 2 (Model Contract) are,
unless otherwise provided or the context so necessitates, references to the clauses of and
schedules to this Framework Agreement. References to "paragraphs" are, unless otherwise
provided, references to paragraphs of the schedule in which the references are made.
1.6
References to "clauses" and "schedules" in schedule 2 (Model Contract) are, unless
otherwise provided or the context so necessitates, references to the clauses of and schedules
to the Contract and references in schedule 2 (Model Contract) to "paragraphs" are, unless
otherwise provided, references to paragraphs of the schedule to the Contract in which the
references are made.
1.7
Terms or expressions contained in this Framework Agreement or a Contract which are
capitalised but which do not have an interpretation in schedule 1 (Definitions) or schedule 2
(Model Contract) as appropriate shall be interpreted in accordance with the common
interpretation within the mobile communications industry where appropriate. Otherwise they
shall be interpreted in accordance with the dictionary meaning.
1.8
The use of "[♦]" in schedule 2 (Model Contract) indicates where information shall be inserted
by the Supplier or Customer for each Contract. Such information shall be obtained from the
Catalogue and the relevant Order.
1.9
In the event and to the extent only of any conflict between the clauses together with schedule
1 (Definitions) and the remainder of the schedules, the clauses together with schedule 1
(Definitions) shall prevail over the remainder of the schedules. The remainder of the
schedules (other than the Catalogue and schedule 13 (Solution)) shall, in turn prevail over the
Catalogue and schedule 13 (Solution). In the event of any conflict between the Catalogue and
schedule 13 (Solution) the Catalogue shall prevail.
2
Scope of this Framework Agreement
2.1
This Framework Agreement governs the overall relationship of the Authority with the Supplier
with respect to the provision of the Services to Customers. The Customers are entitled (but
not required) at any time during the Term to order Services from the Catalogue in accordance
with the Ordering Procedure. The Supplier shall provide to that Customer such Services in
accordance with all applicable provisions of the relevant Contract.
2.2
The Supplier hereby acknowledges that:
10-404788-3
(a)
all obligations entered into under a Contract, and the liabilities incurred by the
Supplier, are given, entered into, or incurred in favour of and for the benefit of each
Customer;
(b)
each Contract forms a separate agreement between the Customer and the Supplier
in respect of the Services ordered under it; and
(c)
with respect to each Contract, the Authority does not give any warranties or
indemnities, and does not accept any liability or responsibility under this Framework
Agreement for any obligation, debt or liability of or incurred by a Customer under a
Contract.
2
2.3
The Supplier shall not commit any act, nor forbear to commit any act, that shall compromise a
Customer's compliance with the Guidance Notes.
2.4
Any Contract entered into under this Framework Agreement shall commence on the date of
the execution of that Contract and shall expire no later than five (5) years after such
execution.
2.5
The Supplier shall not enter into a contract with a Health Service Body for the provision of
services in the nature of the Available Services, other than in the form of the Model Contract.
3
Implementation Plan
The Supplier shall implement the Solution in accordance with the Implementation Plan and
schedule 4 (Delays) and maintain the Solution to enable provision of the Services throughout
the Term.
4
The Available Services
4.1
Each of the services specified in schedule 3 (Services) shall be made available to Customers
and Potential Customers and shall be listed as a Catalogue Entry in the Catalogue. When a
specific Available Service is the subject of an Order by a Customer, it will be referred to in the
ensuing Contract as an Ordered Service.
4.2
The Supplier shall maintain the organisational and technical ability and capacity to provide the
Available Services in accordance with this Framework Agreement as the Available Services
are required from time to time by Customers.
4.3
The Supplier shall enter into a Contract on the terms and conditions prescribed in the relevant
Model Contract with each Customer that places an Order in accordance with the provisions of
this Framework Agreement.
4.4
The Supplier shall maintain and keep up to date the Catalogue throughout the Term. Any
amendment to the Catalogue, other than an amendment to the specification of each
Catalogue Entry and its relevant Charges, shall be subject to the Agreement Change
Procedures.
4.5
The Supplier shall, no less than once in every 6 months, carry out a review of:
(a)
the Available Services;
(b)
the Solution; and
(c)
new lone worker devices (New Devices),
taking account of technological and operational developments and advancements in the
delivery of services similar to the Services.
4.6
10-404788-3
If following a review pursuant to clause 4.5, the Supplier identifies changes to the Available
Services that could improve the Services then the Supplier shall provide a written report of its
findings to the Authority within 14 days of such review. Any potential changes or New Devices
agreed to be considered by the Authority and the Supplier, will be subject to testing by the
Supplier, at the Supplier's cost, and the Supplier shall submit its findings to the Authority for
consideration in a written report. Following such consideration, if the Authority wishes to make
the change or add the New Devices to the Catalogue, the Supplier shall propose such change
through the Agreement Change Procedures.
3
4.7
The Supplier hereby licenses the Authority for the Term on a royalty-free basis to use, copy
and publish (electronically and in hard copy formats) the descriptions of the Catalogue Entries
provided by the Supplier. All Intellectual Property Rights of the Supplier (or its SubContractors) in such descriptions (except insofar as such descriptions derive from material
provided by the Authority) shall remain with the Supplier (or its Sub-Contractors).
4.8
The Supplier shall comply with its obligations in schedule 3 (Services) regarding the recording
of and provision of information relating to Red Alerts and Amber Alerts.
5
Standards and Regulations
5.1
The Supplier shall provide the Services and meet its responsibilities and obligations
hereunder in accordance with the Standards and Regulations as set out in schedule 17
(Standards and Regulations).
5.2
The Supplier shall indemnify, defend and hold harmless the Authority from any fine awarded
against the Authority by the Regulatory Bodies or any payment required by the Regulatory
Bodies to be made to any third parties to the extent arising as a result of a breach of contract
or negligent act or omissions of the Supplier.
6
Ordering Procedures
6.1
Each Customer shall be entitled at any time during the Term to place an order for Services
from the Supplier by serving an Order in accordance with the Ordering Procedures. Each
Order will specify which of the Model Contracts the Customer requires the Services to be
provided under, which shall be dependent upon whether the Authority will provide funding for
the Services.
6.2
Each Order shall contain the information listed in paragraph 3 of schedule 6 (Ordering
Procedure).
6.3
The Authority and the Supplier agree that any document or communication, including a
document or communication in the apparent form of an Order, which:
(a)
does not contain all of the information listed in paragraph 3 of schedule 6 (Ordering
Procedure); and/or
(b)
purports to exclude or vary any of the terms and conditions of the Model Contract,
other than in accordance with the provisions of schedule 6 (Ordering Procedure),
shall not constitute an Order under this Framework Agreement.
6.4
6.5
10-404788-3
The Supplier shall, within two (2) Working Days of receipt of an Order; either:
(a)
acknowledge in writing (which, for the purposes of this clause 6.4(a), shall include
email) receipt of that Order to the Customer (with a copy to the Authority) and state
that it is unable to fulfil the Order; or
(b)
acknowledge in writing (which, for the purposes of this clause 6.4(b), shall include
email) receipt of that Order to the Customer (with a copy to the Authority) and state its
acceptance of that Order.
In the event that the Supplier accepts the Order in accordance with the provisions of
clause 6.4(b), the Supplier shall:
4
(a)
simultaneously with that acceptance notify the Customer of the proposed dates for
commencement of the Ordered Services; and
(b)
following confirmation of the proposed dates for commencement, send the Order duly
countersigned by an authorised officer of the Supplier to the Customer (with a copy to
the Authority).
6.6
If the Supplier wishes to query any matter in relation to an Order served on it by a Customer,
the Supplier shall raise the matter with the relevant Customer as soon as practicable and in
any event within two (2) Working Days of receipt of that Order. The Supplier shall agree the
Order with the Customer as soon as possible thereafter and in any event no later than the
Service Commencement Date.
6.7
Subject to clause 6.8, a binding agreement for the provision of the Ordered Services shall be
formed on the Customer's receipt of the countersigned Order pursuant to clause 6.5(b).
6.8
In respect of any Contract to which the Authority is a party, a binding agreement for the
provision of the Ordered Services shall not be formed until the Authority has signed the
Contract, in accordance with schedule 6 (Ordering Procedure).
7
Charges for Services
7.1
Charges
7.2
10-404788-3
(a)
The Charges applicable for each Service shall be as set out in schedule 5 (Charges)
to each Contract.
(b)
The Supplier agrees not to levy any Charges under any Contract that are in excess of
the Maximum Charges from time to time.
(c)
The Maximum Charges shall be varied in accordance with the provisions of schedule
9 (Charges Variation Procedure).
(d)
The Supplier may lower any or all of the Charges applicable to the Supplier's
Catalogue Entries from time to time by giving 20 Working Days' notice to the
Authority, but may at no time ask to have advertised in the Catalogue any Charges
that are in excess of the Maximum Charges from time to time.
Benchmarking
(a)
The Authority may benchmark the Charges advertised in the Catalogue and/or the
Maximum Charges at any time during the Term in order to compare such Charges
with charges offered by third parties and by the Supplier to other customers.
(b)
The Authority shall be entitled to use any model to determine the achievement of
value for money to carry out the benchmarking evaluation referred to in clause 7.2(a).
(c)
The Authority shall be entitled to publish the results of any benchmarking of the
Charges to Customers and Potential Customers.
(d)
The Supplier shall use all reasonable endeavours and act in good faith to supply
information required by the Authority in order to undertake the benchmarking referred
to in this clause 7.2, such information requirements to be at the discretion of the
Authority.
5
8
Representatives
8.1
Each party shall notify the other in accordance with clause 14 (Communications) of the
persons appointed by it from time to time to fulfil the roles identified in schedule 12
(Governance). These shall be known as the Authority Representatives and the Supplier
Representatives (as appropriate) and they shall have the authority to act on behalf of their
respective party on the matters set out in, or in connection with, this Framework Agreement.
Either party may, by further written notice to the other party, revoke or amend the authority of
its Representative or appoint a new Representative.
8.2
The respective Representatives shall be sufficiently senior within the organisation of the
appointing party, and granted sufficient authority by that party, to ensure full cooperation in
relation to the operation and the management of this Framework Agreement.
8.3
The Supplier shall ensure that the role of the Supplier Representatives are not vacant for any
longer than 10 Working Days and that any replacements shall be appropriately qualified and
experienced and fully competent to carry out the tasks assigned to the Supplier
Representative whom he or she has replaced.
9
Governance
The Supplier and the Authority shall comply with their respective contract management
obligations set out in schedule 12 (Governance).
10
Business Continuity
10.1
The Supplier shall ensure that it is able to implement the Business Continuity Plan at any time
in accordance with its terms to ensure continuity of service provision and to minimise the
consequences of any failure in the Solution on the provision of the Services.
10.2
The Supplier shall test the Business Continuity Plan on a regular basis (and in any event not
less than once in every 12 month period). The Authority may require the Supplier to conduct
additional tests of the Business Continuity Plan where the Authority considers it necessary,
including where there has been any change to the Services or any underlying business
processes, or on the occurrence of any event which may increase the likelihood of the need
to implement the Business Continuity Plan.
10.3
If the Authority requires an additional test of the Business Continuity Plan it shall give the
Supplier written notice and the Supplier shall conduct the test in accordance with the
Authority’s requirements and the relevant provisions of the Business Continuity Plan. The
Supplier's costs of the additional test shall be borne by the Authority unless the Business
Continuity Plan fails the additional test in which case the Supplier's costs of that failed test
shall be borne by the Supplier.
10.4
Following each test, the Supplier shall send to the Authority a written report summarising the
results of the test and shall promptly implement any actions or remedial measures which the
Authority considers to be necessary as a result of those tests.
10.5
The Supplier shall undertake regular risk assessments in relation to the provision of the
Services not less than once every six months and shall provide the results of, and any
recommendations in relation to, those risk assessments to the Authority promptly in writing
following each review.
10-404788-3
6
11
Management Information
11.1
The Supplier shall submit Management Information to the Authority in accordance with the
provisions of schedule 7 (Management Information), throughout the Term and thereafter in
respect of any extant Contract.
11.2
The Supplier shall implement and maintain an Order processing system that identifies and
records all Orders. Such system shall enable the Supplier to track all Orders and ascertain
their status at any time and shall produce the Records specified in clause 38, Audit.
12
Amendments to this Framework Agreement
12.1
No amendment to the provisions of this Framework Agreement, other than a variation of the
Charges pursuant to the provisions of schedule 9 (Charges Variation Procedure), shall be
effective unless made in accordance with the Agreement Change Procedures.
12.2
The control of changes to this Framework Agreement shall be in accordance with the
Agreement Change Procedures. For these purposes a "Change" shall include any
amendment to this Framework Agreement and any amendments to the Catalogue. For each
Change that is agreed by the Authority and the Supplier pursuant to this clause 12, this
Framework Agreement or the Catalogue shall be amended to the extent necessary to give
effect to that Change, and for this purpose the Authority and the Supplier shall use the form of
amendment as set out in schedule 8 (Agreement Change Procedures). Unless and until such
amendment is made in accordance with this clause 12, no Change shall be considered
effective, and this Framework Agreement and the Catalogue shall not in any way be
considered to have been varied.
12.3
In the event that a Change is implemented pursuant to the provisions of clause 12.2 and such
Change is to schedule 2 (Model Contract), the Change shall be implemented in schedule 2
(Model Contract) and the Authority and the Supplier shall agree implementation of the
Change to extant affected Contracts as follows:
(a)
the Change shall not be implemented in any extant Contracts; or
(b)
the Supplier shall give each Customer that is the party to each such affected extant
Contract the option to implement the Change in their Contract pursuant to the
procedure for contract change set out in the relevant Contract.
12.4
Subject to clauses 12.2 and 12.3, no change shall be made to any extant Contract without the
written consent of the Authority.
13
Marketing
The Supplier shall undertake marketing of this Framework Agreement and Services to
Potential Customers in accordance with the provisions of schedule 15 (Marketing),
throughout the Term.
14
Communications
14.1
Except as otherwise expressly provided, no communication from one party to the other shall
have any validity under this Framework Agreement unless made in writing (which shall, save
as expressly provided otherwise, exclude communications by e-mail) by or on behalf of the
party sending such communication.
10-404788-3
7
14.2
Any notice or other communication whatsoever which either the Authority or the Supplier is
required or authorised by this Framework Agreement to give or make to the other shall be
given or made by first class post in a prepaid letter, addressed to the other at the address
specified in clause 14.3. Such notice or communication shall be deemed, for the purposes of
this Framework Agreement, to have been given or made two (2) Working Days after dispatch
by the sender.
14.3
For the purposes of clause 14.2 the address of each party shall be:
For the Authority:
Address:
Commercial Services (Lone Worker Project)
Lower Ground
Bridge House
152 Pilgrim Street
Newcastle upon Tyne
NE1 6SN
For the attention of: the Lone Worker Contract Manager
For the Supplier:
Address:
Reliance Secure Task Management,
Surety House,
Concorde Road,
Patchway,
Bristol, BS34 5TB
For the attention of: the Managing Director
15
Financial standing of the Supplier
15.1
The Authority may from time to time during the Term assess the financial standing of the
Supplier including an assessment of credit ratings as published by a credit rating agency
appointed by the Authority. In the event that the Authority considers that the financial status
of the Supplier represents a substantial risk to the Supplier's ability to perform its obligations
under Contracts the Authority will discuss that risk with the Supplier.
15.2
Following such discussions, if the Authority concludes that there remains a substantial risk the
Authority may by notice in writing suspend the right of the Supplier to accept further Orders
without specific prior written agreement from the Authority.
15.3
In the event that the Authority takes the actions specified in clause 15.2, the Supplier may
invite the Authority at any time to carry out a new assessment, giving evidence of changes to
the financial standing of itself.
15.4
Where the Authority carries out a new assessment, and it concludes that there is no longer a
substantial risk to the Supplier's ability to perform its obligations under Contracts, it shall
advise the Supplier that the provisions of clause 15.2 no longer apply and recommence the
publication of Services in the Catalogue.
10-404788-3
8
16
Term, suspension and termination
16.1
This Framework Agreement shall commence on the date hereof and, subject to clause 17.7,
shall remain in force until the earlier of the expiry or early termination of the last Contract
entered into pursuant to this Framework Agreement unless terminated earlier pursuant to this
clause 16. The Supplier shall only be entitled to accept Orders or enter into any Contracts for
a period of three (3) years, subject to an extension at the option of the Authority for a period of
one (1) year, unless terminated earlier pursuant to this clause 16. The Authority may exercise
the option to extend the right for the Supplier to accept Orders under this Framework
Agreement in accordance with this clause 16.1 by serving written notice on the Supplier to
that effect no later than 6 months before expiry of the three (3) year period.
16.2
The Authority may at any time by notice in writing suspend the right of the Supplier to accept
further Orders for Services without specific prior written agreement from the Authority in the
event that:
(a)
the Supplier does not maintain its ability and capacity in respect of those Services in
accordance with the provisions of clause 4.2; or
(b)
the Supplier fails to submit Management Information in respect of those Services in
accordance with the provisions of clause 11.1; or
(c)
the Supplier commits any breach of any of the Contracts that would entitle the
Customer under that Contract to terminate that Contract (whether or not the relevant
Customer does terminate that Contract); or
(d)
any of the Termination Events specified in clause 16.5 occur,
provided that such notice shall take effect no sooner than 10 Business Days following the
service of such notice where the events leading to such notice are those listed in clause
16.2(a) and clause 16.2(b) and in all other circumstances such notice may have immediate
effect.
16.3
At any time following service of a notice of suspension pursuant to clause 16.2 the Supplier
may serve notice on the Authority providing full details of the rectification of the events giving
rise to the suspension and steps taken by the Supplier to prevent their repeat. Following the
giving of such notice by the Supplier the Authority shall, where it is satisfied, acting
reasonably, that the events have been rectified and steps taken are sufficient to prevent a
repeat of such events occurring, restore the ability of the Supplier to accept further Orders for
Services without specific prior written agreement from the Authority.
16.4
The Authority may at any time by notice in writing terminate this Framework Agreement as
from the date of service of such notice, or a later date specified in such notice, if any of the
Termination Events specified in clause 16.5 occur.
16.5
Termination Events
(a)
10-404788-3
A Change of Control where the proposed new owner has:
(i)
been convicted of a criminal offence relating to the conduct of its business or
profession; or
(ii)
committed an act of grave misconduct in the course of its business or
profession; or
9
failed to comply with any obligations relating to the payment of any taxes or
social security contributions; or
(iv)
made any serious misrepresentations in the tendering process for any project
or matter in which the public sector has or had a significant participation; or
(v)
previously failed to obtain any licences and/or membership of any body which
would be necessary if it were to provide services equivalent to the Services.
(b)
A Change of Control occurs and there are reasonable grounds for the Authority to
withhold its consent relating to the financial standing of the new owner, any security
concerns arising from the new ownership or issues relating to the provision of the
Services by the new owner.
(c)
Any of the events listed in clause 16.5(a)(i) to 16.5(a)(iv) occur in relation to or in
respect of the Supplier itself, or if the Authority has reasonable grounds to object to
the Supplier arising from security concerns in respect of the Supplier.
(d)
The Supplier:
(e)
10-404788-3
(iii)
(i)
being an individual, or where the Supplier is a firm, any partner or partners in
that firm who together are able to exercise direct or indirect control, as
defined by Section 416 of the Income and Corporation Taxes Act 1988, shall
at any time become bankrupt or shall have a receiving order or administration
order made against him or shall make any composition or arrangement with
or for the benefit of his creditors, or shall make any conveyance or
assignment for the benefit of his creditors, or shall purport so to do, or
appears unable to pay or to have no reasonable prospect of being able to
pay a debt within the meaning of Section 268 of the Insolvency Act 1986, or
any application shall be made under any bankruptcy or insolvency act for the
time being in force for sequestration of his estate, or a trust deed shall be
granted by him on behalf of his creditors, or any similar event occurs under
the law of any other jurisdiction; or
(ii)
being a company, passes a resolution, or the court makes an order that the
Supplier or its Parent Company be wound up otherwise than for the purpose
of a bona fide reconstruction or amalgamation, or a receiver, manager or
administrator on behalf of a creditor is appointed in respect of the business or
any part thereof of the Supplier or the Parent Company (or an application for
the appointment of an administrator is made or notice to appoint an
administrator is given in relation to the Supplier or the Parent Company), or
circumstances arise which entitle the court or a creditor to appoint a receiver,
manager or administrator or which entitle the court otherwise than for the
purpose of a bona fide reconstruction or amalgamation to make a winding-up
order, or the Supplier or its Parent Company is unable to pay its debts within
the meaning of Section 123 of the Insolvency Act 1986 (except where the
claim is made under Section 123(1)(a) and is for an amount of less than ten
thousand pounds (£10,000)) or any similar event occurs under the law of any
other jurisdiction.
Where the circumstances detailed in clause 19.2 (Warranties and Representations)
or clause 34.2 (Corrupt Gifts and Payments of Commission) arise.
10
16.6
16.7
(f)
The Supplier fails to meet any Default Service Level, as set out in part 3.10 of
schedule 3 (Services), on three occasions within any consecutive 12 month period.
(g)
In the event that any authorisation or licence required by the Supplier to provide the
Ordered Services, including any licence under the Wireless Telegraphy Act 1949 and
the general authorisation under the Communications Act 2003, is revoked or
withdrawn.
For the purposes of clause 16.5(a) the following shall be disregarded:
(a)
any change in beneficial or legal ownership of any shares that are listed on a stock
exchange resulting in the relevant shareholding being less than or equal to five per
cent (5%) of the total issued share capital; and
(b)
any transfer of shares or of any interest in shares by a person to its Affiliate where
such transfer forms part of a bona fide reorganisation or restructuring.
Without prejudice to the provisions of clause 16.2 the Authority may at any time by notice in
writing terminate this Framework Agreement forthwith if the Supplier is in material Default of
any obligation under this Framework Agreement and:
(a)
the material Default is capable of remedy and the Supplier shall have failed to remedy
the material Default within thirty (30) Days of written notice to the Supplier specifying
the material Default and requiring its remedy; or
(b)
the material Default is not capable of remedy.
16.8
The Supplier shall promptly notify the Authority in writing on each occasion of the occurrence
of any of the events specified in clause 16.5(c).
16.9
The Authority shall only be permitted to exercise its rights pursuant to clause 16.5(c) for six
(6) Months after service of a notice by the Supplier pursuant to clause 16.8 relative to each
such Change of Control and shall not be permitted to exercise such rights where the Authority
has agreed in advance in writing to the particular Change of Control and such Change of
Control takes place as proposed.
17
Consequences of termination and expiry
17.1
Notwithstanding the service of a notice to terminate this Framework Agreement, the Supplier
shall continue to fulfil its obligations under this Framework Agreement until the date of expiry
or termination of this Framework Agreement or such other date as required under this clause
17.
17.2
A termination of this Framework Agreement shall not cause any Contracts to terminate
automatically. For the avoidance of doubt, all Contracts shall remain in force unless and until
they are terminated or expire in accordance with their own terms.
17.3
On termination of this Framework Agreement, the Supplier shall cease to use all Authority
Data and within ten (10) Working Days of the date of termination, the Supplier shall return to
the Authority any data and Confidential Information belonging to the Authority in the Supplier's
possession, power or control, either in its then current format or in a format nominated by the
Authority, together with all training manuals and other related documentation, and any other
information and all copies thereof owned by the Authority, save that it may keep one copy of
any such data or information:
10-404788-3
11
(a)
for a period of up to twelve (12) Months to comply with its obligations under clause
17.4, or such period as is necessary for such compliance; and
(b)
for such period as is necessary to enable the Supplier to perform its obligations under
any Contract.
17.4
The Supplier shall comply with its obligations as set out in the Exit Plan, to manage a smooth
transition of the provision of the Devices and Services from the Supplier to a new contractor
or the Authority.
17.5
The Parties shall continue to comply with their respective obligations under schedule 9
(Charges Variation Procedure).
17.6
The Authority shall be entitled to require access to data or information to be provided under
this Framework Agreement and arising from the provision of the Services by the Supplier until
the latest of:
(a)
the expiry of a period of twelve (12) Months following termination or expiry of this
Framework Agreement; or
(b)
the expiry of a period of three (3) Months following the date on which the Supplier
ceases to provide any Ordered Services under any Contract.
17.7
The provisions of clauses 1, 14, 17, 19, 20, 22, 23, 25, 26, 28, 30, 35, 37, 42 to 47 (inclusive)
and the relevant provisions of the Exit Plan, schedules 1 (Definitions) and 7 (Management
Information) (and without limitation to the foregoing, any other provision of this Framework
Agreement which by its terms is to be performed or observed notwithstanding termination or
expiry or which is expressed to survive termination or expiry) shall survive the termination or
expiry of this Framework Agreement, together with any other provision which is either
expressed to or by implication is intended to survive termination.
18
Force Majeure
18.1
Subject to the remaining provisions of this clause 18, either party to this Framework
Agreement may claim relief from liability for non-performance of its obligations to the extent
this is due to a Force Majeure Event. In particular, the Supplier shall be relieved from its
Service Credits obligation to the extent that the Services are affected by the Force Majeure
Event and the Charges shall be reduced to the extent that the Customer does not receive the
Services as a result of the Force Majeure Event.
18.2
A party cannot claim relief if the Force Majeure Event is attributable to its wilful act, neglect or
failure to take reasonable precautions against the relevant Force Majeure Event.
18.3
The Supplier cannot claim relief from a Force Majeure Event to the extent that it is required to
comply with the BCDR Plan but has failed to do so.
18.4
An Affected Party cannot claim relief as a result of a failure or delay by any other person in
the performance of that other person's obligations under a contract with the Affected Party
(unless that other person is itself prevented from or delayed in complying with its obligations
as a result of a Force Majeure Event).
18.5
The Affected Party shall immediately give the other party written notice of the Force Majeure
Event. The notification shall include details of the Force Majeure Event together with
evidence of its effect on the obligations of the Affected Party, and any action the Affected
Party proposes to take to mitigate its effect.
10-404788-3
12
18.6
As soon as practicable following after the Affected Party's notification, the parties shall consult
with each other in good faith and use all reasonable endeavours to agree appropriate terms to
mitigate the effects of the Force Majeure Event and to facilitate the continued performance of
this Agreement. Where the Supplier is the Affected Party, it shall comply with its obligations in
the BCDR Plan, schedule 3 (Services) and schedule 13 (Solutions), and shall take all steps in
accordance with Good Industry Practice to overcome or minimise the consequences of the
Force Majeure Event.
18.7
The Affected Party shall notify the other party as soon as practicable after the Force Majeure
Event ceases or no longer causes the Affected Party to be unable to comply with its
obligations under this Agreement. Following such notification, this Agreement shall continue
to be performed on the terms existing immediately before the occurrence of the Force
Majeure Event unless agreed otherwise by the parties.
19
Warranties and representations
19.1
The Supplier warrants and represents that:
(a)
it has full capacity and authority and all necessary consents (including, where its
procedures so require, the consent of its Parent Company) to enter into and to
perform this Framework Agreement and that this Framework Agreement is executed
by a duly authorised representative of the Supplier;
(b)
as at the date hereof, all information contained in its tender for the Services remains
true, accurate, and not misleading save as may have been specifically disclosed in
writing to the Authority prior to the execution of this Framework Agreement;
(c)
this Framework Agreement shall be performed in compliance with all applicable laws,
enactments, orders, regulations and other similar instruments as amended from time
to time;
(d)
the Services shall be provided and carried out by appropriately experienced, qualified
and trained personnel with all due skill, care and diligence;
(e)
it shall discharge its obligations hereunder with all due skill, care and diligence
including good industry practice and (without limiting the generality of this clause 19
in accordance with its own established internal procedures;
(f)
it owns, has obtained or shall obtain valid licences for all Intellectual Property Rights
that are necessary for the performance of this Framework Agreement and the use of
the Services by Customers;
(g)
it has taken and shall continue to take all steps, in accordance with good industry
practice, to prevent the introduction, creation or propagation of any disruptive element
(including any virus, worm and/or trojan horse) into systems, data, software or
Confidential Information (held in electronic form) owned by or under the control of, or
used by, Customers and/or the Authority;
(h)
on behalf of itself and its Affiliates or Parent Company, in the three (3) years prior to
the date of this Framework Agreement and continuing throughout the Term:
(i)
10-404788-3
it has conducted all financial accounting and reporting activities in compliance
in all material respects with the generally accepted accounting principles that
apply to it in any country where it files accounts;
13
(i)
19.2
(ii)
it has been in full compliance with all applicable securities laws and
regulations in the jurisdiction in which it is established; and
(iii)
it has not performed any act or omission with respect to its financial
accounting or reporting which could have an adverse effect on the Supplier's
position as an ongoing business concern or its ability to fulfil its obligations
under this Framework Agreement;
in its acceptance of an Order, it will enter into a contract with a Customer on the
terms and conditions of the Model Contract without amendment thereto save for the
necessary information to complete the Model Contract as specified in the Order.
The Supplier acknowledges that:
(a)
any breach of the warranties in clause 19.1 (other than a breach of clause 19.1(h))
shall be remedied as a matter of urgency at no cost to the Authority. Failure to
remedy (if capable of remedy) such to comply with clause 19.1 within five (5) Working
Days of notification by the Authority shall constitute a breach of this Framework
Agreement entitling the Authority to terminate in accordance with clause 16.7; and
(b)
a breach by the Supplier of its obligations in clause 19.1(h) shall afford the Authority
the right to immediately terminate this Framework Agreement without liability or
payment of any charges or costs whatsoever.
19.3
Except as expressly stated in this Framework Agreement, all warranties and conditions,
whether express or implied by statute, common law or otherwise (including fitness for
purpose) are hereby excluded to the extent permitted by law.
20
Limitation of liability
20.1
Neither the Authority nor the Supplier excludes nor limits liability to the other for:
(a)
death or personal injury; or
(b)
for fraud or fraudulent misrepresentation.
20.2
Nothing in this clause 20 shall be taken as limiting the liability of the Supplier in respect of
clause 23 (Data Protection), clause 25 (IPR), clause 26 (Confidentiality) and Part 2 of
Schedule 16 (Staff Transfer).
20.3
Subject always to the provisions of clauses 20.1 and 20.2, the aggregate liability of the
Supplier for each year of this Framework Agreement for all matters for which the Supplier is
required to maintain insurance under this Framework Agreement, where the liability arises
under contract, tort (including negligence) or otherwise in connection with this Framework
Agreement (but excluding any liability governed by any Contracts, these being subject to the
limitation of liability as set out in the Contracts) shall in no event exceed the level of insurance
cover required to be maintained in accordance with this Framework Agreement in respect of
claims relating to a failure by the Supplier to implement or maintain the Solution and in
respect of all other claims one million pounds (£1,000,000) in the aggregate for each year of
this Framework Agreement. Subject to clause 20.1, the aggregate liability of the Authority, in
addition to its obligation to pay any Charges for each year of this Framework Agreement, shall
not exceed a sum equal to the level of insurance cover required to be maintained by the
Supplier under this Framework Agreement for claims which would be claimable under such
10-404788-3
14
insurances were the Authority to take out such insurances and in respect of all other claims
one million pounds (£1,000,000).
20.4
20.5
Subject always to the provisions of clauses 20.1 and 20.2, in no event shall either the
Authority or the Supplier be liable to the other for:
(a)
indirect or consequential loss or damage; and/or
(b)
loss of profits, business opportunities, revenue, goodwill or anticipated savings
provided that nothing in this clause 20.4 shall prevent the Supplier from recovering
the Charges where these are payable by the Authority.
Subject always to the provisions of clauses 20.1 and 20.2, the provisions of clause 20.4 shall
not be taken as limiting the right of either the Authority or the Supplier to claim from the other
for:
(a)
additional operational and administrative costs and expenses;
(b)
any costs or expenses rendered nugatory; and
(c)
damage due to the loss of data, but only to the extent that such losses relate to the
costs of working around any loss of data and the direct costs of recovering or
reconstructing such data,
resulting directly from the Default of the other party.
20.6
For the purposes of clause 20.3, "a year of this Framework Agreement" shall mean a period
of twelve (12) Months commencing on the date hereof or on any anniversary of that date
thereafter.
20.7
Nothing in this Framework Agreement shall limit the right of the Authority to claim from the
Supplier any Management Charge properly due to the Authority in accordance with the terms
of this Framework Agreement. Any such sum shall not be included within the Supplier's
limitation of liability as set out in clause 20.3.
20.8
Neither party shall be entitled to recover compensation, or make a claim under this
Framework Agreement, in respect of any loss incurred where it has already been
compensated for that loss under a Contract.
20.9
The Supplier acknowledges that the Authority can enforce the provisions of the Framework
Agreement as agent for each Customer, or in the Authority's name in respect of recoverable
losses incurred by a Customer.
20.10
The liability of the Supplier pursuant to, or in relation with the Framework Agreement arising
out of the performance or non-performance of the Services shall be specified in each
Contract.
20.11
The Authority and the Supplier expressly agree that should any limitation or provision
contained in this clause 20 be held to be invalid under any applicable statute or rule of law, it
shall to that extent be deemed omitted, but if either of them thereby becomes liable for loss or
damage which would otherwise have been excluded, such liability shall be subject to the
other limitations and provisions set out herein.
20.12
Subject to clauses 20.1 and 20.2 neither party shall be liable to the other (the claiming party)
to the extent that any action, proceeding, liability, tort, claim, loss, expense and/or demand
10-404788-3
15
arises as a result of the claiming party’s negligence, wilful default or failure to comply with its
obligations under this Framework Agreement.
21
Complaints handling
21.1
Subject to the provisions of clause 9 (Governance), the Supplier shall inform the Authority of
any Complaint within five (5) Working Days of becoming aware of that Complaint.
21.2
Without prejudice to any rights and remedies that a complainant may have at law, including
under this Framework Agreement or a Contract, and without prejudice to any obligation of the
Supplier to take remedial action under the provisions of this Framework Agreement or a
Contract, the Supplier shall use all reasonable endeavours to resolve the Complaint and in so
doing, shall deal with the Complaint fully, expeditiously and fairly.
21.3
Within three (3) Working Days of a request by the Authority, the Supplier shall provide full
details of a Complaint to the Authority, including details of steps taken to its resolution.
22
Authority Data
22.1
The Supplier shall not delete or remove any proprietary notices contained within or relating to
the Authority Data.
22.2
The Supplier shall not store, copy, disclose, or use the Authority Data except as necessary for
the performance by the Supplier of its obligations under this Framework Agreement or as
otherwise expressly authorised in writing by the Authority.
22.3
To the extent that Authority Data is held and/or processed by the Supplier, the Supplier shall
supply that Authority Data to the Authority as requested by the Authority in the format
specified in schedule 3 (Services) and/or in part 1 of schedule 16 (Exit Assistance).
22.4
Upon receipt or creation by the Supplier of any Authority Data and during any collection,
processing, storage and transmission by the Supplier of any Authority Data, the Supplier shall
take all precautions necessary to preserve the integrity of the Authority Data and to prevent
any corruption or loss of the Authority Data, in accordance with the Security Policy.
22.5
The Supplier shall perform secure back-ups of all Authority Data and shall ensure that up-todate back-ups are stored off-site in accordance with the Business Continuity Plan. The
Supplier shall ensure that such back-ups are available to the Authority at all times upon
request and are delivered to the Authority at no less than 3 month intervals.
22.6
The Supplier shall ensure that any system on which the Supplier holds any Authority Data,
including back-up data, is a secure system that complies with the Security Policy, and that
security is maintained to the level required by schedule 14 (Security Policy) and is subject to
the audit rights at clause 38 (Audit).
22.7
If the Authority Data is corrupted, lost or sufficiently degraded as a result of the Supplier's
Default so as to be unusable, the Authority may:
10-404788-3
(a)
require the Supplier (at the Supplier's expense) to restore or procure the restoration
of the Authority Data and the Supplier shall do so as soon as practicable but not later
than 20 Working Days; and/or
(b)
itself restore or procure the restoration of the Authority Data, and shall be repaid by
the Supplier any reasonable expenses incurred in doing so.
16
22.8
If at any time the Supplier suspects or has reason to believe that Authority Data has or may
become corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier
shall notify the Authority immediately and inform the Authority of the remedial action the
Supplier proposes to take.
23
Data Protection
23.1
With respect to the parties' rights and obligations under this Framework Agreement, the
parties agree that the Authority is the Data Controller and that the Supplier is the Data
Processor.
23.2
The Supplier shall:
(a)
Process the Personal Data only in accordance with instructions from the Authority
(which may be specific instructions or instructions of a general nature as set out in
this Framework Agreement or as otherwise notified by the Authority to the Supplier
during the Term);
(b)
Process the Personal Data only to the extent, and in such manner, as is necessary
for the provision of the Services or as is required by Law or any Regulatory Body;
(c)
implement appropriate technical and organisational measures to protect the Personal
Data against unauthorised or unlawful processing and against accidental loss,
destruction, damage, alteration or disclosure. These measures shall be appropriate to
the harm which might result from any unauthorised or unlawful Processing, accidental
loss, destruction or damage to the Personal Data and having regard to the nature of
the Personal Data which is to be protected;
(d)
take reasonable steps to ensure the reliability of any Supplier Personnel who have
access to the Personal Data;
(e)
obtain prior written consent from the Authority in order to transfer the Personal Data
to any Sub-contractors or Affiliates for the provision of the Services;
(f)
ensure that all Supplier Personnel required to access the Personal Data are informed
of the confidential nature of the Personal Data and comply with the obligations set out
in this clause 23;
(g)
ensure that none of Supplier Personnel publish, disclose or divulge any of the
Personal Data to any third party unless directed in writing to do so by the Authority;
(h)
notify the Authority (within five Working Days) if it receives:
(i)
(i)
a request from a Data Subject to have access to that person's Personal Data;
or
(ii)
a complaint or request relating to the Authority's obligations under the Data
Protection Legislation;
provide the Authority with full cooperation and assistance in relation to any complaint
or request made, including by:
(i)
10-404788-3
providing the Authority with full details of the complaint or request;
17
(ii)
complying with a data access request within the relevant timescales set out in
the Data Protection Requirements and in accordance with the Authority's
instructions;
(iii)
providing the Authority with any Personal Data it holds in relation to a Data
Subject (within the timescales required by the Authority); and
(iv)
providing the Authority with any information requested by the Authority;
(j)
permit the Authority or the Authority Representative (subject to reasonable and
appropriate confidentiality undertakings), to inspect and audit, in accordance with
clause 21 (Audit), the Supplier's data Processing activities (and/or those of its agents,
subsidiaries and Sub-contractors) and comply with all reasonable requests or
directions by the Authority to enable the Authority to verify and/or procure that the
Supplier is in full compliance with its obligations under this Framework Agreement;
(k)
provide a written description of the technical and organisational methods employed
by the Supplier for processing Personal Data (within the timescales required by the
Authority); and
(l)
not Process Personal Data outside the European Economic Area without the prior
written consent of the Authority and, where the Authority consents to a transfer, to
comply with:
(i)
the obligations of a Data Controller under the Eighth Data Protection Principle
set out in Schedule 1 of the Data Protection Act 1998 by providing an
adequate level of protection to any Personal Data that is transferred; and
(ii)
any reasonable instructions notified to it by the Authority.
23.3
The Supplier shall comply at all times with the Data Protection Requirements and shall not
perform its obligations under this Framework Agreement in such a way as to cause the
Authority to breach any of its applicable obligations under the Data Protection Requirements.
The Supplier's attention is hereby drawn to the Data Protection Requirements.
23.4
The Supplier shall observe the terms of each agreement relating to the safeguarding and
processing of Personal Data.
23.5
The Authority may from time to time serve on the Supplier an information notice requiring the
Supplier within such time and in such form as is specified in the information notice, to furnish
to the Authority such information as the Authority may reasonably require relating to:
(a)
compliance by the Supplier with the Supplier's obligations under this Framework
Agreement or any Contract in connection with the processing of Personal Data;
and/or
(b)
the rights of data subjects, including but not limited to subject access rights.
23.6
The Supplier will allow its data processing facilities, procedures and documentation to be
submitted for scrutiny by the Authority or its auditors in order to ascertain compliance with the
relevant laws of the United Kingdom and the terms of this Framework Agreement.
23.7
Save as set out in this clause 23, any unauthorised processing, use or disclosure of Personal
Data by the Supplier is strictly prohibited.
10-404788-3
18
23.8
The Supplier shall be liable for and shall indemnify (and keep indemnified) the Authority
against each and every action, proceeding, liability, cost, claim, loss, expense (including
reasonable legal fees and disbursements on a solicitor and client basis) and demands
incurred by the Authority which arise directly or in connection with the Supplier's data
processing activities under this Framework Agreement, including without limitation those
arising out of any third party demand, claim or action, or any breach of contract, negligence,
fraud, wilful misconduct, breach of statutory duty or non-compliance with any part of the Data
Protection Requirements by the Supplier or its employees, servants, agents or SubContractors other than those arising directly as a result of the Supplier complying with the
Authority’s instructions.
24
Personnel Security
24.1
The Supplier shall comply with the Personnel Vetting Procedures in respect of all Supplier
Personnel employed or engaged in the provision of the Services. The Supplier confirms that
all Supplier Personnel employed or engaged by the Supplier at the date hereof were vetted
and recruited on a basis that is equivalent to and no less strict than the Personnel Vetting
Procedures.
24.2
The Supplier shall provide training on a continuing basis for all Supplier Personnel employed
or engaged in the provision of the Services in compliance with the Security Policy and
Security Plan.
25
Intellectual Property Rights
25.1
Save as granted under this Framework Agreement, neither the Authority nor the Supplier
shall acquire any right, title or interest in the other's pre-existing Intellectual Property Rights.
25.2
The Supplier hereby grants to the Authority, or shall procure the grant to the Authority of:
(a)
a royalty-free, irrevocable, non-exclusive licence in or in relation to such of the
Supplier’s or any third party’s Intellectual Property Rights as are necessary for the
sole purpose of enabling the Authority to use the Devices and Services in accordance
with this Framework Agreement and such licence shall expire upon termination or
expiry of this Framework Agreement; and
(b)
a royalty-free, perpetual, irrevocable, non-exclusive licence in relation to any Project
Specific IPR, as are necessary for the purpose of enabling the Authority to use the
Solution in accordance with this Framework Agreement, and to enable the transfer of
the Solution to an alternative provider.
25.3
The Authority hereby grants to the Supplier a royalty-free, non-exclusive, non-transferable
licence during the Term to use such of the Authority's Intellectual Property Rights and/or
Authority Data, as is necessary for the sole purpose of performing the Supplier's obligations
under this Framework Agreement and the Contracts.
25.4
All title, interest and Intellectual Property Rights in any Materials developed by, for or on
behalf of the Supplier (excluding for the avoidance of doubt any third party Intellectual
Property Rights) in anticipation of, in connection with and/or in the course of performance,
provision or receipt of the Services shall belong to and vest in the Authority.
25.5
The Supplier hereby assigns absolutely (and shall procure that all representatives,
employees, Sub-Contractors, contractors and agents assign absolutely) to the Authority, by
way of present assignment of existing and all future property, rights, title and interest and all
10-404788-3
19
Intellectual Property Rights in Materials, all of which shall vest in the Authority immediately
upon creation of the same with full title guarantee and free from all encumbrances and other
rights of whatever nature exercisable by any third party, together with the right to take action
for any past, present and future damages and other remedies in respect of any infringement
or alleged infringement of such Intellectual Property Rights.
25.6
The Supplier warrants that the provision of the Services and the performance of the Supplier's
responsibilities hereunder shall not infringe any Intellectual Property Rights of any third party.
25.7
The Supplier shall indemnify the Authority against all claims, demands, actions, costs,
expenses (including legal costs and disbursements on a solicitor and client basis), losses and
damages arising from or incurred by reason of any infringement or alleged infringement
(including the defence of such alleged infringement) of any Intellectual Property Right by the
availability of the Services or the performance of the Supplier's or the Authority's
responsibilities hereunder, except to the extent that such liabilities have resulted directly from
the Authority's failure properly to observe its obligations under this clause 25.
25.8
The Supplier shall promptly notify the Authority if any claim or demand is made or action
brought against the Supplier for infringement or alleged infringement of any Intellectual
Property Right that may affect the availability of the Services hereunder.
25.9
If a claim or demand is made or action brought to which clause 25.3 may apply, or in the
reasonable opinion of the Supplier is likely to be made or brought, the Supplier may at its own
expense and within a reasonable time either:
(a)
modify any or all of Available Services without reducing the performance and
functionality of the same, or substitute alternative services of equivalent performance
and functionality for any or all of the Available Services, so as to avoid the
infringement or the alleged infringement, provided that the terms herein shall apply
mutatis mutandis to such modified or substituted items or services and such
substitution shall not increase the burden on Customers party to a Contract; or
(b)
procure a licence to use relevant Intellectual Property Rights on terms that are
reasonably acceptable to the Authority.
25.10
If the Supplier elects to modify or replace an item pursuant to clause 25.9(a) or to procure a
licence in accordance with clause 25.9(b), but this has not avoided or resolved such claim,
then the Authority may terminate this Framework Agreement by written notice with immediate
effect and, without prejudice to the indemnity set out in clause 25.7, the Supplier shall be
liable for all reasonable and unavoidable costs of the substitute items and/or services
including the additional costs in procuring, implementing and maintaining the substitute items.
26
Confidentiality
26.1
The Authority and the Supplier acknowledge that any Confidential Information originating
from:
26.2
10-404788-3
(a)
the Authority, its servants or agents is the property of the Authority; and
(b)
each Customer, its servants or agents is the property of the Customer; and
(c)
the Supplier, its employees, servants or agents is the property of the Supplier.
The Supplier and the Authority shall procure that:
20
26.3
26.4
26.5
10-404788-3
(a)
any person employed or engaged by them shall only use Confidential Information for
the purposes of this Framework Agreement;
(b)
any person employed or engaged by them in connection with this Framework
Agreement shall not, in the course of such employment or engagement, disclose any
Confidential Information to any third party without the express prior written consent of
the originator of that Confidential Information;
(c)
they shall take all necessary precautions to ensure that all Confidential Information is
treated as confidential and not disclosed (save as aforesaid) or used other than for
the purposes of this Framework Agreement by their employees, servants, agents or
sub-contractors; and
(d)
without prejudice to the generality of the foregoing neither they nor any person
engaged by them whether as a servant or a consultant or otherwise shall use the
Confidential Information for the solicitation of business from the other or from a
Customer or from any third party.
The provisions of clause 26.1 and clause 26.2 shall not apply to any information which:
(a)
is or becomes public knowledge other than by breach of this clause 26; or
(b)
is in the possession of the recipient without restriction in relation to disclosure before
the date of receipt from the disclosing party; or
(c)
is received from a third party who lawfully acquired it and who is under no obligation
restricting its disclosure; or
(d)
is independently developed without access to the Confidential Information; or
(e)
must be disclosed pursuant to a statutory, legal or parliamentary obligation placed
upon the party making the disclosure, including any requirements for disclosure under
the Freedom of Information Act 2000 or the Environmental Information Regulations
2004.
Nothing in this clause 26 shall be deemed or construed to prevent the Authority from
disclosing any Confidential Information obtained from the Supplier:
(a)
to any other Health Service Body, or a Contracting Authority, provided that the
Authority has required that such information is treated as confidential by such bodies;
(b)
to any Customer, insofar as is reasonably necessary for the Customer to procure and
make best use of the Services, provided that the Authority shall have required that
such information be treated as confidential by such Customer and its servants; and
(c)
to any consultant, contractor or other person engaged by the Authority in connection
herewith, provided that the Authority shall have required that such information be
treated as confidential by such consultant, contractor or other person, together with
their servants.
Nothing in this clause 26 shall prevent the Supplier or the Authority from using ideas and
know-how gained during the performance of this Framework Agreement in the furtherance of
its normal business, to the extent that this does not relate to a disclosure of Confidential
Information or an infringement by the Authority or the Supplier of any Intellectual Property
Rights.
21
27
Publicity
27.1
Subject to clause 13 (Marketing), the Supplier shall not use any Authority Marks in any
promotional or marketing material, make any press announcements or publicise this
Framework Agreement in any way without the Authority's prior written consent. The Supplier
shall ensure the observance of the provisions of this clause 27 by all their employees,
servants, agents and Sub-Contractors.
27.2
The Authority shall be entitled to publicise this Framework Agreement in accordance with any
legal obligation upon the Authority, including any examination of this Framework Agreement
by the National Audit Office pursuant to the National Audit Act 1983 or otherwise.
27.3
Subject to clause 27.1, the Supplier shall work with the Authority to prepare a marketing plan
for the delivery of the Lone Worker Protection Programme.
28
Dispute resolution
28.1
Any dispute arising under, or in connection with this Framework Agreement shall be dealt with
in accordance with the terms set out in clause 25 of the Model Contract and schedule 2-8
(Dispute Resolution Procedure) of the Model Contract which shall apply mutatis mutandis to
the Framework Agreement as if set out fully in the body of this Framework Agreement.
28.2
Each party agrees that the other shall, where relevant to the subject matter of the dispute, be
entitled to join any Customer in any mediation, arbitration or litigation between the Authority
and the Supplier and shall be entitled to keep any Customer informed of all disputes between
the Authority and the Supplier.
29
Insurance
The Supplier shall take out and maintain, or procure the maintenance of insurances, in
accordance with the provisions of schedule 18 (Insurance Requirements).
30
Recovery of sums due
If any sum of money shall be due from the Supplier, the same may be deducted from any sum
then due or which at any time thereafter may become due to the Supplier under this
Framework Agreement and any Contract.
31
Statutory requirements
31.1
The Supplier shall observe all statutory provisions and approved safety standards applicable
to the Services and their provision, including the Authority's Security Policy at schedule 14
(Security Policy), and shall be responsible for obtaining all licences, consents or permits
required for the performance of this Framework Agreement and the Contracts.
31.2
The Supplier shall inform the Authority and Customers if the Services are hazardous to health
or safety and of the precautions that should be taken in respect thereto.
31.3
The Supplier shall take all measures necessary to comply with the requirements of the Health
and Safety at Work etc. Act 1974 and any other acts, orders, regulations and codes of
practice relating to health and safety, which may apply to staff in the performance of this
Framework Agreement and Contracts.
10-404788-3
22
32
Environmental requirements
32.1
The Supplier shall comply in all material respects with all applicable environmental laws and
regulations in force from time to time in relation to the Services, including the Waste Electric
and Electronic Equipment Regulations Act 2006. Without prejudice to the generality of the
foregoing, the Supplier shall promptly provide all such information regarding the
environmental impact of the Services as may reasonably be requested by the Authority.
32.2
The Supplier shall meet all reasonable requests by Customers for information evidencing
compliance with the provisions of this clause 32 by the Supplier.
32.3
The Supplier shall complete an Environmental Questionnaire within five (5) Working Days of
execution of this Framework Agreement.
32.4
In the event that circumstances or practices change such that any responses given by the
Supplier in the Environmental Questionnaire are no longer current, the Supplier shall notify
the Authority in accordance with the provisions of clause 14 (Communications).
33
Discrimination
33.1
The Supplier shall not unlawfully discriminate within the meaning and scope of the provisions
of the Sex Discrimination Act 1975, the Race Relations Act 1976, the Disability Discrimination
Act 1995, the Employment Equality (Religion or Belief) Regulations 2003, the Employment
Equality (Sexual Orientation) Regulations 2003, the Employment Equality (Age) Regulations
2006 or any statutory modification or re-enactment thereof or any other Law relating to
discrimination in employment.
33.2
The Supplier shall take all reasonable steps to secure the observance of the provisions of
clause 33.1 by the Sub-Contractors employed in the execution of this Framework Agreement.
34
Corrupt gifts and payments of commission
34.1
The Supplier shall not:
34.2
10-404788-3
(a)
offer or give or agree to give any person employed by or on behalf of the Authority, a
Customer or any other public body ("Relevant Person") or any person acting for and
on behalf of a Customer or the Authority any gift or consideration of any kind as an
inducement or reward for doing, forbearing to do, or for having done or forborne to do
any act in relation to the obtaining or execution of this Framework Agreement or
Contracts or any other contract with a Relevant Person or for showing favour or
disfavour to any person in relation to this or any other contract with a Relevant
Person;
(b)
enter into this Framework Agreement or Contracts or any other contract with a
Relevant Person or any person acting for and on behalf of a Customer or the
Authority in connection with which commission has been paid or agreed to be paid by
him or on his behalf, or to his knowledge, unless before this Framework Agreement
and/or any Contract is made particulars of any such commission and of the terms and
conditions of any agreement for the payment thereof have been disclosed in writing to
the Authority.
Any breach of clause 34.1 by the Supplier or by anyone employed by him or acting on his
behalf (whether with or without the knowledge of the Supplier) or the commission of any
offence by the Supplier or by anyone employed by him or acting on his behalf under the
23
Prevention of Corruption Acts 1889 to 1916, in relation to this Framework Agreement or the
Contracts or any other contract with a Relevant Person, Customer, the Authority or any other
public body, shall entitle the Authority to terminate this Framework Agreement with immediate
effect and recover from the Supplier the amount of any loss resulting from such termination
and/or to recover from the Supplier the amount or value of any such gift, consideration or
commission.
34.3
Any dispute, difference or question arising in respect of the interpretation of this clause 34,
the right of the Authority to terminate this Framework Agreement or the amount or value of
any such gift, consideration or commission shall be decided by the Authority, whose decision
shall be final and conclusive.
35
Granting of Trade Marks
35.1
The Supplier shall not apply for a Trade Mark in any part of the world in respect of the
Authority Marks or any derivative of either nor any mark so nearly resembling them as to be
likely to deceive or cause confusion, either during the Term or at any time thereafter except
with the express approval of the Authority.
35.2
The Supplier shall ensure that the provisions of this clause 35 shall apply to its SubContractors.
35.3
The Supplier hereby acknowledges that title to and goodwill in Intellectual Property Rights in
the Authority Marks vests with the Authority and its licensors. The Authority hereby grants to
the Supplier a non-exclusive, non-transferable, revocable licence to use, copy and broadcast
the Authority Marks solely to the extent necessary for the performance of the Supplier's
responsibilities hereunder during the Term.
35.4
The Supplier shall not use the Authority Marks in any way which would allow them to become
generic, lose their distinctiveness, become liable to mislead the public in particular as to their
quality, nature or geographic origin, or be materially detrimental to or inconsistent with the
good name, goodwill, reputation and image of the Authority.
35.5
Unless otherwise specified, nothing contained in this Framework Agreement shall entitle the
Supplier to use the Authority Marks as part of any corporate business or trading name or style
of the Supplier either during or after termination of this Framework Agreement.
36
Transfer and sub-contracting
36.1
This Framework Agreement is personal to the Supplier. Subject to the provisions of clause
36.5, the Supplier shall not assign, novate, sub-contract or otherwise dispose of this
Framework Agreement or any part thereof without the previous consent in writing of the
Authority.
36.2
Subject to the provisions of clause 36.4, the Authority shall be entitled to:
(a)
assign, novate or otherwise dispose of its rights and obligations under this
Framework Agreement or any part thereof to any Contracting Authority; or
(b)
novate this Framework Agreement to any other body (including any private sector
body) which substantially performs any of the functions that previously had been
performed by the Authority,
provided that where such assignment, novation or other disposal increases the burden of the
Supplier's obligations pursuant to this Framework Agreement, the Supplier shall be entitled to
10-404788-3
24
such charges as may be agreed between the Authority and the Supplier to compensate for
such additional burdens.
36.3
Subject to the provisions of clause 36.4, any change in the legal status of the Authority such
that it ceases to be a Contracting Authority shall not affect the validity of this Framework
Agreement. In such circumstances, this Framework Agreement shall bind and inure to the
benefit of any successor body to the Authority.
36.4
If this Framework Agreement is novated to a body which is not a Contracting Authority
pursuant to clause 36.2(b), or if a successor body which is not a Contracting Authority
becomes the Authority pursuant to clause 36.3 (in the remainder of this clause 36 both such
bodies are referred to as the transferee):
(a)
the rights of termination of the Authority in clause 16.3 and clause 16.7 shall be
available, mutatis mutandis, to the Supplier in the event of the bankruptcy, insolvency
or Default of the transferee;
(b)
the transferee shall only be able to assign, novate or otherwise dispose of its rights
and obligations under this Framework Agreement or any part thereof with the
previous consent in writing of the Supplier; and
(c)
the following clause shall be varied from the date of the novation or the date of the
change of status (as appropriate) as set out below as if this Framework Agreement
had been amended by the Authority and the Supplier in accordance with clause 12,
Amendments:
(i)
clause 30 shall be deleted.
36.5
Notwithstanding the provisions of clause 36.1, the Supplier shall be entitled to Sub-Contract
its obligations under Contracts in accordance with the provisions of this clause 36 and
schedule 10 (Sub-Contractors).
36.6
In selecting, appointing and managing sub-contractors, the Supplier shall comply with the
procedures specified in schedule 10 (Sub-Contractors).
36.7
The Supplier shall not enter into any Sub-Contract for the fulfilment of such responsibilities
and obligations as are fulfilled by the principal Sub-Contractors listed in schedule 10 (SubContractors) by any sub-contractor not listed in schedule 10 (Sub-Contractors) without the
prior written approval of the Authority in accordance with the provisions of the Agreement
Change Procedures.
36.8
The Supplier shall, immediately by notice in writing, inform the Authority if it exercises the
rights available to it in accordance with the safeguards/ protection provisions detailed in the
table in paragraph 2 of schedule 10 (Sub-Contractors).
36.9
The Supplier shall not remove or change any Sub-Contractor, or the safeguards/protections in
respect of any Sub-Contractor without giving prior written notice to, and receiving the approval
of, the Authority in accordance with the provisions of the Agreement Change Procedures.
36.10
The Authority reserves the right to veto or withdraw the approval of the use of any SubContractor or partner in the provision of the Services. Such right shall not be exercised
unreasonably, frivolously or vexatiously.
36.11
In the event that the Authority exercises its right pursuant to clause 36.10 the Supplier shall
use all reasonable endeavours to maintain the provision of the Services and the Authority and
10-404788-3
25
the Supplier shall enter into good faith negotiations to agree the impact of the situation on the
provisions of this Framework Agreement.
36.12
The use of Sub-Contractors as set out in schedule 10 (Sub-Contractors) and any subsequent
approval of other sub-contractors by the Authority under this clause 36 shall not in any way
constitute any form of recommendation by the Authority of the Sub-Contractor, whether
implied or otherwise.
36.13
Unless otherwise stated to the contrary, any reference to the Supplier's personnel within this
Framework Agreement shall include the Sub-Contractor's personnel, and where applicable
any reference to the Supplier shall include the Sub-Contractor. Notwithstanding any SubContracting permitted hereunder, the Supplier shall remain primarily responsible for the acts
and omissions of its Sub-Contractors as though they were its own.
36.14
In the event that the Supplier, in accordance with the terms of this Framework Agreement,
enters into a Sub-Contract in connection with this Framework Agreement, the Supplier shall
ensure that a term is included in the Sub-Contract which requires the Supplier to pay all sums
due thereunder to the Sub-Contractor within a specified period, not to exceed thirty (30) days,
from the date of receipt of a valid invoice as defined by the terms of the Sub-Contract.
36.15
The Authority shall not be liable for any payment whatsoever to Sub-Contractors, the burden
of which shall be solely with the Supplier.
37
Rights of Third Parties
37.1
This Framework Agreement shall not create any rights, under the Contracts (Rights of Third
Parties) Act 1999 or otherwise, that shall be enforceable by anyone other than the Authority
and/or the Supplier, except that the rights specified in the following clauses may be enforced
by the following third party beneficiaries:
37.2
10-404788-3
Reference
Third Party Beneficiaries
Clause 2.1
Customers
Clause 4.1
Customers
Clause 4.3
Customers
Clause 5.1
Customers
Clause 6
Customers
Paragraph 4 of Schedule 17 Part 2 (Staff Transfer)
Replacement Contractors
Paragraph 5 of Schedule 17 Part 2 (Staff Transfer)
Replacement Contractors
Paragraph 6 of Schedule 17 Part 2 (Staff Transfer)
Replacement Contractors
Paragraph 7of Schedule 17 Part 2 (Staff Transfer); and
Replacement Contractors
Paragraph 10 of Schedule 17 Part 2 (Staff Transfer)
Replacement Contractors
The Authority shall have the right to act as agent for any Customer to enforce on their behalf
any term of this Framework Agreement, intended for their benefit.
26
37.3
The parties to this Framework Agreement reserve the right to rescind or vary this Framework
Agreement without the consent of any third party who is expressly entitled to enforce this
Framework Agreement in accordance with clause 37.1.
38
Audit
38.1
The Supplier shall document, implement and comply with processes, and keep or cause to be
kept full and accurate Records, such that the Authority (or its statutory auditors or authorised
agents) may verify that the Supplier has complied and is complying with its obligations under
this Framework Agreement and any Contracts, during the Term and for a period of six (6)
years thereafter.
38.2
The Supplier shall provide the Authority with a completed Self Audit Certificate in respect of
each financial year of this Framework Agreement and any Contract. The Self Audit Certificate
shall be completed by the Supplier's auditor and provided to the Authority no later than two
(2) Months after the end of the relevant financial year.
38.3
Without prejudice to the generality of the foregoing, the Supplier shall document, implement
and comply with processes, and keep or cause to be kept full and accurate Records, such
that (and such that the Authority or its statutory auditors or authorised agents may verify that):
10-404788-3
(a)
all Contracts made under this Framework Agreement are ascribed hereto and
included in the Management Information, thus enabling the Authority to verify the
Management Charge;
(b)
Management Information is checked and signed off by a senior officer, other than the
Framework Manager, who understands the obligations and requirements of this
Framework Agreement;
(c)
books of account kept by the Supplier in connection with the provision of the Services
are on an open basis to provide clarity on the breakdown of Charges between
Device, network services and alarm centre costs;
(d)
quotations for the provision of Services under this Framework Agreement accurately
reflect the Charges and content of the Catalogue;
(e)
records are kept of all Contracts entered into;
(f)
Orders are promptly and systematically actioned;
(g)
sales invoices are correct and issued in a timely manner;
(h)
Service Levels are monitored, corrective action is taken where necessary, and
Customers are credited with Service Credits to which they are entitled;
(i)
the service desk has undertaken all of its functions (as outlined in schedule 3
(Services));
(j)
complaints are recorded, investigated and resolved;
(k)
Management Information is accurate and provided promptly to the Authority;
(l)
the Security of Authority Data and Customer Data is maintained;
(m)
quality procedures are complied with; and
27
(n)
external security, quality, environmental management and similar accreditations are
maintained.
38.4
The Supplier shall grant to the Authority, any statutory auditors of the Authority and any
authorised agents of the Authority or of its statutory auditors, the right of reasonable access to
any premises of the Supplier which are used in connection with the performance of the
Supplier's responsibilities and obligations under this Framework Agreement and in relation to
any Contract, together with a right to reasonable access to all computer systems, personnel
and Records. For the avoidance of doubt, the Authority shall be entitled to carry out audits to
determine whether the Supplier has performed its obligations under any Contract.
38.5
Further to the provisions of clause 38.4, the Supplier shall provide, or procure the provision of,
all co-operation and reasonable assistance at all times for the purposes of carrying out an
audit of the Supplier's compliance with this Framework Agreement or any Contract as well as
an audit of all activities, performance, security and integrity in connection therewith.
38.6
Without prejudice to the foregoing, in the event of an investigation into suspected fraudulent
activity or other impropriety by the Supplier or any third party, the Authority reserves for itself,
any statutory auditor of the Authority or of its statutory auditors, or any Crown Body, the right
of immediate access to the premises and documents described in clauses 33.1, 33.2 and
33.3 and the Supplier agrees to render all necessary assistance to the conduct of such
investigation.
38.7
The Authority shall use all reasonable endeavours to ensure that its auditors cause the
minimum amount of disruption to the business of the Supplier, and shall comply with the
building regulations and security requirements of the Supplier while on the Supplier's
premises.
38.8
The Authority reserves the right to publish the results of any audit exercise undertaken
pursuant to this clause 38:
(a)
to Customers and to Potential Customers; and
(b)
as required to enable the Authority to fulfill its obligations to supply information for
parliamentary, governmental, judicial or other administrative purposes.
The Authority will invite the Supplier to comment on the results of the audit exercise and the
proposed publicity material and will take account of those comments to the extent that it
deems fit in any publication. In this respect, the Supplier shall provide comments to the
Authority within five (5) Working Days.
39
Freedom of information
39.1
The Supplier acknowledges that the Authority is subject to the requirements of the Code of
Practice on Government Information, FOIA and the Environmental Information Regulations
and shall assist and cooperate with the Authority to enable the Authority to comply with its
Information disclosure obligations.
39.2
The Supplier shall and shall procure that its Sub-Contractors shall:
(a)
10-404788-3
transfer to the Authority all Requests for Information that it receives as soon as
practicable and in any event within two (2) Working Days of receiving a Request for
Information;
28
(b)
provide the Authority with a copy of all Information in its possession, or power in the
form that the Authority requires within five (5) Working Days (or such other period as
the Authority may specify) of the Authority's request; and
(c)
provide all necessary assistance as reasonably requested by the Authority to enable
the Authority to respond to the Request for Information within the time for compliance
set out in section 10 of the FOIA or regulation 5 of the Environmental Information
Regulations.
39.3
The Authority shall be responsible for determining in its absolute discretion whether any
Information is exempt from disclosure in accordance with the provisions of the Code of
Practice on Government Information, FOIA or the Environmental Information Regulations.
39.4
In no event shall the Supplier respond directly to a Request for Information unless expressly
authorised to do so by the Authority.
39.5
The Supplier acknowledges that the Authority may, acting in accordance with the Department
of Constitutional Affairs' Code of Practice on the Discharge of the Functions of Public
Authorities under Part 1 of the Freedom of Information Act 2000, be obliged to disclose
Information, which may include information that is commercially sensitive to the Supplier,
without consulting or obtaining consent from the Supplier, or despite having taken the
Supplier's views into account.
39.6
The Supplier shall ensure that all Information is retained for disclosure and shall permit the
Authority to inspect such records as requested from time to time.
40
Customer satisfaction monitoring
40.1
The Authority may undertake monitoring of Customer satisfaction with the Services.
40.2
The Authority shall adopt such mechanisms as it may deem appropriate for monitoring
Customer satisfaction.
40.3
The Authority reserves the right to advise Customers and Potential Customers of the findings
of its Customer satisfaction monitoring, which shall include the right to make available, in
paper or electronic form, statistical information derived from any Customer satisfaction
questionnaires issued by the Authority to Customers.
41
Legislative change
41.1
The Supplier shall bear the cost of ensuring that the Services shall comply with all applicable
statutes, enactments, orders, regulations or other similar instruments (Laws) and any
amendments thereto or any additional Laws brought into force, except where any such
amendments to Laws or additional Laws:
41.2
10-404788-3
(a)
necessitates a change to the Available Services; and
(b)
is neither contemplated by the Catalogue nor could reasonably have been foreseen
by the Supplier at the date hereof.
In the event that the provisions of clauses 41.1(a) and 41.1(b) apply, the Authority and the
Supplier shall use all reasonable endeavours to agree that the Supplier is entitled to relief, or
such reasonable adjustments to the Charges as may be necessary to compensate the
Supplier for such additional costs as are both reasonably and necessarily incurred by the
Supplier in accommodating such amendments to Laws or additional Laws.
29
42
Statutory invalidity
The Authority and the Supplier expressly agree that should any limitation or provision
contained in this Framework Agreement or a Contract be held to be invalid under any
particular statute or law, or any rule, regulation or bye-law having the force of law, it shall to
that extent be deemed to be omitted but, if the Authority or the Supplier thereby becomes
liable for loss or damage which would have otherwise been excluded, such liability shall be
subject to the other limitations and provisions set out herein.
43
Severability
Subject to the provisions of clause 42 (Statutory Invalidity), if any provision of this Framework
Agreement is held invalid, illegal or unenforceable for any reason, such provision shall be
severed and the remainder of the provisions hereof shall continue in full force and effect as if
this Framework Agreement had been executed with the invalid provision eliminated. In the
event of a holding of invalidity so fundamental as to prevent the accomplishment of the
purpose of this Framework Agreement, the Authority and the Supplier shall immediately
commence good faith negotiations to remedy such invalidity.
44
Waiver
44.1
The failure of the Supplier or the Authority to insist upon strict performance of any provision of
this Framework Agreement or to exercise any right or remedy to which it is entitled hereunder,
shall not constitute a waiver thereof and shall not cause a diminution of the obligations
established by this Framework Agreement.
44.2
A waiver of any default shall not constitute a waiver of any other default.
44.3
No waiver of any of the provisions of this Framework Agreement shall be effective unless it is
expressed to be a waiver communicated by notice, in accordance with the provisions of
clause 14, Communications.
45
Non-exclusivity
45.1
For the purposes of this Framework Agreement, the Authority shall:
(a)
at all times be entitled to enter into separate contracts with separate Suppliers for the
provision of any or all services the same as or similar to the Services; and
(b)
not be deemed, unless expressly stated to the contrary by the Authority, to make any
representation or warranty to the Supplier in respect of any Customer other than
where the Authority is itself the Customer and enters into any Contract as principal;
(c)
not be deemed to be an agent of any Customer unless expressly stated to the
contrary in this Framework Agreement or by the Authority in an Order.
45.2
No guarantee or representation shall be deemed to have been made by the Authority in
respect of the total quantities or values of the Services to be ordered by any or all Customers.
Further, the Supplier acknowledges and agrees that it has not entered into this Framework
Agreement on the basis of any such guarantee or representation.
45.3
For the avoidance of doubt, nothing in this Framework Agreement shall create an exclusive
relationship between the Supplier and any Customer for the provision of services.
10-404788-3
30
46
Law and Jurisdiction
Subject to the provisions of clause 28, Dispute Resolution, the Authority and the Supplier
accept the exclusive jurisdiction of the English courts and agree that this Framework
Agreement is to be governed by and construed according to English law.
47
Entire agreement
47.1
This Framework Agreement constitutes the entire understanding between the Authority and
the Supplier relating to the subject matter.
47.2
Neither the Authority nor the Supplier has relied upon any representation or promise except
as expressly set out in this Framework Agreement.
47.3
Both the Authority and the Supplier unconditionally waives any rights it may have to claim
damages against the other on the basis of any statement made by the other (whether made
carelessly or not) not set out or referred to in this Framework Agreement (or for breach of any
warranty given by the other not so set out or referred to) unless such statement or warranty
was made or given fraudulently.
47.4
Both the Authority and the Supplier unconditionally waives any rights it may have to seek to
rescind this Framework Agreement on the basis of any statement made by the other (whether
made carelessly or not) whether or not such statement is set out or referred to in this
Framework Agreement unless such statement was made fraudulently.
10-404788-3
31
Signed by
duly authorised for and on behalf of the
Authority
)
)
)
.............................................................................
Signed by
duly authorised for and on behalf of the
Supplier
)
)
)
.............................................................................
10-404788-3
.............................................................................
.............................................................................
32
Schedule 1
Definitions
Affected Party means the party seeking to claim relief in respect of a Force Majeure Event
Affiliate means any person, partnership, joint venture, corporation or other form of enterprise,
domestic or foreign, including but not limited to subsidiaries, that directly or indirectly are
controlled by, or are under common control with the Supplier or a Parent Company
Agreement Change Note (ACN) means the agreement change note specified in schedule 8
(Agreement Change Procedure)
Agreement Change Procedures means the procedures specified in schedule 8 (Agreement
Change Procedure) for making changes to this Framework Agreement
Alarm Handling Software means Supplier software used to manage alarm handling in the
Alarm Receiving Centre (ARC)
Amber Alert means an alert to the ARC from a Device recording User details, location, tasks
and potential risks
ARC means the alarm receiving centre
Authorised Customer Representative means the authorised Customer representative(s)
referred to in schedule 12 (Governance)
Authority Cause means any breach by the Authority of its obligations under this Framework
Agreement
Authority Data means:
(a)
(b)
the data, text, drawings, diagrams, images or sounds (together with any database
made up of any of these) which are embodied in any electronic, magnetic, optical or
tangible media, and which are:
(i)
supplied to the Suppler by or on behalf of the Authority; or
(ii)
generated, processed, stored or transmitted by the Supplier pursuant to this
Framework Agreement; or
any Personal Data for which the Authority is the Data Controller
Authority Marks means the NHS' and the Authority’s (or its licensor’s) trade marks (whether
registered or not), logos and brands pertinent to this Framework Agreement
Available Service means any of the Services listed in schedule 3 (Services)
BCDR Plans means the business continuity and disaster recovery plans set out or referred to
in schedule 13 (Solution) as may be amended from time to time
Business Continuity Plan means the plan set out in schedule 13 (Solution), as may be
amended from time to time
10-404788-3
33
Catalogue means the catalogue of Services that shall be made available to the Authority by
the Supplier in electronic format. The Catalogue shall specify the Catalogue Entries
Catalogue Entry means a listing of a Service in the Catalogue
Change has the meaning given in clause 12.2
Change of Control means a change of control as defined by Section 416 of the Income and
Corporation Taxes Act 1988 in the Supplier or its Parent Company
Charges means in relation to any Contract, the charges set out in schedule 2-2 (Services)
and 2-3 (Charges) of that Contract
Charges Variation Procedure means the procedure for varying the Charges specified in a
Contract specified in schedule 2-2 (Services) and 2-3 (Charges) of the relevant Contract
Complaint means any complaint made by a Customer in respect of the Supplier not fulfilling
its obligations under the terms of a Contract, other than not meeting any applicable Service
Levels
Confidential Information means any information, however it is conveyed, that relates to the
business, affairs, developments, trade secrets, know-how, personnel and Suppliers of either
party, including Intellectual Property Rights, together with all information derived from the
above in relation to the Framework Agreement or the Contracts, any information related to the
Services, Users of the Device and/or Red Alerts and Amber Alerts, and any other information
clearly designated as being confidential (whether or not it is marked as confidential) or which
ought reasonably to be considered to be confidential
Contract means the binding agreement for the provision of Ordered Services entered into by
the Supplier and a Customer (and where relevant the Authority) in accordance with the
provisions of this Framework Agreement. Each Contract shall be constructed by the Supplier,
using the relevant Model Contract in schedule 2 (Model Contract)
Contract Change Procedure means the contract change procedure, specified in clause 6
(Amendments to this Contract) of any Contract, for making changes to a Contract
Contracting Authority means a contracting Authority as defined in Regulation 5(2) of the
Public Contracts Works Services and Supply (Amendment) Regulations 2000
Customer means a Potential Customer that has entered into Contract or has made an Order
Data Controller shall have the same meaning as set out in the Data Protection Act 1998
Data Protection Requirements mean the Data Protection Act 1998, the EU Data Protection
Directive 95/46/EC,
the
Regulation
of
Investigatory
Powers
Act 2000,
the
Telecommunications (Lawful Business Practice) (Interception of Communications)
Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection
Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive)
Regulations 2003, and all applicable laws and regulations relating to processing of personal
data and privacy, including where applicable the guidance and codes of practice issued by
the Information Commissioner
Days means calendar days
10-404788-3
34
Default means any breach of the obligations of any party (including fundamental breach or
breach of a fundamental term) or any default, act, omission, negligence or negligent
statement of any party, its employees, agents or sub-contractors in connection with or in
relation to the subject matter of this Framework Agreement, including Contracts arising
hereunder, and in respect of which such party is liable to the other
Default Service Level means the threshold level of service performance identified as such in
the table in part 3.10 of schedule 3 (Services)
Device means a lone worker device as specified in schedule 3 (Services) including any
accessories or peripheral items supplied by the Supplier pursuant to this Framework
Agreement or a Contract
Device Refresh means refresh of device on replacement and shall include one or more of
firmware upgrade, battery and casing
Environmental Information Regulations mean the Environmental Information
Regulations 2004 and any guidance and/or codes of practice issued by the Information
Commissioner in relation to such regulations
Environmental Questionnaire means the environmental questionnaire that can be accessed
directly via the dedicated website: http://seq.ogcbuyingsolutions.gov.uk/Suppliers/
Escalation Contact is the escalation point(s) that the ARC will contact in the event of a Red
Alert
False Alarm is a Red Alert signal that is accidentally or unintentionally activated
Force Majeure Event means the occurrence after the date of this Framework Agreement of:
(a)
war, civil war, armed conflict or terrorism; or
(b)
nuclear, chemical or biological contamination unless the source or the cause of the
contamination is the result of the actions of or the breach by the Supplier or its SubContractors; or
(c)
pressure waves caused by devices travelling at supersonic speeds,
which directly causes either party (the Affected Party) to be able to comply with all or a
material part of its obligations under this Framework Agreement
Framework Agreement means this Framework Agreement, comprised of the clauses and
schedules
Framework Manager means a representative of either party responsible for ensuring the
parties are performing their obligations under this Framework Agreement
FOIA means the Freedom of Information Act 2000 and any subordinate legislation made
under this Act from time to time together with any guidance and/or codes of practice issued by
the Information Commissioner in relation to such legislation
Genuine Alarm means a Device activated due to User's perceived personal safety risk
Genuine Alarm Escalated to the Emergency Services means an Alarm raised by a User
and escalated to the Emergency Services
10-404788-3
35
Genuine Alarm Closed Safely means an Alarm raised by a User due to a perception of risk
where the alarm is subsequently closed by the User due to risk disappearing
Good Industry Practice means the exercise of that degree of skill, care, prudence,
efficiency, foresight and timeliness as would be expected from a leading company within the
relevant industry or business sector
Guidance Notes means the guidance notes that advise Potential Customers on the
appropriate use of this Framework Agreement to be provided by the Authority
Health Service Body means a health service body as defined in Section 9(4) National Health
Service Act 2006 and any foundation trust.
Implementation Plan means the plan for the implementation of the Solution attached at part
2 of schedule 4 (Implementation Plan)
Indexing has the meaning ascribed to it in schedule 9 (Charges Variation Procedure)
Information has the meaning given under section 84 of the Freedom of Information Act 2000
Intellectual Property Rights means patents, trade marks, service marks, design rights
(whether registrable or otherwise), applications for any of the foregoing, copyright, database
rights, trade or business names and other similar rights or obligations whether registrable or
not in any country (including but not limited to the United Kingdom)
Invoicing Procedure means the procedure by which the Supplier invoices the Customer, as
set out in schedule 2-2 (Services) and 2-4 (Invoicing Procedure) of each Contract
Law means any applicable law, statute, bye-law, regulation, order, regulatory policy, guidance
or industry code, rule of court or directives or requirements of any Regulatory Body, delegated
or subordinate legislation or notice of any Regulatory Body
Location Fix means last known good position obtained either by an Amber Alert, location
based tracking service or GPS unit
Lone Worker Guidance is Guidance provided by the Authority to NHS healthcare
organizations and their staff to assist them to develop, implement and disseminate local
policies and procedures that address the needs of, and minimise the risks faced by lone
workers and to meet their legislative responsibilities under the Health and Safety at Work Act
(1974)
Materials means all training materials, protocols, alarm receiving centre scripts and
documentation produced by the Supplier for the provision of the Services including the User
Information form
Management Information means information supplied by the Supplier to the Authority in
accordance with the provisions of schedule 7 (Management Information)
Maximum Charges means the maximum charges set out in schedule 5 (Charges) as the
same may be varied from time to time in accordance with schedule 9 (Maximum Charges
Variation Procedure).
Maximum Charges Variation Procedure means the procedure for varying the Maximum
Charges specified in schedule 9 (Maximum Charges Variation Procedure).
10-404788-3
36
Milestone means the milestones set out in part 2 of schedule 4 (Implementation Plan)
Milestone Date means the date for achievement of the relevant Milestone set out in part 2 of
schedule 4
Minimum Service Levels means the minimum levels of service set out in schedule 3
(Services)
Model Contract means each of the model contracts in schedule 2 (Model Contract) which
specifies the terms and conditions for Contracts
Month means a calendar month and “Monthly” shall be similarly construed
NHS means the National Health Service in England
OJEU Notice means contract notice dated 27 May 2008, reference 2008/5 101-135947
placed by the Authority in the Official Journal of the European Union
Operational Change means any change, decision or item specifically identified as such in
this Framework Agreement
Operational Change Procedure means the procedures specified in schedule 8 (Agreement
Change Procedure) for making operational changes
Order means an order for Services served by the Customer on the Supplier in accordance
with the Ordering Procedures
Ordered Service means an Available Service selected by a Customer and included in
schedule 2-2 (Services) of a Contract following the placing of an Order
Ordering Procedures means the ordering procedures specified in schedule 6 (Ordering)
Parent Company means any company which is the ultimate Holding Company of the
Supplier or any other company of which the ultimate Holding Company of the Supplier is also
the ultimate Holding Company and which is either responsible directly or indirectly for the
business activities of the Supplier or which is engaged in the same or similar business to the
Supplier. The term “Holding Company” shall have the meaning ascribed by Section 1159 of
the Companies Act 2006 or any statutory re-enactment or amendment thereto
Personnel Vetting Procedures means the Authority's procedures and departmental policies
for the vetting of personnel whose role will involve the handling of information of a sensitive or
confidential nature or the handling of information which is subject to any relevant security
measures
Potential Customer means any of the bodies referred to in the OJEU Notice as being
customers or potential customers of the services to be provided under this Framework
Agreement
Process shall have the same meaning as under the Data Protection Act 1998
Project Specific IPR means IPR in items created by the Supplier (or by a third party on
behalf of the Supplier) specifically for the purposes of this Framework Agreement
Quarter means a three (3) Month period beginning on 1 January, 1 April, 1 July or 1 October.
The term “Quarterly” shall be similarly construed
10-404788-3
37
Records means such full and accurate records as are required to be kept by the Supplier to
satisfy the requirements of clause 38, Audit
Red Alert means an alarm activation to the ARC from a Device which is listened to and
recorded by the ARC
Regulatory Bodies means those government departments and regulatory, statutory and
other entities, committees and bodies which, whether under statute, rules, regulations, codes
of practice or otherwise, are entitled to regulate, investigate, or influence the matters dealt
with in this Framework Agreement or any other affairs of the Authority and “Regulatory Body”
shall be construed accordingly
Relevant Person has the meaning given in clause 34.1(a).
Reports means reports submitted by the Supplier to the Customer as specified in schedule 22 (Services) and 2-5 (Contract and Service Management)
Requests for Information means a request for information or an apparent request under the
Code of Practice on Access to Government Information, FOIA or the Environmental
Information Regulations
Security Policy means the security policy in schedule 14 (Security Policy)
Self Audit Certificate means the certificate, a model of which is in schedule 11 (Model Form
of Audit Certificate), to be completed by the Supplier’s auditor and provided to the Authority in
accordance with the provisions of clause 38, Audit
Service Commencement Date means the date of commencement of the provision of the
Ordered Services by the Supplier in accordance with the Order
Service Credits means the service credits specified in part 3.9 and 3.10 of schedule 3
(Services) which shall be payable to the Authority by the Supplier in the event that the Service
Levels are not met in respect of Ordered Services
Service Desk means Supplier second line technical support team/function that deal with
technical failures or issues with Devices
Service Incident is an event which results in disruption to the Services
Service Level Failure means a failure on the part of the Supplier to deliver the Services to a
User in accordance with the terms of a Contract
Service Levels means the levels of service defined in part 3.9 and 3.10 of schedule 3
(Services)
Service Maintenance means Supplier second line technical support team/function that deal
with technical failures or issues with Devices
Services means the services to be provided under this Framework Agreement and “Service”
shall be construed accordingly
Solution means the organisational and technical framework, including the alarm receiving
centre necessary to provide the Services to Customers as set out in schedule 13 (Solution)
10-404788-3
38
Standard Operating Procedures or SOP's means the drilled down day to day operational
procedures and process maps that describe, in detail, each activity carried out to deliver the
Services
Standards and Regulations means the standards and regulations as set out in schedule 17
(Standards and Regulations) which the Supplier shall comply in the provision of Ordered
Services and in relation to its responsibilities and obligations hereunder
Status Check is the process by which a Device is checked for battery charge level and
strength of network
Sub-Contractor means any supplier and/or key third party selected, appointed and managed
by the Supplier, subject to the Authority’s consent pursuant to the provisions of clause 36.1, in
accordance with the provisions of schedule 10 (Sub-contractors), including the SubContractors specified in schedule 10 (Sub-contractors). The terms “Sub-Contract” and “SubContracting” shall be similarly construed
Supplier Personnel means all employees, agents, consultants and contractors of the
Supplier and/or of any Sub-contractor
Technology Refresh means full Device repair and refurbishment, battery replacement, and
software upgrade (if applicable), testing and repackaging in new plastics
Term means the term of this Framework Agreement as set out in clause 16.1 (Term,
Suspension and Termination), subject to an early termination pursuant to clause 16.3 (Term,
Suspension and Termination),
Termination Events means each of the events specified in clause 16.5 (Term, Suspension
and Termination),
Trade Mark means a sign, including words, logos, pictures or a combination of these, which
distinguishes the Services of one Supplier from those of another, or as otherwise set out in
the Trade Marks Act 1994
User means an individual whom the Customer permits to use the Ordered Services in
accordance with the terms of a Contract
User Information means personal data provided to the Supplier by the User which is
captured by the User Information form
User Information Form means the form issued to all Users to capture User, contact and
work details, and personal information which shall include a signed agreement of the User's
consent for the Supplier to obtain an approximate location fix in the event of a Genuine Red
Alert, and the consent for the Supplier to hold the information contained on the form in
accordance with the Data Protection Act 1998
Working Days means Monday to Friday inclusive, excluding English public and bank
holidays
Year means a calendar year
10-404788-3
39
Schedule 2
Model Contracts
Part 1- Model Contract (Customer funded)
10-404788-3
40
10-404788-3
41
Part 2- Model Contract (Authority part funded)
10-404788-3
42
10-404788-3
43
Schedule 3
The Available Services, Service Management, Minimum Service Levels and Standard Service
Credits
1
Introduction
1.1
This schedule 3 specifies:
2
(a)
each of the Services that the Supplier shall make available to Potential Customers;
(b)
the Service Management provisions;
(c)
the Minimum Service Levels applicable to each of the Services; and
(d)
the Standard Service Credits applicable where Service Levels are not met.
The Services - Implementation and Mobilisation
The Services that will be supplied by the Supplier in respect of implementation and
mobilisation are as set out in schedule 4 (Delays and Implementation).
Part 3.1 - Service Management
1
Service Desk
1.1
The Service Desk shall operate as a managed service with a single point of contact for all
Service interactions with the Supplier, irrespective of whether this is in relation to order and
fulfilment, queries, faulty or damaged Devices, lost or stolen Devices, or request for change
(RFC). The Supplier shall process Orders for the Services that are in written format, in
accordance with schedule 6 (Ordering Procedure,) from the Authorised Customer
Representative.
1.2
The Supplier shall provide a dedicated freephone number for Users to contact the Service
Desk. The Service Desk, provided by the Supplier to support the Services, is accessed
through a non geographical, non premium number: 0800 8407121. The Customer should
ensure that this number is not blocked on their telephone systems so as to ensure Users
have access to adequate ongoing information and support.
1.3
Should calls to the Service Desk be recorded for training purposes, the Supplier shall notify
the caller either by automated message before being connected to the Service Desk Supplier
Personnel, or the Service Desk Supplier Personnel shall inform the caller verbally on
answering the call.
1.4
The Authority, Users, Customers, and Authorised Customer Representatives shall be able to
communicate with the Service Desk via:
10-404788-3
(a)
Telephone
(b)
Email
(c)
Fax
(d)
Web portal
44
(e)
1.5
Letter
Location
The Service Desk shall be co-located in Pontefract within the Alarm Response Centre (ARC).
(a)
Primary Site:
Reliance Security Group Limited
PO Box 159
Pontefract West Yorkshire
WF8 1NB
(b)
Disaster Recovery (DR) Location:
Reliance Security Group Limited
PO Box [ ]
Manchester
M22 55QZ
1.6
1.7
Service Desk Hours of Operation
(a)
The Service Desk shall be available between 6am and 8pm, Monday to Friday,
excluding weekends and Bank Holidays.
(b)
There shall be an overlap of Service Desk Supplier Personnel in which a full
handover of activity and events shall occur within the Service Desk Working Day.
Out of Hours Service Desk Operation
(a)
(b)
10-404788-3
Between the hours of 8pm and 6am, weekends/bank holidays shall be covered by the
ARC Supplier Personnel. The ARC Supplier Personnel shall:
(i)
Take all out of hours Service Desk calls;
(ii)
Log all RFC’s for Services on the customer relationship management system
(CRM);
(iii)
Provide User advice;
(iv)
Carryout first level diagnostic for technical questions or faulty/damaged
Devices;
(v)
Carry out a Location Fix via the location tracking software for lost/stolen
Devices and log requests for replacement Devices;
(vi)
Advise response time with the User;
(vii)
Provide CRM reference numbers;
Out of hours requests for further action, process and follow up shall be logged at the
time of the call and passed to the Service Desk Supplier Personnel via CRM. The
Service Desk Supplier Personnel shall action, process and follow up on the calls
during core hours of operation.
45
1.8
Use of dedicated/non dedicated staff
The facility at Pontefract and the Service Desk Supplier Personnel shall be dedicated to the
Services, with Supplier Personnel performing all administration tasks relating to implementing
new Users and ongoing support for existing Users. The Service Desk Supplier Personnel
shall be able to access all associated systems to ensure quick and effective resolution of all
issues, managing all enquiries and queries through to resolution, engaging with the ARC and
Service Maintenance functions as necessary.
1.9
Resource Levels
The Supplier shall provide sufficient Supplier Personnel to ensure it can perform the Services
to the agreed Service Levels.
1.10
Managing peaks and troughs in Service Desk workload including absences
The Supplier shall manage peaks and troughs, including absences, to ensure it can perform
the Services to the agreed Service Levels.
1.11
Managing Attrition
(a)
(b)
Attrition for the Service Desk Supplier Personnel shall be managed by actively
engaging staff in the following ways:
(i)
Monthly 1-2-1 performance sessions where goals related to performance
against KPI’s shall be discussed;
(ii)
Quarterly Individual Development Plan (IDP) sessions that agree plans for
achieving career goals, e.g. gaining leadership experience;
(iii)
Monthly Supplier Personnel team briefings to improve communication and
encourage participation;
(iv)
Continuous improvement scheme to reward Supplier Personnel for making
suggestions to improve the way Supplier Personnel work;
(v)
Regular team building events;
(vi)
A staff forum where Service Desk Supplier Personnel shall be given the
opportunity to raise areas of concern or make suggestions;
(vii)
Provide leadership and training opportunities for Supplier Personnel; and
(viii)
Investing in, and implementing technical solutions to improve operating
efficiency.
Given the sensitive nature of the Services, the Supplier shall use reasonable
endeavours to maintain annual attrition levels below 15%. Where yearly attrition
exceeds 15%, or the Supplier anticipates that the 15% threshold may be exceeded,
the Supplier shall notify the Authority and discuss and agree an action plan to
stabilise the attrition rate. The Supplier shall form a project team whose primary task
shall be to look at possible reasons for higher than anticipated attrition. The project
team shall look at:
(i)
10-404788-3
Local competition, e.g. new ARC established;
46
1.12
(ii)
Supplier Personnel pay and conditions versus other local employers; and
(iii)
Service Desk related issues contributing to higher attrition.
Recruitment, training and accreditation of Service Desk Supplier Personnel
(a)
All vetting and recruitment of Service Desk Supplier Personnel shall be in accordance
with clause 24 (Personnel Security).
(b)
Selection shall be by way of competency based interviews and satisfactory results of
computer literacy tests. All recruits shall undergo a comprehensive induction process
to introduce employees to the Service Desk, ARC and Devices. This includes health
and safety information as well as fire evacuation procedures.
(c)
The Supplier Personnel shall be trained in the following:
(i)
(A)
Service Desk processes and protocols;
(B)
Risks/dangers faced by NHS lone workers;
(C)
Difference to traditional alarms;
(D)
Device use and maintenance;
(E)
User Service needs; and
(F)
Examples of good/bad Red/Amber Alerts.
(ii)
Conducting Dynamic Risk Assessments
(iii)
Delivering Excellent Customer Service
(iv)
10-404788-3
The Services - An Introduction
(A)
Dealing with difficult customers;
(B)
Dealing with difficult situations;
(C)
Working within time bound parameters;
(D)
Working with stressful situations; and
(E)
Taking objective decisions.
Understanding the Customer
(A)
NHS organisational structure;
(B)
NHS Users and their situations;
(C)
NHS acronyms and definitions;
(D)
NHS User work profiles;
(E)
NHS User environmental knowledge; and
47
(F)
1.13
1.14
(v)
Use of CRM;
(vi)
Use of Alarm Handling Software;
(vii)
Telephone techniques;
(viii)
Email etiquette; and
(ix)
Soft skills.
(d)
All Supplied Personnel shall have individual training records that keep a record of all
training received and shall be reviewed regularly.
(e)
All Service Desk Supplier Personnel shall undergo training and competency
assessment before inclusion in the rota. They shall be continually assessed and
receive ongoing and annual refreshment training in accordance with contract and
service needs, and in accordance with development reviews and individual
assessment.
(f)
The Authority will accept and test the training material in accordance with the
Operational Change Procedure with any further amendments being in accordance
with the same procedure.
Vetting of Service Desk Supplier Personnel
(a)
All vetting and recruitment of Service Desk Supplier Personnel shall be in accordance
with clause 24 (Personnel Security).
(b)
The Supplier shall employ a series of rigorous checks on all candidates for
employment. These include:
(i)
Five year employment and education screening check;
(ii)
Mandatory take up of character references;
(iii)
Credit check; and
(iv)
Criminal Records Bureau (CRB) check.
Service Maintenance (second line support)
(a)
The Supplier shall provide a second line support function as an extension to the
Service Desk. The Service Maintenance Supplier Personnel shall be co-located in
Pontefract within the Service Desk and Alarm Receiving Centre.
(b)
Service Maintenance shall be available between 9am and 5pm Monday to Friday and
will provide sufficient Supplier Personnel to ensure it can perform the Services to the
agreed Service Levels.
(c)
Service Maintenance shall provide the following functions:
(i)
10-404788-3
NHS working Conditions.
Configuration of all Devices with SIM cards, logging details on the Alarm
Handling Software;
48
1.15
(ii)
Re-configuration of Devices and logging any change on the Alarm Handling
Software;
(iii)
Second line technical support to all Users on problem solving, usability
issues, SIM issues;
(iv)
Shipping and receipt of any faulty, damaged, lost or stolen Devices and/or
their replacements in line with agreed service levels; and
(v)
Managing the Technology Refresh of any Device returned.
Ordering and Fulfilment process
The Supplier shall adhere to the Ordering Procedures set out in schedule 6 (Ordinary
Procedures).
1.16
Production and Authority acceptance (in accordance with the Operational Change Procedure)
of Service Desk Standard Operating Procedures, scripts and process flows.
(a)
1.17
The Supplier shall design a set of bespoke process maps, protocols and scripts to
deal with the range of Service Desk transactions. The Authority will accept and test
the SOP’s, scripts and process flows as defined in the Implementation Plan in
accordance with the Operational Change Procedure. The Supplier shall conduct
reviews with the Authority in order to modify, expand or amend existing process
maps, protocols and scripts to conform to the needs of the Authority. These reviews
shall be conducted by the Supplier, in the form of Supplier operational and account
management staff, as required. Any further amendments will be in accordance with
the Operational Change Procedure.
Capture and Collation of User Data
(c)
The Supplier shall capture and collate data for all Users. Every User shall complete
and sign a User Information Form, which provides information specific to individual
Users, an example of which is attached at Appendix 1.
The minimum/mandatory data set required for setting up a User is:
10-404788-3
(i)
First Name;
(ii)
Surname;
(iii)
Date of birth;
(iv)
Job role;
(v)
Customer;
(vi)
Department;
(vii)
Work mobile (if issued);
(viii)
Site contact telephone number (if available);
(ix)
Password (for example: mother’s maiden name);
49
(x)
2 x escalation contacts (in hours): name, position and contact number(s);
(xi)
1 x escalation contact (out of hours): name, position and contact numbers;
and
(xii)
Sex.
The additional (desirable) information required for setting up a User is:
(b)
1.18
Title (Mr/Mrs/Miss/Ms/Other);
(xiv)
Known as/nickname;
(xv)
Work email;
(xvi)
Personal mobile;
(xvii)
Normal working pattern;
(xviii)
Hair colour;
(xix)
Ethnic origin;
(xx)
Height;
(xxi)
Weight;
(xxii)
Car details (make/model/registration/colour; and
(xxiii)
Medical conditions.
All Users must complete and sign a User Information Form which includes consent
for the use of the Location Fix in the event of a Genuine Alarm and accepts terms
relating to data security. The Supplier shall only perform a Location Fix on a Device if:
(i)
Requested by the User;
(ii)
Genuine Alarm activated; and
(iii)
Device reported lost or stolen.
(c)
The minimum/mandatory and additional (desirable) data set shall be used to populate
the CRM/Alarm Handling Software User record.
(d)
Escalation details for each User shall be obtained from the Authorised Customer
Representatives prior to ‘go live’.
(e)
Users must have completed and signed a User Information Form, and successfully
completed the lone worker training programme before they can utilise the Device and
Services.
Integrity and security of data
(a)
10-404788-3
(xiii)
All data relating to the Device (e.g. serial number, software version number,
commission date) SIM (e.g. phone number and serial number), and User, shall be
50
kept secure within a dedicated CRM system. All of this data shall be kept up to date
in real time, with a time/date stamp audit trail.
1.19
1.20
10-404788-3
(b)
All Supplier users of the CRM application shall need to supply a username and
password to gain access. Remote CRM users (i.e. Supplier Account Managers,
Supplier Trainers, Supplier Service Maintenance) shall only be able to access the
CRM system from the Supplier’s PCs which are part of the Supplier domain. The
CRM application shall not be available across the Internet.
(c)
The CRM application will be available to Supplier’s remote CRM users across a
Virtual Private Network (VPN).
(d)
The Supplier shall comply with ISO/IEC 27001 accreditation in relation to data
security, as detailed in schedule 14 (Security Policy).
Customer Surveys
(a)
The Service Desk shall monitor User feedback on satisfaction levels via all
communication channels (telephone, e-mail and letters on a monthly basis and
produce result and trend analysis with recommendations and actions to enable the
Supplier continuously to improve the quality of the Service. The Supplier shall provide
the results of this feedback to the Authority within 5 Working Days of the end of each
reporting period. The Service Desk’s User feedback monitoring each month shall
target 1% of all Users. If less than 30% of Users engaged in this process are willing to
provide feedback, an alternative means of communication to that initially employed
shall be used, so as to increase the level and quality of feedback received.
(b)
The User feedback shall contain, but not be limited to, considerations of the quality of:
(i)
The Service;
(ii)
The Device;
(iii)
Training;
(iv)
Service maintenance;
(v)
Service Desk support;
(vi)
ARC support; and
(vii)
Publicity and communication, including the website.
(c)
In addition, the Supplier shall conduct a more detailed annual survey targeting all
registered Users. This survey shall secure a response of at least 25% of Users and
the results shall be made available to the Authority within one month of the closing
date of returns.
(d)
The Supplier shall ensure that the content of User feedback and User Satisfaction
Surveys are accepted and tested by the Authority in accordance with the Operational
Change Procedure, with any further amendments being in accordance with the same
procedure.
Dealing with Service Desk Queries:
51
1.21
(a)
The CRM application to be used by the Service Desk Supplier Personnel shall be
fully auditable and transparent to Supplier Authorised Personnel, logging and tracking
all enquiries and interactions with clients, regardless of nature. This is supported by
the Return Merchandise Authorisation (RMA) process and RFC processes, which are
fully transparent and auditable to Supplier Authorised Personnel.
(b)
Users shall be informed of resolution timescales at the outset of each enquiry.
(c)
The Service Desk shall validate the authenticity of Users making service changes
through standard identification questions (name, Device details etc), in line with the
Security Policy.
(d)
The Supplier shall obtain verbal agreement from Users before any call is closed
down. This shall be supported by confirmation of actions/resolutions, typically by
email or text. Where the Supplier is unable to contact the User for verbal agreement
to close a call, or where the User is not satisfied with the resolution and that
appropriate action has been taken by the Service Desk to resolve the issue, the
Service Desk Supplier Personnel shall contact the appropriate Authorised Customer
Representative to agree call closure or appropriate action.
(e)
The Service Desk Supplier Personnel shall attempt to contact the User two times on
consecutive days and then escalate to the Users Escalation Contact, with the Service
Desk attempting to contact the Escalation Contact two times on consecutive days,
after which the Service Desk will close the communication.
User Refresher Training
As detailed in Part 3.2 (User Training), the Service Desk Supplier Personnel shall, at the
request of the User, either provide telephone refresher training at the time of the request, or
arrange refresher training via the Supplier trainer. The Service Desk Supplier Personnel shall
confirm training arrangements, made with the Supplier trainer, to the User via email.
1.22
Services Disruption
As described in Part 3.5 (Networks), the Service Desk shall notify any Users and Authorised
Customer Representative, in the affected area, of an unplanned network outage via email or
text, within a maximum of 8 minutes of notification from the Network Operator. The Supplier
shall notify Users of the outage and that for an estimated period of time they should not rely
on their Device. Any communication to Users and Authorised Customer Representatives shall
provide a clear indication of the estimated time of the outage and the start time of the outage,
if it is planned. The communication shall also include the Service Desk telephone number for
any User or Authorised Customer Representative to call should they have any questions.
1.23
Escalation Contact Audit Process
In addition to specific requests from Users and Authorised Customer Representatives to
change escalation details, the Service Desk shall carry out an audit of escalation details kept
on record to ensure that Escalation Contacts are kept up to date. The Service Desk shall
carryout an audit of 5% of Users, on a quarterly basis.
1.24
Dealing with faulty Devices, User damage and stolen Devices:
(a)
10-404788-3
Faulty/Damaged Device Process
52
(b)
10-404788-3
(i)
Users shall either telephone the Service Desk to report a faulty/damaged
Device, or log a CRM case via the web portal;
(ii)
The User shall be given a reference number generated by the CRM system
to enable them to track progress via the Service Desk;
(iii)
The Service Desk shall carry out an initial diagnostic to establish the cause of
the fault. Where User error is identified as the cause, the Service Desk
Supplier Personnel shall provide advice on the correct use and provide
details of refresher training, should it be required;
(iv)
Where the Device has no signal or is diagnosed as faulty or damaged as a
result of the initial diagnostic carried out by the Service Desk Supplier
Personnel, the User shall be advised to put the Device on charge to enable
Service Maintenance to carry out further diagnostic and resolution;
(v)
Where faults cannot be remedied remotely, the Service Desk Supplier
Personnel shall contact the User to arrange a next Working Day delivery of a
replacement Device/SIM. The Supplier shall agree with the User the most
appropriate delivery address for them; this must take account of their working
pattern and where they expect to be during the agreed date for delivery. Any
replacement Device/SIM sent to the User shall also include prepaid
packaging for the User to return any faulty Device or SIM, once they have
completed the movement of SIM card from faulty Device to new Device. The
Service Desk Supplier Personnel shall contact the User to ensure that the
replacement Device/SIM has been received before the call is closed on the
CRM system;
(vi)
The User shall return the faulty Device/SIM to the Supplier via the prepaid
packaging. The Supplier accepts any risk associated with non-returned
Devices.
Lost/Stolen Device Process
(i)
Users shall contact the Police to report the loss or theft of the Device and
obtain a crime/incident reference number. The User shall then telephone the
Service Desk to report a lost or stolen Device;
(ii)
The User shall be given a reference number generated by the CRM system
to enable the progress of the request to be tracked via the Service Desk or
the web portal;
(iii)
The Service Desk shall arrange a next Working Day delivery of a
replacement Device. The Supplier shall agree with the User the most
appropriate delivery address for them; this must take account of their working
pattern and where they expect to be during the agreed date for delivery. Any
replacement Device sent to the User shall also include prepaid packaging for
the User to return any retrieved Device, which shall then be posted back to
the Supplier; and
(iv)
The User shall be transferred to the ARC Supplier Personnel who shall
attempt to find the location of the lost or stolen Device via the location
tracking software. The Device location, if found, shall be given to the User to
either report to the Police (if stolen), or to attempt to retrieve the Device (if
53
lost, and safe to do so). If the Device is located the User shall send the
Device to the Supplier for reallocation at a later date. The Supplier accepts
any risk associated to non-returned Devices. The Service Desk Supplier
Personnel shall contact the User to ensure that the replacement Device/SIM
has been received before the call is closed on the CRM system;
1.25
Requests for change
(a)
(b)
(c)
User/Customer Details
(i)
Users/Customers shall telephone, email or fax the Service Desk, or log a
request via the web portal;
(ii)
The Supplier Service Desk Personnel shall give the request a reference
number generated by the CRM system to enable the progress of the request
to be tracked via the Service Desk;
(iii)
Where Service Desk Supplier Personnel change User/Customer details on
the CRM system or the Alarm Handling Software, all changes shall be
recorded and time and date stamped, right through to each key stroke made
by the individual;
(iv)
Once changes to User/Customer details have been made in the CRM system
and Alarm Handling Software by the Service Desk Supplier Personnel, the
User/Customer shall receive notification, via email or text, to confirm those
changes. The email or text message shall include the new details entered in
the CRM system; and
(v)
In addition to specific requests from Users to change User details, the
Service Desk shall take a proactive approach to ensure that details are kept
up to date, by periodically prompting 100% of Users to check/update their
details, typically by email or text, a minimum of once a year.
Device Reallocation
(i)
Authorised Customer Representatives shall telephone, email or fax the
Service Desk, or log a request via the web portal;
(ii)
The request shall be given a reference number generated by the CRM
system to enable the progress of the request to be tracked via the Service
Desk;
(iii)
The Service Desk shall obtain a completed and signed User Information
Form from the new User and immediately update the CRM system, the Alarm
Handling Software, and the location tracking software with the new User
details. The Service Desk Supplier Personnel shall arrange training for the
new User. The new User CRM record shall be suspended until training has
taken place; and
(iv)
Details of the old User will be deleted or marked as old as requested.
Device Configuration
(i)
10-404788-3
Users and Authorised Customer Representatives shall telephone, email or
fax the Service Desk, or log a request via the web portal;
54
(d)
1.26
(ii)
The request shall be given a reference number generated by the CRM
system to enable the progress of the request to be tracked via the Service
Desk. The User will be told to put the Device on charge and confirm this;
(iii)
Configuration requirements shall be recorded by the Service Desk and
passed directly via CRM to Service Maintenance, second tier support, for
remote configuration;
(iv)
Configuration requests shall be carried out by Service Maintenance within 8
Working Hours from the time the Device is placed on charge by the User. On
completion, Service Maintenance will inform the Service Desk via the CRM
system; and
(v)
The Service Desk shall notify the User of changes via e-mail or text,
immediately following configuration changes.
Device Cancellation/Termination/Suspension
(i)
Authorised Customer Representatives shall contact the Supplier Account
Manager, who shall log the request with the Service Desk via telephone or
the web portals;
(ii)
Cancellation is defined as those instances where the Customer has signed
the Contract but subsequently decides to cancel the Contract or User(s) from
the Contract before commencement of the Services. If the Customer provides
written (to include email) notification to the Service Desk of the Cancellation
within 10 Days of all parties signing the Contract as set out in clause 15.1(a)
(Termination and Cancellation) of the Contract then no Charges shall be
applied as detailed in schedule 5 (Maximum Charges);
(iii)
For termination, the Service Desk shall arrange the return of the Device for
future allocation, termination of the SIM, update the CRM system, and
remove the existing User from the location tracking software. Early
termination fees will apply as detailed in schedule 5 (Maximum Charges); and
(iv)
For suspensions, the Authorised Customer Representative shall have the
ability to suspend Devices for a minimum of `1 month and a maximum of 3
months, as outlined in schedule 5 (Maximum Charges). For periods over 12
weeks the responsibility shall be for the Authorised Customer Representative
to redeploy the Device. The Authorised Customer Representative shall inform
the Supplier of the expected duration of the suspension, and the Supplier
shall notify the Authorised Customer Representative a week before the end
of the suspension period.
Interface with the ARC
The CRM system shall be accessible to authorised Supplier Personnel in both the Service
Desk and the ARC. The CRM system shall be used for recording and updating User details,
User history, Device details, RFCs, and caller interaction logging.
1.27
10-404788-3
User Information Resources for different categories of NHS staff e.g. User, LSMS, Customer
etc and to include Information website
55
(a)
(b)
(c)
1.28
10-404788-3
The Service Desk shall provide the following information to Users, Authorised
Customer Representatives and Customers:
(i)
Frequently asked questions (FAQs) relating to both Device (for example, how
to use, when to use, network coverage issues);
(ii)
Queries relating to the Services (for example, "how do I change personal
details, reallocate Devices, book training or refresher training");
(iii)
On-the-phone User refresher training; and
(iv)
Authorised Customer Representative contact details for Users.
The Supplier shall also develop a web portal for Users, Authorised Customer
Representatives and Customers to provide the following information:
(i)
Service Desk contact details;
(ii)
FAQs;
(iii)
General information - Services and Device;
(iv)
On-line training for Users;
(v)
On-line queries logging; and
(vi)
RFC logging.
Through dialogue with the Authority and Customers, the Supplier shall ensure the
online support to Users is continuously developed. Any amendments shall be
updated in accordance with the Operational Change Procedure.
Complaint Handling
(a)
Users, Customers, Authorities, and Authorised Customer Representatives shall
telephone, email, fax or write to the Service Desk, or log a complaint via the web
portal. All complaints shall be acknowledged by the Supplier by e-mail within 2
Working Hours of receipt, including resolution timescale.
(b)
Complaints shall be logged on the CRM system and given a reference number to
enable the progress of the complaint to be tracked via the Service Desk.
(c)
Complaints shall be categorised as follows:
(i)
Service; and
(ii)
Technology.
(d)
All first stage complaints shall be sent to the Service Desk Supplier Personnel
(Supervisor), who shall investigate the complaint and respond within 5 Working Days.
(e)
In the event that the complaint is not resolved to the complainant’s satisfaction, the
Service Desk Supplier Personnel (Supervisor) shall escalate the complaint to a
second stage, and confirm the resolution timescale to the complainant. The
complaint shall be escalated to the Supplier Personnel (Operations Manager) and the
56
Supplier Personnel (Account Manager). Both the Supplier Personnel (Operations
Manager) and the Supplier Personnel (Account Manager) shall investigate the
complaint, liaising directly with the Authorised Customer Representative and respond
within 5 Working Days of receipt from the Service Desk Supplier Personnel
(Supervisor) (maximum of 10 Working Days from the initial complaint).
(f)
Information surrounding each complaint shall be provided to the Authority as set out
in schedule 7 (Management Information).
Part 3.2 - User Training
1
User Training
1.1
The Service shall comprise of an integral training model to ensure that every User receives
comprehensive training in order to understand how and when to operate the Device, and the
support provided by the Supplier to the User. The Supplier shall ensure that face-to-face
training shall be the primary format for the Service. The User training provided by the
Supplier shall conform with the Authority’s lone worker Guidance
1.2
Scheduling User Training
(a)
Implementation-Roll Out
Once an Order has been obtained, and if deemed necessary (scale of Order), the
Supplier account manager shall be responsible for setting up a project team made up
of the following:
(b)
10-404788-3
(i)
Supplier account manager;
(ii)
Authorised Customer Representative(s);
(iii)
Representative bodies (at Customer’s discretion); and
(iv)
Department managers (at Customer’s discretion).
The project team shall, based on the Order, agree:
(i)
Number of Devices versus Users (pooled Devices);
(ii)
Local knowledge on most suitable Network Operator;
(iii)
The Authorised Customer Representative and a deputy;
(iv)
Department managers contact details;
(v)
Escalation Contact points;
(vi)
Customer lone worker Policy and Procedure;
(vii)
Police contact – Crime Reduction Officer (CRO);
(viii)
Suitable training course locations to cope with the User numbers;
(ix)
Training course roll out; and
57
(x)
1.3
Go live roll out.
(c)
The training course and go live roll out shall take into account User holiday and
seasonal availability trends.
(d)
The Service Desk shall use the CRM system to create a framework of training course
times, dates and locations.
(e)
The Service Desk shall contact the Authorised Customer Representative by
telephone or email and agree allocation of each User to a specific training course.
Where User emails are provided by the Authorised Customer Representative, the
Service Desk Supplier Personnel shall confirm details of the schedule training via
email to the User. The Supplier shall provide the schedule of User training to the
Authorised Customer Representative.
(f)
The Supplier shall work closely with the Authorised Customer Representative to
maximise attendance for each training course.
(g)
Individual Training
(i)
Where individual training is required by the User post implementation/roll out,
the User shall be able to join one of the daily courses delivered by the local
Supplier trainer. In addition, the Supplier shall provide a monthly face to face
training course, organised by Customer or by region. Each course shall be
limited to 15 Users and shall last no longer than 2 hours;
(ii)
The Supplier shall also run web training courses on Friday of each week for
Users who request further training via the web portal or the Service Desk.
The training courses shall typically last 1 to 1.5 hours.
Type of training
The Supplier shall agree with the Authorised Customer Representative the appropriate
timescale for training. For urgent training requests, the Supplier shall provide training within 2
Working Days.
(a)
Face to face
The Supplier shall provide face to face training for Users in courses for a maximum of
15 persons, each course lasting no more than 2 hours. Where Users do not return
completed User Information Forms prior to training, the Supplier trainer shall provide
the User with a User Information Form for completion at the training course. Devices
shall be handed out to individuals at the time of training. Device go-live shall normally
commence 5 Working Days post training to allow Users to become accustomed to the
Device in test mode and for User details to be set up on the Alarm Handling Software.
With the agreement of the User, this period can be shortened to no less than 2
Working Days.
(b)
Web training
The Supplier shall provide web-based training for:
(i)
10-404788-3
Users who are unable to attend face to face training;
58
(ii)
Users who require refresher training, and are unable to attend face to face
training; and
(iii)
Urgent training requests where face to face training is not practical.
The User shall log on to the web application and shall view training slides (controlled
by the trainer) and also join a teleconference call. Users shall receive an email
‘invitation’ to the course which shall include the relevant information to access the
web portal. The Supplier shall post the pre-configured Device to the User prior to
web-based training. The Supplier shall agree with the User the most appropriate
delivery address for them; this must take account of their working pattern and where
they expect to be during the agreed date for delivery. Users shall be required to have
their Devices with them during the training course.
(c)
Training for grouped and/or pooled Devices
The Supplier shall deliver training via face to face and web training methods as
described 1.3(a) and (b) above. The training shall be tailored for Users of pooled
Devices and shall inform the User of the importance of leaving their full name as part
of any Amber Alert message to enable the ARC Supplier Personnel to identify the
User in the event of a Red Alert. Failure to leave name details shall not result in a
drop in ARC response times, but it may inhibit a fully effective response from the
emergency services.
(d)
Other training (e.g. webex)
The Supplier shall provide administrator training to the Authorised Customer
Representative. The training shall cover the administration processes during
implementation, and ongoing day-to-day User support processes. Training courses
shall last 1.5 hours. The Supplier shall provide Administrator training via the following
methods:
(e)
(i)
Face to face training at the Customer premises;
(ii)
Web-based training; and
(iii)
Face to face courses held regionally.
Refresher training
Refresher training content shall be tailored to the requirements of the Users attending
the course, and shall also include some/all of the content mentioned in (f)(i) to (x).
(i)
10-404788-3
The Supplier shall provide self-help online support where Users shall be able
to access:
(A)
Frequently Asked Questions (FAQs);
(B)
Video clips to show the ARC and Service Desk operation;
(C)
Descriptions and commentary of the key functions of the Devices;
(D)
Downloadable training literature; and
(E)
Request for further assistance.
59
(f)
(ii)
The Supplier shall run web training courses on Friday of each week for Users
who request further training via the web portal or the Service Desk. The
training courses shall typically last 1 – 1.5 hours.
(iii)
The Supplier shall provide telephone refresher training for Users as required.
(iv)
The Supplier shall provide a monthly refresher face to face training course,
organised by Customer or by region. Each course shall be limited to 15
Users and shall last no longer than 2 hours.
Course content objectives
The Supplier shall include the following content in User training via face to face or
web based formats:
(g)
1.4
(i)
The rationale for the Department of Health’s objective for the protection of
NHS staff together with the User's responsibilities for their own safety and the
use of the Service;
(ii)
Key Services
Maintenance);
(iii)
How to the use the Device;
(iv)
When to use the Device;
(v)
Alarm handling process and escalation through to the emergency services;
(vi)
Dynamic risk assessment process linking the Customer’s lone worker Risk
Assessment with the Supplier’s Solution;
(vii)
Customer responsibilities;
(viii)
User responsibilities;
(ix)
Go live process; and
(x)
Ongoing User support (post training)
constituents
(Devices,
ARC,
Service
Desk,
Service
The Supplier shall provide Users with their own individual Device or a test Device to
use during the training course. A test Device shall only be used when:
(i)
The training is for a pooled Device: the trainer shall ensure that test Devices
are available for all Users to practice with (Devices shall be returned at the
end of the training session);
(ii)
Additional Users attend the course – (Devices shall be returned at the end of
the training session).
Administrator Training
The Supplier shall include the following content in Administrator training:
(a)
10-404788-3
Key Services constituents (Devices, ARC, Service Desk, Service Maintenance);
60
1.5
1.6
1.7
(b)
Process of setting Users up on the CRM system and the Alarm Handling System
(User information forms and Escalation Contacts);
(c)
Request for change (RFC) and Return of Merchandise Authorisation (RMA)
processes;
(d)
Ongoing User support (post training).
Location of training
(a)
Face to face and administrator training shall be conducted at the Customer’s own
premises, as agreed by the customer project team. These Customer locations shall
be the primary location for training sessions for ease of User attendance and
administration. The secondary option shall be regional Customer sites. The Supplier
shall also offer their own national training locations as a tertiary option, at no cost to
the Customer.
(b)
Training locations shall be recommended by the customer project team and assessed
for suitability by the Supplier trainer. Customer training locations shall accommodate
a minimum of 20 persons (Users/Trainers/Authorised Customer Representatives) and
have the necessary power sockets to enable laptop/projectors to be utilised.
Storage of Devices on Trust Premises
(a)
The Supplier may, at the discretion of the Customer, store Devices on Customer
premises for the purposes of User training, at no cost to the Customer.
(b)
The full risk and liability in the devices will remain with the Supplier.
(c)
The Customer retains the right to refuse such storage of Devices or to require the
Supplier to remove any stored Devices from its premises with reasonable notice and
at no cost to the Customer.
Creation and Authority acceptance (in accordance with Operational Change Procedure) of
course material and documentation
(a)
Creation
The Supplier shall, prior to delivery of any training courses, create and provide the
Authority with all course material and documentation that shall be issued in all forms
of training for the Service. This material shall be in the form of a Supplier controlled
document.
(b)
Acceptance in accordance with the Operational Change Procedure.
The Authority will accept and test the training material in accordance with the
Operational Change Procedure. The Authority shall provide, in writing, to the Supplier
any requests for amendments and the amendments accepted shall be included on
the amendment record associated with the specific Supplier controlled document.
Any further amendments shall be accepted in accordance with the Operational
Change Procedure.
1.8
Supplier provision of Training Materials and Documentation
The Supplier shall ensure that:
10-404788-3
61
1.9
(a)
A comprehensive User guide is included with each Device;
(b)
A brief User guide is included with each Device;
(c)
Each User is given a Device at the point of face to face User training;
(d)
Hard copies of the training presentation, in a note-taking format, provided to the User
during face to face training;
(e)
Administrator training is supported by hard copies of the training presentation in a
note-taking format, and shall also include controlled documents associated with all
procedures (flow charts, procedures, forms); and
(f)
All training materials and documents are controlled documents, and are available to
download from the web portal.
Production and Authority acceptance (in accordance with the Operational Change Procedure)
of User training Standard Operating Procedures, scripts and process flows.
All materials and documentation described in paragraph 1.6 above shall be developed by
Supplier in close partnership with the Authority. The Authority will accept and test
materials in accordance with the Operational Change Procedure. This shall include both
development of initial materials and the ongoing development during the course of
Framework Agreement. Any further amendments shall be accepted in accordance with
Operational Change Procedure.
1.10
the
the
the
the
the
Capture and Collation of User Training Data
The Supplier shall record scheduled training dates and venues against each User via the
CRM system. Following scheduled training, and confirmation from the Supplier trainer of the
User’s attendance, the Service Desk Supplier Personnel shall update the CRM system with
actual training details.
1.11
Mechanism for identifying refresher training
(a)
(b)
1.12
10-404788-3
Users shall be able to request refresher training via:
(i)
The Authorised Customer Representative;
(ii)
The Supplier account manager;
(iii)
The Service Desk; and
(iv)
The web portal.
The Service Desk shall proactively identify/recommend/suggest refresher training
based on:
(i)
Contact with Users following False Alarms; and
(ii)
The analysis of User activity as part of the compilation of monthly reports into
the Authorised Customer Representative.
Training Record keeping process
62
The Supplier shall retain training records via the CRM system for the duration of each contact.
1.13
User Accreditation
Users who attend and complete the User training, to the satisfaction of the Supplier trainer,
shall be accredited as having completed the User training. Trainers shall confirm which Users
attended each course by completing the attendance record, and the Service Desk shall
produce a monthly report of attendees to the Authorised Customer Representative.
1.14
Vetting of Trainers
The vetting of trainers shall be in accordance with clause 24 (Personnel Security). The
Supplier shall provide trainers who:
(a)
Have been Security Check (SC) cleared, in accordance with HM Government’s
Vetting Policy, as a minimum; and
(b)
Have completed and conformed with the Supplier 10 year employment history check,
in accordance with the BS7858 standard
1.15
10-404788-3
Recruitment, training and accreditation of Trainers
(a)
The recruitment of all trainers shall be in accordance with clause 24 (Personnel
Security). The Supplier shall maintain an effective recruitment process to ensure
there are sufficiently trained and accredited trainers to meet the Services to the
agreed Service Levels. Trainers shall complete the Supplier’s induction programme
prior to delivering User training.
(b)
Trainers shall complete the Supplier’s train the trainer programme and shall be
accredited accordingly.
(c)
Trainers shall complete a lone worker induction programme to include:
(i)
User training;
(ii)
Alarm Handling;
(iii)
Nature of risks and environments of Users;
(iv)
Service Desk processes;
(v)
CRM - call handling; and
(vi)
Shadowing existing Trainers.
(d)
The Supplier will provide refresher training for the trainers based on amendments to
the lone worker Service.
(e)
Users shall be given the opportunity to complete a training feedback form for every
training course attended. The feedback form shall cover:
(i)
Trainer delivery;
(ii)
Appropriateness of course content;
63
(iii)
Training materials; and
(iv)
Course facilities.
(f)
The Supplier account manager shall review all training feedback forms on a monthly
basis. Negative and positive comments regarding the training delivery shall be
investigated / discussed with the Supplier trainer and, as required, the Supplier
Account Manager shall implement a corrective action plan which shall be made
available for discussion with the Authorised Customer Representative(s) and/or the
Authority as appropriate.
(g)
Supplier trainers shall be continually assessed and receive ongoing and annual
refresher training in accordance with contract and service needs, and in accordance
with development reviews and individual assessment.
Part 3.3 - Alarm Receiving Centre (ARC)
1
ARC Description and Introduction
1.1
The Supplier shall provide an Alarm Receiving Centre (ARC) capable of monitoring Users
Red Alerts, Amber Alerts and Status Checks covering every geographical location where
NHS lone workers need to operate within England. The ARC shall be accredited to BS5979
Cat II. The Services provided shall support a range of User profiles to support the differing
needs of the diverse User groups. The User profiles shall allow bespoke escalation
procedures and direct communications with the emergency services. The Services shall
facilitate Status Checks, support a wide range of User Devices and a variety of tracking
options (from basic tracking to more accurate tracking). The ARC shall record audio in the
event of a Red Alert or Amber Alert activated by the User and the Supplier Personnel shall
monitor and record events in a way that is legally admissible in prosecution cases that arise.
1.2
The Supplier will submit for review and acceptance by the Authority, ARC Standard Operating
Procedures (SOP’s). The Authority will accept and test the SOPs in accordance with the
Operational Change Procedure any further amendments being in accordance with the same
procedure.
1.3
Location
The ARC shall be located in the British Telecom exchange in Pontefract, West Yorkshire and
shall be accredited to BS5979 Cat II. This governs its technical specification and the
procedures by which it shall operate.
(a)
ARC Location:
Reliance Security Group Limited
PO Box 159
Pontefract West Yorkshire
WF8 1NB
(b)
Disaster Recovery (DR) Location:
Reliance Security Group Limited
PO Box [ ]
Manchester
M22 55QZ
10-404788-3
64
1.4
Hours of operation
The Supplier shall provide ARC Services 24 hours per day, 365 days per year.
1.5
Use of dedicated/non dedicated staff
The ARC shall utilise Supplier Personnel that are dedicated to the Services.
1.6
Resource levels
The Supplier shall provide sufficient Supplier Personnel to ensure it can perform the Services
to the agreed Service Levels.
1.7
1.8
Managing peaks and troughs in ARC workload including absences
(a)
The Supplier shall manage peaks and troughs, including absences, to ensure it can
perform the Services to the agreed Service Levels.
(b)
To ensure Service Levels are achieved during periods of alarm volume peaks, the
Supplier shall:
construct resource requirement schedules and shift detail, to respond to any
anticipated alarm peak;
(ii)
dedicate ARC Supplier Personnel to the Services. In addition there will be an
additional 30% of trained ARC Supplier Personnel, made available to support
the dedicated team during peak periods; and
(iii)
train All ARC Supplier Personnel to the standards detailed in paragraph
1.9(e) below.
Managing Attrition
(a)
10-404788-3
(i)
Attrition for the ARC Supplier Personnel shall be managed by actively engaging staff
through the following:
(i)
Monthly 1-2-1 performance sessions where goals related to performance
against KPIs shall be discussed;
(ii)
Quarterly Individual Development Plan (IDP) sessions that agree plans for
achieving career goals, e.g. gaining leadership experience;
(iii)
Monthly team briefings for Supplier Personnel to improve communication and
encourage participation;
(iv)
Continuous improvement scheme to reward Supplier Personnel for making
suggestions to improve the way Supplier Personnel work;
(v)
Regular team building events;
(vi)
A staff forum where ARC Supplier Personnel shall be given the opportunity to
raise areas of concern or make suggestions;
(vii)
Provide leadership and training opportunities for Supplier Personnel; and
65
(viii)
(b)
1.9
Given the sensitive nature of the Services, the Supplier shall use reasonable
endeavours to maintain annual attrition levels below 15%. Where yearly attrition
exceeds 15%, or the Supplier anticipates that the 15% threshold may be exceeded,
the Supplier shall notify the Authority and discuss and agree an action plan to
stabilise the attrition rate. The Supplier shall form a project team whose primary task
shall be to look at possible reasons for higher than anticipated attrition. The project
team shall look at:
(i)
Local competition, i.e. new ARC established;
(ii)
Staff pay and conditions versus local employers; and
(iii)
ARC related issues contributing to higher attrition.
Recruitment, training and accreditation of ARC Supplier Personnel.
(a)
The vetting and recruitment of all ARC Supplier Personnel shall be in accordance
with clause 24 (Personnel Security).
(b)
Selection shall be by way of competency based interviews and satisfactory results of
computer literacy tests. All recruits shall undergo a comprehensive induction process
to introduce new Supplier Personnel to the ARC, Service Desk, and Devices. This
includes health and safety information as well as fire evacuation procedures.
(c)
The ARC Supplier Personnel shall be trained in the following:
(i)
(ii)
10-404788-3
Investing in, and implementing technical solutions to improve operating
efficiency.
The Services - An Introduction. To cover:
(A)
ARC processes and protocols;
(B)
Risks/dangers faced by lone workers;
(C)
Difference to traditional alarms;
(D)
Device use and maintenance;
(E)
User Service needs;
(F)
Examples of good/bad Red/Amber Alerts;
(G)
Escalation procedures; and
(H)
Types of Device.
Lone worker Operating Procedures
(A)
Technical competence training and test to include training to
establish a Location Fix; and
(B)
Side-by-side evaluation (minimum of 24 hours).
66
(iii)
Conducting dynamic risk assessments (a continuous process of identifying
hazards and risks and taking steps to eliminate or reduce them in the rapidly
changing circumstances of an incident).
(iv)
Delivering excellent customer service, though:
(v)
10-404788-3
(A)
Dealing with difficult customers;
(B)
Dealing with difficult situations;
(C)
Working within time bound parameters;
(D)
Working with stressful situations; and
(E)
Taking objective decisions.
Understanding the Customer
(A)
NHS organisational structure;
(B)
NHS Users and their situations;
(C)
NHS acronyms and definitions;
(D)
NHS User work profiles;
(E)
NHS User environmental knowledge; and
(F)
NHS working conditions.
(vi)
Use of CRM
(vii)
Use of Alarm Handling Software
(viii)
Use of location tracking software
(ix)
Telephone techniques
(x)
Email etiquette
(xi)
Soft skills
(xii)
Required process for the provision of evidence
(d)
All ARC Supplier Personnel shall have individual training records that keep a record
of all training received and shall be reviewed regularly.
(e)
All ARC Supplier Personnel shall undergo training and competency assessment
before inclusion in the rota. They shall be continually assessed and receive ongoing
and annual refreshment training in accordance with contract, service needs, and any
changes to Services in accordance with development reviews and individual
assessment.
(f)
The Authority will accept and test the training material in accordance with the
Operational Change Procedure, with any further amendments being in accordance
with the same procedure.
67
1.10
Vetting of ARC Supplier Personnel
The vetting and recruitment of all ARC Supplier Personnel shall be in accordance with clause
24 (Personnel Security). The Supplier shall employ a series of rigorous checks on all
candidates for employment. These include:
1.11
(a)
Five year employment and education screening check;
(b)
Mandatory take up of character references;
(c)
Credit checks of all staff; and
(d)
CRB checks.
ARC Supplier Personnel performance
The Supplier shall ensure that the ARC Supplier Personnel meet the performance
requirements to deliver the Services as follows:
(a)
ARC Supplier Personnel response to an incoming Red Alert shall be within 10
seconds;
(b)
The Supplier shall monitor, review and assess, on a monthly basis, 10% of Red Alerts
taken by each ARC Supplier Personnel to ensure processes and protocols are
followed;
(c)
The Supplier shall monitor, review and assess, on a monthly basis, 10% of all notes
taken by each ARC Supplier Personnel to ensure Service Levels are met with respect
to management information reports;
(d)
As detailed in Part 3.1 (Service Management), the Supplier shall monitor User
feedback on satisfaction levels via all communication channels (telephone, e-mail and
letter) on a monthly basis and produce result and trend analysis with
recommendations and actions to enable the Supplier to continuously improve the
quality of the Service. The Supplier shall provide the results of this feedback to the
Authority within 5 Working Days of the end of each reporting period.
2
ARC processes and response to Alerts
2.1
Amber Alerts shall be recorded by the Alarm Handling Software and shall only be listened to
by ARC Supplier Personnel during quality audits, and in the event of a Red Alert.
2.2
All Amber Alert audio that is not related to a Red Alert shall be deleted by the Supplier after 3
months.
2.3
Recording shall commence on receipt of a Red Alert and shall be automatically prioritised by
the Alarm Handling Software. The ARC Supplier Personnel shall commence monitoring the
voice channel within 10 seconds, and monitor and assess the situation to determine whether
it is a False Alarm or a Genuine Alarm.
2.4
For False Alarms.
In the first instance, the Supplier shall contact the User, via the telephone number provided on
the User Profile Form and ask them to manually reset the Device;
10-404788-3
68
2.5
(a)
In the event that the ARC Supplier Personnel cannot contact the User, the recording
shall continue, and the Supplier shall follow the escalation procedure and telephone
the contact(s) provided by the Authorised Customer Representative;
(b)
In the event that the ARC Supplier Personnel cannot contact either the User, or the
Escalation Contact, recording shall continue and voicemails shall be left for the User
and the Escalation Contacts every 20 minutes, to advise them to contact the ARC.
The recording shall continue until the Device battery expires.
Genuine Alarms.
The ARC Supplier Personnel shall listen to the live audio, perform a Location Fix on the User,
cross- reference the location with the message left on the Amber Alert audio recording, and
conduct dynamic risk assessments. Where the ARC Supplier Personnel deems it appropriate
further Location Fixes can be acquired. As a result the Genuine Alarm will be classified
either:
(a)
Genuine Alarm Closed Safely
(i)
(b)
10-404788-3
This occurs when the Red Alert is cancelled by the User because they are no
longer at risk. The Supplier Personnel shall then contact the User by
telephone to:
(A)
confirm the situation is satisfactorily closed
(B)
ensure that the Supplier understands the reasons for the User
activating the Alarm
(C)
provide User reassurance that
(ii)
In the event that the ARC Supplier Personnel cannot contact the User the
Supplier shall follow the escalation procedure and telephone the contact(s)
provided by the Authorised Customer Representative.
(iii)
In the event that the ARC Supplier Personnel cannot contact either the User,
or the Escalation Contact, voicemails shall be left for the User and the
Escalation Contacts every 20 minutes, to advise them to contact the ARC.
Genuine Alarm Escalated to the Emergency Services
(i)
The ARC Supplier Personnel shall listen to the live audio, perform a Location
Fix on the User, cross- reference the location with the message left on the
Amber Alert audio recording, (where available) and conduct dynamic risk
assessments until the situation requires the escalation procedure to be
followed.
(ii)
The Supplier Personnel shall escalate the alarm to the Police or the
appropriate emergency services, and also contact the specified Escalation
Contact, should the outcome of the audio assessment meet any of the
following criteria:
(A)
Physical/verbal assault/robbery;
(B)
Potential assault about to take place;
69
(iii)
2.6
2.7
(C)
User in distress and/or asks for assistance; and
(D)
User asks for the Police or other Emergency Services.
In the event that the ARC Supplier Personnel cannot contact the Escalation
Contacts, voicemails shall be left for the Escalation Contacts every 20
minutes, to advise them to contact the ARC.
Liaison & Co-ordination with Emergency Services
(a)
The ARC shall utilise the Unique Reference Number (URN) process developed by the
Association of Chief Police Officers (ACPO). When dealing with Emergency Services
that do not use the URN process, the ARC Supplier Personnel shall dial 999, and ask
to be put through to the emergency services local to the Device location;
(b)
The last known Location Fix and all User Information shall be made available to the
emergency services, including known user medical conditions;
(c)
The ARC Supplier Personnel shall listen until the User confirms they are safe.
Escalation
User Escalation Contact details shall be stored in the Alarm Handling Software and shall be
referred to by the ARC Supplier Personnel when escalation is required.
2.8
2.9
Poor coverage
(a)
The Supplier shall provide management information, via the Alarm Handling
Software, relating to poor GSM network coverage at the end of each reporting period
to the Authorised Customer Representative. Users who have issues with network
coverage will be highlighted in this report.
(b)
As outlined in Part 3.5 (Networks), where inadequate coverage for a User is identified
the Supplier shall contact the User and instigate a proactive discussion. If the User
could achieve better coverage on another network the Supplier shall arrange a ‘SIM
swap’ onto that network.
(c)
In the event that poor or no coverage is the result of network outages the process
outlined in Part 3.5 (Networks) shall be followed by the Supplier.
Inactivity Checks
The Supplier shall provide management information, via the Alarm Handling Software,
relating to low (less than 10% of the average monthly Amber Alerts) or no Device activity.
This report shall be supplied to the Authorised Customer Representative on a monthly basis
and the threshold of checks shall be reviewed, and any amendments shall be updated in
accordance with the Operational Change Procedure on a quarterly basis.
2.10
(Quality checks on Amber Alerts and Red Alerts
The Supplier shall complete quality checks on all Red Alerts, all Amber Alert messages
associated with Red Alerts, and 1% of all other Amber Alerts. Particular focus shall be
applied to new Users. The quality checks shall involve:
(a)
10-404788-3
Audibility
70
(b)
Timing
(c)
Fullness of information (i.e. postcode, house number) and
(d)
Quality of risk evaluation
and this assessment and feedback shall form part of the Management Information reports to
the Customer and Authorised Customer Representative.
2.11
Production and Authority acceptance (in accordance with the Operational Change Procedure)
of Standard Operating Procedures, Scripts and Process Flows:
(a)
The Supplier shall design a set of bespoke Standard Operating Procedures, scripts
and process maps, to deal with the range of ARC functions. The Authority will accept
and test the SOPs in accordance with the Operational Change Procedure.
(b)
The Supplier shall conduct reviews with the Authority in order to modify, expand or
amend existing Standard Operating Procedures, scripts, and process maps to
conform to the needs of the Authority. These reviews shall be conducted by the
Supplier, in the form of Supplier operational and account management staff, as
required. Any further amendments shall be accepted in accordance with the
Operational Change Procedure.
3
Capture and Collation of User Data
3.1
Recording of evidence and provision of evidence
The Supplier shall record Red Alerts and Amber Alerts, via the Alarm Handling Software, in a
format that can be used in a court as evidence. Where incidents occur that may require
provision of evidence, the Supplier shall adhere to the following:
10-404788-3
(a)
The Supplier shall report Red Alerts to the Authorised Customer Representative
within 15 minutes of the Red Alert closure;
(b)
At the conclusion of a Genuine Alarm, and where evidence is required by the Police
or the Authorised Customer Representative/LSMS, the associated data shall be
downloaded from the appropriate server i.e. Alarm Handling Software/telephone
system, to an encrypted copy disc. The quality of the storage data shall be
comparable to that of the original. The copy data shall be placed in secure storage
inside the BS5979 CAT II Centre;
(c)
The Authorised Customer Representatives/LSMS shall be sent within one hour of the
closure of an incident, an email containing unique incident details of all Genuine
Alarms, Genuine Alarms closed safely and False Alarms where the ARC Supplier
Personnel believe and incident has taken place, together with a link to a secure
password protected website location. The Authorised Customer RepresentativeLSMS shall be able to access, and listen to, the associated audio via the secure
password protected website location. The audio clips will be removed from the unique
secure location after a period of 30 days, unless a request is made to extend the
period;
(d)
The ARC Supplier Personnel shall sign a witness statement and retain a copy for
Supplier records;
71
3.2
(e)
Where the Police or Authorised Customer Representative/LSMS review a recording,
the Supplier shall enter the details in the recorded material register;
(f)
The Supplier shall record Police visits in the daily occurrence book;
(g)
Audio discs shall be placed in an evidence bag with the ARC Supplier Personnel
witness statement, sealed and labelled. Details of which shall be recorded in the
recorded material register; and
(h)
Either the Police or the Authority shall collect and sign for the evidence bag.
Archiving Requirement
The Supplier shall adhere to the following archiving requirements:
(a)
Recordings of Genuine Alarms shall be retained by the ARC for the Police and the
Authorised Customer Representative (LSMS) to access for 12 months and shall be
securely disposed by the Supplier at the end of the retention period;
(b)
In exceptional circumstances, on the request of the Authorised Customer
Representative (LSMS), the Supplier shall retain recordings of Genuine Alarms in
support of criminal, civil or local action against an offender by the Customer for an
agreed period of time. Recordings shall be securely disposed of by the Supplier to the
timescales outlined by the Customer;
(c)
Where a Genuine Alarm is activated but closed safely by the User, without the Police
being called, the recording of the Genuine Alarm shall be retained by the ARC for the
Police and Authorised Customer Representative to access for 12 months;
(d)
False Alarm recordings shall be deleted from the Suppliers ARC operating software
within 24 hours. Where the ARC Supplier Personnel (LSMS) believe that an incident
has taken place even though the User has agreed to close the Alarm, the ARC shall
notify the Authorised Customer Representative who shall listen to the recording to
ascertain if any further action is required before the recording is deleted;
(e)
The Supplier will provide recordings to the Authorised Customer Representative
(LSMS) if requested to do so in order to fulfil any legal obligation on part of the
Customer;
(f)
Amber Alerts associated with Red Alerts shall be retained for 12 months; and
(g)
Amber Alerts not associated with Red Alerts shall be retained for three months for
User safety development purposes, quality control and in anonymised form for
training of ARC Supplier Personnel.
Part 3.4 - User Devices
1
User Devices
1.1
Devices issued are safety equipment, and provided to Users by the Customer and Supplier in
support of providing a safe working environment, as required under Health and Safety
10-404788-3
72
legislation. Users shall be encouraged to take all due care to maintain the Device in good
working order.
1.2
Authorised Devices at the date of signing the Agreement are:
Identicom i750
Discreet GSM based Device for Users whose primary risk is
verbal abuse or physical attack
Identicom i757
Discreet GSM based Device for Users whose primary risk is
verbal abuse or physical attack, with added benefit of GPS
location for Users operating in more rural locations or where
Amber Alerts are not always possible
Identicom i770
Discreet GSM based Device with ‘man down’ functionality for
Users who also have working environment risks (e.g. slips,
falls, chemicals, travel in rural locations)
Identicom i777
Discreet GSM based Device with ‘man down’ and GPS location
for Users with environmental risks and where more accurate
location is required
User/Trust
supplied Mobile
Phone
Any mobile phone capable of having speed dials set up on keys
5 & 8. Mobile phones with touch-screens, auto key-locks or flip
phone mechanisms are excluded
1.3
In addition to the above, the Supplier will make available other authorised Devices, additional
to the Identicom range, subsequent to the initial roll out. These Devices will meet in all
respects the full functionality required by the Authority and will provide Customers with
flexibility and choice in their buying options in order to meet the diverse requirements of
Users.
1.4
The Supplier will also support User provided mobile phone handsets where the mobile
technology is of a standard supportable by the ARC, the recording requirement, and meets
the mandatory requirements listed in Appendix 2 for acceptable mobile phone specification. If
the SIM card is provided by the User, the User shall bear the network costs associated with
that SIM card. The Supplier shall not warrant either a mobile or a SIM card not provided by
the Supplier.
1.5
The Supplier shall also support existing Devices in use by Customers where those Devices
are deemed fit for purpose by the Supplier and therefore suitable for inclusion in this
Framework Agreement. The Supplier shall not provide any additional warranty over and
above that which might already exist on transfer of the existing Device, but shall accept all
warranties that exist on transfer. The mandatory requirements for a Device to be listed on an
Order are that the Device will need to be less than 36 months old, with the option to retain the
existing customer SIM card, or the existing customer SIM card being exchanged for a
Supplier SIM card.
1.6
Authorised Device specifications
The authorised Device minimum specifications are detailed in Appendix 2.
1.7
10-404788-3
Ongoing Device review
73
The Supplier shall undertake a product review in line with clauses 4.5 and 4.6 (Available
Services) of this Framework Agreement.
1.8
Faulty Devices shall be dealt with in accordance with Part 3.1 (Service Management)
paragraph 1.24.
1.9
Requests for change shall be managed by the Supplier via the Service Desk as detailed in
Part 3.1 (Service Management) paragraph 1.25.
1.10
Device Pooling and Device Sharing
1.11
10-404788-3
(a)
The Customer may ask the Supplier to make Devices available, for both pooling and
sharing. In these circumstances, no more than 10 Users shall be allocated to a
Device, and the Escalation Contact shall remain the same for all Users.
(b)
Sharing is when more than one User shares the same Device on a regular or
programmed basis (for instance, in a job share).
(c)
Pooling is when there exist a number of Devices held in common use by a group of
(nor more than ten) Users.
(d)
The quality of the Service shall remain the same for individual Users as for sharing
and pooled Users.
(e)
The ARC shall handle pool and shared Devices as per an individually issued Device.
However to close an Alarm safely it is important that all pooled and shared Device
Users leave their name on every Amber Alert in order that the correct User is
contacted by the ARC Supplier Personnel to close an Alarm down.
(f)
The Supplier shall train all pooled Device Users. During User training, the Supplier
shall train Users in the correct use of a pooled Device. The User shall leave their full
name as part of any Amber Alert message to enable the ARC Supplier Personnel to
identify the User in the event of a Red Alert. Failure to leave name details will not
result in a drop in ARC response times but it may inhibit a fully effective response
from Emergency Services.
Device Pooling Reallocation Process
(a)
Where pooled Devices need to be reallocated, for example, to another department,
the Authorised Customer Representative shall raise a RFC via the Service Desk. This
process is detailed in Part 3.1 paragraph 1 (Service Desk). The request shall be
given a reference number generated by the CRM system to enable the progress of
the request to be tracked via the Service Desk.
(b)
The Service Desk shall obtain a completed and signed User Information Form from
the new Users and immediately update the CRM system, the Alarm Handling
Software, and the location tracking software with the new User details. The Service
Desk Supplier Personnel shall arrange training for the new Users. The new User
CRM records shall be suspended until training has taken place.
(c)
Where the Users have previously completed training, the Device shall be activated on
receipt.
(d)
Details of the old Users shall be deleted or marked as old as requested.
74
(e)
The RFC shall be closed by the Supplier on confirmation of (i) Completion of training
course; and (ii) Receipt of Device.
2
Supplier Management and control of the process of linking Device, SIM and User
Information
2.1
The linking of Device, SIM and User Information shall be managed as a two stage process by
the Supplier:
(a)
(b)
2.2
2.3
(i)
The unique serial numbers of the Device and the SIM as well as the SIM
mobile number shall be recorded by Service Maintenance directly to the
Alarm Handling Software by way of a web based portal.
(ii)
The Device at this point shall be given a unique identifying number by the
Alarm Handling Software which shall serve to track the relationship between
Device and SIM thereafter. The Device shall be labelled clearly with the
Device type, serial number, SIM phone number and the unique identifying
number. SIMs shall be made live and Devices shall then be tested directly
with the Alarm Handling Software, charged, turned off and posted to the
Trainer/User.
Stage two, allocation Device and SIM to the User:
(i)
This function shall be carried out at the point of training or at a point previous
where the User’s information is gathered in full on the User information form.
(ii)
The unique identifying number shall be allocated to the User and all User
data fields completed on the Alarm Handling Software. This function shall be
carried out by the Service Desk. The Service Desk shall also check all data
entered, and ready the system for the agreed go-live date.
Technology Refresh
(a)
Where a Device is returned to the Supplier (e.g. faulty, damaged, termination of
service, or a recovered lost or stolen Device), the Supplier shall perform a Device
Refresh where applicable.
(b)
The Device Refresh shall include full Device repair and refurbishment, battery
replacement, and software upgrade (if applicable). The Device shall be tested and
repackaged in new plastics. Any device judged to be beyond economical repair shall
be scrapped.
(c)
The Supplier shall undertake root cause analysis on returned Devices and report the
results to the Authority.
(d)
The Supplier shall not be responsible for Technology Refresh of existing Devices in
use by Customers.
Mandatory and Optional Accessories
(a)
10-404788-3
Stage one Device and the SIM:
Each Device shall come with a mandatory accessory list, included within the price of
providing the Services to each User (including pooled Device Users), and is detailed
in the Maximum Charges.
75
(b)
The mandatory accessories shall be provided to each User at the time that the
Device is issued, and will be provided, including if lost or damaged, by the Supplier
for the duration of the Contract.
(c)
Mandatory Accessories:
Part number
(d)
EXT1001
Identicom power supply
EXT1002
UK plug adapter for power supply
EXT1007
Identicom lanyard (blue)
EXT1008
Identicom plastic lapel clip
PLA1005
Identicom lanyard plug (x3)
QRG001
Quick Reference Guide
PLA1004
Identicom SIM door
Optional Device Accessories. which shall be available at additional cost to the
Customer:
Part number
2.4
Description
Description
EXT1001
Identicom additional power supply
EXT1013
Identicom Manual (E/F/G)
EXT1017
Identicom in-car charger
EXT1012
Identicom silicon rubber case
Device Manufacture
The Devices shall be manufactured in the United Kingdom. In the event that the Supplier
wishes to change the location of manufacture the Supplier shall make such request via the
Agreement Change Procedure. Any reduction in manufacturing costs, achieved as a result of
industrialisation and/or new location, will be reflected into the Maximum Charges in the form
of reduced pricing.
2.5
10-404788-3
Short-term Rental Pool
(a)
The Supplier shall provide a facility for Customers’ to procure a Contract for the
Service for periods of time not less than six months and not more than twelve for the
purposes of short term operational requirements, where a longer contract term is not
appropriate.
(b)
The Supplier will provide the Customer with a Device or Devices taken from a central
pool established for this purpose, and will allocate these to Users following the
process outlined in Part 3.1, paragraph 1 (Service Desk).
(c)
Sharing of such Devices between Users is permitted.
76
Part 3.5 - Networks
1
Network Operators
1.1
The Supplier shall utilise its and the NHS’ existing relationships with Vodafone (the “Network
Operator”) to provide the GSM network component of the Services. The Supplier shall also
maintain relationships with O2 and Orange to ensure that competativeness in the supply of
network services is maintained.
1.2
The Supplier is responsible for procuring the related Services and the Network Operators
compliance with the Service Levels. The Supplier shall manage the Network Operator to
ensure that related Services meet the Service Levels detailed in this Framework Agreement.
1.3
The Supplier shall ensure that the Network Operator has the ability to provide Services to all
Users in order to ensure best network coverage is provided.
1.4
To achieve best value, the Supplier shall award the contract to provide network services to
one Network Operator, but have the ability to switch to another Network Operator to improve
Service Levels and/or improve pricing if at any time during the contract period this may be
required. In the event that the Supplier wishes to change the Network Operator it shall notify
the Authority who shall not unreasonably refuse a request in the event that the Supplier can
demonstrate that Service Levels and/or User experience will not deteriorate.
1.5
Where possible the Supplier shall ensure that all SIM cards used shall be limited in the
numbers they can dial or text to ensure risk of SIM misuse is minimised.
2
Network Services Provided
The Network Operator delivers an estimated minimum ‘outdoor’ coverage of 99% of UK
population for its 2G (voice and text messaging) services. The Services shall utilise 2G
services and shall not be reliant in any way on more recent 2.5G (GPRS) or 3G services
which have lower quoted coverage levels.
3
Coverage Mapping & SIM Swapping
3.1
As part of any initial implementation carried out, the Supplier shall make an active
assessment of the mobile coverage in the areas where Users shall be operating. As well as
relying on coverage maps from the Network Operator the Supplier shall also seek known
opinions regarding coverage from Users and managers (local knowledge) and in some cases,
where appropriate, the Supplier shall actively go out and test coverage in certain areas of
concern. Such testing shall deliver back to the Service Desk an actual measured value from
test Devices, showing the coverage level achieved. A record of these tests and their results
shall be maintained by the Supplier. From this test data, the Supplier’s implementation team
can make an informed judgement about which network is best to use. In areas where there
are existing black spots and/or poor network availability the Supplier shall utilise the network
that offers best coverage.
3.2
Following implementation and rollout the Supplier Service Desk Personnel shall proactively
monitor the coverage of Devices deployed by looking at Status Check signals returned from
Devices. If any are identified as providing inadequate coverage for that User then the Service
Desk shall contact the User and instigate a proactive discussion and if the User could achieve
better coverage on another network the Service Desk shall arrange a ‘SIM swap’ onto that
network.
10-404788-3
77
3.3
The ‘SIM swap’ procedure will be carried out from the Service Desk and with the full
knowledge of the User involved. A live SIM from an alternative network shall be dispatched
directly to the User. The replacement SIM shall be accompanied by clear instruction for the
User to contact the Service Desk on receipt to undertake a ten minute SIM swap procedure.
The Service Desk Supplier Personnel shall walk the User through the SIM swap and then ask
the User to place the unit on charge. Once confirmed as being on charge the Service Desk
Supplier Personnel shall then initiate configuration of the SIM over the air.
3.4
The Service Desk will then confirm to the User when this process has been completed. The
User shall then be instructed to return the original SIM in a prepaid envelope that has been
provided.
3.5
The SIM swap process shall not be available to Users where their own mobile phone is being
utilised as the lone worker device.
4
Network Availability
4.1
The Network Operator shall report monthly and the Supplier shall undertake a formal
quarterly review process against the following primary service levels relating to availability
and quality of service:
(a)
Call completion success rate;
(b)
Dropped call rate;
(c)
Call set up success rate;
(d)
Cell availability;
(e)
SMS ‘end to end’ transaction success rate within 90 seconds; and
(f)
Average SMS transaction time.
4.2
If, during a Red Alert activation, the call is dropped by the network, the ARC Supplier
Personnel shall dial back into the Device and pick the call back up discreetly. The ARC
Supplier Personnel shall be able to do this as one of the authorised numbers configured into
the Device.
4.3
The Network Operator shall be required to provide a monthly summary of its performance
against each of these Service Levels within 10 Working Days of the end of the calendar
month. The Network Operator shall also commit to meeting with the Supplier on a quarterly
basis to review performance. A summary of all Network Operator Service Levels shall be
included in the regular reporting to the Authority.
4.4
Any failure of any individual Service Level shall be highlighted by the Network Operator in
their monthly report and shall require the Network Operator to detail remedial action taken to
ensure correction of the issue(s) that has caused the drop in Service Level. All
communication of these incidents shall be between the Supplier’s Contract Manager and the
nominated Service Manager at the Network Operator.
4.5
If the same Service Level is missed two months in a row or two months in every four, then
escalation of the issue shall be expected from the Network Operator. A formal request for
rectification shall be made by the Supplier to an escalated senior management point of
contact at the Network Operator. A formal response shall be provided by the Network
Operator within 10 Working Days. Failure to provide a suitable corrective action shall result in
10-404788-3
78
new connections to the Network Operator being temporarily suspended pending further
investigation and rectification. Devices returned for Technology Refresh shall also be
swapped to an alternative Network Operator.
4.6
Continued failure to meet agreed Service Levels with the Network Operator shall result in
discussion taking place between the Supplier, Network Operator and the Authority (where
appropriate). If the Service Level failure is deemed critical by the Supplier, and accepted by
the Authority and the Network Operator is unable or unwilling to provide resolution within an
acceptable timeframe, then the Network Operator shall be given notice of the Supplier’s intent
to move existing and all new connections to an alternative Network Operator.
4.7
If a mass SIM swap is required then the Supplier shall manage this in a structured and
deliberate way so as to minimise disruption to Services. This shall in the first instance entail
an analysis of the existing Network Operator Service Levels and applying these at the level of
the Customer. If the existing Network Operator Service Levels are consistently being met at
Customer level then these SIMs shall not be subject to a SIM swap. Instead, focus shall be
applied to those Customer areas where the Service Levels is not being met. Once identified,
the Supplier shall provide a pool of replacement Devices configured with an alternative
Network Operator SIM. These shall be used to replace Devices identified as needing to be
swapped. The Supplier shall terminate SIMs associated with returned Devices. The Supplier
shall carryout a Technology Refresh on the returned Devices, which shall then be used to
swap out the next batch of Devices identified as needing to be swapped. This process shall
be managed several times over during the course of an agreed period until all Devices
affected by the existing Network Operator are swapped.
5
Communication of Outage
5.1
The Service Desk shall notify Users and Authorised Customer Representative of an
unplanned network outage.
5.2
The CRM system used by the Supplier shall enable a report to be run that shall identify all
Users by location (based on Trust address). This report shall be run from notification of an
unplanned outage from the Network Operator. This shall identify all Users and Authorised
Customer Representatives in the affected area.
5.3
An automated email and text message shall be sent from the CRM system within the
following 8 minutes to notify Users of the outage, and that for an estimated period of time they
should not rely on their Device to perform.
5.4
Any communication to Users and Authorised Customer Representatives shall provide a clear
indication of the estimated time of the outage. The communication shall also include the
Service Desk phone number for any User or Authorised Customer Representative to call
should they have questions.
6
Dealing with Planned and Unplanned Outages
6.1
Local planned and unplanned outages.
The Network Operator shall manage a rolling program of planned local cell outages. These
are required to maintain software, firmware and to carry out any required hardware
maintenance. All planned outages shall be carried out during 10pm to 4am as this is the least
busy period for the Network Operator. All planned outages shall be managed cell by cell and
never involve neighbouring cells. This shall ensure that coverage is least effected as
neighbouring cells provide coverage to that cell effected.
10-404788-3
79
6.2
The Network Operator shall provide the Supplier with between two and five Days notice of a
planned outage. Whilst the Supplier shall maintain a note of these planned outages to assist
with any incoming technical support questions, planned outages shall not be communicated
given their unlikely effect on the Services.
6.3
Unplanned outages shall be graded according to their severity level, all Network Operators
adopt the same logic summarised as follows:
(a)
P0 – Catastrophic outage of the Network Operator’s regional service centre causing
significant disruption to a wide range of clients across a whole region.
(b)
P1 – Thousands of Users effected or multiple cell sites affected
(c)
P2 – Multiple sites effected but up to an estimated 1000 Users affected
(d)
P3 – Single cell site outage but coverage not likely to be affected
6.4
The Supplier shall be notified by e-mail of any P0, P1 and P2 level outages, normally within 2
hours of the occurrence. Any such occurrence shall be communicated by the Supplier as
described in e) above. The Supplier shall also communicate any extension to the unplanned
outage if it is not rectified within the original quoted timescale. P3 outages shall only be
communicated to the Supplier once they become a planned maintenance outage (if required).
It should be noted that the Network Operator’s board level operations staff are automatically
notified of any P0 and P1 unplanned outages to ensure all actions are taken to rectify the
issue.
6.5
Regional planned and unplanned outages
No regional planned outages are undertaken by the Network Operator. Unplanned outages
shall be handled as described at paragraph 6.3 above.
6.6
National planned and unplanned outages
No national planned outages are undertaken by the Network Operator. Unplanned outages
shall be handled as described at paragraph 6.3 above.
Part 3.6 - Account Management
1
Initial Account Management
1.1
Framework Agreement
(a)
Partnership Board
(i)
(b)
Account Management
(i)
10-404788-3
The Supplier shall appoint senior executives to the Partnership Board and
they shall carry out their role as indicated in schedule 12 (Governance)
paragraph 3.2 and 3.3. The Supplier shall ensure that the Partnership Board
meet in accordance with the Governance Meeting plan at schedule 12
(Governance) paragraph 5.3.
The Supplier shall provide a dedicated Contract Management team with
sufficient capacity to manage the contract to the full satisfaction of the
Authority. These roles and responsibilities are detailed in schedule 12
80
(Governance) paragraph 4.1. The Supplier Contract Management team shall
include the following roles:
(c)
1.2
1.3
Supplier Framework Manager / Contract Director
(B)
Service Maintenance Manager
(C)
User Training Manager
(D)
Service Desk Supervisor
(E)
National Account Manager
(F)
ARC Manager
The Supplier shall manage the Service as a coherent, single entity, joining together
the elements of Service Desk, Device, Network, Training, Service Maintenance and
ARC.
Call off Contract level
(a)
The Supplier shall provide an Account Management structure that shall be
responsible for delivering front-line relationship management to Customers and
Authorised Customer Representatives. Each Customer shall be allocated a named
Supplier Account Manager, who shall be responsible for liaising with the Authorised
Customer Representative. The Supplier Account Manager shall ensure the rapid
resolution of any issues raised by the Customer or Authorised Customer
Representative and provide accurate and timely Management Information and
manage the implementation/mobilisation of all Devices for that Customer.
(b)
The Supplier Account Manager shall be responsible for acting as the single point of
contact for all Customer issues and coordinating all internal Supplier teams (Training,
Service Desk, ARC, and Service Maintenance).
(c)
The Supplier Account Manager shall be available for regular meetings with each
Customer. These meetings shall be agreed between the Supplier and the Customer
according to the Customer’s needs, but shall be at least monthly initially, in
accordance with the schedule 12 (Governance) paragraph 5.3.
(d)
The Supplier shall provide each Supplier Account Manager with a mobile telephone
and e-mail address to enable Customers to contact them directly.
(e)
The Supplier shall ensure that each Supplier Account Manager is appropriately
trained. This shall include internal training and NHS induction training, followed by
annual ongoing training.
(f)
Supplier Account Managers shall report to the Supplier National Account Manager.
Supplier Account Managers shall be responsible for:
(a)
New Orders
(i)
10-404788-3
(A)
The Supplier Account Manager shall liaise with the Customer and obtain an
Order in accordance with the Ordering Procedures. The Account Manager
81
shall also set up a joint project team to manage the implementation. The
project team shall include the following personnel:
(ii)
(b)
(c)
(A)
Supplier account manager;
(B)
Authorised Customer Representative;
(C)
Customer Associate Director;
(D)
Union Representatives (at Customer’s discretion);
(E)
Department Managers (at Customer’s discretion); and
(F)
Customer Administration Representative.
The project team shall be responsible for agreeing/obtaining the following:
(A)
Number of Devices versus Users (pooled Devices);
(B)
Local knowledge on preferred network if available;
(C)
Name & contact details for the Authorised Customer Representative;
(D)
Users by department;
(E)
Escalation point of contact by department, by User;
(F)
Lone Worker Policy & Procedure;
(G)
Police contact – Crime Reduction Officer (CRO); and
(H)
Go-live time frame following training.
Pre-mobilisation which shall include the following:
(A)
Oversee all the implementation tasks;
(B)
Review the lone worker policies and procedures for each Customer;
(C)
Identify Quarterly Business Reporting dates and attendees for each
Customer;
(D)
Identify and meet the appropriate contact in the Customer’s Accounts
department; and
(E)
Communicate project progress
Customer Representative.
Customer
and
Authorised
Implementation/Mobilisation
(i)
The Supplier Account Manager shall manage and deliver the implementation
for each Customer:
(A)
10-404788-3
to
Agreeing deliverables with the Customer;
82
(B)
Establishing project timetable with Customer and Authorised
Customer Representative;
(C)
Briefing the Supplier Training manager on requirements;
(D)
Briefing the Supplier Service Desk on requirements;
(E)
Overseeing deployment of Devices;
(F)
Overseeing training of Users; and
(G)
Distributing publicity information to the Authorised Customer
Representative throughout the term of the Framework and each
contract.
2
Ongoing Account Management
2.1
Framework Agreement
Will be as described in paragraph 1.1 of part 3.6, above.
2.2
Call off contract level
Post-Implementation the Supplier Account Manager shall:
(a)
Carry out Monthly Supplier/Customer meetings with each Authorised Customer
Representative that they are responsible for and discuss progress in respect of the
contract(s) and performance, management and information provided via the
Management Information monthly reporting process;
(b)
Review Management Information requirements;
(c)
Identify additional training needs;
(d)
Manage deployment for Devices for new starters/leavers;
(e)
Conduct incident reviews;
(f)
Confirm invoice details monthly;
(g)
Oversee resolution of any issues raised through the Service Desk;
(h)
Support any specific marketing tasks identified; and
(i)
Meet with Customer Service Representative to allow access to, and review of, regular
recordings when incidents occur and may require provision of evidence.
Part 3.7 - Supplier Innovation and Continuous Improvement
1
Innovation
1.1
The Supplier shall be innovative in their internal, Authority and Customer facing processes by
harnessing new technology, new processes, good ideas and the latest market best practice.
1.2
The Supplier shall focus on sound communication in delivery of Services with the Authority
and Customers and shall actively encourage Customer feedback from all meetings and
10-404788-3
83
correspondence to enable improvement of Service provision in any way feasible. The
Supplier shall use this feedback to improve on existing delivery processes or adopt new ones,
incorporate new ideas into practices and look to incorporating new, or develop existing
technologies (for example adding additional components to our database), to deliver
improvements in the quality and delivery of Services. This shall assist in achieving better
long-term value for money for the duration of the Contract.
2
Continuous Improvements
2.1
The Supplier shall demonstrate an ingrained ethos of continuous improvement, both in
internal management and Customer facing activities. By maintaining open communication
with the Authority and Customers, including actively using management information, the
Supplier shall be able to measure experiences and outcomes of all Service activities. The
Supplier shall work alongside the Authority and Customers to maintain a process of
continuous improvement of the Services, by using the User survey and satisfaction process
as outlined in part 3.1. This shall enable the Supplier to objectively assess and modify the
Services processes as well as to monitor the quality of the provision to maintain best practice
and achieve continuous improvements for the benefit of the Authority, the Customers and the
Users.
2.2
Additionally, the Supplier’s internal "Management Development Programme" and "Academy"
serves to ensure that best practice is adopted by those engaged in management activities,
both in Service delivery and internal process frameworks. This forms a key component of the
Suppliers ethos of delivering added value and continuous improvement not only as an
employer but also as a Service provider to the Authority, Customers and Users.
2.3
Best Value Improvements – To ensure that the Authority and Customers receives the
fundamental underpinnings of best value (economy, efficiency and effectiveness) in Services,
Supplier innovation and improvement will be an agenda item at all Authority review meetings
with the Supplier presenting Management Information, as per schedule 7 (Management
Information) to the Authority and Customers on the agreed basis as per schedule 12
(Governance). The Supplier shall use the information to review with the Authority and the
Customers the methodology and outcomes of the Services, and to assess the efficiency of
supply in order to agree what best value improvements shall be implemented in the Services
provision. The Supplier shall also assess whether additional forms of Management
Information should be provided to the Authority or Customers which would enable further
analysis and consequent improvements to the value of the Services.
2.4
Innovation and improvements would be implemented to either improve service quality and/or
enable the Supplier to generate efficiencies that enable a reduction in operating/subcontractor
costs that can be passed back to the Authority and Customers in reducing the Maximum
Charges.
Part 3.8 - Invoicing Mechanism
1
Invoicing
1.1
The Supplier shall be entitled to raise an invoice in respect of any payment which falls
payable to the Supplier pursuant to each Contract/Order.
1.2
Invoicing and charges relating to the Services for a Device subscription, will only commence
after the respective User is in receipt of an active Device and has received and passed their
training.
10-404788-3
84
1.3
The Supplier shall submit invoices directly to the invoice address as specified in each
Contract/Order.
1.4
Invoices shall specify:
(a)
the invoice number;
(b)
the date of the invoice;
(c)
the unique (Order) reference;
(d)
the Service Period or other period(s) to which the relevant Charge(s) relate;
(e)
any service credits due (these will be those applicable if incurred at Framework
Agreement level);
(f)
a contact name and telephone number of a responsible person in the relevant party’s
finance department in the event of administrative queries; and
(g)
total value excluding Value Added Tax (VAT);
(h)
the VAT percentage;
(i)
the total value including VAT;
(j)
the tax point date relating to the rate of VAT shown; and
(k)
the banking details for payment to the relevant party via electronic transfer of funds
(i.e. name and address of bank, sort code, account name and number).
1.5
The Customer (or Authority for Model 1 – Jointly Funded Devices as detailed in schedule 6
(Ordering Procedure) shall pay all valid invoices submitted in accordance with the provisions
of the Contract/Order.
1.6
Each invoice shall at all times be accompanied by sufficient information to enable the
Customer or Authority to reasonably assess whether the Charges detailed thereon are
properly payable. Any such assessment by the Customer shall not be conclusive. The
Supplier undertakes to provide to the Customer any other documentation reasonably required
by the Customer from time to time to substantiate an invoice.
1.7
All Supplier invoices shall be expressed in sterling or such other currency as shall be
permitted by the Authority in writing.
1.8
The Supplier’s contact details for invoicing queries is:
Finance Department
Reliance Secure Task Management Ltd
18 Concorde Road
Patchway
Bristol
BS34 5TB
01179336600
10-404788-3
85
2
Management Fee
2.1
The Supplier shall pay a management fee of 3% of spend to the Authority. This management
fee shall be 3% of the total monthly invoice fee arising from all Contracts spend and will be
invoiced as follows:
10-404788-3
(a)
Within 5 Working Days at the end of each invoice month, the Supplier will submit a
statement to the Authority of invoices to the Customers and Authority (where
appropriate) in aggregate, against all related Contracts; stating the total amount of the
fee payable to the Authority;
(b)
The Authority will submit to the Supplier an invoice payable within 30 days for the fee
detailed in the statement provided;
(c)
The Supplier will submit fees to the Authority in accordance with the invoice; and
(d)
The Customer and or the Authority shall have the option of BACS or Direct Debit to
make payment of invoices.
86
Part 3.9
1
Service Levels and Service Credits
1.1
The performance management regime for this Agreement and related Contracts ensures that
the Supplier maintains the standard of delivery at the contracted level, in addition it provides
the Authority with the means to get the Supplier to restore service should service delivery
drop below the agreed level.
1.2
Performance management will be managed using three approaches;
(a)
Level 1; Performance management utilising Service Levels. Where Required Service
Levels (as detailed below) are not met, then Service Credits will be applicable using
the process outlined in this schedule. The Supplier will be required to design, deliver
and implement a rectification plan outlining the reason for the failure, analysis of the
causes of the failure, actions required to restore the Service Level, timeline for the
implementation of the plan, including the expected date by which the Service Level
will be restored, resources needed to complete the plan, any dependencies outside
the control of the Supplier having a direct impact on delivery of the plan, key risks and
issues. It will be the responsibility of the Supplier to demonstrate that the scope of the
plan is sufficient to deliver the expected output (the “Rectification Plan”).
(b)
Level 2; Performance management, utilising Service Levels. The Supplier will be
required to design, deliver and implement a Rectification Plan as detailed above.
(c)
Level 3; in respect of Management Information supplied, the Authority may require
the Supplier to produce and deliver an explanatory report detailing the causes and
circumstances that have resulted in a deterioration or significant change in the
delivery of a particular aspect of the Services. The Supplier shall provide the report
for the Authority’s consideration. Where the Authority, acting reasonably, believes
that a Rectification Plan is required the Supplier shall provide a Rectification Plan to
resolve the performance management issue. Level 3 performance Management
Information will be provided as detailed in schedule 7 (Management Information).
1.3
The table below sets out the Service Levels and Service Credits applicable to the Services
covered by this Agreement, with the Services mainly being provided to Customers under
Contract(s).
1.4
The Supplier’s performance against Service Levels will be calculated and reported through
the Management Information process detailed in schedule 7 (Management Information).
Supplier Service Level performance will be monitored and assessed under the Agreement,
although performance is being measured against the Services being provided across all
Contracts nationally.
1.5
Service Levels will be reported, managed and calculated at the Agreement level on a monthly
basis unless stated otherwise in the table (the “Measurement Period”). Where Level 1
Service Levels fall below the Required Service Level, the Supplier shall provide Service
Credits to all Customers with Contracts within that given Measurement Period, and calculated
as a cash amount on a pro rated basis dependant on the number of Users that received
Services in that Measurement Period. Service Credits are generated through the mechanism
set out in below.
1.6
Other than in paragraph 1.7, where Service Credits are due these shall be payable to
Customers by means of a credit on the Customer's next monthly invoice.
10-404788-3
87
1.7
In relation to centrally funded Services, where the Authority is responsible for payment of
Services the Service Credits shall be payable by means of a credit on the Authority's next
monthly invoice.
1.8
The Total At Risk amount = 2% of the total Charges invoiced in the given calendar month of
measurement. There are a total of 800 points available for distribution across all Service
Levels (the "Allocated Points”). Each Service Level has a number of Allocated Points
attributed to it, as demonstrated in the Allocate Points column. Allocated Points will accrue in
relation to the Supplier's actual performance, where that actual performance is below the
Required Service Level as specified in paragraph 1.9(b). The Allocated Points accrue as
described below. An accrual multiplier operates once a Required Service Level has been
breached, by reference to the Supplier's actual performance.
1.9
The Service Level mechanism will apply to all Level 1 Service Levels detailed in the table
below and will be applied as follows:
(d)
Each Level 1 Service Level has a number of Allocated Points attributed to it, as
demonstrated in the Allocated Points column.
(e)
The first Service Credit applies when the actual Service Level percentage falls below
the Required Service Level by the accrual multiplier percentage e.g. if Required
Service Level is 100% and accrual multiplier for that Service Level is 1% then if the
Suppliers performance for that Service Level is 99.0% or lower then a Service Credit
will be payable.
(f)
If the Required Service Level is 100%, the accrual multiplier is 1% and the Suppliers
actual Service Level is 98%, then the service is 2.0% below the Required Service
Level. If the accrual multiplier is 1% then the Allocated Points will be doubled for that
Service Level.
(g)
The Supplier shall report Service Level performance to two decimal places and
mathematical rounding shall apply, that is, the Supplier rounds the third decimal place
so that any figure up to 0.5 is rounded down and any figure from 0.5 and above is
rounded up.
(h)
For the avoidance of doubt, the maximum number of points that can be converted to
Service Credits in any one month is 800, even if the number of points exceeds 800.
The maximum at risk amount is 2% as detailed in paragraph 1.8 above.
1.10
At the end of each Month the accrued number of Allocated Points will be converted into
Service Credits. Each Allocated Point is worth the Total At Risk amount divided by 800.
1.11
Twice per Year the Authority has the right to request of the Supplier that up to two Service
Levels be changed, with not less than two (2) months written notice. The Service Levels shall
be amended according to the procedures outlined in schedule 8 (Agreement Change
Procedure).
1.12
Twice per Year the Authority may request of the Supplier to adjust the Allocated Points across
the Service Levels. The Service Levels, shall be amended according to the procedures
outlined in schedule 8 (Agreement Change Procedure).
1.13
For all Service Levels that are designated a Default Service Level the Authority shall have the
right to terminate the Agreement for Supplier breach pursuant to clause 16.5(f) when the
Supplier fails to meet any Default Service Level on three occasions within any consecutive 12
10-404788-3
88
month period. For the avoidance of doubt, each occasion that the Supplier fails to meet a
Default Service Level shall be classified as one instance. Any combination of three Default
Service Levels will result in the ability of the Authority to terminate the Agreement for Supplier
breach.
1.14
10-404788-3
With respect to the Default Service Level, any references to percentage amounts below the
Required Service Level refer to absolute percentages (e.g. 2% below 98% is 96%).
89
Part 3.10 – Service Levels and Service Credits
Number
1
Service Level
Title
Availability
–
Service
Desk
Availability
Required
Service Level
Measurement Period/Commentary
Monthly.
Service Desk to be available for the required opening hours being 6am to 8pm
Monday to Friday, excluding weekends and Bank Holidays.
Available in this regard means that Supplier Personnel are available to answer
the telephone or deal with other forms of communication.
Measures the time the Supplier’s Service Desk is available (as described
above).
⎛
⎞
Total Hours Available
⎜⎜
⎟⎟ × 100%
⎝ Total Hours Contractually Specified ⎠
10-404788-3
90
100%
availability
across
the
required
Service Desk
opening hours
Accrual
Multiplier
0.5%
Allocated
Points
Level 1;
Allocated
Points 60
Default
Service
Level
Yes – 3%
below
Required
Service
Level
Number
2
Service Level
Title
Required
Service Level
Measurement Period/Commentary
Availability
–
ARC Availability
Monthly
ARC available 24 x 7 x 365. Available in this regard means that Supplier
Personnel are available to deal with Red Alerts, Amber Alerts or undertake
their other duties e.g. quality checks.
Measures the time the Supplier’s ARC is available (as described above).
Accrual
Multiplier
Allocated
Points
Default
Service
Level
100%
availability
within
the
measurement
period
0.25%
Level 1;
Allocated
Points 100
Yes – 3%
below
Required
Service
Level
99%
availability
within
the
Measurement
Period
1%
Level 1;
Allocated
Points 90
Yes – 3%
below
Required
Service
Level
⎛
⎞
Total Hours Available
⎜⎜
⎟⎟ × 100%
⎝ Total Hours Contractually Specified ⎠
3
Availability
Networks
–
Monthly.
Availability of the GSM network measured nationwide across the Services
⎛ Total HoursNetwork Available ⎞
⎜⎜
⎟⎟ ×100%
Total Hours
⎝
⎠
10-404788-3
91
Number
4
Service Level
Title
Availability
Information
website and elearning
availability
Required
Service Level
Measurement Period/Commentary
Monthly.
Information website and e-learning to be available 24 hours a day.
Measures the time the information website and e-learning facility for new
Users and refresher training for existing Users is available
Accrual
Multiplier
Allocated
Points
Default
Service
Level
99%
availability
within
the
measurement
period
1%
Level 1;
Allocated
Points 20
Yes – 2%
below
Required
Service
Level
98% within 30
Seconds
1%
Level 1;
Allocated
Points 40
Yes – 3%
below
Required
Service
Level
100% within 75
Seconds
Not
applicable
Level 2;
No Service
Credits.
Yes – 3%
below
Required
Service
Level
⎛
⎞
Total Hours Available
⎜⎜
⎟⎟ × 100%
⎝ Total Hours Contractually Specified ⎠
1A
Service Desk 1A
- Call Answer
Timeliness
–
answer
within
30 seconds
Monthly.
Average speed of answer of calls into the Service Desk, to be answered within
30 seconds. This time frame includes the pre recorded message that informs
the caller that the call may be recorded for training purposes.
Measures the percentage of telephone calls answered by Supplier Personnel
within the Service Desk within the allowable time period
⎛ Total Number Of Calls Answered Within 30 Seconds ⎞
⎜⎜
⎟⎟ × 100 %
Total Number of Calls Answered
⎝
⎠
1B
10-404788-3
Service Desk Call
Answer
Timeliness
–
answer
within
75 seconds
Monthly.
Average speed of answer of calls into the Service Desk, to be answered within
75 seconds. This time frame includes the pre recorded message that informs
the caller that the call may be recorded for training purposes.
92
Number
Service Level
Title
Required
Service Level
Measurement Period/Commentary
Accrual
Multiplier
Allocated
Points
Default
Service
Level
Measures the percentage of telephone calls answered by Supplier Personnel
within the Service Desk within the allowable time period
This measure to include those calls that are included in Service Desk 1A.
⎛ Total Number Of Calls Answered Within 75 Seconds ⎞
⎜⎜
⎟⎟ × 100%
Total Number of Calls Answered
⎝
⎠
2
Service Desk Abandoned
Calls
Monthly.
No more than
2%
Measures the number of calls at the Service Desk which are either abandoned
or dropped.
⎛ Total Number Of Calls Abandoned / Dropped ⎞
⎜⎜
⎟⎟ ×100%
Total Number of Calls
⎝
⎠
10-404788-3
93
Not
Applicable
Level 2;
No Service
Credits
No
Number
3
Service Level
Title
Service Desk Immediate Call
Resolution
Required
Service Level
Measurement Period/Commentary
Monthly.
Measures the ability of Service Desk to achieve call resolution when the User
first contacts the Service Desk.
⎛ Total Number Of Calls Resolved During the
⎜
Initial Contact
⎜
⎜
Total Number of Calls
⎜
⎝
40% for Month
1 from the date
of signing the
Framework
Agreement
45% for Month
2 from the date
of signing the
Framework
Agreement
⎞
⎟
⎟ ×100%
⎟
⎟
⎠
50% for Month
3 from the date
of signing the
Framework
Agreement
65% for Month
4 from the date
of signing the
Framework
Agreement
With a further
review after 12
months.
10-404788-3
94
Accrual
Multiplier
Not
Applicable
Allocated
Points
Level 2; No
Service
Credits.
Default
Service
Level
No
Number
4A
Service Level
Title
Service Desk Service
Desk
Communication
Resolutions
within
1
Working Day
Required
Service Level
Measurement Period/Commentary
Monthly.
10-404788-3
Service Desk Service
Desk
Remaining
Communication
Resolutions
within
1-2
working days
Default
Service
Level
1%
Level 1;
Allocated
Points
40
Yes –
10%
below
Required
Service
Level
100% within 2
Working Days
1%
Level 1;
Allocated
Points 30
No
⎞
⎟
⎟
⎟ × 100%
⎟
⎟
⎠
Monthly.
In the event that the Supplier cannot resolve a communication raised with the
Service Desk within 1 Working Day (the timescales detailed in Service Desk
4A), this metric will measure the time taken to resolve outstanding cases
within 2 Working Days.
95
Allocated
Points
95% within 1
Working Day
Measures the time taken to resolve a communication raised with the Service
Desk. This measure to include those calls not resolved during initial contact as
detailed in Service Desk 3 above, but to exclude those cases resolved within
the Required Service Level specified in Service Desk 3 above.
⎛ Total Number Of Email , Fax, Letter and Calls Resolved Within 1 Working
⎜
Day (−) Total Number of Calls Re solved During First Contact
⎜
⎜
Total Number of Email , Fax, Letter and Calls (−) Total Number of
⎜
⎜
Emails , Fax, Letter and Calls Resolved During First Contact
⎝
4B
Accrual
Multiplier
Number
Service Level
Title
Required
Service Level
Measurement Period/Commentary
⎛ Total Number Of Email , Fax, Letter and Calls Resolved Within 2
⎜
⎜ Working Days (−) Total Number of Emails, Calls , Fax and
⎜
Letter Resolved Within 1 Working Day
⎜
⎜ Total Number of Email , Fax, Letter and Calls (−) Total Number of
⎜ Emails, Fax, Leters and Calls Resolved Within 1 Working Day
⎜⎜
⎝
5A
Service Desk –
Update
information/
systems
updated within 1
Working Day
Monthly.
98% within 1
Working Day
Measures the time taken for the Service Desk Supplier Personnel to update
information and systems following a communication from a Customer, User or
Authorised Customer Representative.
96
Allocated
Points
Default
Service
Level
⎞
⎟
⎟
⎟
⎟ × 100%
⎟
⎟
⎟⎟
⎠
⎞
⎛
Total Number Of Communicat ions that Require Inf ormation /
⎟
⎜
1
Systems to be Updated Within Working Day
⎟
⎜
⎜ Total Number of Communicat ions that Require Informatio n / Systems ⎟ × 100 %
⎟
⎜
⎟
⎜
to be Updated
⎠
⎝
10-404788-3
Accrual
Multiplier
1%
Level 1;
Allocated
Points 30
Yes – 5%
below
Required
Service
Level
Number
5B
Service Level
Title
Service Desk –
Update
information/
systems
updated within 2
Working Days
Required
Service Level
Measurement Period/Commentary
Monthly
100% within 2
Working Days
In the event that the Supplier cannot update information/systems in 1 Working
day as detailed in Service Desk 5A, this measure will apply to measure the
time taken to resolve outstanding cases.
This measure excludes those cases resolved within 1 Working Day as detailed
in Service Desk 5A above.
⎛
Total Number Of Communicat ions that Require Inf ormation /
⎜
Systems to be Updated Within 2 Working Days ( −) Total No. of
⎜
⎜
Communicat ionsUpdate d Within 1 Working Day
⎜
⎜ Total Number of Communicat ions that Require Informatio n / Systems
⎜
to be Updated ( −) Total No. of Communicat ions Updated
⎜
⎜
Within 1 Working Day
⎝
10-404788-3
97
⎞
⎟
⎟
⎟
⎟ × 100 %
⎟
⎟
⎟
⎟
⎠
Accrual
Multiplier
0.5%
Allocated
Points
Level 1;
Allocated
Points 30
Default
Service
Level
No
Number
6
Service Level
Title
Service Desk –
Order Fulfilment
Required
Service Level
Measurement Period/Commentary
Accrual
Multiplier
98%
Monthly.
Allocated
Points
Default
Service
Level
Level 2; No
Service
Credits
Yes – 5%
below
Required
Service
Level
Level 2; No
Service
Credits
No
Based on the agreed delivery date between the Customer and Supplier, this
measures the order fulfilment timescale as to when the User actually receives
the Device and training.
In 98% of all cases the User shall have received the configured Device and
have been trained by the agreed delivery date.
⎛
Number Of Cases where Configured Device and Training Received
⎜
by User to Agreed Delivery Date in the Measuremen t Period
⎜
⎜ Number of Cases where Customer and Supplier had agreed that Configured
⎜
⎜ Device and Training was Due to be Delivered in the Measuremen t Period
⎝
7A
10-404788-3
Service Desk –
Complaints
resolved within
⎞
⎟
⎟
⎟ × 100 %
⎟
⎟
⎠
Monthly.
Measures the percentage of complaints that are resolved within an agreed
98
95% of all
complaints
received to be
Not
Applicable
Number
Service Level
Title
5 Working Days
Required
Service Level
Measurement Period/Commentary
timeframe.
95% of all complaints to be resolved within 5 Working Days.
Accrual
Multiplier
Allocated
Points
Default
Service
Level
resolved within
5
Working
Days
Resolved is defined as complaint investigated and communicated back to the
User, Authorised Customer Representative or Customer and they agree that
they are satisfied with the response.
⎛ Total Number Of Complaints Answered Within 5 Working Days ⎞
⎜⎜
⎟⎟ × 100%
Total Number of Complaints
⎝
⎠
7B
Service Desk –
Complaints
resolved within
10
Working
Days
Monthly.
Measures the percentage of complaints that are resolved within an agreed
timeframe
100% of all complaints to be resolved within 10 Working Days
Resolved is defined as complaint investigated and communicated back to the
User, Authorised Customer Representative or Customer they agree that they
are satisfied with the response.
This measure includes those complaints resolved within 5 Working Days
(Service Desk 7A).
⎛ Total Number Of Compla int s Re solved Within 10 Working Days ⎞
⎜⎜
⎟⎟ × 100%
Total Number of Compla ints
⎝
⎠
10-404788-3
99
100% of all
complaints
received to be
resolved within
10
Working
Days
1%
Level 1;
Allocated
Points 40
No
Number
Service Level
Title
Required
Service Level
Measurement Period/Commentary
Accrual
Multiplier
Allocated
Points
Default
Service
Level
In addition, the Supplier shall report on the total number of complaints
received in month as detailed in schedule 7 (Management Information)
8
Service Desk 8 –
Notification of a
Service Incident
Monthly
100% within 8
mins
0.5%
Level 1;
Allocated
Points 30
No
100%
0.5%
Level 1;
Allocated
Points 100
Yes – 3%
below
Required
Service
Measures
the
time
taken
for
the
Supplier
to
notify
Customers/Users/Authorised Customer Representatives in respect of Service
Incidents.
Supplier to notify Customers/Users/Authorised Customer Representatives via
SMS of Service Incident within 8 minutes being known followed by updates via
email until Service Incident resolved in all cases.
⎛ Number Of Notifications Within 8 min ⎞
⎜⎜
⎟⎟ ×100%
Total Number of Notifications
⎝
⎠
1
ARC - Response
to Red Alerts
Monthly.
Measures the time taken for an ARC Supplier Personnel to listen into a Red
Alert
10-404788-3
100
Number
Service Level
Title
Required
Service Level
Measurement Period/Commentary
Accrual
Multiplier
Allocated
Points
Default
Service
Level
Level
⎛ Total Number Of Red Alerts Actively listened to By ⎞
⎜
⎟
Supplier Personnel Within 10 Seconds
⎜
⎟ × 100 %
⎜
⎟
Total Number of Red Alerts
⎜
⎟
⎝
⎠
2
10-404788-3
ARC – Genuine
Alarm
Alerts
Incident Reports
to be Passed to
Authorised
Customer
Representative
Monthly
100%
Measures the time taken for Genuine Alarm Alerts to be emailed to the
Authorised Customer Representative within 15 minutes of the Genuine Alarm
being completed.
⎛ Total Number Of Genuine Alarms Emailed to ⎞
⎟
⎜
⎜ Authorised Customer Re p resentativ e Within 15 ⎟
⎟
⎜ Minutes of G enuine Alarm being C ompleted
⎟ × 100 %
⎜
Total Number of Genuine Alarms Within
⎟
⎜
⎟
⎜
the Measuremen t Period
⎟⎟
⎜⎜
⎠
⎝
101
0.5%
Level 1;
Allocated
Points 30
Yes – 5%
below
Required
Service
Level
Number
3
Service Level
Title
ARC 3 – Close
down of False
Alerts
Monthly
Device Failure
Accrual
Multiplier
1%
Level 1;
Allocated
Points
20
Yes – 5%
below
Required
Service
Level
95% within 1
Working Day
2%
Level 1;
Allocated
Points 70
No
100% within 2
Working Days
-N/A
Level 2; No
Service
Credits
No
Measures how quickly requests for replacement Devices are actioned and
Device replaced. Replaced means dispatched for receipt by User within 1
Working Day.
1B
Device Failure
⎞
⎟
⎟
⎟ ×100%
⎟
⎟
⎠
Monthly.
Measures how quickly Requests for replacement Devices are actioned and
Device replaced. Replaced means dispatched for receipt by User within 2
10-404788-3
Default
Service
Level
⎞
⎟
⎟
⎟
⎟ × 100 %
⎟
⎟
⎟⎟
⎠
Monthly
⎛
⎜
⎜ Number of Devices Replaced Within 1 Working Day
⎜ Total Number of Requests for Re placement Devices
⎜
⎜
Within the Measurement Period
⎝
Allocated
Points
97%
Measures the telephone contact with Users or Escalation Contact to confirm
close down within 1 hour of the False Alert being completed.
⎛ Total Number Of False Alarms Cases Closed Down
⎜
Following Telephone Contact With the User
⎜
⎜
or Escalation Contact Within 1 Hour
⎜
Total Number of False Alarms Within
⎜
⎜
the Measuremen t Period
⎜⎜
⎝
1A
Required
Service Level
Measurement Period/Commentary
102
Number
Service Level
Title
Required
Service Level
Measurement Period/Commentary
Accrual
Multiplier
Allocated
Points
Default
Service
Level
Working Days.
⎛
⎜
Total Number of Devices Replaced Within 2 Working Days −
⎜
⎜ those Cases that are Re placed Within 1 Day (as Detailed in Figure 1A)
⎜
⎜
Total Number of Requests for Re placement Devices Within
⎜
the Measurement Period − those Cases that are Re placed
⎜
⎜
Within 1 Day (as Detailed in Device Failure 1A)
⎝
2
Device Failure
⎞
⎟
⎟
⎟
⎟ × 100%
⎟
⎟
⎟
⎟
⎠
Monthly
Measures the number of faulty Devices that require replacement. This
measurement includes battery failures
⎞
⎛
⎟
⎜
Total Number of Faulty Devices
⎟
⎜
⎜ Total Number of User Devices Covered by Currwent Contracts ⎟ × 100%
⎟
⎜
⎟
⎜
in the Measurement Period
⎠
⎝
10-404788-3
103
Device Failure
requiring
replacement
shall
not
exceed 5%
Not
Applicable
Level 2; No
Service
Credits
No
Number
1
1
Service Level
Title
Required
Service Level
Measurement Period/Commentary
Reporting
–
Authority
&
Customer
Reporting
Completeness
Monthly
Training –
Device
configured for
trainee
Monthly
⎛ Number of Re ports Containing the Agreed Level of Info Pr ovided Within
⎜
⎜ 10 Working Days at the End of Period in which Re port is Re quired
⎜
Total Number of Re ports Pr ovided in the Period
⎜⎜
⎝
Default
Service
Level
2%
Level 1;
Allocated
Points 70
No
98%
Not
Applicable
Level 2; No
Service
Credits.
No
⎞
⎟
⎟ × 100 %
⎟
⎟⎟
⎠
Measures that the Device is specifically configured to the User and is available
for the User to operate at their training event (excludes pooled Device Users)
⎞
⎟
⎟ × 100%
⎟
⎟⎟
⎠
Note; an initial training intervention is the first training session that a User must
undertake in order that they can be certified as having the required skills to
successfully operate the Device.
Note; test Devices are not classified as meeting the criteria in that they are not
specifically configured for the User, unless used in training sessions for pooled
Device Users.
104
Allocated
Points
98%
Measures the provision of accurate reporting to agreed timelines
⎛ Total Number of Initial Training Interventions Where the Device is
⎜
Specifically Configured to the User
⎜
⎜
Total Number of Initial Training Interventions
⎜⎜
⎝
10-404788-3
Accrual
Multiplier
Number
2
Service Level
Title
Training – Face
to face training
ratio
Required
Service Level
Measurement Period/Commentary
Monthly.
95%
Measures the percentage of face to face initial training interventions compared
to other types of initial training/webex.
⎛ Total Number of Initial Training Interventions Where Training
⎜
Delivery Method is Face to Face
⎜
⎜
Total Number of Initial Training Interventions
⎜⎜
⎝
⎞
⎟
⎟ × 100%
⎟
⎟⎟
⎠
Note; an initial training intervention is the first training session that a User must
undertake in order that they can be certified as having the required skills to
successfully operate the Device.
Each User is calculated separately irrespective of the number of Users
attending the session
10-404788-3
105
Accrual
Multiplier
Allocated
Points
Not
Applicable
Level 2; No
Service
Credits.
If the webex
ratio
materially
higher than
that costed
the Authority
will require
the Supplier
to re-baseline
the Maximum
Charges to
account for
reduced
Supplier
personnel
numbers
involved in
training
interventions.
Default
Service
Level
No
Number
1
Service Level
Title
User
Satisfaction
Required
Service Level
Measurement Period/Commentary
Monthly
Accrual
Multiplier
Default
Service
Level
75%
Not
Applicable
Level 2; No
Service
Credits.
No
15%
Not
Applicable
Level 2; No
Service
Credits.
No
Measures levels of User satisfaction to ensure and agreed percentage is rated
as good or excellent by User. Relates to Services provided by the ARC,
Service Desk, training others e.g. 2nd line support
⎛ Total Number of Users That Respond to User Satisfaction Survey and
⎜
State that their Interaction is Good or Excellent
⎜
⎜ Total Number of Users that Respond to User Satisfaction Survey
⎜⎜
⎝
Allocated
Points
⎞
⎟
⎟ × 100%
⎟
⎟⎟
⎠
Note; the total number of Users that respond to User satisfaction surveys must
be a minimum of 1%
1
Attrition
Yearly
This measure assesses Supplier Personnel attrition levels. It looks at the
number of Supplier Personnel that work on the Services and either (1) leave
the employment of the Supplier; or (2) move to other Supplier activities that
are unrelated to the Services; or (3) move to other activities within the
Suppliers organisation including its parent company and other related entities.
⎛ Total Number of Supplier Personnel Providing the Services ⎞
⎟
⎜
that Leave in a Year
⎟
⎜
⎜ Total Number of Supplier Personnel that Provide the Services⎟ ×100%
⎟
⎜
⎠
⎝
10-404788-3
106
Number
Service Level
Title
Required
Service Level
Measurement Period/Commentary
Total
Points
Allocated
10-404788-3
Accrual
Multiplier
Allocated
Points
800
107
Default
Service
Level
Part 3.11 - Operational Reporting
1
Reports
1.1
The following reports are all specified in schedule 7 (Management Information):
10-404788-3
(a)
SMS (Framework and Drill down of call off contracts);
(b)
LSMS Reporting;
(c)
Use of Exception Reporting; and
(d)
Customer Reporting.
108
Appendix 1
10-404788-3
109
10-404788-3
110
Appendix 2
Authorised Devices
Identicom
Model
number
Dimensions
Weight (average inc
lanyard)
Operating temp range
Communication system
GSM Frequencies
GPS
Battery life – standard
Battery life - talk time
Case
Minimum
Software
Version
i750
102 x 72 x 12
i757
102 x 72 x 12
i770
102 x 72 x 12
i777
102 x 72 x 12
78g
-10C to +40C
GSM
900Mhz &
1800Mhz
*
60hours
2.5hours
ABS Plastic
85g
-10C to +40C
GSM
900Mhz &
1800Mhz
Sirf III
48hours
2.5hours
ABS Plastic
78g
-10C to +40C
GSM
900Mhz &
1800Mhz
*
60hours
2.5hours
ABS Plastic
85g
-10C to +40C
GSM
900Mhz &
1800Mhz
Sirf III
48hours
2.5hours
ABS Plastic
v5.10
v5.10
v5.10
v5.10
Additional Devices
The Supplier will support User provided mobile phone handsets which meet the mandatory
requirements listed below:
10-404788-3
(A)
No flip phones
(B)
No key locks to be deployed
(C)
No touch screen phones
(D)
No phones where speed dials cant be easily set up by the User
(E)
No ‘qwerty keyboard’ based phones
111
Schedule 4
Delays and Implementation
Part 1- Delays
1
Introduction
This schedule 4 sets out the procedure to be followed in the circumstances that there is any
delay in the implementation of the Solution.
2
Delays
2.1
If, at any time, the Supplier becomes aware that it will not (or is unlikely to) achieve any
Milestone by the Milestone Date it shall immediately notify the Authority of the fact of the
Delay and summarise the reasons for it.
2.2
The Supplier shall, as soon as possible and in any event not later than 10 days after the initial
notification under paragraph 2.1, give the Authority full details in writing of:
(a)
the reasons for the Delay;
(b)
consequences of the Delay; and
(c)
if the Supplier claims that the Delay is due to an Authority Cause, the reason for
making that claim.
2.3
Whether the Delay is due to an Authority Cause or not, the Supplier shall deploy all additional
resources, and take all reasonable steps to eliminate or mitigate the consequences of the
Delay.
2.4
Any disputes about or arising out of Delays shall be resolved through the Dispute Resolution
Procedure. Pending the resolution of the Dispute both parties shall continue to work to
resolve the causes of, and mitigate the effects of, the Delay.
3
Correction Plan
3.1
The Supplier shall submit a draft Correction Plan where:
(a)
it becomes aware that it will not achieve a Milestone by the Milestone Date; or
(b)
it has failed to achieve a Milestone by its Milestone Date, for whatever reason.
3.2
The draft Correction Plan shall identify the issues arising out of the Delay and the steps that
the Supplier proposes to take to achieve the Milestone in accordance with this Framework
Agreement.
3.3
The draft Correction Plan shall be submitted to the Authority for its approval as soon as
possible and in any event not later than 10 days (or such other period as the Authority may
permit and notify to the Supplier in writing) after the initial notification under paragraph 2.1 or
the issue of a Non-conformance Report.
3.4
The Authority shall not withhold its approval of a draft Correction Plan unreasonably. If the
Authority does not approve the draft Correction Plan it shall inform the Supplier of its reasons
and the Supplier shall take those reasons into account in the preparation of a further draft
10-404788-3
112
Correction Plan, which shall be resubmitted to the Authority within 5 Working Days of the
rejection of the first draft.
3.5
The Supplier shall comply with its Correction Plan following its approval by the Authority.
4
Delays to Milestones
4.1
If a Milestone is not achieved other than as a result of an Authority Cause (in which case
paragraph 5 applies), the Authority shall issue a Non-conformance Report to the Supplier
setting out reasons for the relevant Milestone not being achieved and the consequential
impact on any other Milestones. The Authority will then have the options set out in paragraph
4.2.
4.2
The Authority may at its discretion (without waiving any rights in relation to the other options)
choose to:
(a)
issue a Milestone Achievement Certificate conditional on the remediation of the nonconformities in accordance with an agreed Correction Plan; and/or
(b)
refer the matter to the Escalation Process and if the matter cannot be resolved
exercise any right it may have under clause 16 (Termination).
4.3
Where the Authority issues a conditional Milestone Achievement Certificate as specified in
paragraph 4.2 (b), it can choose (but does not have to) to revise the failed Milestone Date and
any subsequent Milestone Date.
4.4
Any Correction Plan shall be agreed before the issue of a conditional Milestone Achievement
Certificate unless the Authority is willing to agree otherwise. In the latter case the Supplier
shall submit a Correction Plan for approval by the Authority within 10 Working Days of receipt
of the Non-conformance Report.
5
Delays to Milestones Due to Authority Cause
5.1
Without prejudice to paragraph 2.3 and subject to paragraph 4, if the Supplier would have
been able to Achieve the Milestone by its Milestone Date but has failed to do so as a result of
an Authority Cause the Supplier will have the rights and relief set out in this paragraph 5:
5.2
The Supplier shall:
5.3
10-404788-3
(a)
subject to paragraph 6, be allowed an extension of time equal to the Delay caused by
that Authority Cause; and
(b)
not be in breach of this Framework Agreement as a result of the failure to achieve the
relevant Milestone by its Milestone Date;
The Authority Representative shall:
(a)
consider the duration of the Delay, the nature of the Authority Cause and the effect of
the Delay and the Authority Cause on the Supplier's ability to comply with the
Implementation Plan;
(b)
consult with the Supplier Representative in determining the effect of the Delay;
(c)
fix a revised Milestone Date; and
113
(d)
if appropriate, make any consequential revision to subsequent Milestones in the
Implementation Plan.
5.4
Any Change that is required to the Implementation Plan pursuant to paragraph 5.1 or the
Charges shall be implemented in accordance with the Contract Change Procedure. If the
Supplier's analysis of the effect of the Delay in accordance with paragraph 3.2 permits a
number of options, then the Authority shall have the right to select which option shall apply.
5.5
The Authority shall not delay unreasonably when considering and determining the effect of a
Delay under this paragraph 5 or in agreeing a Change pursuant to the Contract Change
Procedure.
5.6
The Supplier shall and shall procure that each Sub-Contractor shall take and continue to take
all reasonable steps to eliminate or mitigate any losses and/or expenses that it incurs as a
result of an Authority Cause.
6
Delays not Due to One Party
6.1
Without prejudice to paragraph 2.3 and subject to paragraph 2.4, where a Delay is attributable
in part to an Authority Cause and in part is the responsibility of the Supplier the parties shall
negotiate in good faith with a view to agreeing a fair and reasonable apportionment of
responsibility for the Delay. If necessary, the parties may escalate the matter in accordance
with the Dispute Resolution Procedure.
Part 2- Implementation Plan
7
Introduction
7.1
The Implementation Plan includes SOP's, process maps, scripts etc to be submitted to the
Authority using the Operational Change Procedure.
8
Milestones
8.1
The Supplier shall, in accordance with Part 1 of Schedule 4, use best endeavours to meet the
Milestones by the Milestone Dates as indicated below:
Ref.
01
02
10-404788-3
Milestone
Service
Milestone Tasks
ARC
Finalising the Security Plan based
on the ISO27001 accreditation
and gap analysis
ARC
Submission and Acceptance of
training materials, SOP’s, scripts
and processes,
Accreditation of ISO27001/2,
Personnel recruitment & training
completed and IT systems
configured and all other tasks
associated with ensuring
readiness of the ARC for Service
delivery
114
Dependency
Supplier
Supplier /
Authority
Milestone
Date
ISO
accreditation
due 30 June
2009
(1) Working
towards ISO
Accreditation,
(as above)
(2) Training
to be
complete by
30 April 2009
(3) ARC SOP
to be
submitted
and accepted
by 24 April
2009
03
04
05
06
07
10-404788-3
Service Desk
Marketing
Submission and Acceptance of
training materials, SOP’s, scripts
and processes.
Personnel recruitment & training
completed and IT infrastructure
configured and all other tasks
associated with ensuring
readiness of the ARC for Service
delivery
Submission and Acceptance of
Marketing material.
Press releases, advertising,
editorials
and lone worker literature
distributed,
Web Portal established and all
other tasks associated with
ensuring readiness of the
Marketing strategy
Supplier /
Authority
Supplier /
Authority
User Training
Supplier /
Authority
Service
Maintenance
Personnel recruitment and
training completed, infrastructure
established and all other tasks
associated with ensuring
readiness to complete Service
Maintenance requirements
Supplier
Account
Management
115
Key
marketing
material
accepted.
Distribution
by 30 April
2009
Web Portal
complete by
24 April 2009
Submission and Acceptance of
User training material and all
other tasks associated with
ensuring readiness to complete
User Training
Personnel recruitment and
training completed and all other
tasks associated to ensure
readiness of the Account
Management team to complete
Training and
final testing
complete by
30 April 2009
Supplier
Complete
Staff training
to be
completed by
30 April 2009
(1) Staff
training to be
completed by
30 April 2009
delivery
(2) National
Account
Manager final
interviews on
27 April 2009
08
09
10-404788-3
Supply Chain
Sufficient and appropriate
Devices and SIM stock levels and
all other tasks associated to
ensure readiness of the Supply
Chain to complete delivery
Supplier
1 May 2009
ARC
Finalising
the
long
term
agreement
with
Jemline
Developments as the host site for
the DR solution for the ARC &
Service Desk
Supplier
Complete
116
Schedule 5
The Maximum Charges
1
Introduction
1.1
This schedule details the agreed pricing model that will apply to the provision of the Services.
It outlines individual rates that will be used as a basis for calculating the Supplier’s Charges
for Services as well as creating a basis for calculating Suppliers pricing for proposed new
services. This mechanism shall apply for the term of the Framework Agreement and all
related Contracts.
1.2
The Maximum Charges shall be subject to the Maximum Charges Variation Procedure.
2
Definitions
For the purposes of this schedule the following definitions shall apply:
Additional Pooled/Shared User means those Users that share a Device, up to a maximum
of 10 Users but excluding the first User.
Optional Device Accessories means optional Device accessories which, with the exception
of the Identicom manual (E/F/G) which is free, can be purchased by Customer’s at their
additional expense as detailed in this schedule.
Minimum Required Device Mandatory Accessories means the minimum additional
components that will be provided to the Customer, as detailed in Schedule 3 (Services), and
as are included within the price of the Services.
Volume Discount(s) means the discount that will be applied to the Maximum Charges when
certain volume thresholds are achieved as detailed in paragraph 3.8.
3
Calculation of Maximum Charges
3.1
The Maximum Charges for the provision of the Services are detailed in Table 2A and 2B
below, and this represents an all inclusive price for the Services that are specified in this
Agreement and summarised in Table 1 below.
10-404788-3
117
Table 1 - Service Features
New Device - One User
Contract Term Option
1 Year
2 Year
3 Year
4 Year
5 Year
Less than 1 year
Minimum Required Device Mandatory
Accessories
Identicom Device
Identicom Power Supply
UK Plug adapter for power supply
Identicom lanyard (blue)
Identicom plastic lapel clip
Identicom lanyard plug (x3)
Identicom SIM Door
SIM Card
Device / User Services
Warranty - Damage/Fault
Battery Replacement
Replacement - Loss / Theft
SIM Warranty / Replacement
Standard Training
Training User Guide & Quick Reference
Guide
Additional Pooled/Shared User Training
Network Services
GPS Location
GSM Location
Auto Man Down Facility
SIM Coverage Swap / Return
10-404788-3
i750
–
GSM
Identicom
i770
–
GSM
Identicom
with man
down
function
i757
–
GSM
Identicom
with GPS
i777
–
GSM
Identicom
with GPS
and man
down
function
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Managed Services
Customer
Customer owned
Mobile
owned
Phone
Mobile
Phone & and SIM
Customer Provided
by
owned
Supplier
SIM
Customer
owned
Identicom
Device &
Customer
owned
SIM
Customer
owned
Identicom
Device
and SIM
Provided
by
Supplier
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Short Term Rental
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
118
●
●
●
●
●
●
●
●
i757
–
GSM
Identicom
with GPS
i777
–
GSM
Identicom
with GPS
and man
down
function
●
●
●
i750
–
GSM
Identicom
i770
–
GSM
Identicom
with man
down
function
●
●
●
●
i757
–
GSM
Identicom
with GPS
i777
–
GSM
Identicom
with GPS
and man
down
function
●
●
●
●
i750
–
GSM
Identicom
i770
–
GSM
Identicom
with man
down
function
Pooled/Shared Usage of Device
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Table 1 - Service Features
New Device - One User
Managed Services
Customer
Customer owned
Mobile
owned
Phone
Mobile
Phone & and SIM
Customer Provided
by
owned
Supplier
SIM
●
●
●
●
●
●
Short Term Rental
Customer
owned
Identicom
Device &
Customer
owned
SIM
●
●
●
●
Customer
owned
Identicom
Device
and SIM
Provided
by
Supplier
●
●
●
●
Amber Alert Function
Red Alert Function
Audio Evidence Capture
Battery Status Check
i750
–
GSM
Identicom
●
●
●
●
i770
–
GSM
Identicom
with man
down
function
●
●
●
●
i757
–
GSM
Identicom
with GPS
●
●
●
●
i777
–
GSM
Identicom
with GPS
and man
down
function
●
●
●
●
Contract Services
Product Review
Project Management
Free Phone - Service Desk Access
Web Portal Access
Management Information
Sales, marketing & publicity
New Device Testing
Account Management
Billing & Reporting
Manned Alarm Response Service
Service Desk
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Billing Options
Early Payment Option by Direct Debit–
Discounted Payment Terms
Standard Payment Terms - 30 Days
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Key:
Feature included in Service Option
Feature excluded from Service Option
●
Blank
10-404788-3
119
Pooled/Shared Usage of Device
i750
–
GSM
Identicom
●
●
●
●
i770
–
GSM
Identicom
with man
down
function
●
●
●
●
i757
–
GSM
Identicom
with GPS
●
●
●
●
i777
–
GSM
Identicom
with GPS
and man
down
function
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
i757
–
GSM
Identicom
with GPS
●
●
●
●
i777
–
GSM
Identicom
with GPS
and man
down
function
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
i750
–
GSM
Identicom
●
●
●
●
i770
–
GSM
Identicom
with man
down
function
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
3.2
The Charges for the Services will be dependant on the Term of the Contract and will be as
shown in Table 2A and 2B. The Charges are per month and per User, and the rate shown
shall apply to the entire duration of the Term of Contract, subject to Maximum Charge
Variation Procedure.
Table 2A
Maximum Charges - New Device One User
i750
–
GSM
Identicom
i770
–
GSM
Identicom
with man
down
function
i757-GSM
Identicom
with GPS
i777–
GSM
Identicom
with GPS
and man
down
function
£15.55
£17.07
£19.56
£21.17
£5.41
£7.29
£5.41
£7.29
£11.15
£12.37
£13.76
£15.08
£5.41
£7.29
£5.41
£7.29
£9.68
£10.81
£11.83
£13.05
£5.41
£7.29
£5.41
£7.29
£8.95
£10.03
£10.87
£12.05
£5.41
£7.29
£5.41
£7.29
£8.52
£9.57
£10.30
£11.45
£5.41
£7.29
£5.41
£7.29
£11.15
£12.37
£13.76
£15.08
N/A
N/A
N/A
N/A
Contract
Term
Customer
Owned
Identicom
Device &
Customer
owned SIM
Customer
Owned
Identicom
Device &
Supplier
provided
SIM
Customer
Owned
Mobile
phone &
Customer
owned
SIM
Customer
Owned
Mobile
Phone
Device &
Supplier
provided
SIM
1 Year
2 Year
3 Year
4 Year
5 Year
Short
Term
Rental
Monthly
Charge
(6-12
months)
Table 2B
Maximum Charges – Additional Pooled/Shared User – One Off Charge – No monthly fee Services as detailed
in paragraph 3.6 below
Additional Pooled/Shared User Training Charge – Supplier
to invoice on receipt of Services
3.3
The only items that are separately chargeable under this Agreement are:
(a)
10-404788-3
29.65 per additional Pooled/Shared User
Optional Device Accessories as detailed in paragraph 4.
120
(b)
Termination assistance in excess of the requirements specified in Part 1 of schedule
16 (Exit Assistance).
(c)
Early termination charges as detailed in paragraph 5; and
(d)
User telephone charges that are unrelated to the Services as specified in paragraph
11.
3.4
The Supplier commits to provide the required number of Supplier Personnel to meet the
Service Levels and provide the Services detailed in this Agreement.
3.5
All Maximum Charges are inclusive of all Supplier costs and expenses and are shown per
calendar month except where expressly stated otherwise, in sterling, and exclusive of VAT
where applicable. VAT will be charged and payable at the prevailing rate and shown
separately on all invoices.
3.6
In respect of pooled or shared Devices up to a maximum of 10 Users are permitted to share a
single Device, and:
3.7
(a)
The Maximum Charge for the first User will be for a single User for the Contract Term
as shown in Table 2A above; and
(b)
The Maximum Charges for each Additional Pooled/Shared User will be calculated at
the Additional Pooled/Shared User Rate as shown in Table 2B above.
Reallocation of Device
A Device can be re-allocated from one User to another within a Customer’s organisation at no
additional charge.
3.8
10-404788-3
Volume Discounts
(a)
In respect of Table 2A only the Maximum Charges shall be adjusted by taking into
account the following Volume Discount structure. The level of Volume Discount that
will be applied to new Contract(s) will be considered on the year anniversary of the
Agreement, and each year thereafter.
(b)
The Maximum Charges relating to existing Contracts will not be impacted by this
paragraph 3.8. That is, Maximum Charges for current Services will remain static over
the duration of the Contract, other than as amended via the Maximum Charges
Variation Procedure.
(c)
The Volume Discount shall be applicable where the thresholds in Table 3 below have
been achieved. Volume Discounts shall be calculated by counting the number of
Users that are currently receiving Services under Contracts on the Agreement yearly
anniversary date.
(d)
In respect of new Contracts the Supplier shall apply the lowered pricing and update
the Catalogue within 5 Working Days of the Discount Threshold being achieved.
(e)
For the avoidance of doubt, where Maximum Charges are adjusted as a result of
Volume Discount thresholds the new Maximum Charge will be subject to the
121
Maximum Charges Variation Procedure as specified in Schedule 9 (Maximum
Charges Variation Procedure).
Table 3
Volume Discounts
No. of Users receiving Services
From
No. of Users receiving Services
To
Discount Applied
102000
141000
4.00%
141001
181100
An additional 1.00%
181101
221100
An additional 1.00%
221101
251000
An additional 1.00%
4
Optional Device Accessories
4.1
The Supplier shall provide the following Optional Device Accessories, at the Maximum
Charges stated in Table 4, when requested by the Customer. Optional Device Accessories are
on a capital sum basis and become the property of the Customer.
Table 4
Optional Device Accessories
Accessory
Part number
Purchase Price
Identicom additional power supply
EXT1001
Identicom Manual (E/F/G) – PDF Version
EXT1013
Identicom In - Car Charger
Identicom Silicon Rubber Case
EXT1017
EXT1012
£9.27
PDF version Free on
request
£12.36
£12.36
5
Early Termination Fee
5.1
Where a Customer terminates or purports to terminate the Services relating to a User or
Contract/Order prior to the expiry of the relevant initial Term of Contract then, other than on
expiry or in the case of termination by the Customer under clause 16.4 and 16.7, the
Customer shall pay to the Supplier an early termination fee set out in Table 5. This early
termination fee shall be a one off payment and the amount will vary depending on when the
Services are terminated e.g. the early termination fee to terminate a 5 year contract in Year 1
is £39.96 but the cost of terminating the same contract in Year 4 is £18.40.
5.2
Where a Customer terminates or purports to terminate the Services relating to a User or
Contract/Order during a contract extension period then, other than on expiry or in the case of
termination by the Customer under clause 16.4 and 16.7, the Customer shall pay to the
Supplier an early termination fee set out in Table 5. This early termination fee shall be a one
off payment.
10-404788-3
122
5.3
Where a Customer terminates or purports to terminate a Short Term Rental Contract other
than on expiry or in the case of termination by the Customer under clause 16.4 and 16.7 the
Customer will be required to pay the full contracted rental Charges that are remaining.
5.4
For the avoidance of doubt where the Customer wishes to cancel a Contract within 10
Working Days of the parties signing the Contract then this shall be treated as Cancellation and
the provisions of paragraph 10 shall apply.
Table 5 - Early Termination Fee
Early Termination Fees – One Off Charge per User
Identicom
Year of Termination
Initial Contract Term
1 Year
2 Year
3 Year
4 Year
5 Year
Early Termination during a
Contract Extension
Managed Services : Own
Mobile or Identicom SIM and
Customer owned SIM
1
£18.40
£23.79
£29.18
£34.57
£39.96
£13.00
Initial Contract Term
1 Year
2 Year
3 Year
4 Year
5 Year
Early Termination during a
Contract Extension
Customer
owned
Mobile
Phone and SIM Provided by
Supplier
Initial Contract Term
1 Year
2 Year
3 Year
4 Year
5 Year
Early Termination during a
Contract Extension
10-404788-3
2
N/A
£13.00
£18.40
£23.79
£29.18
£13.00
3
N/A
N/A
£13.00
£18.40
£23.79
£13.00
4
N/A
N/A
N/A
£13.00
£18.40
£13.00
5
N/A
N/A
N/A
N/A
£13.00
£13.00
3
N/A
N/A
£13.00
£17.55
£22.10
£13.00
4
N/A
N/A
N/A
£13.00
£17.55
£13.00
5
N/A
N/A
N/A
N/A
£13.00
£13.00
3
N/A
N/A
£13.00
£17.55
£22.10
£13.00
4
N/A
N/A
N/A
£13.00
£17.55
£13.00
5
N/A
N/A
N/A
N/A
£13.00
£13.00
Year of Termination
1
£17.55
£22.10
£26.64
£31.19
£35.74
£13.00
2
N/A
£13.00
£17.55
£22.10
£26.64
£13.00
Year of Termination
1
£17.55
£22.10
£26.64
£31.19
£35.74
£13.00
2
N/A
£13.00
£17.55
£22.10
£26.64
£13.00
123
Pooled/Shared
Device
Usage
of
Initial Contract Term
1 Year
2 Year
3 Year
4 Year
5 Year
Early Termination during a
Contract Extension
Year of Termination
1
£18.40
£23.79
£29.18
£34.57
£39.96
£13.00
2
N/A
£13.00
£18.40
£23.79
£29.18
£13.00
3
N/A
N/A
£13.00
£18.40
£23.79
£13.00
4
N/A
N/A
N/A
£13.00
£18.40
£13.00
5
N/A
N/A
N/A
N/A
£13.00
£13.00
6
Termination Assistance
6.1
Included within the Charges the Supplier shall provide the Termination Assistance as specified
in Part 1 of schedule 16 (Exit Assistance).
6.2
If the Authority or Customer require termination assistance in excess of that specified, in line
with Part 1 of schedule 16 (Exit Assistance) the Supplier shall provide such assistance, and
shall charge on a time and materials basis, using the principles established in paragraph 9.
7
Temporary Suspension
7.1
In the event that the Customer wishes to suspend the Services in respect of a User, and does
not wish to re-allocate the Device, the Supplier shall suspend charges for Services for the
period of the suspension.
7.2
For charging purposes the Customer is only permitted to suspend the Services for a minimum
of 1 month and a maximum of 3 months within a single year of a contract.
7.3
Temporary suspension will not be permitted for Devices contracted on Short Term Rental.
8
Individual User cannot access or make use of the Services due to Geographical
Location
In the event that an individual User is unable to access or make use of the Services due to
geographical location and the inability of any Network Operator to provide network availability
in that location, the Customer shall arrange for the User to return the Device to the Supplier
within the first two months of the Contract. Any Charges paid in respect of that User will be recredited to the Customer, or the Authority in the case of Authority funded Devices during the
centrally funded two year period.
9
New Requirement Not in the Original Scope of Services Mechanism
9.1
Where the Supplier is to provide new or additional services the parties shall agree the
Maximum Charges payable by reference to the principles underlying this schedule, and
specifically that the contract margin will be no greater than 7%;
9.2
There shall be no margin applied to products and services supplied by the Supplier's Device
subcontractors.
10-404788-3
124
Maximum Charges
9.3
In relation to any such new requirement, the Supplier shall provide to the Authority the same
level of ‘open book’ price visibility as was provided during the competitive process leading up
to contract award.
10
Cancellation
10.1
Cancellation is where the Customer has signed a Contract but subsequently decides to cancel
the Contract or User(s) from the Contract before commencement of the Services, in
accordance with clause 15.1(a) of the Contract. If the Customer provides written (to include
email) notification to the Service Desk of the Cancellation, within 10 Days of all parties signing
the Contract then no charges will be applied and the Contract, will be cancelled without any
implication to the Customer (no Cancellation charges payable).
10.2
Upon Cancellation, any equipment received by the Customer/User shall be returned to the
address specified through the Cancellation process.
10.3
In the event that a Customer wishes to cancel the Contract after more than 10 Days of all
parties signing the Contact then early termination fees shall apply as detailed in paragraph 5
of this schedule.
11
Mobile Phones– Call Charges Unrelated to the Provision of Services
11.1
For mobile phones where the Supplier provides the Services and the SIM Card, the Supplier
shall recharge to the Customer, through the normal monthly invoicing process, the cost of all
calls not associated with the Services. Call charges shall be itemised and shall include the
name and mobile number of the User.
11.2
For mobile phones where the User provides the SIM Card, the Supplier has reduced the price
of the Services to take account of an assumed volume of network usage to utilise the
Services.
12
Gainshare
12.1
Subject to the Agreement, particularly clauses 4.5, 4.6 (the Available Services), schedule 10
(Sub-Contractors) and schedule 12 (Governance), if the Supplier decides to adopt new or
revised technology, processes or methods of delivery that, in the reasonable opinion of the
Supplier, will materially change the way in which Services are supplied, including revised
supply chain, revised Device manufacture location, or any other change in the way the
Services are supplied, whether or not that change will result in a material cost saving to the
Supplier in providing the Services, the Supplier shall promptly notify the Authority and brief the
Authority on the economic or business reasons for the change, and the Supplier and the
Authority will use their reasonable endeavours to agree change, and the manner in which the
Maximum Charges may, if appropriate, be accordingly revised.
13
Early Payment Option by Direct Debit – Discounted Payment Terms
13.1
The Supplier will offer an early payment by direct debit discount in respect of all fees and
charges resulting from this Agreement and/or each Contract.
13.2
Where a direct debit mandate has been completed to facilitate early payment to the Supplier
within 5 Working Days of an invoice being issued, a discount will be applicable to each such
invoice.
10-404788-3
125
13.3
The applicable early payment discount will be calculated quarterly, on 1st April, 1st July, 1st
October and 1 January of each year.
13.4
Where early payment by direct debit has been selected a credit will be shown as an ‘early
payment discount adjustment’ on each monthly invoice. The discount will be credited to the
invoice in which it applies and will be itemised separately, showing the percentage discount
and cash value of the discount. The credit shall be calculated as follows;
Discounted Invoice = Standard Terms Invoice Value x D
Where:
D=
i + 2%
× 25
365
Where:
D = Discount adjustment factor applied to invoices valid for Early Payment Discount.
i = London Interbank Offered Rate (LIBOR) at the quarterly date of calculation as stated
above.
The Catalogue shall be updated with within 5 Working Days to show the latest early payment
by direct debit discount.
14
Marketing and Publicity
The Supplier is required to market and publicise the Services as detailed in schedule 15
(Marketing), and incorporated into the Maximum Charges.
15
Authority Funding
15.1
For Contracts that are part funded by the Authority with the Authority as a signatory, the
Authority shall be responsible for payment of the Services, as outlined in schedule 3
(Services), in Years 1 and 2 of the Contract. The Customer shall be liable for Services in
subsequent years.
15.2
The Authority shall not be liable for any other costs that arise in Years 1 and 2 as a result of
Customer requests or actions including;
(a)
Optional Device Accessories as specified in paragraph 4;
(b)
Non Services-related mobile calls as specified in paragraph 11;
(c)
Cancellation charges as specified in paragraph 10;
(d)
Additional termination assistance charges as specified in paragraph 6; and
(e)
Additional Pooled/Shared User costs as specified in paragraph 3.6;
for the avoidance of doubt these additional items will be payable by the Customer directly,
where due.
10-404788-3
126
16
Management Fee
The Supplier shall pay a management fee of 3% in respect of all sums payable under this
Agreement and all Contracts.
17
Contract Extensions
In the event that the Customer extends their Contract, then the Maximum Charges that will
apply shall be the same monthly Charge as was payable during the initial Term of the
Contract.
10-404788-3
127
Schedule 6
Ordering Procedures
1
Introduction
1.1
This schedule specifies the procedures that Customers must follow with the Supplier to place
an Order.
1.2
Customers are entitled to place Orders at any time during the Term to order Services. Such
Services shall be provided by the Supplier as Ordered Services in accordance with the
provisions of the Contract.
1.3
A Contract shall be entered into by the Supplier accepting an Order, served by a Customer,
for the provision of Ordered Services in accordance with these Ordering Procedures.
2
Procedures
2.1
Two process maps have been included within this schedule explaining the ordering
procedures relating to:
(a)
Model Contract 1: Joint Funded (NHSBSA/NHS Bodies) Subscriptions;
(b)
Model Contract 2: NHS Body Directly Funded Subscriptions;
3
Orders
3.1
An Order shall comprise:
10-404788-3
(a)
the Customer’s Name, Registered Address, Registration Number;
(b)
the Customer’s requirement in terms of either (i) Device Subscriptions and quantities;
and/or (ii) “One-Off” Optional Items/Services;
(c)
a unique Order reference number;
(d)
the call-off contract terms & conditions;;
(e)
the Customer’s invoice address; and invoice contact;
(f)
the Customer Authorised Representative(s) and contact details;
(g)
User Details;
(h)
Requested delivery date or delivery timetable;
(i)
Training – (i) required method(s) of training; (ii) proposed training venue (Customer to
provide training venue).
(j)
Any other Customer / User information requested by the Supplier to deliver the
Ordered Services
128
4
Acknowledgement Of The Order
4.1
On receipt of an Order, the Supplier shall send an acknowledgement of that Order to the
Customer within two (2) Working Days.
10-404788-3
129
Part 1 – Joint Funded
NHS BODY
NHS
NHS Body Advised
2.
1.
NHS Body confirms (joint funded)
requirements using proforma (provided
by the NHSBSA)
LWP Procurement process concluded.
NHSBSA Finalises Costs/Services and advises
NHS Bodies
3.
Advise BSA
by set
deadline
NHS
Body
7.
SUPPLIER
NHSBSA (SMS) consolidates
requirements from all NHS Bodies.
Supplier
Advised
4. NHSBSA formally advises NHS Body and Supplier
that NHS Body has been allocated:
£x (2 year funding) for ‘x’ no. of devices and that
this funding is subject to 3rd year funding by NHS
Body
NHS body/Supplier finalise all arrangements and
agree final version of (joint funded) contract
11. Signed Contract retained by NHS Body
for records
10. NHSBSA (SMS) reviews and signs copies
of Contract, retaining one copy for records
and forwarding other (2) copies to NHS
Body and Supplier
Signed Contract (1 copy)
Signed Contract (1 copy)
Three copies of Call-Off contract produced for NHS Body.
Signed by the Supplier (quoting NHSBSA unique contract
reference and NHS Body’s order/contract reference –Note:
These references will be used for payment control)
12. Signed Contract retained by Supplier for records
NOTE: If NHS Body wants to order further Devices (funded directly by them) then a separate Call-Off contract/order will
have to be created (See Part 2 Order Process)
10-404788-3
130
Supplier populates draft Call-Off
Contract (from initial proforma
forwarded by NHSBSA)
6. Supplier arranges meeting(s) with NHS
Body authorised representatives
Meeting(s)
Arranged
8.
9. NHS Body Reviews and signs (3) copies of
Contract and forwards to NHSBSA for final
signature.
5.
Part 2 – Direct Funded
Supplier
NHS Body
1.
NHS Body either (1) requests meeting with
Supplier’s Account Manager; or (2) the NHS Body
will access/download Lone Worker Solution
overview (rates/Service Levels etc) from web-site; or
be provided with information by e-mail on application
3.
6.
NHS Body completes Lone Worker (Call-Off Contract)
Order form defining contract length, number of
Users/subscriptions required – completing all mandatory
fields on Lone Worker Order form & schedules, attaching
NHS Body’s official Order (with both forms being
approved/authorised in accordance with NHS Body’s
standing financial instructions).
2.
Meeting arranged with NHS Body; or NHS Body is
provided with access to Lone Worker Solution Overview
and (Call-Off Contract) Order Form, completion
instructions and rates.
4.
Supplier reviews (Call-Off contract) Order form and liaises with NHS
Body’s authorised representative(s) to arrange training and finalise
arrangements
5.
Supplier signs Lone Worker (call-off contract) Order
Form; retaining one copy & sending second copy
back to NHS Body as Confirmation of Order.
Discussion (if required)
Lone Worker Order form (signed by both parties)
returned to NHS Body, including schedule
confirming key dates, training arrangements etc.
7.
Implementation commences in
accordance with agreed plan
Notes:
1.
A separate (Call-Off Contract) Order will be created for additional subscription(s) the NHS Body wishes to place.
2.
The NHS Body (in consultation with the Supplier (if required)) will be responsible for managing/overseeing the total number of subscriptions and the respective terms/rate
being applied for their organisation – ensuring that the most cost effective solution is being employed.
3.
The LWP Call-Off Contract Terms & Conditions will apply to all Lone Worker orders (NHS Body’s Terms & Conditions will not apply).
10-404788-3
131
Schedule 7
Management Information
1
Introduction
1.1
This schedule 7 specifies the Management Information that the Supplier shall provide to the
Authority and/or the Customer.
2
Management Information
2.1
The Supplier shall provide Management Information reports electronically to the Authority at:
loneworkerprotection@cfsms.nhs.uk.
2.2
Authority reports shall be submitted within 8 days following month end, as outlined in
schedule 12 (Governance).
2.3
Customer reports shall be submitted within 10 Working Days of the end of the monthly
reporting period.
2.4
Project Management and Implementation Programme Management Information in respect of
the Contract, will be provided in the agreed Customer format prior to the implementation of
the Services.
2.5
Management Information specifications are detailed in the table below:
10-404788-3
132
REPORT :
REPORT
BROKEN DOWN
BY :
FREQUENCY :
Authority
Operational
Report
Customer
Monthly
Authority
Contract
Management
Report
Centrally and
Customer
Funded
Strategic
Reporting
Authority
Exception
Report
Customer
Operational
Reporting
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Monthly
Quarterly
As Required
General
1
Service Credits due in respect of failure to attain Service Levels including
a description as to the reason(s) for failure
2
Percentage Service Credit that will be rebated on the next months
invoice
3
Number of Users and breakdown by Device
4
Number of suspensions and each suspension period
5
Number of cancellations
6
Number of terminations within the Term of the Contract, to include the
number of months of subscription remaining at the point of termination
7
Number of devices reallocated following early termination
8
Spend to date and spend in year (April to April) in respect of NHS and
Framework wide
9
Supplier order pipeline
10
Invoices raised and invoices outstanding
11
Executive Summary
12
Total Contracted value of Agreement
13
Operational, technical and Product Review Report
14
New developments
15
Proposed efficiencies including continuous improvement
16
Attrition Levels
17
Exception Report showing each case that the Supplier has agreed to
10-404788-3
133
Centrally and
Customer
Funded
Customer
Contract
Manager
Report
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Monthly
Monthly
Annually
Annual
Reports
lower Charges than the Maximum Charges
18
Disputes between Supplier and Customer
REPORT :
REPORT BROKEN
DOWN BY :
FREQUENCY :
19
Number of ‘hits’ on marketing Web site
20
Number of expressions of interest achieved from marketing Web site
21
Breakdown of publicity marketing undertaken across NHS Customers
Authority
Operational
Report
Customer
Monthly
Authority
Contract
Management
Report
Centrally and
Customer
Funded
Strategic
Reporting
Authority
Exception
Report
Customer
Operational
Reporting
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Monthly
Quarterly
As Required
ARC
22
Performance against Service Levels
23
Number of genuine alarms reviewed by LSMS
24
Number of Cases, detailing instances where a recording is supplied to
the Police
25
Aggregated number of Cases, detailing instances where a recording is
supplied to the Authorised Customer Rep
26
Number of status checks including the average per User
27
Aggregate number of dropped Red Alerts
28
Number of False Alarms
29
Number of Amber Alerts
30
Feedback on [x] % review of Amber Alerts
31
Number of Genuine Alarms Closed Safely
32
Number of Genuine Alarms (i) attack (ii) medical (iii) car breakdown
(iv) other
33
Number of Genuine Alarms escalated to the Emergency Services
10-404788-3
134
Centrally and
Customer
Funded
Customer
Contract
Manager
Report
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Monthly
Monthly
Annually
Annual
Reports
34
Aggregated response times for Emergency Services from operator
notification
35
Aggregate Operator response times
36
User satisfaction survey results
REPORT :
Authority
Operational
Report
Authority
Contract
Management
Report
Strategic
Reporting
Authority
Exception
Report
Customer
Operational
Reporting
Customer
Contract
Manager
Report
Annual
Reports
REPORT
BROKEN
DOWN BY :
Customer
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Monthly
Monthly
Quarterly
As Required
Monthly
Monthly
Annually
FREQUENCY :
37
Breakdown of all complaints received
Networks
38
Performance against Service Levels
39
Number of cases of poor network coverage
40
Number of cases of SIM swap outs due to poor network coverage
Training
41
Number of Users trained, face to face/on line
42
Performance against Service Levels
43
Report on the status of all new Contracts where an agreed
delivery/training date has been delayed
Device and Device Usage
44
Performance against Service Levels
45
Device inactivity % per Customer
46
Number of cases of Device theft or loss
10-404788-3
135
47
Number of reported faulty Devices (i)on receipt of Device (ii) During the
Term of the Contract
48
Number of faulty Devices (i) within 12 month warranty (ii) within extended
warranty (iii) Device replaced where no fault found (iv) Device replaced
due to accidental or malicious damage
REPORT :
Authority
Operational
Report
Authority
Contract
Management
Report
Strategic
Reporting
Authority
Exception
Report
Customer
Operational
Reporting
Customer
Contract
Manager
Report
Annual
Reports
REPORT
BROKEN
DOWN BY :
Customer
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Centrally and
Customer
Funded
Monthly
Monthly
Quarterly
As Required
Monthly
Monthly
Annually
FREQUENCY :
Service Desk
49
Performance against service levels
50
Number if calls resolved on first contact
51
Number of calls referred to Technical administration
52
Number of calls closed without agreement of User or Escalation Point
10-404788-3
136
Schedule 8
Agreement Change Procedure
1
Introduction
1.1
This schedule 8 sets out:
(a)
the Agreement Change Procedure to be used by the Authority and the Supplier to effect
changes to this Framework Agreement; and
(b)
the Operational Change Procedure.
2
Principles
2.1
The Authority and the Supplier shall conduct discussions relating to proposed changes to this
Framework Agreement in good faith. Neither party shall unreasonably withhold or delay
consent to the other party’s proposed changes.
2.2
Until such time as an Agreement Change Note (ACN) has been signed by both parties, the
Supplier shall continue to provide and make available to Customers the Services in
accordance with this Framework Agreement and relevant Contracts.
2.3
Any work undertaken by the Supplier, its Sub-Contractors or agents in connection with any
proposed change to this Framework Agreement (other than that which has previously been
agreed in accordance with the provisions of paragraph 2.2) shall be undertaken entirely at the
expense and liability of the Supplier unless otherwise agreed between the Authority and the
Supplier in advance.
2.4
Any discussions, negotiations or other communications which may take place between the
parties in connection with any proposed change to this Framework Agreement, including but
not limited to the submission of any written communications, prior to the signing by both
parties of the relevant ACN, shall be without prejudice to the rights of either party.
3
Agreement Change Procedure
3.1
Should either party wish to amend this Framework Agreement, that party’s Framework
Manager shall submit a draft ACN for discussion detailing the proposed change to the other
party’s Framework Manager using the pro forma at Appendix 1.
3.2
Discussion between the parties following the submission of a draft ACN shall result in either:
3.3
10-404788-3
(a)
no further action being taken on that draft ACN; or
(b)
agreement between the parties on the changes to be made to this Framework
Agreement (including agreement on the date upon which the changes are to take
effect (the “effective date”)), such agreement to be expressed in the form of
proposed revisions to the text of the relevant parts of this Framework Agreement.
Where agreement is reached in accordance with paragraph 3.2(b) the party submitting the
draft ACN shall prepare the final ACN for execution by both parties. The final ACN, the
content of which has been agreed between the parties in accordance with paragraph 3.2(b),
shall be uniquely identified by a sequential number allocated by the Authority.
137
3.4
Two (2) copies of each ACN shall be signed by the Supplier and submitted to the Authority
not less than ten (10) Working Days prior to the effective date agreed in accordance with
paragraph 3.2(b).
3.5
Subject to the agreement reached in accordance with paragraph 3.2(b) remaining valid, the
Authority shall sign both copies of the approved ACN within five (5) Working Days of receipt
by the Authority. Following signature by the Authority, one (1) copy of the signed ACN shall
be returned to the Supplier by the Authority.
3.6
An ACN signed by both parties shall constitute an amendment to this Framework Agreement
pursuant to clause 12 (Amendments to this Framework Agreement).
3.7
The ACN pro forma is set out in Appendix 1 of this schedule.
4
Operational Change Procedure
4.1
Any "Operational Change", proposed by the Supplier shall be submitted in writing to the
Authority for acceptance.
4.2
The Authority shall review any Operational Change proposals submitted pursuant to
paragraph 4.1, and by written notice to the Supplier, without prejudice to its other rights and
remedies, may elect as its sole option to:
4.3
10-404788-3
(a)
accept the Operational Change;
(b)
return the Operational Change proposal, and invite the Supplier to re-submit the
proposal together with any clarifications or amendments as the Authority may
reasonably determine; or
(c)
reject the Operational Change.
The principles set out in paragraph 2 shall also apply to the Operational Change Procedure,
and no Operational Change shall be implemented by the Supplier unless and until written
notice of acceptance, is issued by the Authority.
138
APPENDIX 1
Agreement Change Note for the Agreement Change Procedure
Sequential Number:
[to be allocated by the Authority’s Framework Manager]
Title:
...........................................................
Originator:
.........................for the [Authority/Supplier]
Date change first proposed:
...........................................................
Number of pages attached:
................……………………………
WHEREAS the Supplier and the Authority entered into a Framework Agreement for the
provision of lone worker Services dated [date] and now wish to amend that Framework
Agreement;
Reason for proposed change
[Party proposing change to complete]
Full details of proposed change
[Party proposing change to complete]
Details of likely impact, if any, of proposed change on other aspects of the Framework
Agreement
[Party proposing change to complete]
Effect of proposed change on extant Contracts
[Party proposing change to complete in accordance with clause 12.3]
IT IS AGREED as follows:
10-404788-3
139
1
With effect from [date] the Framework Agreement shall be amended as set out below:
[Details of the amendments to the Framework Agreement to be inserted here – to include the
explicit changes required to the text in order to effect the change, i.e.
clause/schedule/paragraph number, required deletions and insertions etc]
2
Save as herein amended, all other terms and conditions of the Framework Agreement
inclusive of any previous ACNs shall remain in full force and effect.
Signed for and on behalf of the Supplier
By ....................................................................................................
Name ..............................................................................................
Title .................................................................................................
Date ................................................................................................
Signed for and on behalf of the Authority
By
..............................................................................................
Name ..............................................................................................
10-404788-3
Title
…………………………………………………………………….
Date
...............................................................................................
140
Schedule 9
Maximum Charges Variation Procedure
1
Introduction
1.1
This schedule 9 details the Maximum Charges Variation Procedure applicable to this
Framework Agreement.
1.2
The Charges shall only be varied through:
(a)
Indexing, in accordance with the provisions of paragraph 2; and
(b)
agreement between the parties at any time to decrease any of the Maximum Charges
and the date from which such decrease shall apply.
2
Indexing
2.1
The Indexation Factor will be RPIX- The “Retail Prices Index excluding mortgage interest rates
(RPIX)” as published by the Office of National Statistics at the year anniversary of the
Agreement. The most recently published RPIX rate will be used to calculate revised Maximum
Charges.
(a)
Indices are available at the following website:
http://www.statistics.gov.uk/CCI/SearchRes.asp?term=chmk&x=28&y=13
2.2
In the event that any changes occur to the basis of RPIX, or it is no longer published, the
Authority and the Supplier shall agree a fair and reasonable adjustment to that index or, if
appropriate, shall agree a revised formula that in either event will have substantially the same
effect as that specified in this schedule 9. Where the published figure specified in paragraph
2.1 is stated to be a provisional figure or is subsequently amended, that figure shall apply as
ultimately confirmed or amended unless the Authority and the Supplier shall agree otherwise.
2.3
In respect of new Contacts, schedule 5 (Maximum Charges) shall be varied on the 1st Year
anniversary of the Agreement, and on each subsequent anniversary using the following
formula;
⎛
⎛ RPIXd ⎞ ⎞
⎟⎟ ⎟
NBCa = ⎜⎜ (EBCa ) × ⎜⎜
⎟
RPIXp
⎝
⎠⎠
⎝
Where:
NBCa = New Base Charge of New Orders
EBCa = Existing Base Charge of New Orders
RPIX = The “Retail Prices Index excluding mortgage interest rates (RPIX)” as published by the
Office of National Statistics (http://www.statistics.gov.uk/instantfigures.asp).
RPIXd = the value of the most recently published RPIX figures preceding the date when the
indexation of the Charges is to be given effect.
RPIXp is the value of RPIX in respect of 12 months prior to the current Anniversary year.
10-404788-3
141
The Existing Base Charge = the price that applies on signing the Agreement, as amended on
the anniversary of the Framework Agreement, when a New Base Charge will be calculated in
accordance with the principles detailed in this schedule 9..
2.4
The Maximum Charges in respect of all Contracts that exist at the point at which revised
Framework Agreement pricing is agreed, shall be varied on the anniversary of each individual
Contract using the following formula;
⎛
⎛ RPIXd ⎞ ⎞
⎟⎟ ⎟ + (EBCo × (1 − Z ))
NBCb = ⎜⎜ (EBCb − (EBCo × (1 − Z ))) × ⎜⎜
⎟
⎝ RPIXp ⎠ ⎠
⎝
Where:
NBCb = New Base Charge for Existing Orders
EBCb = Existing Base Charge of Existing Orders
EBCo = Base Charge at commencement of Agreement
Z
= % of the Base Charge at commencement of Agreement subject to Indexation as
specified in Appendix 1 : % Of Maximum Charges subject to Indexation – Existing Orders
RPIX = The “Retail Prices Index excluding mortgage interest rates (RPIX)” as published by the
Office of National Statistics (http://www.statistics.gov.uk/instantfigures.asp).
RPIXd = the value of the most recently published RPIX figures preceding the date when the
indexation of the Charges is to be given effect.
RPIXp = the value of RPIX in respect of 12 months prior to the current Anniversary year.
The Existing Base Charge for Existing Orders (ECBb) = the price that applies on signing
the Agreement as amended on the anniversary of the Framework Agreement when a New
Base Charge will be calculated in accordance with the principles detailed in this schedule 9..
The Existing Base Charge at commencement of Agreement (EBCo) = the price that
applies on signing the Agreement.
3
Procedure for agreeing to Lower Maximum Charges
3.1
Either party shall have the right from time to time during the Term to give notice to request a
review of the Maximum Charges whether or not such a request is occasioned by any
benchmarking undertaken by the Authority under clause 7.2 (Benchmarking). As soon as
reasonably practicable after the date of the notice, the Supplier shall meet with the Authority to
discuss in good faith the variation of the Charges. Any variation in the Charges shall be
recorded in writing and shall take effect on the date agreed between the parties. The Authority
shall not give notice under this paragraph more frequently that at three (3) months intervals
during the Term.
3.2
In the event that, following a variation of the Maximum Charges in accordance with the
Framework Agreement, the Charges under any Contract are above the level of the Maximum
Charges; such Charges shall automatically be reduced to the level of the Maximum Charges
with effect from the date that the revised Maximum Charges take effect.
10-404788-3
142
4
Implementation Of Adjusted Maximum Charges
4.1
Variations to Maximum Charges shall be made in accordance with the provisions of this
schedule 9. The Supplier shall amend the Charges shown in the Catalogue to reflect such
variations, where necessary.
4.2
The Supplier shall apply any adjustment to the Authority or Customer’s invoice (as
appropriate) immediately. Variations to the Charges applicable to each Contract shall be made
in accordance with the provisions of that Contract.
10-404788-3
143
Appendix 1
In respect of existing Contracts the Table below details the percentage of Maximum Charges
that will be subject to indexation;
% Of Maximum Charges subject to Indexation - Existing Contracts
i750 – GSM
Identicom
i770 – GSM
Identicom
with man
down
function
i757 – GSM
Identicom
with GPS
i777 – GSM
Identicom
with GPS
and man
down
function
Contract Rental New Device : One User - Monthly Charge
1 Year
2 Year
3 Year
4 Year
5 Year
Short Term Rental - Monthly Charge
39%
53%
61%
66%
69%
41%
55%
63%
68%
71%
37%
51%
59%
64%
68%
39%
53%
61%
66%
70%
53%
55%
51%
53%
Pooled Devices
1st User
Additional User Training Charge - Initial
Charge per additional user
As Contract Rental New Service
100%
Managed Services - Monthly Charge
Customer owned Mobile Phone
Customer owned Identicom Device
10-404788-3
Customer
owned SIM
91%
91%
144
SIM Provided
by Supplier
93%
93%
Schedule 10
Sub-Contractors
1
Introduction
1.1
This schedule 10 contains:
(a)
Details of the Sub-Contractors to be employed by the Supplier in the provision of
Services pursuant to individual Contracts, and the safeguards/ protection taken in
respect of such Sub-Contractors; and
(b)
The procedure to select, appoint and manage Sub-Contractors.
2
Sub-Contractors and Safeguards / Protection
2.1
The table of Sub-Contractors and safeguards/ protections, details in Part 1 the SubContractors in use as at the date of this Agreement; and in Part 2, the potential subcontractors that the Supplier has identified as an alternative/contingency.
2.2
The Supplier shall not be permitted to change from a Sub-contractor listed in Part 1 to a
potential sub-contractor listed in Part 2, without the prior written approval of the Authority in
accordance with the Agreement Change Procedure.
Part 1
Name and full
Obligation
Details of Safeguards and Protection
contact details
The Supplier has put in place the following
safeguards to secure the delivery of
Devices
from
its
Sub-Contractor
(Connexion2) to enable the Supplier to fulfil
its obligations under the Contracts:
The provision of Identicom Devices
and warranty on sub-contract to the
Supplier
Connexion2 Ltd
Momentum House
Carrera Court
Church Lane
Dinnington
S25 2 RG
1.The sub-contract will step down the key
obligations of the Supplier under the
Contracts to Connexion2, including most
importantly the Service Levels and
business
continuity
provisions
2. The Supplier shall also have the
following rights to ensure continuity of
supply, particularly to secure the supply of
critical
components:
2.1 to take over third party supply contracts;
2.2 to have direct agreements with third
party
suppliers;
2.3 to require Connexion2 to hold adequate
buffer stock of components based on
10-404788-3
145
Part 1
Name and full
Obligation
Details of Safeguards and Protection
contact details
anticipated
demand;
2.4 to require Connexion2 to maintain
business
continuity
plans
2.5 a bespoke escrow agreement with a
reputable
escrow
agent
requiring
Connexion2 to deposit the source code
relating to all intellectual property in an
escrow agreement for access by the
Supplier in the event that Connexion2
becomes;
(i) insolvent,
(ii) appoints administrators; or
(iii) is in material breach of its
contractual obligations to the Supplier;
2.6 to step in to Connexion2's major supply
contracts if Connexion2 should fail
(financially or operationally)
Vodafone Specialist
Communications
Limited.
3 The Courtyards,
Phoenix Square
Wyncolls Road
Colchester
Essex
CO4 9PE
Primary provider of SIM cards and
Network services on sub-contract to
the Supplier
The Supplier has agreed terms with
Vodafone. The contract for Services will be
signed once the contract with the NHS has
been signed. Our contract is stand alone
relating directly to the provision of services
to the NHS
Contract Term: TBC
Renewal Date: TBC
BT Global Services
1 River Gate
Temple Quay
Bristol
BS1 6ED
British
Telecommunications
PLC
(Company
Number 1800000)
81 Newgate Street
London EC1A 7AJ
10-404788-3
Contract Term: Annual
Supplier of landlines to the Supplier
Renewal Date: July 2009
Contract Term: 27 years remaining on
lease Agreement
Landlord only for ARC, Pontefract
146
Renewed: Sept 2008
Part 2
Name and full
Obligation
Details of Safeguards and Protection
contact details
VC Electronics Ltd
Unit 14, Goldthorpe
Industrial Estate,
Rotherham,
South Yorkshire
S63 9BL
1. The Supplier to ensure Connexion2
provide and maintain a business continuity
plan that includes alternative manufacturing
sources and 1st/2nd sources for all
components.
Manufacture of Devices under subcontract to Connexion2 Ltd (Primary
source)
2. Sub-Contractor (VC Electronics) contract
includes suitable SLA's to ensure effective
availability of goods and services.
3. Sub-Contractor (VC Electronics) contract
includes ‘back to back’ business continuity
plans and provisions.
NSH Techlogistics
Ltd
Unit 2
Trillenium
Coleshill
B46 1JU
1. The Supplier to ensure Connexion2
provide and maintain a business continuity
plan that includes alternative manufacturing
sources and 1st/2nd sources for all
components.
Manufacture of Devices under subnd
contract to Connexion2 Ltd (2
source) and primary repair agent
2. Sub-Contractor (NSH Techlogisitics)
contract includes suitable SLA's to ensure
effective availability of goods and services.
3. Sub-Contractor (NSH Technlogistics)
contract includes ‘back to back’ business
continuity plans and provisions.
Ikon Electronics Ltd
Knaresborough
Technology Park
Manse Lane
Knaresborough
North Yorkshire
HG5 8LF Manse
Lane
Knaresborough
North Yorkshire
HG5 8LF
1. The Supplier to ensure Connexion2
provide and maintain a business continuity
plan that includes alternative manufacturing
sources and 1st/2nd sources for all
components.
Manufacture of devices under subcontract to Connexion2 Ltd
rd
(3 source)
3. Sub-Contractor (Ikon Electronics)
contract includes ‘back to back’ business
continuity plans and provisions.
Component Supplier for electronic
components on sub-contract to
Connexion2 Ltd
10-404788-3
2. Sub-Contractor (Ikon Electronics)
contract includes suitable SLA's to ensure
effective availability of goods and services.
147
1. The Supplier to ensure Connexion2
provide and maintain a business continuity
plan that includes alternative manufacturing
Part 2
Name and full
Obligation
Details of Safeguards and Protection
contact details
Abacus Group PLC
sources and
components.
Unit 5B, Waltham Park
White Waltham,
Maidenhead
Berkshire
SL6 3TP
1st/2nd
sources
for
all
2. Sub-Contractor (Abacus Group) contract
includes suitable SLA's to ensure effective
availability of goods and services.
3. Sub-Contractor (Abacus Group) contract
includes ‘back to back’ business continuity
plans and provisions.
2001 Electronic
Components Ltd
Eastman Way
Stevenage Business
Park
Pin Green
Stevenage
Hertfordshire
SG1 4SZ
1. The Supplier to ensure Connexion2
provide and maintain a business continuity
plan that includes alternative manufacturing
sources and 1st/2nd sources for all
components.
Component Supplier for electronic
components on sub-contract to
Connexion2 Ltd
2.
Sub-Contractor
(2001
Electronic
Components Ltd) contract includes suitable
SLA's to ensure effective availability of
goods and services.
3.
Sub-Contractor
(2001
Electronic
Components Ltd) contract includes ‘back to
back’ business continuity plans and
provisions.
Alpha Micro Ltd
Springfield House
Cranes Road
Basingstoke
Hampshire
RG24 9LJ
1. The Supplier to ensure Connexion2
provide and maintain a business continuity
plan that includes alternative manufacturing
sources and 1st/2nd sources for all
components.
Component
Supplier
for
IPB
batteries
on
sub-contract
to
Connexion2 Ltd
2. Sub-Contractor (Alpha Micro) contract
includes suitable SLA's to ensure effective
availability of goods and services.
3. Sub-Contractor (Alpha Micro) contract
includes ‘back to back’ business continuity
plans and provisions.
Cinterion Wireless
Modules GmbH
Mr. Arthur Woode
The Carriage Barn
10-404788-3
Primary supplier of GSM Modem on
sub-contract to Connexion2 Ltd
(previously Siemens)
148
1. The Supplier to ensure Connexion2
provide and maintain a business continuity
plan that includes alternative manufacturing
Part 2
Name and full
Obligation
Details of Safeguards and Protection
contact details
Bartlett's Court
Bath
Road,
Maidenhead
Berkshire
SL6 3RX
sources and
components.
1st/2nd
sources
for
all
2. Sub-Contractor (Cinterion Wireless
Modules) contract includes suitable SLA's
to ensure effective availability of goods and
services.
3. Sub-Contractor (Cinterion Wireless
Modules) contract includes ‘back to back’
business continuity plans and provisions.
Wavecom Ltd
Wavecom Northern
Europe Ltd.
Suite 6, The Hub
Fowler Avenue
Farnborough
Business Park
Farnborough
GU14 7JP
GSPK Ltd
Knaresborough Technology Park,
Manse Lane
Knaresborough
North Yorkshire
HG5 8LF
Secondary supplier of GSM Modem
on sub-contract to Connexion2 Ltd
The Supplier to ensure Connexion2 provide
and maintain a business continuity plan
that includes alternative manufacturing
sources and 1st/2nd sources for all
components.
2. Sub-Contractor (Wavecom) contract
includes suitable SLA's to ensure effective
availability of goods and services.
3. Sub-Contractor (Wavecom) contract
includes ‘back to back’ business continuity
plans and provisions
The Supplier to ensure Connexion2 provide
and maintain a business continuity plan
that includes alternative manufacturing
sources and 1st/2nd sources for all
components.
Primary supplier of PCB on subcontract to Connexion2 Ltd
2. Sub-Contractor (GSPK Ltd) contract
includes suitable SLA's to ensure effective
availability of goods and services.
3. Sub-Contractor (GSPK Ltd) contract
includes ‘back to back’ business continuity
plans and provisions
AV Injection
Junction Road
Sutton in Ashfield
Nottinghamshire
NG17 5G
10-404788-3
Supplier of Identicom Form Factor
on sub-contract to Connexion2 Ltd
149
The Supplier to ensure Connexion2 provide
and maintain a business continuity plan
that includes alternative manufacturing
sources and 1st/2nd sources for all
components.
Part 2
Name and full
Obligation
Details of Safeguards and Protection
contact details
2. Sub-Contractor (AV Injection) contract
includes suitable SLA's to ensure effective
availability of goods and services.
3. Sub-Contractor (AV Injection) contract
includes ‘back to back’ business continuity
plans and provisions
Computer Network
Services
Huntingdon Business
Park
Blackstone Road
Huntingdon
PE29 6EX
Supplier has new system contract. Full
support and warranty.
Supplier of Telephony to the Supplier
24/7 technical support contract
Contract Term: 5 years
Renewal Date: Sept 2013
Monitor Software
Limited
3rd Floor
Marlborough House
Westminster Place
York Business Park
York
YO26 6RW
Jemline
Developments Ltd
Signal House
Lyon Road
Harrow
Middlesex
HA12AG
TOPdesk UK limited,
London House,
271/273 King Street,
London
W6 9LZ
Contract Term: Annual
Supplier of Alarm Handling Software
to the Supplier
Renewal Date: May 2009
Contract in place for data storage renewed
annually & Due Nov 2009
Landlord for DR, Manchester
Contract in place for DR
Renewed annually & Due Nov 2009
In discussions for longer term agreement
for co location for additional services
Supplier of the CRM package to the
Supplier
Specific contract for the lone worker under
negotiations.
Current Maintenance contract: Annual
Renewal Date: Apr 2009
3
Procedure To Select, Appoint And Manage Sub-Contractors
3.1
Subject always to the provision of clause 36 (Transfer and Subcontracting), the Supplier shall
ensure that the Service is maintained at best value without compromising quality or cost. Sub-
10-404788-3
150
Contractors shall be evaluated, selected and measured on their ability to supply, manage and
execute the Supplier’s requirements in a professional, efficient and timely manner.
3.2
In particular the Supplier shall identify and evaluate Sub-Contractors against a range of criteria
that allow the Supplier to assess the likelihood of the Sub-Contractor defaulting on the delivery
requirements necessary to sustain a successful outcome for the Services. These criteria shall
cover, but not be limited to the Sub-Contractor’s:
(a)
Financial viability;
(b)
Management capacity;
(c)
Workforce resilience;
(d)
Organisation details (including financial status and insurance);
(e)
Technical capabilities and competence;
(f)
Approach & methodology;
(g)
Health and Safety issues;
(h)
Quality Management issues;
(i)
Environmental management;
(j)
Training and recruitment;
(k)
Business Continuity Plan;
(l)
Adherence to legislative and regulatory requirements;
(m)
Data Protection Policy;
(n)
Conformance to the Supplier’s corporate governance processes;
(o)
Commitment to achieve best value and optimum Supplier performance through
securing volume leverage across the range of the Supplier’s business;
(p)
Respect of IPR and the confidentiality of information;
(q)
With whom long-term supply partnerships are created to ensure stability and security
of supply that are consistent with supporting best practice in a healthy competitive
environment; and
(r)
That share risk and reward appropriately with the Supplier.
3.3
Profiling and assessment of Sub-Contractor risks shall be a key element of the Supplier's Risk
Management process and shall remain under review and independent verification by the
Supplier’s insurance advisors. It shall also be a key element of the Business Continuity Plan.
3.4
The risk relating to all Sub-Contractors will rest (both financial and operational) completely with
the Supplier.
3.5
The Supplier shall provide a risk assessment of its Sub-Contractors to include consideration of
the following:
10-404788-3
151
(a)
Failure of Sub-Contractor to perform, leading to contract or service delivery failure.
The Supplier shall be responsible for the delivery of all sub-contract activity that
supports the Services. The Supplier shall appraise, appoint and monitor the
performance of any sub-contractor and to have in place adequate contingency plans
to ensure no disruption to the Services.
(b)
10-404788-3
Failure of Sub-Contractor to perform to the standards expected.
(i)
The Supplier shall be responsible for the standards achieved in support of the
Service by any Sub-Contractor.
(ii)
Subject to clause 36 (Transfer and Sub-contracting), in its management of
Sub-Contractors the Supplier shall demonstrate a fair and robust supplier
management process. It shall formalise its relationship with a contract or
service level agreement. This document shall encompass all aspects of the
supply agreement, including but not limited to:
(A)
Scope of supply including terms and conditions, risks and price;
(B)
Scheduling of review meetings and parties to be present;
(C)
Agreed minimum quality levels;
(D)
Agreed minimum delivery performance levels;
(E)
Agreed stock holdings;
(F)
Response times;
(G)
A listing of the management reports and schedule of release;
(H)
Escalation points within all interested parties;
(I)
Manage the performance of Sub-Contractors through the use of
jointly agreed Key Performance Indicators (KPIs) and back-to-back
contract terms that shall include:
1)
Percentage of deliveries arriving at agreed time;
2)
Percentage of goods below agreed quality levels;
3)
Average response time;
4)
Number of pricing discrepancies, and
5)
Customer satisfaction survey results;
(J)
Agreed penalties for non/poor performance;
(K)
Payment terms, including payment of invoices, debiting accounts and
credit periods;
(L)
Step down risks and responsibilities;
152
10-404788-3
(M)
Rights of step-in over the sub-contractor and its own supply chain
partners;
(N)
Parent/Third Part guarantees/performance bonds;
(O)
Change of ownership obligations;
(P)
IP and Source Code protection; and
(Q)
Default and termination rights.
153
Schedule 11
Model Self Audit Certificate
1
Introduction
1.1
This schedule 11 contains a Model Self Audit Certificate.
MODEL SELF AUDIT CERTIFICATE
Dear Sirs
In accordance with the Framework Agreement entered into on [ADD DATE] between the NHS
Business Services Authority and Reliance Secure Task Management Limited (the Supplier),
we confirm the following:1.
In our opinion the Supplier has in place suitable systems for identifying and recording
the transactions taking place under the provisions of the above Framework
Agreement.
2.
We have tested the systems and found them to be operating satisfactorily.
3.
We have tested a sample of the transactions during our audit for the financial year
ended [Add financial year] and confirm that they are correct and in accordance with
the terms and conditions of the above Framework Agreement.
Name: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Auditor’s Stamp
Signed: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Date: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
10-404788-3
154
Schedule 12
Governance
1
Introduction
1.1
This schedule sets out the high level procedures and processes to be followed by the
Supplier in conjunction with the Authority and Customers to ensure appropriate governance of
the Services and their management during the term of the Agreement and shall include:
(a)
Governance principles;
(b)
The role of the partnership board;
(c)
Governance bodies and structure;
(d)
Governance roles & responsibilities;
(e)
Governance meetings; and
(f)
Governance reporting.
2
Governance Principles
2.1
The Governance structure is underpinned by the following key principles:
(a)
the Framework Agreement will be maintained and managed between the Authority
and the Supplier via scheduled and structured meetings and informal communication;
(b)
each Contract will be maintained and managed by the Supplier and Customer who
will hold scheduled and structured communications and informal communications;
(c)
the Services shall be managed at a consolidated level by the Authority, who shall
control any proposed changes to the Services and/or related scripts, process flows
and standard operating procedures in accordance with the Operational Change
Procedures;
(d)
the parties shall form a "Partnership Board" to undertake the activities defined in
paragraph 3 of this schedule; and
(e)
where a change is agreed it will be implemented through the Agreement Change
Procedure, or the Operational Change Procedure, as appropriate.
2.2
The provisions of this schedule as they relate to the resolution of issues are without prejudice
to express provisions including clause 28 (Dispute Resolution) of this Framework Agreement
or clause 27 (Dispute Resolution) and schedule 2-6 (Dispute Resolution Procedure) of any
Contract in relation relating to Dispute resolution.
3
The Partnership Board
3.1
The Supplier shall appoint senior executives from the Reliance Security Group to comprise
the Supplier side of the Partnership Board. The Partnership Board shall work in a strategic
way to align the objectives of Supplier and Authority and shall meet at a mutually convenient
location on a quarterly basis.
10-404788-3
155
3.2
3.3
The Authority shall appoint senior executives from the NHS Business Services Authority to be
members of the Partnership Board. The role of the Partnership Board shall be to:
(a)
Review current performance/Service delivery;
(b)
Consider ideas for improving the quality of the Service;
(c)
Enhance and maximise the marketing of the Service;
(d)
Consider Authority queries and issues;
(e)
Commission and consider the results of studies, surveys and project that the Supplier
and Authority shall jointly consider important to the delivering the Service
successfully;
(f)
Consider a continuous improvement plan;
(g)
Consider new technologies/devices for potential inclusion in the Framework
Agreement in accordance with clause 4.5 and 4.6 (the Available Services) and agree
any amendments to the Catalogue using the Agreement Change Procedures.
The Supplier shall provide, as members of the Partnership Board, the following as a
minimum:
(a)
A Board Director selected from either Reliance Secure Task Management, Reliance
High-Tech or Reliance Security Group;
(b)
The Director, Reliance ARC; and
(c)
The Supplier Framework Manager.
4
Roles & Responsibilities
4.1
The table below shows each role, and their key responsibilities, and the dedicated contract
management team with sufficient capacity to manage the Framework Agreement and
Contracts to the full satisfaction of the Authority. The Supplier shall manage the Services as a
coherent, single entity, joining together the elements of Service Desk, Device, Airtime,
Training, Technical Administration and ARC.
The table below details the roles and their key responsibilities:
Customer Role
Supplier Role
Supplier Key responsibilities
MD of Counter
Fraud
Security
Management
Services
Managing Director –
Reliance Secure Task
Management
2nd escalation point as defined in paragraph 7 below
Head of SMS
Director of Operations
– Reliance Secure
Task Management
1st escalation point as defined in paragraph 7 below
10-404788-3
156
Customer Role
Supplier Role
Authority
Framework
Manager
Supplier Framework
Manager/Contract
Director
Supplier Key responsibilities
1. The overall performance of the Service
2. Strategic support to the Partnership Board
3. Legislative compliance
4. Relations with the Authority, Authorised
Customer Representatives and Users
5. Marketing and Communications
6. Promotion of Services to Potential Customers
7. Agree Operational Change Procedures
8. Service lead in relation to Maximum Charges
Variation procedure
9. Service lead in relation to new Devices being
introduced as a result of the new Device
review process
10. Relationship account management
11. Ensure deliver consistent Services to meet
the Service Levels and fulfil obligations in the
Agreement and each Contract
12. Drive continuous improvement initiatives and
service or technological innovations
13. National performance management
14. Overall responsibility for promotion
Services to Potential Customers
of
15. Environmental issues
16. The provision of all contractual commitments
to the Authority including, but not limited to:
17. Management Information
18. Quarterly Business Reviews
19. Complaint Management
20. Rectification Plans when required
21. Management of an Incident and Issues
Management Process
10-404788-3
157
Customer Role
Supplier Role
Supplier Key responsibilities
22. Arranging meetings, arranging venues in
consultation with the Authority, issuing
meeting materials to attendees and
completing minutes of meetings
23. The Contract Director shall be responsible for
the line management of the Training
Manager, the National Accounts Manager
and the ARC Manager.
Service Maintenance
Manager
The Service Maintenance Manager shall be
responsible for all the processes, systems and service
delivery relating to the configuration of all Devices
with SIM cards; the subsequent re-configuration of
any Device in the field that requires a change as
requested
by
the
Authorised
Customer
nd
Representative; 2 line technical support to all
Users or Authorised Customer Representatives on
problem solving, usability and SIM issues; the
shipping and receipt of any faulty Devices and/or their
replacements in line with agreed Service Levels and
managing the Technology Refresh of any Device
returned.
User
Manager
Training
The User Training Manager shall be responsible for
managing the training deliverables for the contract;
delivering the Training Plan; line management of the
training team and of ensuring effective scheduling to
meet the agreed Service Levels.
Desk
The Service Desk Supervisor shall be the line
manager for all Service Desk Supplier Personnel and
shall be responsible for delivering the Service Desk
Schedule; rota management; training and provision of
appropriate Management Information in respect of the
Services
Service
Supervisor
10-404788-3
158
Customer Role
Supplier Role
National
Manager
Supplier Key responsibilities
Account
The National Account Manager shall be the line
manager for the Account Managers, and shall be
responsible for delivering first-line accountability of
the Service to Authorised Customer Representatives
and for the Sales and Marketing Plan, and shall have
responsibility for:
1. Promotion of Services to Potential Customers
2. Put in place signed contracts with all
Customers
3. Complaint Management
4. Ongoing Customer account management
5. Production of Non -Conformance reports
6. Notification that Supplier unlikely to achieve
the implementation timetable, summarising
the Delay and the reasons for it
7. Completion of a Correction Plan
8. Arranging progress meetings, arranging
venues in consultation with the Customer,
Potential Customer or Authorised Customer
Representative, issuing meeting materials to
attendees and completing minutes of
meetings
ARC Manager
10-404788-3
The ARC Manager shall be responsible for the line
management of the ARC Supplier Personnel and the
Service Desk Supervisor, delivering the ARC
schedule and rota management and training
requirements for the Supplier’s ARC personnel.
159
5
Governance Meetings
5.1
This paragraph describes in more detail the regular meetings which will be scheduled as a
minimum requirement to ensure strong communication is maintained at all levels of the
relationship. The Authority and/or Customer may convene additional meetings at any time
provided that reasonable notice is given to the Supplier. The Authority may invite additional
stakeholders at its discretion.
5.2
In the event that a representative identified in column 3 (Attendees) cannot attend the
relevant meeting, such representative shall be entitled to (i) provide its decision or approval
on any issue to be raised at the meeting in writing within 2 days following such meeting, or (ii)
nominate an alternative representative to attend the meeting by giving not less than 2 days
notice to the other party.
5.3
Governance Meetings shall be as follows:
Meeting or Forum
Frequency
Attendees
Review,
Decisions
Approvals
Supplier/Customer
Meeting
Monthly
Supplier
1.
Discuss progress in
respect of Contract(s) implementation and
provision of ongoing
Services
2.
Discuss
performance
management and
information provided via
the Management
Information monthly
reporting process
1.
To include a review
of the Services at a
national level,
performance
management, review
Management
Information, Service
Levels and Service
Credits, complaints,
User satisfaction,
survey results, areas of
improvement,
continuous
improvement
2.
Proposed changes
to the Services that will
effect the Operational
Change Procedure
Supplier Account
Manager
and
Customer
Authorised Customer
Representative
Supplier/Authority
Monthly or other
period as agreed
between the
parties using the
Operational
Change
Procedure
Supplier
Supplier Framework
Manager/Contract
Director and invited
Sub-Contractors as
required
Authority
Authority Framework
Manager and invited
stakeholders
The Authority
Commercial
Directorate as
required
10-404788-3
160
Meeting or Forum
Partnership Board
Frequency
Quarterly
Attendees
Review,
Decisions
Approvals
3.
Proposed changes
to the Services that will
effect the Agreement
Change Procedure
including agreeing a
recommendation for the
Partnership Board in
respect of the inclusion
of new Devices in the
Catalogue following a
Product Review
4.
Proposed changes
that will require
reference to the
Maximum Charges
Variation Procedure
5.
Commercial review
to include spend,
Service Credits
awarded, management
fee
Supplier
1.
Board Director
selected from either
Reliance Secure Task
Management,
Reliance High-Tech
or Reliance Security
Group.
Strategic issues
which both parties
believe require joint
consideration.
2.
Performance
management including
aggregated view of
Service Level/Service
credit status,
complaints, User
satisfaction survey
results, areas of
improvement,
continuous
improvement
3.
Decisions on the
inclusion of new
Devices in the
Catalogue following a
Product Review
The Director,
Reliance ARC
The Supplier
Framework Manager
Authority
Authority Framework
Manager and invited
stakeholders
10-404788-3
and
161
5.4
Where a governance body identified in the table above reaches a decision or grants an
approval, that body shall be responsible for ensuring that such decision or approval is clearly
and accurately documented in writing and circulated amongst the members of each such
body.
6
Governance Reporting
6.1
This paragraph identifies the regular reports required to be produced by the Supplier in order
to drive the governance meetings and processes.
6.2
Reporting information shall be provided to facilitate the governance meetings as follows:
To Be Delivered
Agreed Date
by
Report
Content
Period
Monthly Customer
Reporting
Content will be produced as
detailed in Schedule 7
(Management Information)
Monthly
Within 8 days following
month end
Monthly Authority
Reporting
Content will be produced as
detailed in Schedule 7
(Management Information)
Monthly
Within 8 days following
month end and 1 week
prior to
Supplier/Authority
monthly meeting as
requested
7
Escalation Procedure
7.1
In the event of a dispute the matter shall be referred by the Authority or the Supplier as
follows:
Supplier
Representative
Authority
Representative
1st Line Point
Director
of
Operations
–
Reliance Secure
Task
Management
Head of SMS
If the escalated issue
cannot be resolved within
10 Working Days of
referral the matter shall be
referred
to
the
2nd
escalation point
2nd Line Point
Managing
Director
–
Reliance Secure
Task
Management
Managing Director of
CFSMS
If the escalated issue
cannot be resolved within
10 Working Days of
referral the matter shall be
referred to mediation as
detailed in clause 28 of the
Framework
Agreement
(Dispute Resolution)
Escalation Route
10-404788-3
162
Escalation Process
Schedule 13
Solution
1
Introduction
1.1
The Supplier Solution is an end to end Solution that offers Users the assurance and
protection needed when working in isolation or vulnerable situations. The Services is based
from a BS 5979 Cat II centre with 100% availability utilising the appropriate monitoring
software and equipment.
1.2
The Supplier shall operate to the highest operating standards and comply with ISO 27001/2
Information Security Management. The ARC shall offer a robust solution even when faced
with the most severe incidents which effect business operations.
1.3
The ARC is accredited with BS 5979 Cat II, and adheres to the following physical security
controls;
(a)
Dual thickness walls;
(b)
Access control;
(c)
Airlock;
(d)
Independent air supply system;
(e)
Gas detectors;
(f)
CCTV internal;
(g)
Blast proof windows;
(h)
Secure server room;
(i)
Secure telephone system; and
(j)
Firewalls providing secure encrypted MPLS between sites.
2
ARC Solution Overview
2.1
The ARC is available 24 hours a day, 365 days per year. This centre (or virtual centre) is
capable of monitoring Users Red Alerts, Amber Alerts and Status Checks covering every
geographical location where NHS lone workers need to operate within England.
2.2
The Services provided will support a range of User profiles to support the needs of different
situations arising from the diverse User groups and range of NHS bodies. The User profiles
will allow bespoke escalation procedures e.g. escalation to colleagues instead of emergency
response from the Police. The default profile should result in escalation to the Police service if
appropriate.
2.3
The ARC is able to listen to and record events in a way that is legally admissible in
prosecution cases that arise from incidents.
2.4
The Alarm Handling Software is designed for high availability with both on and off site
replication through redundancy of data and systems, enabling continuous access and alarm
10-404788-3
163
handling capabilities. The handling and management of lone worker alarms is provided
through the specialised Sentinel Plus+ alarm handling platform. Support of the bespoke
elements is separately provided by Monitor Computer Systems, based in York. Over a
number of years development work has been undertaken by Monitor Computer Systems to
develop a product to reflect our experience of the lone worker Services.
2.5
In the event of an individual component failure, there is dual redundancy of systems at the
primary site. If a catastrophic failure such as fire, flooding, power failure, criminal attack
occurred at the primary site then Disaster Recovery (DR) is invoked and the signals
redirected to the Disaster Recovery site servers. The Alarm Handling Software is actively
health monitored so that proactive measures are taken in the event of a component failure (i.e
RAID Hard Disk failure).
3
Service Desk Solution Overview
3.1
The Service Desk is co-located in Pontefract within the Alarm Response Centre (ARC) and is
available between 6am and 8pm, Monday to Friday, excluding weekends and Bank Holidays.
There will be an overlap of Service Desk Personnel in which a full handover of activity and
events will occur within the Service Desk Working Day.
3.2
Between the hours of 8pm and 6am, weekends/Bank Holidays will be covered by the ARC
Personnel. The facility at Pontefract and the Service Desk Personnel are to be dedicated to
the Services, with Personnel performing all administration tasks relating to implementing new
Users and ongoing support for existing Users.
3.3
The Service Desk Personnel will be able to access all associated systems to ensure quick
and effective resolution of all issues, managing all enquiries and queries through to resolution,
engaging with the ARC and Service Maintenance functions as necessary.
4
Service Desk Customer Relationship Software (CRM)
4.1
The CRM application used by the Service Desk will be fully auditable and transparent to
Supplier Authorised Personnel, logging and tracking all enquiries and interactions with clients,
regardless of nature. The Service Desk will use a new IT system to capture requests from
Customers and Users and to co-ordinate the work done by the following groups of Supplier
workers:
4.2
(a)
The Service Desk Supplier Personnel at the call centre in Pontefract;
(b)
The ARC Supplier Personnel at the ARC in Pontefract;
(c)
The Supplier account managers working out in the field with the Customers;
(d)
The Supplier trainers working out in the field delivering training to the Users; and
(e)
The Supplier Service Maintenance Personnel configuring and issuing Devices and
providing technical support based in the ARC.
The Supplier will use the Microsoft CRM application to co-ordinate the work of the Service
Desk operation. This application was chosen for the following reasons:
(a)
10-404788-3
MS-CRM includes a lot of the standard helpdesk functionality already required for the
Lone Worker Protection project;
164
4.3
(b)
MS-CRM supports workflow between teams of users. It is easy to set up queues of
cases for different teams and to automatically move cases from one queue to another
as the status of the case changes;
(c)
MS-CRM includes a Knowledge Base module which can be used by the Service
Desk to solve common User problems directly over the phone;
(d)
MS-CRM is a web application and can be accessed by remote users who are not
within the Service Desk such as Supplier trainers and Supplier account managers;
and
(e)
MS-CRM integrates with Microsoft Outlook. Emails correspondence is easily stored
in the CRM database and calendar appointments and tasks can be set up through
CRM and can be notified to users through the Outlook calendar and task list.
The MS-CRM application is available to the following groups of Supplier remote users across
a Virtual Private Network:
(a)
Supplier account managers; and
(b)
Supplier trainers
4.4
All users of the CRM application will have to supply a username and password to be able to
access the system. The remote users will only be able to access the CRM system from
Supplier PCs which are part of the Supplier domain. The CRM application will not be
available to Supplier users across the Internet.
4.5
All data in the MS-CRM system will be stored in a Microsoft SQL server database. The SQL
server database is a robust database technology based on a transactional processing
schema which is backed up whilst the system is still live. The Supplier will configure the SQL
database to use ‘log-shipping’ of the CRM database to the Disaster Recovery Site. The log
shipping technology ensures that the remote copy of the database will always be constant. In
the event of a problem with the database server at the primary site it will be possible for the
Service Desk users to be switched to connect to the servers at the Disaster Recovery Site
with minimal interruption to the Service Desk operations.
5
Signalling
5.1
The Sentinel Plus (Alarm Handling) software signal processing servers receive the inbound
messages from a range of paths including IP, PSTN/WILLDN, GSM, SMS.
5.2
Once a signal has been received and processed by one of the signal processing servers it is
matched with the relevant User details and presented in the alarm queue for the ARC
Supplier Personnel to handle. Reverse channel commands can also take place to perform
actions such as requesting the location of a Device.
6
Database
6.1
The Alarm Handling Software utilises an IBM Informix WGE2000 Database Server for storing
alarm handling data, with RSS database for storing all User details, action information, and
media files.
6.2
The database servers run on HP DL380 servers with RAID0+1 hard disk configuration.
10-404788-3
165
6.3
In the event of a failure, business will continue utilising the replicated off and on site
databases.
7
Remote Replication
Data between the primary and secondary database server is constantly replicated using IBM
Informix RSS functionality. This data is also replicated over a high-speed internet link to the
Disaster Recovery site, which is situated more than 60 miles away.
8
Maintenance Plan
8.1
System maintenance is performed by the Supplier onsite technical support team. On a daily
basis logs are checked and notifications reviewed for any potential faults or security
breaches.
8.2
The schedule of work is detailed in the Supplier’s maintenance plan, and is stored in a
controlled document library.
9
Telephony system
9.1
Telephony is delivered via a Mitel 3300 IP telephony platform. The system provides a range
of features such as automatic call distribution (ACD), call recording and reporting. It is
covered by a 24/7 support and maintenance contract with Computer Network Services (CNS).
Critical high risk components (such as hard drive, power supplies or fans) are configured in a
dual redundant mode to minimise risk of failure.
9.2
In the event of a catastrophic failure, calls will be alternatively routed utilising the Supplier’s
BT SmartNumbers Telephony DR solution.
9.3
The system is monitored by the network monitoring system and errors and early warning
messages captured and acted upon immediately.
10
Firewalls
10.1
Site to site connectivity is delivered by a series of distributed Cisco ASA 5510 firewalls with a
dual active failover configuration at critical points for added resilience. The Supplier firewall
policies are configured to only allow traffic to and from trusted sources, and all operational
data is encrypted to a 3DES standard whilst being sent between locations. The firewalls are
managed by authorised Supplier Technical Support Personnel. Changes to the configuration
polices are reviewed by the Supplier Technical Manager as part of the system request for
change (RFC) process. The system is supported 24/7 by the Supplier on-call Technical
Support Team.
10.2
The system is monitored by the network monitoring system and errors and early warning
messages captured and acted upon immediately.
11
Security
11.1
All Supplier Personnel network users are required to authenticate with the network before
they can gain access to any resources. User permissions are set by the Supplier Network
Support Team by request of the Supplier Operations Manager. Supplier Super user and
Administrator privileges are gained only following a request to the Supplier Technical Director
and Supplier Technical Manager though the system request for change (RFC) process.
10-404788-3
166
11.2
In the event of a disaster, all security policies remain and Supplier Personnel are required to
authenticate with the network via the offsite domain controller.
11.3
The Supplier operates a policy that data on all mobile Supplier Personnel laptops are
encrypted as standard.
11.4
Network security policies are in place and will not allow Supplier Personnel to extract data
from the network (ie. Burn onto CD or put onto other external storage device such as USB
memory stick), without permission from the Supplier Network Manager. The protection is
based on both physical and software restrictions. Access to removable storage points such as
USB ports and CD drives is limited by physical means such as client workstations being in an
enclosed cabinet away from reach of operators with further restrictions based on Windows
Active Directory and Group Policy software permissions to use removable devices.
11.5
The above diagram is illustrative of the business processes and not the network layout.
Firewalls are located between network subnets relating to the various physical locations such
as Manchester (Second Site), Uxbridge (Group Services such as email and
intranet resources) and other partners or customer VPN connections. Rules on each of our
Firewalls dictate which types of traffic can access what particular services on a particular
server.
10-404788-3
167
12
Business Continuity
12.1
Where an incident occurs between the hours of 6pm and 8am that requires management
attention, due its impact on business operations, the ARC ‘Out of Hours’ escalation procedure
is activated by the Supplier team leader.
12.2
Where an incident occurs between the hours of 8am to 6pm the Supplier crisis management
team is available on site.
12.3
The Supplier notifies Customers, Users, and Authorised Customer Representatives of any
Service disruption with 2 Working Hours, via SMS or email, including a clear indication of the
estimated time of the Service disruption.
12.4
An incident is any occurrence that takes place, which may or may not impact business
operations, that is not a usual or normal occurrence. An incident can be hardware or software
related or may affect the building and or personnel and is not a ‘business as usual’ (BAU)
event. Where such an incident occurs, the Supplier on-duty team leader will make an
assessment as to the nature of the incident. Where the Supplier team leader concludes that
the incident is hardware, software or building related, a log of the incident is be made in the
SysAid application.
12.5
Where an assessment has been made by the Supplier team leader that escalation of an
incident is required, the Supplier team leader will ascertain who the designated Supplier
Centre On-Call Representative (COCR) is, as per the ‘Out of Hours’ Escalation procedure.
12.6
The Supplier team leader will provide a synopsis of the incident/problem to the Supplier
COCR, the SysAid case number and any other relevant information.
12.7
Upon receipt of an ‘Out of Hours’ escalation call, the Supplier COCR will make an
assessment of the incident using the details provided. The assessment will result in one of the
following three actions:
(a)
Non Urgent – Resolve during normal business day – No action required;
(b)
Fix Required Now – No escalation necessary; or
(c)
Fix Required Now – Escalation required due to current/potential operational impact.
12.8
Where a fix is required with no escalation needed, the procedure will end; once the fix has
been implemented successfully and Service is restored to business as usual. In situations
where a fix AND escalation is required due to the operational impact of an incident, the
Supplier COCR will contact the Supplier Centre Operations Manager (COM) and advise them
of the issues.
12.9
If the incident is deemed to be non urgent, the Supplier COCR will make arrangements to
have the issue rectified during the next normal business day.
12.10
A report/synopsis of all incidents will be made via email to the Supplier COM detailing the
incident, impact and fix implemented.
12.11
When an incident occurs that is escalated to the Supplier COCR, the Supplier COCR may
escalate it to the Supplier COM due to its operational impact. The Supplier COM will work
with the Supplier COCR to:
(a)
10-404788-3
Fix the problem;
168
(b)
Investigate and implement a workaround;
(c)
Co-ordinate Service delivery; and
(d)
Escalate the problem further where appropriate.
12.12
Where a technical fix or the implementation of a workaround allows for the full or partial
resumption of Service, the Supplier COM and the Supplier COCR will manage the incident
through to satisfactory closure.
12.13
In situations where no fix can be implemented or a reasonable workaround found, and where
there is deemed to be a risk that business as usual will not resume, the Supplier COM will
activate the Crisis Management Team (CMT).
12.14
The Supplier COM will make contact with each member of the Supplier CMT to join a
conference call at a designated time.
12.15
The Supplier CMT will discuss the incident, agree actions, and agree checkpoint calls to
discuss progress until the incident is resolved.
CMT Member Contact Details:
Name
Office
Number
01977
696600
07798
746933
paul.holdstock
@relitech.co.uk
Mobile
E-mail
Paul Holdstock
RMS Director
Gareth Storey
Operations
Director
0208
3912200
07710
704282
gareth.storey
@relitech.co.uk
Technical
Director
Centre
Operations
Manager
0208
3912200
07730
427517
darren.wildgoose@relitech.co.uk
01977
696623
07960
872881
jed.yaqub
@relitech.co.uk
01977
696607
07872
816365
shaun.wilcock
@relitech.co.uk
Darren
Wildgoose
Jed Yaqub
Shaun Wilcock
12.16
Title
Technical Engineer
The Supplier CMT will use the Assumptions Based Communications Dynamics (ABCD)
methodology as detailed in ISO27001 for incident resolution. The Supplier CMT will assign
resource to focus on the following priorities:
(a)
Find a fix for the problem
(b)
Work on a primary workaround
(c)
Work on a secondary workaround
(d)
Prepare the DR solution for possible activation
12.17
The Supplier CMT will assess progress on each of the above points at every checkpoint call.
12.18
The Supplier CMT may not necessarily decide to invoke DR where no immediate fix for a
problem is found. The Supplier CMT may decide that although the problem is Service
10-404788-3
169
impacting, limited Service should continue in parallel to a fix being sought due to the
substantial impact of DR being invoked.
12.19
The Supplier Director and Supplier Operations Director will be responsible for invoking DR
based upon the scenario being managed by the Supplier CMT and the recommendations of
the Supplier Centre Operations Manager and Supplier Technical Team. There is no fixed
timeline for the Supplier CMT to invoke DR.
13
DR Invocation and Site
13.1
In the event of an incident of such a magnitude that Services can no longer be delivered from
the Supplier primary site, Service will be moved to the DR site at Delta House, based in
Wythenshawe, Manchester. The site will have all the facilities necessary to accommodate the
Supplier Personnel to either co-locate the operation from, or to relocate to, in the event of a
catastrophic disaster.
13.2
In the event that DR is invoked and personnel on shift are indisposed due to circumstances
outside the Supplier’s control, replacement personnel will be contacted using contact lists that
are held off-site by the Supplier Centre Operations Manager and Supplier Operations Analyst.
The Supplier will keep contact list up to date.
13.3
The Supplier will adhere to ARC physical security standards whilst working at the DR site and
the Supplier Personnel will adhere to the following:
(a)
ARC Identification passes (where available) will be worn at all times;
(b)
Any passes issued to staff will be worn and clearly visible;
(c)
Security doors must not be propped open to allow easier access;
(d)
All doors in the DR site have swipe access locks to ensure security;
(e)
Anyone requiring access to any building or room within the building will be directed to
Security at the main reception area – access will not be granted to people who do not
have a valid pass;
(f)
Any suspicious persons will be brought to the attention of a senior member of staff
immediately; and
(g)
When in a shared area of the building, conversations on detailed matters of any ARC
business will not occur.
14
Systems
14.1
The Supplier will maintain an actionable business continuity plan to ensure that Service
delivery is possible from a DR facility in the event of a catastrophic failure or disaster that
would render the primary site unusable. A disaster can be an event such as a severe fire,
aircraft impact or a total loss of communications which completely disables the primary site.
14.2
The Supplier will comply with BS5979. The Supplier will maintain a replicated system, at the
Disaster Recover site, that will mirror that of the primary site.
14.3
The replicated system will handle lone worker signals in the event of a disaster.
10-404788-3
170
14.4
The replicated system will allow the ARC to continue Service and operation offsite in the
event of a catastrophic disaster.
14.5
Information will be kept live and current between the site databases by real time database
replication. In the event of a disaster the only experienced down time will be the time taken for
BT to divert communication paths over to the DR site.
10-404788-3
171
14.6
10-404788-3
The Supplier will test DR procedures on a regular basis. The test schedule is detailed in the
Supplier Maintenance Plan. Routine incremental and complete backups will be performed on
a daily and monthly basis. Details of the schedule is included the Supplier Backup Procedure
documentation. The Supplier will use a network and system monitoring software package.
Any failures, major or minor, will be detected by the monitoring software and escalated to the
Supplier Technical Support Team for resolution.
172
Schedule 14
Security Policy
1
Definitions
For the purposes of this schedule the following definitions shall apply:
Breach of Security means the occurrence of unauthorised access to or use of any Authority
premises, the Services, the Solution or any ICT or data (including the Authority's Data) used
by the Authority or the Supplier in connection with this Agreement
IT Security Officers shall be IT competent and security aware users and shall have the same
meaning as set out in the manual of protective security
Security Plan means the Supplier's security plan prepared pursuant to paragraph 3, and set
out in Appendix 3 to this schedule
Security Policy means, to the extent applicable, the Information Security Management NHS
Code of practice as replaced or updated from time to time
Security Tests shall have the meaning set out in paragraph 4.1
2
Introduction
2.1
This schedule covers:
(a)
principles of security for the Supplier System, derived from the Security Policy,
including without limitation principles of physical and information security;
(b)
wider aspects of security relating to the Service;
(c)
the creation of the Security Plan;
(d)
audit and testing of the Security Plan;
(e)
conformance to ISO/IEC:27002 (Information Security Code of Practice) and ISO/IEC
27001 (Information Security Requirements Specification) (Standard Specification);
and
(f)
Breaches of Security.
3
Principles of security
3.1
The Supplier acknowledges that the Authority places great emphasis on confidentiality,
integrity and availability of information and consequently on the security of the ARC and the
security for the Solution. The Supplier also acknowledges the confidentiality of Authority Data.
3.2
The Supplier shall be responsible for the security of the Solution and shall at all times provide
a level of security which:
10-404788-3
(a)
is in accordance with Good Industry Practice and Law;
(b)
complies with the Security Policy;
(c)
meets any specific security threats to the Solution; and
173
(d)
3.3
complies with ISO/IEC27002 and ISO/IEC27001 in accordance with paragraph 6 of
this schedule.
Without limiting paragraph 3.2, the Supplier shall at all times ensure that the level of security
employed in the provision of the Services is appropriate to maintain the following at
acceptable risk levels (to be defined by the Authority):
(a)
loss of integrity of Authority Data;
(b)
loss of confidentiality of Authority Data;
(c)
unauthorised access to, use of, or interference with Authority Data by any person or
organisation;
(d)
unauthorised access to network elements, buildings, and tools used by the Supplier
in the provision of the Services;
(e)
use of the Solution or Services by any third party in order to gain unauthorised access
to any computer resource or Authority Data; and
(f)
loss of availability of Authority Data due to any failure or compromise of the Services.
4
Security plan
4.1
Introduction
4.2
10-404788-3
(a)
The Supplier shall develop, implement and maintain a Security Plan to apply during
the Term (and after the end of the Term (as applicable) in accordance with part 1 of
schedule 16 (Exit Assistance)) which will be approved by the Authority, tested,
periodically updated and audited in accordance with this schedule.
(b)
The draft Security Plan provided by the Supplier as part of its bid is set out in
Appendix 2.
(c)
The Security Plan in place as at the date hereof, is set out in Appendix 3.
Development
(a)
As at the date hereof, and in accordance with paragraph 4.4 (Amendment and
Revision), the Supplier has prepared and delivered to the Authority for approval the
full and final Security Plan, as set out in Appendix 3, which is based on the draft
Security Plan set out in Appendix 2.
(b)
If the Security Plan is approved by the Authority it will be adopted immediately. If the
Security Plan is not approved by the Authority the Supplier shall amend it within 10
Working Days of a notice of non-approval from the Authority and re-submit to the
Authority for approval. The parties will use all reasonable endeavours to ensure that
the approval process takes as little time as possible and in any event no longer than
15 Working Days (or such other period as the parties may agree in writing) from the
date of its first submission to the Authority. If the Authority does not approve the
Security Plan following its resubmission, the matter will be resolved in accordance
with the Dispute Resolution Procedure. No approval to be given by the Authority
pursuant to this paragraph may be unreasonably withheld or delayed. However any
failure to approve the Security Plan on the grounds that it does not comply with the
174
requirements set out in paragraphs 3.3(a) to 3.3(e) shall be deemed to be
reasonable.
4.3
Content
(a)
4.4
The Security Plan will set out the security measures to be implemented and
maintained by the Supplier in relation to all aspects of the Services and all processes
associated with the delivery of the Services and shall at all times comply with and
specify security measures and procedures which are sufficient to ensure that the
Services comply with:
(i)
the provisions of this schedule (including the principles set out in
paragraph 2;
(ii)
the provisions of schedule 3, part 1 (Services Description) relating to security;
(iii)
ISO/IEC27002 and ISO/IEC27001;
(iv)
the data protection compliance guidance produced by the Authority;
(v)
the minimum set of security measures and standards required where the
system will be handling Protectively Marked or sensitive information;
(vi)
any other extant national information security requirements and guidance, as
provided by IT Security Officers; and
(vii)
appropriate ICT standards for technical countermeasures which are included
in the Solution.
(b)
The references to standards, guidance and policies set out in paragraph 3.3(a) shall
be deemed to be references to such items as developed and updated and to any
successor to or replacement for such standards, guidance and policies, from time to
time.
(c)
In the event of any inconsistency in the provisions of the above standards, guidance
and policies, the Supplier should notify the Authority's Representative of such
inconsistency immediately upon becoming aware of the same, and the Authority's
Representative shall, as soon as practicable, advise the Supplier which provision the
Supplier shall be required to comply with.
(d)
The Security Plan will be structured in accordance with ISO/IEC27002 and
ISO/IEC27001, cross-referencing if necessary to other schedules of this Framework
Agreement which cover specific areas included within that standard.
(e)
The Security Plan shall be written in plain English, in language which is readily
comprehensible to the staff of the Supplier and the Authority engaged in the Services,
and shall not reference any other documents which are not either in the possession of
the Authority or otherwise specified in this schedule.
Amendment and Revision
(a)
The Security Plan will be fully reviewed and updated by the Supplier annually, or from
time to time to reflect:
(i)
10-404788-3
emerging changes in Good Industry Practice;
175
(ii)
any change or proposed change to the Supplier system, the Services and/or
associated processes;
(iii)
any new perceived or changed threats to the Supplier system; and
(iv)
a reasonable request by the Authority.
(b)
The Supplier will provide the Authority with the results of such reviews as soon as
reasonably practicable after their completion and amend the Security Plan at no
additional cost to the Authority.
(c)
Any change or amendment which the Supplier proposes to make to the Security Plan
(as a result of an Authority request or change to schedule 3 (Services) or otherwise
shall be subject to the Change Control Procedure and shall not be implemented until
approved in writing by the Authority.
5
Audit and Testing
5.1
The Supplier shall conduct tests of the processes and countermeasures contained in the
Security Plan (Security Tests) on an annual basis or as otherwise agreed by the parties.
The date, timing, content and conduct of such Security Tests shall be agreed in advance with
the Authority.
5.2
The Authority shall be entitled to send a representative to witness the conduct of the Security
Tests. The Supplier shall provide the Authority with the results of such tests (in a form
approved by the Authority in advance) as soon as practicable after completion of each
Security Test.
5.3
Without prejudice to any other right of audit or access granted to the Authority pursuant to this
Framework Agreement, the Authority shall be entitled at any time and without giving notice to
the Supplier to carry out such tests (including penetration tests) as it may deem necessary in
relation to the Security Plan and the Supplier's compliance with and implementation of the
Security Plan. The Authority may notify the Supplier of the results of such tests after
completion of each such test. Security Tests shall be designed and implemented so as to
minimise the impact on the delivery Services. If such tests impact adversely on its ability to
deliver the Services to the agreed Service Levels, the Supplier shall be granted relief against
any resultant under-performance for the period of the tests.
5.4
For the purposes of this paragraph 5.4, a weakness means a vulnerability in security and a
potential security failure means a possible breach of the Security Plan or security
requirements. Where any Security Test carried out pursuant to paragraphs 5.2 or 5.3 above
reveals any actual or potential security failure or weaknesses, the Supplier shall promptly
notify the Authority of any changes to the Security Plan (and the implementation thereof)
which the Supplier proposes to make in order to correct such failure or weakness. Subject to
the Authority's approval in accordance with paragraph 4.2(b), the Supplier shall implement
such changes to the Security Plan in accordance with the timetable agreed with the Authority
or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change
to the Security Plan to address a non-compliance with the Security Policy or security
requirements, the change to the Security Plan shall be at no additional cost to the Authority.
10-404788-3
176
6
Compliance with ISO/IEC 27001
6.1
The Supplier shall obtain independent certification of the Security Plan to ISO 27001 as soon
as reasonably practicable and will maintain such certification for the duration of the
Framework Agreement.
6.2
The Supplier shall carry out such regular security audits as may be required by the British
Standards Institute in order to maintain delivery of the Services in compliance with security
aspects of ISO 27001 and shall promptly provide to the Authority any associated security
audit reports and shall otherwise notify the Authority of the results of such security audits.
6.3
If it is the Authority's reasonable opinion that compliance with the principles and practices of
ISO 27001 is not being achieved by the Supplier, then the Authority shall notify the Supplier of
the same and give the Supplier a reasonable time (having regard to the extent of any noncompliance and any other relevant circumstances) to become compliant with the principles
and practices of ISO 27001. If the Supplier does not become compliant within the required
time then the Authority has the right to obtain an independent audit against these standards in
whole or in part.
6.4
If, as a result of any such independent audit as described in paragraph 6.3 the Supplier is
found to be non-compliant with the principles and practices of ISO 27001 then the Supplier
shall, at its own expense, undertake those actions required in order to achieve the necessary
compliance and shall reimburse in full the costs incurred by the Authority in obtaining such
audit.
7
Breach of security
7.1
Either party shall notify the other immediately upon becoming aware of any Breach of Security
including, but not limited to an actual, potential or attempted breach, or threat to, the Security
Plan.
7.2
Upon becoming aware of any of the circumstances referred to in paragraph 6.1, the Supplier
shall:
(a)
immediately take all reasonable steps necessary to:
(i)
remedy such breach or protect the Solution against any such potential or
attempted breach or threat; and
(ii)
prevent an equivalent breach in the future,
such steps shall include any action or changes reasonably required by the Authority.
In the event that such action is taken in response to a breach that is determined by
the Authority acting reasonably not to be covered by the obligations of the Supplier
under this Framework Agreement, then the Supplier shall be entitled to refer the
matter to the Agreement Change Procedure.
(b)
10-404788-3
as soon as reasonably practicable provide to the Authority full details (using such
reporting mechanism as may be specified by the Authority from time to time) of such
actual, potential or attempted breach and of the steps taken in respect thereof.
177
Appendix 1
Security Policy
1
Introduction
1.1
Purpose
The purpose of this document is to describe the Suppliers Security Policy for the NHS Lone
Worker Framework Agreement. It describes the principles of how the Services will be adhered
to in relation to people, property and assets.
The Supplier has taken a strategic decision to work towards ISO/IEC27002 and ISO/IEC27001
in order to achieve a more effective and robust Information Security Management System
(ISMS). As an integral part of the Policy, the Security Plan should be referred to alongside this
Policy.
1.2
Scope
The scope of this document is confined to a description of the Security Policy for the Supplier's
Remote Monitoring Services and the steps to be taken to activate the appropriate standards.
1.3
Background
The Supplier Centre in Pontefract has a security requirement to ensure that Services are
delivered in accordance with ISO/IEC27002 and ISO/IEC27001.
2
Definitions
For the purposes of this Policy the following definitions shall apply:
Breach of Security
The occurrence of unauthorised access to or use of any
Authority premises, the Services, the Solution or any ICT or
data (including the Authority's Data) used by the Authority or the
Supplier in connection with this Agreement.
IT Security Officers
IT competent and security aware users
Protectively Marked
Protectively Marked or sensitive logical information which is
embedded encryption
Security Plan
Supplier Security Plan for the Lone Worker Services
Security Policy
Supplier Security Policy for Lone Worker Services
Security Tests
Tests (security) of the processes and countermeasures
contained in the Security Plan
3
Principles and the wider aspects of security
3.1
The Supplier will ensure the integrity, confidentiality and availability of information and security
of the Alarm Receiving Centre and the confidentiality of Authority Data.
3.2
The Supplier will ensure security of the Services, and will further:
10-404788-3
178
3.3
(a)
Abide by and comply with Industry Best Practice (British Standards) and regulatory
and legislative requirements.
(b)
Ensure compliance with this framework document (the Security Policy)
(c)
Mitigate against any security and risk threats to the Solution.
(d)
Comply with ISO/IEC27002 and ISO/IEC27001
Acceptable levels of security and risk will be maintained in relation to:
(a)
Loss of integrity or Authority Data;
(b)
Loss of confidentiality of Authority Data;
(c)
Unauthorised access to, use of, or interference with Authority Data by any persons or
organisation;
(d)
Unauthorised access to network elements, buildings, and tools used by the Supplier in
the provision of the Services;
(e)
Use of the Solution or Services by any third party in order to gain unauthorised access
to any computer resource or Authority Data;
(f)
Loss of availability of Authority Data due to any failure or compromise of the Services;
(g)
The Service Desk personnel will validate all Users who contact the Service Desk
before accepting requests for change (RFCs); and
(h)
Devices will be processed and delivered to the Authority and Users under secure
conditions.
4
The Security Plan
4.1
Content
(a)
10-404788-3
The Security Plan sets out the security measures to be implemented and maintained
in relation to all aspects of the Services and all processes associated with the delivery
of the Services and shall at all times comply with and specify security measures and
procedures which are sufficient to ensure that the Services comply with:
(i)
The provisions of this Security Policy;
(ii)
The provisions of the BSA Framework Agreement Schedule 14 relating to
Security;
(iii)
ISO/IEC27002 and ISO/IEC27001;
(iv)
The data protection compliance guidance produced by the Authority;
(v)
Any other extant national information security requirements and guidance, as
provided by IT Security Officers; and
(vi)
Appropriate ICT standards for technical countermeasures which are included
in the Solution.
179
4.2
(b)
The references to standards, guidance and policies set out in paragraph 3.2 shall be
deemed to be references to such items as developed and updated and to any
successor to or replacement for such standards, guidance and policies, from time to
time.
(c)
In the event of any inconsistency in the provisions of the above standards, guidance
and policies, the Supplier shall notify the Authority of such inconsistency immediately
upon becoming aware of the same, and the Authority shall, as soon as practicable,
advise the Supplier which provision shall be required to comply with.
(d)
The Security Plan is structured in accordance with ISO/IEC27002 and ISO/IEC27001,
cross-referencing where necessary to other schedules of this Framework Agreement
which cover specific areas included within that standard.
(e)
The Security Plan is written in plain English, in language which is readily
comprehensible to the staff of the Supplier and the Authority engaged in the Services,
and does not reference any other documents which are not either in the possession of
the Authority or otherwise specified in this schedule.
Amendment and revision
(a)
The Supplier will ensure that the Security Plan is fully reviewed and updated at least
annually, or from time to time to reflect:
(i)
Emerging changes and developments in industry best practice.
(ii)
Any and all changes or proposed changes to Supplier systems, the Services
and/or associated processes.
(iii)
Any new perceived or changed threats to Supplier systems.
(iv)
A reasonable request by the Authority.
(b)
The Supplier will provide the Authority with the results of such reviews as soon as
reasonably practicable after their completion, and amend the Security Plan at no
additional cost to the Authority.
(c)
Any change or amendment which the Supplier proposes to make to the Security Plan
(as a result of an Authority request or change to schedule 3 (Services) or this
schedule of the Framework Agreement), shall be subject to the Change Control
Procedure and shall not be implemented until approved in writing by the Authority.
5
Auditing and testing of the Security Plan
5.1
The Supplier will conduct tests of the processes and countermeasures contained in the
Security Plan on an annual basis, or as otherwise agreed by the parties. The date, timing,
content and conduct of such Security Tests shall be agreed in advance with the Authority.
5.2
The Authority shall be entitled to send a representative to witness the conduct of the Security
Tests. The Supplier shall provide the Authority with the results of such tests (in a form
approved by the Authority in advance) as soon as practicable after completion of each
Security Test.
5.3
Without prejudice to any other right of audit or access granted to the Authority pursuant to this
Framework Agreement, the Authority shall be entitled at any time and without giving notice to
10-404788-3
180
the Supplier to carry out such tests (including penetration tests) as it may deem necessary in
relation to the Security Plan and the Supplier's compliance with and implementation of the
Security Plan. The Authority may notify the Supplier of the results of such tests after
completion of each such test. Security Tests shall be designed and implemented so as to
minimise the impact on the delivery Services. If such tests impact adversely on its ability to
deliver the Services to the agreed Service Levels, the Supplier shall be granted relief against
any resultant under-performance for the period of the tests.
5.4
For the purposes of this paragraph, a weakness means vulnerability in security and a potential
security failure means a possible breach of the Security Plan or security requirements. Where
any Security Test carried out, pursuant to paragraphs 5.2 or 5.3 above, reveals any actual or
potential security failure or weaknesses, the Supplier shall promptly notify the Authority of any
changes to the Security Plan (and the implementation thereof) which the Supplier proposes to
make in order to correct such failure or weakness. Subject to the Authority's approval in
accordance with paragraph 4.2(c) above, the Supplier shall implement such changes to the
Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as
soon as reasonably possible. For the avoidance of doubt, where the change to the Security
Plan to address a non-compliance with the Security Policy or security requirements, the
change to the Security Plan shall be at no additional cost to the Authority.
6
Conformance to ISO standards (27001 and 27002)
6.1
The Supplier will obtain third party independent certification of the Security Plan to ISO 27001
standard as soon as reasonably practicable, and will maintain such certification for the
duration of the Framework Agreement.
6.2
If sections of the Security Policy do not conform to industry best practice as described in ISO
27002 and, as a result, the Supplier reasonably believes that its certification to ISO 27001
would fail in regard to the said sections, the Supplier shall promptly notify the Authority of this
and the Authority in its absolute discretion may waive the requirement for certification in
respect of the relevant parts.
6.3
The Supplier will carry out such regular security audits as may be required by the British
Standards Institute in order to maintain delivery of the Services in compliance with security
aspects of ISO 27001, and shall promptly provide to the Authority any associated security
audit reports and shall otherwise notify the Authority of the results of such security audits.
6.4
If it is the Authority's reasonable opinion that compliance with the principles and practices of
ISO 27001 is not being achieved by the Supplier, then the Authority shall notify the Supplier of
the same and give the Supplier a reasonable time (having regard to the extent of any noncompliance and any other relevant circumstances) to become compliant with the principles
and practices of ISO 27001. If the Supplier does not become compliant within the required
time then the Authority has the right to obtain an independent audit against these standards in
whole or in part.
6.5
If, as a result of any such independent audit as described in paragraph 6.4, the Supplier is
found to be non-compliant with the principles and practices of ISO 27001 then the Supplier
shall, at its own expense, undertake those actions required in order to achieve the necessary
compliance and shall reimburse in full the costs incurred by the Authority in obtaining such
audit.
10-404788-3
181
7
Breaches of security
7.1
Either party shall notify the other immediately upon becoming aware of any Breach of Security
including, but not limited to an actual, potential or attempted breach, or threat to, the Security
Plan
7.2
Upon becoming aware of any of the circumstances referred to in paragraph 7.1 the Supplier
shall immediately take all reasonable steps necessary to:
8
(a)
Remedy such breach or protect the Solution against any such potential or attempted
breach or threat;
(b)
Prevent an equivalent breach in the future. Such steps shall include any action or
changes reasonably required by the Authority. In the event that such action is taken
in response to a breach that is determined by the Authority acting reasonably not to be
covered by the obligations of the Supplier under this Framework Agreement, then the
Supplier shall be entitled to refer the matter to the Agreement Change Procedure; and
(c)
As soon as reasonably practicable the Supplier will provide to the Authority full details
(using such reporting mechanism as may be specified by the Authority from time to
time) of such actual, potential or attempted breach and of the steps taken in respect
thereof.
Continuous improvement
The Supplier shall continually improve the effectiveness of the ISMS through the use of the
information security policy, information security objectives, audit results, analysis of monitored
events, corrective and preventive actions and management review.
9
Corrective actions
9.1
The Supplier shall take action to eliminate the cause of nonconformities with the ISMS
requirements in order to prevent recurrence. The documented procedure for corrective action
shall define requirements for:
10-404788-3
(i)
Identifying nonconformities;
(j)
Determining the causes of nonconformities;
(k)
Evaluating the need for actions to ensure that nonconformities do not recur;
(l)
Determining and implementing the corrective action needed;
(m)
Recording results of action taken (see paragraph 5.4); and
(n)
Reviewing of corrective action taken.
182
Appendix 2
Draft Security Plan from Supplier's Bid
1
Table of Contents
1
Introduction
2
Scope
3
Outputs
4
ISO 27001 accredited certification and service standards
5
Amendments and revision
6
Auditing and testing of the security plan
2
Introduction
2.1
The following security plan illustrates how the Supplier will meet the requirement of the
Framework Agreement. The Security Plan sets out the security measures to be implemented
and maintained by the Supplier in relation to all aspects of the Services and all processes
associated with the delivery of the Services and shall, at all times, comply with and specify
security measures and procedures which are sufficient to ensure that the Services comply
with:
(a)
the provisions of this schedule;
(b)
the provisions of schedule 3 (Services) relating to security;
(c)
ISO/IEC27002 and ISO/IEC27001;
(d)
the data protection compliance guidance produced by the Authority;
(e)
the minimum set of security measures and standards required where the system will
be handling protectively marked or sensitive information;
(f)
any other extant national information security requirements and guidance, as provided
by IT Security Officers; and
(g)
appropriate ICT standards for technical countermeasures which are included in the
Solution.
2.2
The references to standards, guidance and policies set out in paragraph 2.1 shall be deemed
to be references to such items as developed and updated and to any successor to or
replacement for such standards, guidance and policies, from time to time.
2.3
In the event of any inconsistency in the provisions of the above standards, guidance and
policies, the Supplier shall notify the Authority of such inconsistency immediately upon
becoming aware of the same, and the Authority shall, as soon as practicable, advise the
Supplier which provision the Supplier shall be required to comply with.
2.4
The Security Plan shall be structured in accordance with ISO/IEC27002 and ISO/IEC27001,
cross-referencing if necessary to other schedules of this Framework Agreement which cover
specific areas included within that standard.
10-404788-3
183
2.5
The Security Plan shall be written in plain English, in language which is readily
comprehensible to the personnel of the Supplier and the Authority engaged in the Services,
and shall not reference any other documents which are not either in the possession of the
Authority or otherwise specified in this schedule.
3
Amendment and Revision
3.1
The Security Plan shall be fully reviewed and updated by the Supplier annually, or from time to
time to reflect:
(a)
emerging changes in Good Industry Practice;
(b)
any change or proposed change to the Supplier System, the Services and/or
associated processes;
(c)
any new perceived or changed threats to the Supplier System; and
(d)
a reasonable request by the Authority.
3.2
The Supplier shall provide the Authority with the results of such reviews as soon as
reasonably practicable after their and amend the Security Plan at no additional cost to the
Authority.
3.3
Any change or amendment which the Supplier proposes to make to the Security Plan (as a
result of an Authority request or change to the schedule 3 (Services) or otherwise shall be
subject to the Change Control Procedure and shall not be implemented until Approved in
writing by the Authority.
3.4
The security plan shall approach the service provision by focusing on two stated tenets of the
Invitation to Participate in Dialogue:
(a)
Outputs; and
(b)
Standards.
3.5
The Security Plan sets out the security measures to be implemented and maintained by the
Supplier in relation to all aspects of the Services and all processes associated with the
delivery of the Services, and shall at all times comply with and specify security measures and
procedures.
4
Scope
4.1
The Service shall operate as a managed Service with a single point of contact for all Service
Desk interactions with the Supplier, irrespective of whether this is in relation to a subscription,
un-subscription, a fault, issue, problem, query, request, addition or change in subscription of a
Service.
4.2
The Alarm Receiving Centre (ARC) shall have a discrete contact number which will be
available 24 hours a day, 365 days per year to manage incidents and alarms. The Alarm
Monitoring Service (AMS) centre (or virtual centre) shall further be capable of monitoring every
geographical location where Users need to operate within England. The Services provided by
the Supplier shall support a range of User profiles to support the needs of different situations
arising from the diverse User groups.
4.3
It is appreciated that a range of Devices shall be required to support the needs of different
situations arising from the diverse User groups and range of Authority bodies. The Device or
10-404788-3
184
application shall enable Users to signal for assistance from the emergency services. A range
of tracking options shall be available (from no tracking, basic tracking, through to more
accurate tracking).
5
Outputs
5.1
In terms of deliverable outputs, there are a number of areas which shall receive specific
attention; as follows:
(a)
(b)
10-404788-3
End to end Service
(i)
The Supplier shall provide full life-cycle management (including
commissioning, configuration, administration, moves, changes, account
administration, Service Desk support, maintenance, Technology Refresh and
disposal). The Supplier shall process applications for Devices from Customers
against agreed criteria to ensure eligibility and suitability of the Service.
(ii)
The supplied solution shall be capable of indicating three levels of alert for
Lone Workers:
(A)
At work - the standard risk experienced by all workers in a normal
days activity;
(B)
Heightened risk – this equates to a situation where an individual
perceives a heightened sense of risk in a work environment e.g. a
home visit; and
(C)
Incident - an incident is happening or has happened e.g. physical
attack, verbal abuse etc.
(iii)
The above levels shall be referred to as Green, Amber and Red in line with
risk measurement status.
(iv)
The agreed solution shall support the use of a range of User Devices to
support diverse User groups and a variety of tracking options (from basic
tracking to more accurate tracking).
(v)
The Services provided shall further support the provision of tailored User
profiles to meet the needs of different situations arising from the diverse User
groups and range of NHS bodies included in the scope.
Alarm Management Service (AMS)
(i)
The Alarm Management Service shall be made up of the ARC and the
Service Desk.
(ii)
The Supplier shall provide an ARC which shall be available 24 hours a day,
365 days per year. The Supplier shall support a range of User profiles to
support the needs of different situations arising from the diverse User groups
and range of Authority bodies. The User profiles shall allow bespoke
escalation procedures e.g. escalation to colleagues instead of emergency
response from the Police. The default profile shall result in escalation to the
Emergency Services if appropriate.
185
(iii)
(c)
(d)
Training
(i)
The Supplier shall carry out all initial Device User training in order that all
Users shall receive a uniform level of training.
(ii)
Within the Security Plan there shall be contingency plans for any re scaling of
training requirements, with the Supplier being in a position to re-engage at
short notice.
Information security management
(i)
The policy, practices and procedures to be implemented by the Supplier shall
be based upon ITIL Best Practice guidance. ITIL underpins the foundations of
ISO/IEC 20000 (Service Management Standard, previously BS15000). The
Supplier shall work towards this standard, in a de facto manner, by ensuring
that ITIL V3 disciplines are adhered to. The Supplier shall operate under ITIL
V3, with appropriate Supplier personnel attending further accreditation
courses over the next 2 months. In a service environment such as this, with
critical Services being delivered, Security Management, in physical, logical
and software / application security and the availability, integrity and
confidentiality of information is key. All ICT shall comply with the Authority
STEP policy, and in order to achieve this, the Supplier shall undertake the
initial process to seek ISO/IEC 27001 accreditation. The accreditation
process is under way with a full gap analysis being undertaken before
application begins formally.
(ii)
All Users shall be fully trained in security policies and procedures and
provided with regular updates. Security incidents, vulnerabilities and system
faults shall be promptly reported through the dedicated Service Desk function.
Sensitive ICT facilities shall be protected from unauthorised access through
the use of physical controls. Critical ICT equipment including items such as
cabling shall be protected against physical damage.
(iii)
Documented operating procedures shall be produced including logs and
controls for:
(iv)
10-404788-3
The ARC shall be able to listen to and record events in a way that is legally
admissible in prosecution cases that arise from incidents.
(A)
Secure disposal of backup media, documents, voice recordings and
test data;
(B)
Secure disposal and maintenance of ICT equipment;
(C)
Securely handling, transporting and storing of backup media and
system documentation;
(D)
Any information and / or software exchanges between organisations;
(E)
Removal of ICT assets from site, and
(F)
Secure management of failover/contingent ICT equipment.
Any changes to the agreed security policies and standards shall be approved
by the Authority as part of the Service Transition phase detailed below.
186
Specific reference to this agreement process shall be incorporated into the
release management protocols. Conversely, should the Authority propose any
changes to the security policies and standards, the Supplier shall agree these
changes, and after consultation with the Authority implement them in line with
the defined process.
(e)
Protectively Marked or Sensitive Information
The Suppliers Security Plan shall be in accordance with the Manual of Protective
Security, and shall conform to the following requirements:
(f)
10-404788-3
(i)
Scope of the document;
(ii)
Service security environment;
(iii)
Use of the security Framework;
(iv)
Threats to services and clients;
(v)
Security control objectives; and
(vi)
Service functional security requirements.
Service monitoring and management
(i)
There shall be one single point of contact for Users for assistance for all
enquiries (Service Desk Transactions). This service shall effectively be 24
hours per day, 7 days per week (reduced service levels outside of normal
hours). The Service Desk team shall have dedicated personnel performing all
administrative tasks relating to implementing new Users and ongoing support
for existing Users. Supplier Personnel shall be able to access all associated
systems to ensure quick and effective resolution of all issues, managing all
enquiries and queries through to resolution, engaging with the ARC and
Service Maintenance functions as necessary.
(ii)
All communications with Users, regardless of the nature and method of
communication shall be recorded, managed and where necessary tracked via
the Client Relationship Management (CRM) system, through to resolution.
The CRM system shall enable the generation of reports and analysis of key
metrics such as volumes of calls, time to resolution from initial
communication, types of queries, etc. This shall enable the Supplier to
monitor performance and proactively identify and improve issues. It also
provides all information relating to interactions with Users, enabling all
Supplier Personnel to deal with queries without a reduction in the level of
knowledge and hence service to that User.
(iii)
Specific ongoing support tasks performed by Service Desk staff:
(A)
Queries from a Device usage nature from a User (how to use
properly, suspected faulty Devices, network coverage concerns);
(B)
Queries relating to changes in User details, points of contact details,
reallocation of Devices. These shall be tracked and confirmed with
User/Customer via the request for change process;
187
(g)
(C)
Issuing of reports to Customers and the Authority, highlighting key
elements from the report data (Device inactivity, incorrect usage, etc).
This enables the Service Desk Personnel to proactively work with
Users to maximise their overall usage of Devices. For example, the
Service Desk shall highlight Device inactivity that is explained by the
fact the User has left the Customer organisation and hence the User
details require deletion and the Device reallocating;
(D)
Proactively calling Users when they are struggling with Devices via
the alarms coming through to the ARC e.g. Repeated false alarms;
(E)
Proactively updating Users on the progress of enquiries, ensuring
confirmation from the User, before closing a transaction;
(F)
Specific new Customer implementation tasks performed by Service
Desk Personnel shall include;
(G)
Liaise with Authorised Customer Representatives to organise and
collect User information;
(H)
Liaise with Authorised Customer Representatives to set up effective
and robust escalation points of contact for all Users;
(I)
Set up Users on alarm handling software and organise go-live dates;
(J)
Organise training programme;
(K)
Ensure Devices are despatched to the correct place at the correct
time;
(L)
Proactively call Users in the early days, post training, to ensure Users
are comfortable and confident with the Device.
(iv)
Service Desk Personnel shall work closely with the service maintenance
personnel on Device queries; Device returns; Device loan swap outs etc. The
Service Desk shall be covered 24/7 with the non-core hours between 8pm
and 6am and weekends/Bank Holidays covered by the ARC. All internal
communications shall be logged against the specific Customer/User to ensure
full tracking and transparency.
(v)
Any change to a User, User account or User Device shall be controlled via the
Supplier request for change process.
Reporting
All reporting of Service Desk transactions shall be driven through the CRM system
with full flexibility on what and how issues are reported.
(h)
Functional services
(i)
10-404788-3
Disaster Recovery
The Supplier's ARC shall be accredited with BS 5979 Cat II, which assures Users that
there shall be a disaster recovery procedure in place. The plan shall involve the
duplication of the Supplier's server capability at another BS5979 Cat II site to ensure
no operational downtime in the event of catastrophic failure on the primary Supplier
188
site. The Supplier shall continue to test this on an annual basis. There shall be 5
elements to the business continuity plan once service disruption is experienced:
(a)
An incident management process;
(b)
A crisis management team;
(c)
A disaster recovery technical plan;
(d)
A business continuity strategy; and
(e)
Physical security.
The Suppliers ARC shall be accredited the BS 5979 Cat II, which by nature assures
that physical security includes:
(a)
Dual thickness walls;
(b)
Access control;
(c)
Airlock;
(d)
Independent air supply system;
(e)
Gas detectors;
(f)
CCTV internal;
(g)
Blast proof windows;
(h)
Secure server room;
(i)
Secure telephone system;
(j)
Firewalls providing secure encrypted MPLS between sites; and
(k)
The risk assessment process.
(A)
The Supplier shall work with the Authority to provide a standardised
risk assessment tool to inform the decision as to whether a Device is
needed, and if so, which type of Device.
(B)
The risk assessment tool shall have the ability to deal with budgetary
constraints at an Authority level, providing a sound rationale for not
only identifying the Device variant required per User group, but also
prioritising User groups within the organisation.
The intellectual property rights for such a tool may be owned by the Authority to
enable the Authority to offer this as an added service/tool to existing and new
Customers.
(iii)
Account Management
(A)
10-404788-3
Account Management is an integral part of the Suppliers Security
Plan, and as such there shall be a dedicated team of Account
Managers accessible 24 hours per day.
189
(B)
(iv)
(v)
(vi)
10-404788-3
The tasks which the Supplier Account Managers shall undertake are
as follows:
Pre-mobilisation which includes:
(A)
Oversee all the implementation tasks;
(B)
Review the Lone Worker policies and procedures for each customer;
(C)
Identify Quarterly Business Reporting dates and attendees for each
customer;
(D)
Meet with staff representatives; and
(E)
Identify and meet the appropriate contact in the customer’s Accounts
department.
Implementation/Mobilisation which includes:
(A)
Manage and deliver the implementation project;
(B)
Establish Gant chart and share with customer’s representative;
(C)
Task Trainer;
(D)
Task Service Desk administrator;
(E)
Agree deliverables with customer;
(F)
Oversee deployment of Devices;
(G)
Oversee training of Users; and
(H)
Report to Customer Relationship Manager on achievement of
deliverables.
Post-Implementation
(A)
Carry out Quarterly Business Reviews (QBRs) with customer;
(B)
Review reporting;
(C)
Identify additional training needs;
(D)
Manage deployment for Devices for New Starters/Leavers;
(E)
Conduct Incident Reviews;
(F)
Confirm invoice details monthly;
(G)
Maintain the CRM database on Users;
(H)
Oversee resolution of any issues raised through the Service Desk;
and
(I)
Support any specific marketing tasks identified.
190
(i)
Project Management
(i)
In relation to project management there are two further areas to consider.
Firstly, there is the project management approach taken to deliver the
Framework Agreement overall. Secondly there is the project management
approach taken for individual clients when delivering the Services
(ii)
The approach is a pragmatic, based on several years of implementation
experience. The process is divided into four distinct stages:
1.
Pre-training
2.
Training
3.
Initial phase post-training
4.
Ongoing phase post-training.
(iii)
Phase 1: Pre-Training
(iv)
(A)
Assess how the solution will complement existing lone worker
procedures and protocols and assist, where necessary, with any
modifications or updates to these procedures and protocols.
(B)
Understand the working environment and risks faced by each User
group and propose the most appropriate Device variant and
associated Device set-up functionality per User.
(C)
Through a combination of checking network coverage ‘maps’ and
obtaining local knowledge from Users, we determine the combination
of GSM network operator SIM cards with which to commence service
delivery.
(D)
Work through the necessary points of contact and alarm escalation
procedures per User.
(E)
Jointly with the Customer, engage with the local/regional Police forces
to clarify Police response processes.
(F)
Clarify the personal information required from Users and coordinate
the necessary collection of this information.
(G)
Create the model for implementation. Areas covered here include
resource levels for the organisation (internal trainers, administrators,
project team and project managers for instance), training schedules
(who gets trained, by whom, where and when) and the proposed
frequency of project meetings.
(H)
Create and continuously update the project plan. The information
generated from the implementation model is then dropped into a
Gantt Chart; this is used to manage the project.
Phase 2: Training. This includes the following:
(A)
10-404788-3
The Supplier shall project manage the delivery of Devices (each
Device is registered against an individual), the actual training
191
sessions (and content thereof) and coordinate ‘go-live’ dates. Quality
face to face training will be offered to all Users.
(v)
(vi)
Phase 3: Initial Phase Post-Training:
(A)
This covers the early stages of adoption of the Devices by Users.
The Supplier shall coordinate frequent meetings and conference calls
to analyse User activity levels, ensure correct usage of Devices,
discuss any network coverage problems and solve any issues arising
with escalation ‘points of contact’. Key to this is the circulation of
activity data prior to the discussions. This is an assurance to jointly
tackle issues quickly and ensure a successful implementation;
(B)
The frequency of these discussions are only reduced once both
parties are satisfied the main issues have been dealt with
successfully. All discussions are recorded and circulated, highlighting
actions where necessary, to ensure transparency and the tracking
and completion of actions in a timely manner.
Phase 4: Ongoing Phase Post-Training
(A)
The Supplier shall issue monthly activity reports. The Supplier shall
highlight ongoing User issues, general activity level issues, network
coverage issues. The Supplier shall further agree with the Customer
the frequency of contract review meetings to discuss the issues
raised in these reports and any others through the contract until
completion.
6
ISO 27001 accredited certification and Service standards
6.1
The Supplier is currently preparing for ISO 27000 accredited certification. A gap analysis
exercise has taken place, and the Supplier is now in a position to provide details of the
standard and its applicability to relationships with the Authority, and further inform interested
parties of the progress made, and the projected efforts required to attain accredited
certification of the 27000 standard.
6.2
The ISO body of standards is divided between three distinct sections.
(a)
ISO 27701;
(b)
ISO 27002; and
(c)
ISO 27005.
6.3
ISO 27001 is that part of the standard which reflects on the Information Security Management
System (ISMS) requirements. During the certification phase the implementation and
management of the ISMS will be audited against 27001.
6.4
ISO 27002 is a Code of Practice which is intended to provide a framework for international
best practice in information security management and systems interoperability. It also provides
guidance to which an external auditor may look, on how to implement certifiable ISMS. It does
not, as the standard is currently written, provide the best for an international certification
scheme.
10-404788-3
192
6.5
ISO 27005 this International Standard provides guidelines for information security risk
management, and it supports the general concepts specified in ISO/IEC 27001, and is
designed to assist the satisfactory implementation of information security based on a risk
management approach.
6.6
The approach to the implementation of an Information Security Management Systems will be
based on the recognised Plan; Do; Check; Act concept which is recognised throughout all
standards within the ISO family of standards.
6.7
Of critical importance to the accreditation of ISO 27001 certification is the ability of the
Supplier to provide a structured approach to the implementation of the ISMS. The standard
sets out in paragraph 6.2, the required structured approach to the establishment of an ISMS,
and there are six recognised steps which the Supplier will follow:
6.8
(a)
Define the scope of the ISMS;
(b)
Define the Information Security Policy at board level;
(c)
Define a systematic approach to risk assessment and the risk acceptance criteria;
(d)
Carry out a risk assessment to identify, within the context of the policy and ISMS
scope, the important information assets of the organisation and the risks to them. At
this stage an assessment of all risk is established;
(e)
Identify and evaluate options for the treatment of the risks, selecting where required,
the control objectives and controls to be implemented; and
(f)
Prepare a Statement of Applicability.
Application of the PDCA cycle to a process approach means that, following the basic
principles of process design, there needs to be both inputs to and outputs from the process.
An ISMS takes, as its input the information security requirements and expectations of the
interested parties (Authority and Supplier), and through the necessary actions and processes
produce information security outcomes that meet those requirements and expectations. This
means that the PDCA model is applied at two levels:
(a)
10-404788-3
The strategic level, in terms of the development of the ISMS itself; and
193
(b)
6.9
At the tactical level, in terms of each of the processes within the ISMS.
At the strategic level, the application of the PDCA cycle is applied to the development of the
ISMS. The correspondence between the PDCA cycle and the stages identified in the Standard
for the implementation and development of the ISMS as seen below is currently being adapted
by the Supplier in order that 27000 accredited certification may be achieved.
(a)
(b)
(c)
Plan (Establish the ISMS)
(i)
Define the scope of the ISMS;
(ii)
Define the Information Security Policy at board level;
(iii)
Define a systematic approach to the risk assessment;
(iv)
Carry out a risk assessment to identify, within the context of the policy and
ISMS scope, the important information assets of the organisation, and risks to
them;
(v)
Identify and evaluate options for the treatment of these risks;
(vi)
Select for each approach, the control objectives and controls to be
implemented; and
(vii)
Prepare a statement of applicability.
Do (Implement and operate the ISMS)
(i)
Formulate the risk treatment plan, its documentation, including planned
processes and detailed procedures;
(ii)
Implement the risk treatment plan and planned controls;
(iii)
Provide appropriate training for affected staff, as well as awareness
programmes;
(iv)
Manage all operations and resources within the ISMS; and
(v)
Implement procedures that enable prompt detection of, and response to,
security incidents.
Check (Monitor and review the ISMS)
(i)
(d)
Act (Maintain and improve the ISMS)
(i)
10-404788-3
Monitor, review test and audit the above. Monitoring, reviewing, testing and
audit has to be an ongoing process that covers the whole system, and a
certification body will want to see evidence of at least one cycle of tests and
audits on the ISMS, having been completed prior to a certification visit.
Testing and audit outcomes will be reviewed by management, as will the
ISMS in the light of the changing risk environment, advancing technology or
other risk related circumstances; improvements to the ISMS will be identified,
documented and implemented; and
194
(ii)
Thereafter the ISMS will be subject to ongoing review, further testing and
improvement implementation, a process recognised as continuous
improvement.
Fig 1.0 ISMS Project Roadmap
Risk Assessment
Board Policy
Prepare Documentation
Board Approval
Agree Scope
Training
SOA
Asset Inventory
Plan
Monitor/Review
Incident Response Procedure
Implement ISMS
Do
Identify, Implement and Improve
Check
Act
Figure 1.0 shows the ISMS project roadmap, based on the PDCA concept which will be
adopted by the Supplier
6.10
10-404788-3
In terms of deliverable standards, there are a number of areas which will receive specific
attention; as follows:
(a)
Service management standards. The entire service architecture shall be managed,
adhering to the ITIL processes operated by the Supplier.
(b)
The Supplier has a contract management team with the capacity and depth to be able
to assist the BSA and CFSMS to develop the appropriate strategies necessary to
translate developing business requirements across the Authority into firm deliverables,
whether they are ICT strategies, the delivery framework or overall service capabilities,
in line with STEP where applicable to this Framework Agreement. The shape of the
contract management team is as follows:
(i)
Framework Manager / Contract Director;
(ii)
Operations Manager (deputy Contract Director);
(iii)
Service Maintenance Manager;
(iv)
User Training Manager;
(v)
Service Desk Supervisor;
(vi)
National Account Manager; and
195
(vii)
ARC Manager.
(c)
In addition the Partnership Board, which will sit above the Contract Management
Team and work in a strategic way to align the Supplier's objectives with those of the
Authority, shall be a powerful tool for meeting Authority aspirations for the Services.
The Supplier expects and anticipates meeting the Authority regularly to discuss their
developing ideas for improving service delivery; for enhancing the ‘sales’ of the
Services across the Authority; for meeting Customer expectations, queries and
concerns; for ensuring that personnel and their representatives are fully briefed on a
programmed basis throughout the year on the Services; and to help inform
government on the outcomes of this important ‘pump-priming’ project.
(d)
The Supplier proposes that members of the Partnership Board from the Suppliers side
contain at least the following:
(e)
(i)
Director for Operations, Reliance;
(ii)
Director, Reliance ARC; and
(iii)
Contract Manager.
Continual Service Improvement is the anchor which holds these processes together.
It is imperative for the Supplier to deliver consistent, repeatable process activities to
safeguard the Services quality. However, the continuous search for improvements as
part of the promised Services quality is equally important. As technology develops
and as Best Practice and legislation is updated, the need for a supplier to the
Authority to be pro-active in its improvements is paramount. The following, on-going
processes form the basis for annual service plans:
(i)
Measurement and Control;
(ii)
Service Measurement;
(iii)
Service Assessment and Analysis; and
(iv)
Service Level Management.
7
Amendment and revision
7.1
The Supplier shall ensure that the Security Plan is fully reviewed and updated annually, or
from time to time to reflect:
10-404788-3
(a)
Emerging changes and developments in industry best practice;
(b)
Any and all changes or proposed changes to the Supplier Systems, the Services
and/or associated processes;
(c)
Any new perceived or changed threats to the Supplier System;
(d)
A reasonable request by the Authority;
(e)
The Supplier will provide the Authority with the results of such reviews as soon as
reasonably practicable after their completion, and amend the Security Plan at no
additional cost to the Authority; and
196
(f)
Any change or amendment which the Supplier proposes to make to the Security Plan
(as a result of an Authority request or change to the schedule 3 (Services) or
otherwise, shall be subject to the Change Control Procedure and shall not be
implemented until approved in writing by the Authority.
8
Auditing and testing of the Security Plan
8.1
The Supplier shall conduct tests of the processes and countermeasures contained in the
Security Plan on an annual basis, or as otherwise agreed by the Authority and the Supplier.
The date, timing, content and conduct of such Security Tests shall be agreed in advance with
the Authority.
8.2
The Authority shall be entitled to send a representative to witness the conduct of the Security
Tests. The Supplier shall provide the Authority with the results of such tests (in a form
approved by the Authority in advance) as soon as practicable after completion of each
Security Test.
8.3
Without prejudice to any other right of audit or access granted to the Authority pursuant to this
Framework Agreement, the Authority shall be entitled at any time, and without giving notice to
the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in
relation to the Security Plan and the Supplier's compliance with and implementation of the
Security Plan. The Authority may notify the Supplier of the results of such tests after
completion of each such test. Security Tests shall be designed and implemented so as to
minimise the impact on the delivery Services. If such tests impact adversely on its ability to
deliver the Services to the agreed Service Levels, the Supplier shall be granted relief against
any resultant under-performance for the period of the tests.
8.4
For the purposes of this paragraph 8.4, a weakness means vulnerability in security and a
potential security failure means a possible breach of the Security Plan or security
requirements. Where any Security Test carried out pursuant to paragraphs 8.2 or 8.3 above
reveals any actual or potential security failure or weaknesses, the Supplier shall promptly
notify the Authority of any changes to the Security Plan (and the implementation thereof)
which the Supplier proposes to make in order to correct such failure or weakness. Subject to
the Authority's approval in accordance with paragraph 3.3(c) above, the Supplier shall
implement such changes to the Security Plan in accordance with the timetable agreed with the
Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where
the change to the Security Plan to address a non-compliance with the Security Policy or
security requirements, the change to the Security Plan shall be at no additional cost to the
Authority.
9
Reviewers Comments
9.1
In terms of the gap analysis, it is suggested that the remainder of the project is structured as
follows:
(a)
10-404788-3
Project Team: To be formed at the earliest opportunity. Taking into consideration
that the 27001 standard is technically neutral, it is imperative that the Project Team
should be chaired by a senior executive or board member who is designated as
responsible for the implementation of the ISMS. Members of the team will be selected
from across the organisation. Key functions that should be represented are
quality/process management; Human Resources; Training; IT/Facilities Management;
Operations and Business Administration and Health & Safety. The team should be
guided by a member with knowledge of ISO standards.
197
(b)
Information Security Policy: Once the Project Team and management structure
have been agreed, consideration of a board level Information Security Policy should
be the next phase. The definition of the Information Security Policy is a requirement
set out in clause 4.2.1 of the standard. Initially, the Information Security Policy should
be a short statement no more than two A4 pages however, the policy will go through a
number of stages of development, particularly as a result of the risk assessment, and
the final version of the policy must satisfy clause 5.1.1 of the standard.
(c)
The risk assessment: ISO 27002 is clear in its introduction, that risk is a systematic
study of assets, threats, vulnerabilities and impacts to assess the probability and
consequence of risk. In terms of the ARC certification this equates to a systematic and
methodical consideration of:
(d)
(e)
10-404788-3
(i)
The business harm likely to result from a range of business failures; and
(ii)
The realistic likelihood of such failures occurring.
The risk assessment should be carried out by a qualified and experienced risk
assessor who has knowledge of qualitative risk assessment and management, and
has the ability to identify the following areas of risk in line with clause 4.2.1d of the
standard.
(i)
Assets within the scope;
(ii)
Threats;
(iii)
Vulnerabilities;
(iv)
Likelihood;
(v)
Impact; and
(vi)
Treatment of risk.
Required documentation: Notwithstanding the production of the Information Security
Policy, there are number of other documents, constituting the ISMS manual, which
must be produced to meet the requirements of the standard:
(i)
The risk assessment report, to include risk treatment;
(ii)
Control objectives and procedures to support the ISMS manual;
(iii)
The Statement of Applicability;
(iv)
Evidence of the actions undertaken by the organisations top management
team (minutes of all meetings);
(v)
A description of the management framework;
(vi)
Procedures that govern the management and review of the ISMS; and
(vii)
All business continuity and crisis management documentation.
198
10
Third party accredited certification:
10.1
Selection of auditors. There are two key issues which need to be taken into consideration
relation to the overall policy of 27001 auditor selection:
10.2
10-404788-3
(a)
The ISMS must be fully integrated into the organisation, with a recognition that
standards such as ISO 9001 and 14001 have a synergy with 27001; and
(b)
There must be an agreement with potential third party auditors that the operations and
business drivers of the ARC are unique, and the ISMS audit should take this into
consideration when the initial audit takes place.
The audit. Once a certification body has been selected and terms agreed, the organisation
(the ARC) can concentrate on the actual process of certification. The process will familiar to
the ARC as it is already in possession of ISO 9001 certification. The certification body will
want to go through a two stage process.
(a)
The first stage will be a pre certification visit, which enables the auditors to become
acquainted with the culture of the ARC; to carry out an initial document review; to
assure themselves that the ISMS is sufficiently well developed to be capable of
withstanding a formal audit and to obtain enough information about the ARC and the
intended scope of the certification to plan the audit effectively.
(b)
The second stage will consist of two parts. The first part involves testing the
organisations documented processes (the ISMS) against the requirements of the
standard. The second part will test actual compliance by the organisation with its
ISMS.
(c)
The above Security Plan sets out to meet the requirements of the NHS Lone Worker
Protection Project, and is the basis for the bid for services at the ARC, Pontefract. An
essential element of the bid is the requirement by the NHS Security Management
Services (SMS) for the preferred supplier to have achieved ISO 27001 accredited
certification. The lead time for stage one of the auditing process is generally 08 to 12
weeks, and to that end it is imperative that Reliance Hightech take immediate steps to
implement an ISMS, having considered the above report and remarks.
199
Appendix 3
Reliance High Tech Security Plan for Lone Worker Support
1
Introduction
1.1
The following Security Plan will focus on lone worker support services areas relating to the
Reliance Alarm Receiving Centre (ARC), Pontefract and the Disaster Recovery Centre (DRC)
at Wythenshaw, Manchester, concentrating on:
(a)
Physical security;
(b)
Integrity of all data communications.
The security guidelines and standards relating to the Alarm Receiving Centre at Pontefract will
be replicated throughout all Reliance (and any third party) locations providing lone worker
support.
2
Physical security
2.1
Both centers are accredited to BS 5979 Cat II, which assures Users that there is a disaster
recovery procedure in place. The plan involves the duplication of the Reliance server
capability at another BS5979 Cat II site to ensure no operational downtime in the event of
catastrophic failure on the primary site. The BS 5979 accreditation is assessed and re
certificated annually. This Reliance does, and shall continue to test this on an annual basis.
2.2
There are four elements to the recovery plan once service disruption is experienced:
2.3
2.4
10-404788-3
(a)
An incident management process;
(b)
A crisis management team;
(c)
A disaster recovery technical plan;
(d)
A business continuity strategy.
The physical risk assessments take into consideration the following threats:
(a)
Unauthorised intrusion;
(b)
Burglary;
(c)
Robbery;
(d)
Espionage;
(e)
Sabotage;
(f)
Offences against the person;
(g)
Criminal damage and arson;
(h)
Terrorism.
As a result of such risk assessments, all necessary control measures and mitigation strategies
are considered before the agreed counter measures are introduced. The risk is never static,
200
and as part of the ARC continuous improvement strategy, the dynamic risk assessment is
constantly monitored. To further enhance security of the ARC and its operations, Reliance is in
the process of achieving ISO 27000 certification.
3
The ARC
3.1
The ARC is accredited to BS 5979 Cat II, which by its nature assures that physical security
includes the following strategies:
(a)
Crime Prevention Through Environmental Design
Environmental protection considers security of the site in question by encapsulating
the following issues:
(i)
a crime pattern analysis of the area surrounding the ARC to focus on crime
pattern by type and volume, and including where possible, crime clear up
rates.
Crime in the area of South Yorkshire for the period 2007/2008 is as follows:
(ii)
Crime by type
Volume
Increase/ Decrease
Burglary
19,647
-8%
Violence against the
person
24,453
-11%
Robbery
1,283
-6%
Vehicle crime
23,542
-14%
Fraud
4,197
-4%
Police and other emergency services response times.
The ARC is located within the vicinity of the centre of Pontefract, and this in
itself assures good emergency services response. Added to this is the fact
that the ARC is co located with a key BT hub, and complies with OFTEL
regulation, providing an extra dimension to the physical and technical security
arrangements currently in place.
There is formal internal and external CCTV coverage which is monitored from
within the ARC. Further, employees are encouraged to monitor the situation
whilst within and outside the location.
(iii)
Territoriality. Encouraging staff and management to assume responsibility of
their working area and the general ARC environment.
(iv)
Adjoining buildings. Taking into consideration adjacent and adjoining buildings
which may impact the integrity of the ARC
With the exception of the BT hub, the ARC is not impacted by any other
adjoining buildings.
10-404788-3
201
(v)
(b)
Road communications. In and around the area of the ARC, road
communications are quite congested, and it would therefore be difficult for a
potential aggressor to guarantee and effective and fast escape.
Situational Crime Prevention
In terms of situational crime prevention, the following tenets are taken into
consideration:
(c)
(vi)
Increasing the efforts of potential offenders: Target hardening; control of
access; control of tools and weapons;
(vii)
Increasing the risk to offenders being apprehended: More effective
surveillance techniques in terms of formal and informal surveillance;
(viii)
Reducing rewards to successful offenders: Preventing offenders from
benefiting if attacking the ARC; and
(ix)
Removing excuses from ARC staff: Setting very clear and concise
guidelines for all staff and management.
Perimeter protection
The Reliance ARC shares property with the main BT exchange, and as such there is
open access to the car park, via a main gate which is the responsibility of British
Telecom.
Surrounding the car park area, and rear of the compound is a two meter high steel
palisade fence which is in a good state of repair and well maintained.
Lighting in and around the compound consists of wall mounted HID flood lights, and
pole mounted high pressure sodium lighting unit with sufficient lux value to illuminate
the area.
(d)
Main building
The ARC is located on the first floor in a brick and concrete re enforced two story
building. Access to the building is via a controlled environment in which visitors are
allowed entry remotely from within once identification has been visually and verbally
verified. Non authorized personnel will be escorted to the centre via a controlled a
dual air locking system, and once inside they will sign in and be issued a visitors pass.
Thereafter all visitors will be escorted whilst on the premises, surrendering their
passes upon exiting the premises. Further, access is denied to visitors who have no
confirmed appointment.
Authorized personnel will use a proximity card reader system to access the building
and restricted areas within.
Access to the building is via a ground floor entrance, which has a single re enforced
single leaf inward swinging unit, which has duel point internal locking mechanisms,
and is linked to the alarm system.
The electronic access control facility is managed by the ARC Operations Manager,
with users being authorized and deleted under his stewardship.
10-404788-3
202
The ARC is manned twenty four hours per day, three hundred and sixty days per year
by trained and vetted (see section f) operators, supervised by qualified managers.
(e)
Internal physical protection
In terms of internal protection, the ARC and DRC have the following control measures
in place:
(f)
(x)
Duel thickness walls;
(xi)
A independent and controlled air supply;
(xii)
A gas detection system;
(xiii)
Stand by power (uninterruptible power supply, and a stand by generator);
(xiv)
Blast resistant window protection;
(xv)
An internal, centrally located server room which is alarmed and access
controlled;
(xvi)
Internal CCTV;
(xvii)
A secure telecommunications system;
(xviii)
Firewalls providing secure encrypted MPLS between sites; and
(xix)
An Association of Police Officers (ACPO) standard Intruder Detection System
(IDS).
Personnel
All personnel operating within the ARC are Security Industry Authority (SIA) licensed.
That is to say that all operators are ten year vetted, and have passed the required SIA
training course which guarantees competence.
4
Integrity of all data communications managed within the RMC
4.1
Overview
The Alarm Receiving Centre (ARC) provides services to third parties via a number of
mediums; namely IP, PSTN and ISDN connectivity. Current information security is achieved
by the use of best working practices.
4.2
Service / Assets
Detailed below are the current services / assets that the ARC provides as a business
structure:
(a)
Bi-directional communications with customers systems
The ARC receives connections from disparate customer systems in the form of alarm
activations. The activations received at the ARC are passed through a hardware
firewall and received by the hosting system within the ARC. Current connections are
as follows:
10-404788-3
203
(i)
Six ADSL connections; and
(ii)
One leased line.
Protection of Assets – Full backups of the systems configurations take place on a
weekly basis with sequential backups taken daily. Multiple routes for IP connectivity
with internal resilience for all systems are currently in place. Duplicate
critical equipment is stored on site to minimise service loss in the event of equipment
failure.
(b)
Email
The ARC provides access to email via the parent company IT department which is
currently hosted off site in the Reliance head office. External email accounts in web
based form are currently allowed. Current connections are as follows:
(i)
One leased line connection into Group Information Technology (IT).
Protection of Assets – The email protection is currently under control of Group IT,
external email accounts provide resilience but only by exception.
(c)
Internet Provision
The ARC allows all employees’ access to the internet via the parent company IT
department’s proxy servers via the leased line connections.
Protection of Assets – The internet provision is currently under control of Group IT.
Reliance IT, which provides support the Reliance Group have no formal ISO
certification in place but work on best practice. User accounts are controlled via
requests from the individual operating companies, domain rights are controlled on a
specific application basis, password control is enforced with the use of alpha and
numeric characters, change of password is every 30 days. Control of mobile
communications is via VPN with triple DES encryption.
(d)
Domain Control
Domain control is provided via Reliance IT hosted off site in the head office in
Uxbridge. Current connections are as follows:
(i)
One leased line connection into Group IT.
Protection of Assets – The Domain protection is currently under control of Group IT.
(e)
User Accounts
User accounts are created and maintained via Reliance IT hosted off site in the head
office in Uxbridge. Current connections are as follows:(i)
One leased line connection into Group IT.
Protection of Assets – The user account protection is currently under control of Group
IT.
10-404788-3
204
(f)
Passwords Control
Password control are created and maintained via Reliance IT hosted off site in the
head office in Uxbridge. Current connections are as follows:
One leased line connection into Group IT.
Protection of Assets – The password control protection is currently under control of
Group IT.
(g)
Threats to the internal Systems
Currently perceived threats into the ARC.
(i)
Virus / Malware;
(ii)
External Hack;
(iii)
Failure of hardware;
(iv)
Failure of Software;
(v)
Failure of connections to Group;
(vi)
Failure of Internet ;
(vii)
Internal espionage; and
(viii)
Human Error.
Counter measures for perceived threats:
(i)
Virus / Malware etc
Failure scenario – a new virus / malware not in the current list of definitions is
received into the secure network.
Control: All computer systems incorporate antivirus software with definitions
updated daily and pushed to the desktop. The firewall monitors the secure
network and incorporates Intrusion Prevention System (IPS) software that
protects the network from malicious applications. This inline, network-based
defence identifies, classifies, and stops known and unknown threats to your
network, including:
10-404788-3
(A)
Worms
(B)
Network viruses
(C)
System intrusion attempts
(D)
Application misuse
205
(ii)
External Hack
Failure Scenario - Access to the secure network could be gained if the hack
assumed the IP address of a customer site, and the hack was on an allowed
port.
Control: The secure internal network only allows connections from trusted
sources i.e. customer sites on individual system ports.
(i)
Failure of Hardware
Failure Scenario – Multiple failures (2+) of servers, failures of both primary
and secondary systems with insufficient spares holding to reinstate all servers
before replacements can be sourced.
Control: Images of machines taken, server information/application/ database/
system backed up and dual running of systems where required to provide
agreed level of service to customers.
(ii)
Failure of Software
Failure Scenario – Unforeseen error in software and manufacturer unable to
provide solution within agreed service level resolution.
Control: Backups of database and licensing information taken weekly,
manufactures software on hardcopy is also held at the RMC.
(iii)
Failure of Connection to Group
Failure Scenario – Both leaded line and ADSL connection are lost.
Control: Current Domain connections are hosted via Reliance Group via a
leased line there is a backup of ADSL connection.
(iv)
Failure of External Network Connectivity
Failure Scenario – The BT exchange loses connection / BT systems fail.
Control: There are redundant connections to the Internet provided via four
ADSL connections each provided by separate ISP’s.
(v)
Internal Espionage
Failure Scenario – Unknown external influences coerce the employees into
espionage or identity theft leads to failure of BS7858.
Control: All employees to the ARC are screened in accordance with
BS7858:2008 incorporating personal credit checks to mitigate potential
threats from external influences for espionage.
(vi)
Human Error
Failure Scenario – Unexpected removal of information due to error by the
individual
10-404788-3
206
Control: Training is deployed to all new staff and the ARC employs continual
improvement methodology from ISO9001 with regular reviews to highlight
area of development for the individual.
(vii)
Control of removable media
Failure Scenario – Unauthorized employee uses removable media on site.
Control: All USB memory devices on stationary operational systems are
checked for virus/malware on insertion with auto play been disabled. Only
authorized personnel are allowed to use removable media. Database access
unless through the client application is restricted with reporting functionality
only carried out by authorised personnel. Even though MP3 players are larger
than a small memory sticks the ability to store large amounts of information on
the small memory stick is still valid and so classified in the same risk category
as mp3 players.
(h)
Encryption
Failure Scenario – Information is gleaned form a snoop on the IP transmission.
Control: VPN tunnels with encryption are used on some point to point connections
with customer systems. Encryption between the ARC and ARC DR incorporates
IPSec DES encryption.
(i)
Remote access
Failure scenario - remote access by trainers, account management staff or head office
staff
Control: Remote access to the Group network is available to all Reliance users with
the VPN client installed on their laptop. This is protected with IKE 3DES SHA1
encryption, and an issued certificate, user name and password- The Service Desk
software and e-mail system is hosted on the Group Network, both applications have
additional basic authentication.
Remote access to the Remote Monitoring Services network is protected by an
additional firewall. This is a dedicated network that the ARC runs from, and traffic
policies exist relating to what data can come to and from the Group network. Remote
connections to this network exist via IPSEC tunnels to the DR site and Monitor
Computer Systems (The software supplier) for remote support.
10-404788-3
207
Schedule 15
Marketing and Communications
1
Initial Marketing & Communications
1.1
Publicity & Communications
(a)
On contract award the Supplier shall provide a dedicated marketing and
communications team to work with the Authority to promote the Service;
(b)
The Authority and Customer have an obligation to promote the delivery of the
Framework Agreement which the Supplier shall support. The Authority and the
Supplier will undertake a national publicity campaign when the Agreement Framework
is signed. At commencement and throughout the contract period for delivery Services,
the Customer and Supplier shall publicise widely to patients, service users,
stakeholders and the public, the use of lone worker services by NHS staff. The
Customer will support the Supplier marketing and publicity strategy and ensure that
NHS facilities to which the public access contain information on the use of lone worker
services in that health body.
(c)
The Supplier shall:
(i)
Work in partnership with the Authority to establish and agree the specific
publicity and communication requirements for the Service; and
(ii)
Collate all the available contact details for marketing and publicity purposes to
Stakeholders including but not limited to:
(iii)
10-404788-3
(A)
Users;
(B)
Customers;
(C)
Authorities;
(D)
Representative bodies; such as UNISON, RCN etc.
Create and maintain a dedicated web site for the Service specific to the
Authority’s needs with detailed information for Customers and Users. The
website will act as the central point of information for all marketing and
communications activity and to ensure that relevant material is available
online for all interested parties. The website will include but not be limited to:
(A)
A User interface for enquiries;
(B)
Frequently Asked Questions;
(C)
News and Bulletins;
(D)
Updates and new Customer listings;
(E)
Web conference training;
(F)
Authority Funding Guidance;
208
1.2
Details of Events, Seminars and Roadshows;
(H)
Case Studies;
(I)
User Group Forums; and
(J)
Service Video.
(iv)
Create a Press Briefing Pack providing full details of the Service with relevant
information on the Supplier and Authority.
(v)
Distribute Press releases and marketing material including electronic direct
marketing to all interested parties promoting the Service.
(vi)
The Authority will accept and test the content of all Supplier materials and
images, as defined in the Implementation Plan in accordance with the
Operational Change Procedure as detailed in schedule 8 (Agreement Change
Procedure). Any further amendments shall be in accordance with the same
procedure (Operational Change Procedure - schedule 8). Supplier materials
and images will be compliant with NHS branding requirements.
Marketing Campaign
(a)
(b)
10-404788-3
(G)
The Supplier shall deliver a marketing campaign which ensures effective
communication which meets the diverse needs of all relevant parties. In particular the
following key messages will be incorporated into all activity:
(i)
Users – demonstrating the Authority’s commitment to take appropriate steps
to better protect their personal security and safety, while they are in lone
working situations;
(ii)
Customers – delivering a targeted sales strategy to ensure the maximum
adoption of the Service to include identifying and working with ‘early adopters’
to exceed the target of 30,000 devices deployed within the first 12 months;
(iii)
Stakeholders – demonstrating the partnership approach taken between the
Supplier and the Authority to ensure adoption of the Service so as to aid the
development of a wider pro-security culture;
(iv)
General Public – raising awareness to support the overall objective of
safeguarding NHS Staff; by engendering public and community support
against the small minority of persons who present risks to staff. Consistent
with the publicity requirements identified in the QC’s advice.
As part of the initial marketing campaign the Supplier shall liaise with the Authority to
ensure that the correct messages are being transmitted at all times to ensure that an
effective balance is achieved between securing the required deterrent effect and
ensuring that staff are not put at any further risk. In particular, the Supplier shall
ensure that at all times communications does not:
(i)
Scare Users, Customers or the public by overplaying the risks to lone
workers;
(ii)
Use violent or threatening imagery;
(iii)
Imply that technology alone can solve all problems; and
209
(iv)
(c)
Give the impression that the service will absolve managers of all their legal
obligations to protect workers.
The Supplier shall:
(i)
Ensure a presence in all relevant media publications during the initial ramp up
period by means of news articles, editorials and press releases;
(ii)
Create marketing collateral including cases studies, brochures, flyers and
electronic direct marketing material about the Service;
(iii)
Design and produce posters and an exhibition stand for attending events to
promote the Service;
(iv)
Identify relevant conference, exhibition and seminar events for networking,
sponsorship and exhibiting purposes and attend these events where
appropriate to ensure publicity generation;
(v)
Create and maintain a publicity library recording details of relevant material
published in journals, websites and news articles which can be referred to for
future use by all interested parties;
(vi)
Create and maintain a library of PowerPoint presentations to assist and
support the marketing campaign; specific to the audience;
(vii)
Effect introductions to all interested parties, advising them of the services
about to be provided;
(viii)
Develop an email newsletter service for potential customers as part of an
electronic direct marketing campaign;
(ix)
Research existing forums and User groups to identify suitable locations and
events to host road show events promoting the service. The Supplier will then
organise and host events for prospective customers on a regional basis;
(x)
Monitor the results of initial ramp up marketing activity and arrange visits to
interested parties who have responded to the initial PR launch;
(xi)
Provide quarterly management information reports on marketing and
communication activity undertaken and the results achieved; and
(xii)
Commit to maintaining awareness as a key element of the Publicity
requirement and ensure that any Marketing needed will increase/expand to
address take-up.
2
Ongoing Marketing & Communications
2.1
Publicity & Communications. The Supplier shall:
10-404788-3
(d)
Deliver marketing material, in partnership with Customers and the Authority, to raise
awareness of the Service over the long term, but especially to ensure the early take
up of the Service by ‘early adopters’;
(e)
Seek permission from the Authority to publicise appropriate incidents; (for example a
sanction pursued against an offender) that clearly demonstrates the problems
encountered by lone workers and the measures put in place to protect them;
210
10-404788-3
(f)
Provide information and material as appropriate about the Service and how it provides
a solution to the problems faced by staff. For example supplying audio recordings of
verbal abuse which lead to a successful prosecution; which can then be used to
generate publicity about the solution so that future offenders may be deterred from
assaulting staff. As part of this process the Supplier will play a key role in identifying
appropriate material for both local and national publicity to help create a strong
deterrent effect, in respect of protecting users;
(g)
Maintain a consistent and reoccurring set of communications to maintain a high profile
over the long term. This will be achieved by collation of newsworthy articles,
advertising, editorials and promoting real life case studies which have been approved
by the Authority;
(h)
Shift the publicity and communications activity after the initial 12 months towards
those Trusts and Bodies who have not yet sought to acquire the Service. Direct
approaches will be made to establish the causes, such as:
(i)
Why they have put off making a buying decision;
(ii)
Their reasons for not benefiting from the available funding; and
(iii)
Any lack of understanding with regard to the Service.
(i)
Adapt publicity and communications activity in response to this feedback with the help
of specific case studies other marketing collateral to demonstrate successful
implementations with clear indications of the benefits achieved;
(j)
Identify and allocate resources that can be used as part of the ongoing marketing
activity through relationships with interested parties including but not limited to the
following:
(i)
Staff and Employee Representative Bodies – attendance at national
conferences with exhibition material and speeches communicating the
benefits of the service;
(ii)
Crime & Disorder Partnerships – publicity and communications activity with all
partnerships in England, providing literature and information on the service;
(iii)
Emergency Services – liaison and attendance at relevant events such as
ACPO conference, Ambex and the Emergency Services show;
(iv)
Local Security Management Specialists – attendance at quarterly regional
LSMS meetings in England to communicate services available and the
benefits;
(v)
Health & Safety Executive – attendance at national and regional events and
safety awareness days with promotional material;
(vi)
Patients Association Patient Advice and Liaison Service (PALS)/Charity
Groups – production of publicity and communications material specifically for
public consumption advising of the Services and the benefits of improved
safety and care;
211
2.2
10-404788-3
(vii)
Award Events – submission of case studies and evidence for relevant award
ceremonies related to safety and innovation which can raise the profile of the
Service; and
(viii)
Supplier organised road show events at existing Customer locations, inviting
nearby regional bodies to attend and see the Service in operation and hear
the experiences of current users.
Marketing Campaign. After the initial launch of the contract the Supplier shall undertake the
following regular activity as part of the marketing campaign:
(a)
Weekly updates to the Website, with news and events information to ensure all
interested parties are kept updated on the latest information about the Services;
(b)
Monitoring of website usage, hits and reacting to expressions of interest received to
electronic direct marketing activity to ensure maximum awareness of the Service;
(c)
Visits to interested Customers by their sales representative’s staff to provide all
additional material and information needed;
(d)
Press release updates, advertising and editorials issued to ensure market positioning
throughout the contract period containing information on the latest developments in
the Service and any new product solutions available to Customers;
(e)
Focused newsletter distribution and electronic direct marketing campaigns on those
potential customers identified as most likely to take up the Service;
(f)
Sponsorship and promotion at seminars, conferences and exhibitions identified as
relevant to the service which could help raise general awareness;
(g)
Provision of meeting dates for User group and road show events with existing and
prospective customers on a national and regional basis to ensure maximum exposure;
(h)
Collation of the details of incidents received and monitored by the ARC which are
suitable for marketing campaign activity;
(i)
Liaison with the Authority to discuss such PR activity relating to real life incidents and
their suitability for use in marketing activity;
(j)
Maintenance of a publicity library of relevant news articles and publications for use by
all interested parties;
(k)
Monitoring the effectiveness of marketing campaign activity to target audiences and
then adjusting activity and material accordingly in response to feedback in order to
support the contract objectives;
(l)
Ongoing maintenance and review of the Customer relationship management database
and adherence to data protection laws. Ensuring that all information held is relevant,
current and necessary. This activity will include the removal of contact details for
persons who have requested removal from future marketing campaign activity; and
(m)
Monitoring environmental impact of the publicity and communications activity by
seeking to reduce waste and minimising unnecessary use of paper and printing
materials. This will include ensuring that as much of the marketing material as
212
possible is available in electronic format for distribution by email or on the website to
download.
The marketing campaign specified above will be provided by the Supplier up to a maximum
expenditure as specified in schedule 5 (Maximum Charges).
10-404788-3
213
Schedule 16
Part 1- Exit Assistance
1
Introduction
1.1
This schedule details the agreed exit assistance services that will be provided by the Supplier
on termination or expiry of the Agreement, and Contract(s).
2
Exit Assistance in Preparation for Exit and/or on Termination or Expiry of the
Framework Agreement
2.1
At any time during or on exit of the Agreement the Supplier shall provide at the request of the
Authority, on up to 3 separate occasions and in the format required by the Authority the
following items at no charge to the Authority:
(a)
(b)
(c)
10-404788-3
Twelve months of data, where the Agreement is terminated before there is twelve
months of data the Supplier should provide data for the entire period of the
Agreement. Data to be cut on a monthly basis detailing:
(i)
Customer numbers;
(ii)
the total number and average duration of Red Alerts;
(iii)
the total number and average duration of Amber Alerts;
(iv)
the total number of Status Checks;
(v)
the total number of Service Desk calls broken down by type of call and their
average duration; and
(vi)
the total number of cases referred to second line technical support and their
average duration.
Using at least 12 months of data, the Supplier shall provide a report when requested
by the Authority, on up to 3 separate occasions, providing the following information:
(i)
the average product life of each current Device;
(ii)
total yearly number of Device failures (broken down by type and model of
Device) and the reason for failure;
(iii)
total yearly number of Devices that are replaced as a result of (1) loss; (2)
damage; or (3) theft.
Contracting information which details the:
(i)
current Customer contracting entities;
(ii)
Authorised Customer Representative contact details for the current
Customers;
(iii)
the remaining term for the current Contract(s) (broken down by Customer), to
include information on number of remaining Contract extension(s).
214
2.2
The Supplier shall agree with the Authority a handover plan for all of the Supplier's
responsibilities as set out in the Security Plan, in Appendix 1 of schedule 14 (Security Policy).
The Supplier will cooperate fully in the execution of the agreed plan, and provide skills and
expertise of a suitable standard.
2.3
In addition to the exit assistance services detailed in paragraph 2.1 and 2.2 the Supplier shall
provide any additional termination assistance as requested by the Authority, and such
assistance shall be chargeable at rates calculated in accordance with the principles detailed in
paragraph 9 of schedule 5 (Maximum Charges).
3
Exit Assistance in Preparation for Exit and/or on Termination or Expiry of a Customer
Contract
3.1
At any time during or on exit of a Contract the Supplier shall provide at the request of a
Customer, on up to 3 separate occasions and in the format required by the Customer, the
following items at no additional charge to the Customer:
(a)
(b)
(c)
10-404788-3
Twelve months of Customer data, where Contract(s) are terminated before there is
twelve months of data the Supplier should provide consolidated Customer data for the
entire period of the Contract cut on a monthly basis, which details for that Customer:
(i)
the total number and average duration of Red Alerts;
(ii)
the total number and average duration of Amber Alerts;
(iii)
the total number of Status Checks;
(iv)
the total number of Service Desk calls broken down by type of call and their
average duration; and
(v)
the total number of cases referred to Supplier second line technical support
and their average duration.
Using at least 12 months of data the Supplier shall provide a report when requested
by the Customer, on up to 3 separate occasions, providing the following information:
(i)
the average product life of each current Device;
(ii)
total yearly number of Device failures (broken down by type and model of
Device) and the reason for failure;
(iii)
total yearly number of Devices that are replaced as a result of (1) loss; (2)
damage; or (3) theft.
Contracting information which details for that Customer an aggregated list containing
information for each remaining Contract, which shall include the:
(i)
expiry date;
(ii)
number of remaining Contract extension(s);
(iii)
names of Users assigned to each Contract;
(iv)
name of the Authorised Customer Representative; and
(v)
name of the Customer department.
215
3.2
Six months prior to Contract expiry, or immediately in the case of early termination, the
Supplier shall contact the Customer to agree the means by which the Customer requires
recordings to be transferred from the Supplier to the Customer. The Authority shall have the
right to specify at its sole discretion, and the Supplier shall ensure that:
(a)
recordings are transferred to the Customer or a specified third party in the format
specified by the Customer; or
(b)
recordings are retained by the Supplier for the period of time required by the Contract.
There shall be no additional cost associated with this requirement as this has been
built into the Maximum Charges pricing.
3.3
In addition to the exit assistance services detailed in paragraph 3.1 and 3.2 the Supplier shall
provide additional termination assistance as requested by the Customer, such assistance shall
be chargeable at the rates calculated in accordance with the principles detailed in paragraph 9
of the Maximum Charges schedule of the Agreement or 2-3 of the Contract.
3.4
On expiry or termination of a Contract, the Customer shall use reasonable endeavours to
collect Devices from Users, and return them to the Supplier, for disposal in accordance with
the Waste Electrical and Electronic Equipment Regulations 2006 (WEEE).
3.5
Within 45 days of expiry or termination of a Contract the Supplier may contact the Customer,
once only, providing details to the Customer of those Devices not yet returned to the Supplier
pursuant to paragraph 3.4, and requesting the return of the same. Thereafter the Supplier
accepts that it will have no further claim in relation to the Devices, but shall accept any
Devices that may be returned by Customers for disposal in accordance with WEEE.
Part 2– Staff Transfer
1
Definitions
For the purposes of this Part 2 the following definitions shall apply:
Employee Liabilities means all claims, including claims for redundancy payments, unlawful deduction
of wages, unfair, wrongful or constructive dismissal compensation, compensation for sex, race or
disability discrimination, claims for equal pay, compensation for less favourable treatment of part-time
workers, and any claims (whether in tort, contract or statute or otherwise), demands, actions,
proceedings and any award, compensation, damages, tribunal awards, fine, loss, order, penalty,
disbursement, payment made by way of settlement and costs and expenses reasonably incurred in
connection with a claim or investigation (including any investigation by the Equality and Human Rights
Commission or other enforcement, regulatory or supervisory body and of implementing any
requirements which may arise from such investigation), and any legal costs and expenses
Employment Regulations means the Transfer of Undertakings (Protection of Employment)
Regulations 2006 (SI 2006/246) as amended or replaced or any other Regulations implementing the
Council Directive 77/187/EEC on the approximation of the laws of the Member States relating to the
safeguarding of employees' rights in the event of transfers of undertakings, businesses or parts of
undertakings or businesses
Final Staff List means the relevant list of all Supplier Personnel engaged in or wholly or mainly
assigned to, the provision of the Services or any part of the Services at the date of the Service
Transfer
10-404788-3
216
Provisional Staff List means a list prepared and updated by the Supplier of all Supplier Personnel
who are engaged in or wholly or mainly assigned to, the provision of the Services or any part of the
Services as at the date of such list
Relevant Transfer has the meaning given to it in the Employment Regulations
Replacement Contractor means any third party service provider of Replacement Services appointed
by the Authority from time to time
Replacement Services any services which are substantially similar to any of the Services and which
the Authority receives in substitution for any of the Services following the expiry or termination of this
Agreement whether in whole or in part, whether those services are provided by the Authority internally
and/or by any third party
Staffing Information means in relation to all persons named on the Provisional Staff List, such
information as the Authority may reasonably request (subject to Data Protection Requirements), but
including in an anonymised format:
(a)
their ages, dates of commencement of employment or engagement and gender
(b)
details of whether they be employed, self employed contractors or consultants, agency
workers or otherwise
(c)
the identity of the employer or relevant contracting party
(d)
their relevant contractual notice periods and any other terms relating to termination of
employment, including redundancy procedures, and redundancy payments
(e)
the wages, salaries, profit sharing
(f)
details of other employment related benefits, including (without limitation) medical insurance,
life assurance, pension or other retirement benefit schemes, share option schemes and
company car schedules applicable to them
(g)
any outstanding or potential contractual, statutory or other liabilities in respect of such
individuals (including in respect of personal injury claims)
(h)
details of any such individuals on long term sickness absence, parental leave, maternity leave
or other authorised long term absence
(i)
copies of all relevant documents and materials relating to such information, including copies of
relevant contracts of employment (or relevant standard contracts if applied generally in respect
of such employees) and
(j)
any other "employee liability information" as such term is defined in Regulation 11 of the
Employment Regulations
Service Transfer means has the meaning given in paragraph 3 of schedule 16 part 2 (Staff Transfer)
Service Transfer Date means the date of a Service Transfer
Supplier Party means the Supplier's agents and contractors, including each Sub-Contractor
Transferring Employee means those Supplier Personnel who are listed on the Provisional Staff List
(or who are added in accordance with paragraph 4.6 of this schedule) and who are wholly or mainly
10-404788-3
217
assigned to the Services (or the relevant part thereof) immediately before the relevant Service
Transfer Date
2
Purpose of this schedule
This schedule sets out the parties respective right and obligations in relation to the application
of the Employment Regulations to this Framework Agreement
3
Application of the employment regulations on termination or at the end of the term
The Framework Agreement envisages that, subsequent to the commencement of the
provision of the Services, the identity of the provider of the Services (or any part of the
Services) may change (whether as a result of termination of this Framework Agreement, or
part, or otherwise) resulting in the Services or related services being undertaken by the
Authority or a Replacement Contractor. Such change in the identity of the supplier of such
services shall be a "Service Transfer". The parties acknowledge that a Service Transfer will be
a Relevant Transfer and in such event, the Authority, or a Replacement Contractor, would
inherit liabilities in respect of the Transferring Employees. Accordingly, the Employment
Regulations will apply.
4
Pre-service transfer obligations
4.1
The Supplier agrees, subject to compliance with the Data Protection Requirements that within
20 Working Days of the earliest of:
(a)
receipt of a notification from the Authority of a Service Transfer or intended Service
Transfer; or
(b)
receipt of the giving of notice of early termination of this Framework Agreement or any
part thereof; or
(c)
the date which is 12 months before the end of the Term; or
(d)
receipt of a written request of the Authority at any time (provided that the Authority
shall only be entitled to make one such request in any six month period),
it will provide the Provisional Staff List and the Staffing Information to the Authority or, at the
direction of the Authority, to a Replacement Contractor and it will provide an updated
Provisional Staff List at such intervals as are reasonably requested by the Authority.
4.2
At least 14 Working Days prior to the Service Transfer Date, the Supplier shall prepare
(subject to compliance with Data Protection Requirements) and provide, or as appropriate
procure that the Supplier Party shall prepare and provide, to the Authority or, at the direction of
the Authority, the Replacement Contractor, the Final Staff List and the Staffing Information,
which shall be complete and accurate in all material respects. The Final Staff List shall identify
which of the Supplier Personnel named shall be Transferring Employees. The Final Staff List
will be suitably anonymised so as to comply with Data Protection Requirements.
4.3
Subject to compliance with the Data Protection Requirements, the Authority shall be permitted
to use and disclose the Provisional Staff List, the Final Staff List and the Staffing Information
for informing any tenderer or other prospective Replacement Contractor for any services which
are substantially the same type of services (or any part thereof) as the Services, provided that
the Authority imposes on such third party obligations of confidence that are no less onerous
than the Authority has to the Supplier in relation to that information.
10-404788-3
218
4.4
Upon reasonable request by the Authority and subject to compliance with the Data Protection
Requirements, the Supplier shall provide, and shall procure that each Supplier Party shall
provide, the Authority or at the request of the Authority, the Replacement Contractor, with
access (on reasonable notice and during normal working hours) to such employment records
as the Authority reasonably requests and will allow the Authority or the Replacement
Contractor to have copies of any such documents.
4.5
The Supplier warrants that the Provisional Staff List, the Final Staff List and the Staffing
Information will be true and accurate in all material respects.
4.6
In respect of each Service Transfer, from the date of the earliest event referred to in
paragraphs 4.1(a) to 4.1(c) above, the Supplier agrees that it will not, and agrees to procure
that each Supplier Party will not, other than in the ordinary course of business, assign any
person to the provision of the Services (or the relevant part) which is the subject of a Service
Transfer who is not listed in the Provisional Staff List and will not, other than in the ordinary
course of business, without the prior written consent of the Authority (such consent not to be
unreasonably withheld or delayed):
(a)
increase the total number of employees listed on the Provisional Staff List save for
fulfilling assignments and projects previously scheduled and agreed;
(b)
make, propose or permit any material changes to the terms and conditions of
employment of any employees listed on the Provisional Staff List,
(c)
increase the proportion of working time spent on the Services (or the relevant part) by
any of the Supplier Personnel save for fulfilling assignments and projects previously
scheduled and agreed;
(d)
introduce any new contractual or customary practice concerning the making of any
lump sum payment on the termination of employment of any employees listed on the
Provisional Staff List;
(e)
replace any Supplier Personnel listed on the Provisional Staff List or deploy any other
person to perform the Services (or the relevant part) or terminate or give notice to
terminate the employment or contracts of any persons on the Provisional Staff List
save for:
(f)
4.7
the execution of assigned operations as detailed in 4.6(a) and 4.6(c); and/or
(ii)
replacing voluntary resignations or staff terminated by due disciplinary
process to satisfy the fulfilment of previously agreed work streams provided
that any replacement is employed on the same terms and conditions of
employment as the person he/she replaces; and
the Supplier will promptly notify or as appropriate will procure that the Supplier Party
will promptly notify the Authority or, at the direction of the Authority, the Replacement
Contractor of any notice to terminate employment given by the Supplier or any
Supplier Party or received from any persons listed on the Provisional Staff List
regardless of when such notice takes effect.
Within 7 Working Days following the Service Transfer Date, the Supplier will provide to the
Authority or any Replacement Contractor, in respect of each person on the Final Staff List who
is a Transferring Employee:
(a)
10-404788-3
(i)
the most recent month's copy pay slip data;
219
(b)
details of cumulative pay for tax and pension purposes;
(c)
details of cumulative tax paid;
(d)
tax code;
(e)
details of any voluntary deductions from pay; and
(f)
bank/building society account details for payroll purposes.
5
The Supplier's indemnity
5.1
In connection with a Relevant Transfer under paragraph 3 of this schedule, the parties agree
that:
(a)
(b)
the Supplier will, and shall procure that any Supplier Party will, perform and discharge
all its obligations in respect of all the Transferring Employees and their representatives
for its own account up to and including the Service Transfer Date. The Supplier will
indemnify the Authority and any Replacement Contractor against all Employee
Liabilities arising from the Supplier's, or any Supplier Party's, failure to perform and
discharge any such obligation and against any Employee Liabilities arising from or as
a result of
(i)
any act or omission by the Supplier or any Supplier Party occurring on or
before the Service Transfer Date or any other matter, event or circumstance
occurring or having its origin before the Service Transfer Date save simply for
accrual of service before that date;
(ii)
all emoluments and outgoings in relation to the Transferring Employees
(including without limitation all wages, bonuses, PAYE, national insurance
contributions, pension contributions and otherwise) payable in respect of any
period on or before the Service Transfer Date;
(iii)
any claim arising out of the provision of, or proposal by the Supplier or any
Supplier Party to offer any change to any benefit, term or condition or working
condition of any Transferring Employee arising on or before the Service
Transfer Date;
(iv)
any claim made by or in respect of any person employed or formerly
employed by the Supplier or any Supplier Party other than a Transferring
Employee for which it is alleged the Authority or any Replacement Contractor
may be liable by virtue of this Framework Agreement and/or the Employment
Regulations;
the Supplier will indemnify the Authority and any Replacement Contractor against all
Employee Liabilities arising from:
(i)
10-404788-3
any act or omission of the Supplier or any Supplier Party in relation to its
obligations under Regulation 13 of the Employment Regulations, or in respect
of an award of compensation under Regulation 15 of the Employment
Regulations except to the extent that the liability arises from the Authority or a
Replacement Contractor's failure to comply with Regulation 13(4) of the
Employment Regulations;
220
(ii)
any breach by the Supplier or any Supplier Party of any and/or all of its
obligations under paragraph 4 of this schedule; and/or
(iii)
any statement communicated to or action done by the Supplier or any
Supplier Party to, or in respect of, any Transferring Employee on or before the
Service Transfer Date regarding the Service Transfer which has not been
agreed in advance with the Authority in writing subject to the timely availability
of the Authority.
5.2
The Supplier will indemnify the Authority and any Replacement Contractor in respect of any
Employee Liabilities arising from any act or omission of the Supplier or any Supplier Party in
relation to any other Supplier Personnel who is not a Transferring Employee during any period
whether before, on or after the Service Transfer Date.
5.3
If any person who is not a Transferring Employee claims or it is determined that his contract of
employment has been transferred from the Supplier or any Supplier Party to the Authority, or a
Replacement Contractor pursuant to a Relevant Transfer, or claims that his employment
would have so transferred had he not resigned, then:
(a)
the Authority or the Replacement Contractor will, within 20 Working Days of becoming
aware of that fact, give notice in writing to the Supplier;
(b)
the Supplier may offer (or may procure that a Supplier Party may offer) employment to
such person within 20 Working Days of the notification by the Authority or the
Replacement Contractor;
(c)
if such offer of employment is accepted, the Authority or the Replacement Contractor
shall immediately release the person from his employment;
(d)
if after that period has elapsed, no such offer of employment has been made or such
offer has been made but not accepted, the Authority or the Replacement Contractor
may within 15 Working Days give notice to terminate the employment of such person;
(e)
Subject to the Authority or the Replacement Contractor acting in this way or in such
other way as may be agreed between the Supplier and the Authority or the
Replacement Contractor, the Supplier will indemnify the Authority and the
Replacement Contractor against:
(f)
(i)
all Employment Liabilities arising out of such termination or otherwise arising
out of the employment of such person by the Authority or a Replacement
Contractor; and/or
(ii)
any direct employment costs (if any) associated with the employment of such
person by the Authority or the Replacement Contractor up to the date of
termination of such persons employment.
If such person is neither re-employed by the Supplier or any Supplier Party nor
dismissed by the Authority or the Replacement Contractor within the time scales set
out in this paragraph 5.3, such person will be treated as a Transferring Employee.
6
The Authority's indemnities
6.1
Subject to paragraphs 5 and 7, the Authority shall indemnify the Supplier and any Supplier
Party against all Employee Liabilities arising from the Authority's or the Replacement
10-404788-3
221
Contractor's failure to perform and discharge any obligation and against any Employee
Liabilities in respect of the Transferring Employee arising from or as a result of:
(a)
any act or omission by the Authority or the Replacement Contractor relating to a
Transferring Employee occurring on or after the Service Transfer Date;
(b)
all emoluments and outgoings in relation to the Transferring Employees (including
without limitation all wages, bonuses, PAYE, national insurance contributions, pension
contribution and otherwise) payable after the Service Transfer Date;
(c)
any claim arising out of the provision of, or proposal by the Authority or any
Replacement Contractor to offer any change to any benefit, term or condition or
working condition of any Transferring Employee arising after the Service Transfer
Date;
(d)
any failure by the Authority or any Replacement Contractor to comply with the
obligations imposed on a transferee by Regulation 13(4) of the Employment
Regulations in respect of the transfer of any Transferring Employees on the Service
Transfer Date except to the extent such failure is caused by or related to an act or
omission of the Supplier or any Supplier Party.
7
Mutual obligations
7.1
The parties shall co-operate to ensure that any requirement to inform and consult with the
employees and or employee representatives in relation to a Relevant Transfer will be fulfilled.
7.2
The Authority will assume (or will procure that the Replacement Contractor, as the case may
be, will assume) the outstanding obligations of the Supplier and any Supplier Party in relation
to the Transferring Employees in respect of accrued holiday entitlements and accrued holiday
remuneration to the Service Transfer Date. In consideration, the Supplier will or will procure
that any Supplier Party will pay to the Authority (or the Replacement Contractor as the case
may be) within 14 days of the Service Transfer Date the full amount necessary to enable the
Authority or the Replacement Contractor to meet the cost of providing any such untaken
holiday entitlements and remuneration as at the Service Transfer Date. The Authority or the
Replacement Contractor, as the case may be, will reimburse the Supplier and any Supplier
Party any amount paid by the Supplier or the Supplier Party before the Service Transfer Date
in respect of holidays taken in excess of any Transferring Employee's entitlement to paid
holiday in respect of the period ending on the Service Transfer Date.
8
Third party rights
The parties agree that the Contracts (Right of Third Parties) Act 1999 shall apply to
paragraphs 4, 5, 6, 7 and 10 of this schedule to the extent necessary that any Replacement
Contractor and Supplier Party shall have the right to enforce the obligations owed to, and
indemnities given to, the Replacement Contractor by the Supplier or the Authority to the
Supplier Party.
9
Provisions where transfer regulations do not apply
9.1
The following provisions shall apply in the event of a Service Transfer to which the
Employment Regulations do not apply:
(a)
10-404788-3
the Authority or the Replacement Contractor can, in its discretion, make to any of the
employees listed on the Provisional Staff List or any Supplier Personnel assigned to
the Services an offer, in writing, to employ that employee under a new contract of
222
employment to take effect on the day after the termination referred to in paragraph
9.1(f) below of this schedule or at the earliest reasonable opportunity;
(b)
when the offer has been made by the Authority or Replacement Contractor and
accepted by any employee or worker, the Supplier shall, and shall procure that any
Supplier Party shall, permit the employee or worker to leave its employment, as soon
as practicable depending on the business needs of the Supplier, which could be
without the employee or worker having worked his full notice period, if the employee
so requests and where operational obligations allow;
(c)
if the employee does not accept an offer of employment made by the Authority or
Replacement Contractor, the employee shall remain employed by the Supplier (or the
Supplier Party, as the case may be) and all Employee Liabilities in relation to the
employee shall remain with the Supplier or the relevant Supplier Party;
(d)
if the Authority or the Replacement Contractor does not make an offer to any
employee on the Provisional Staff List or any Supplier Personnel, then that employee
and all Employee Liabilities in relation to that employee remains with the Supplier or
relevant Supplier Party.
10
Conduct of claims
10.1
This paragraph 10 shall apply to the conduct, by a party from whom an indemnity is sought
under this schedule, of claims made by a third person against a party having (or claiming to
have) the benefit of the indemnity. The party having, or claiming to have, the benefit of the
indemnity is referred to as the "Beneficiary" and the party giving the indemnity is referred to as
the "Indemnifier".
10.2
If the Beneficiary receives any notice, demand, letter or other document concerning any claim
for which it appears that the Beneficiary is, or may become entitled to, indemnification under
this schedule ("Claim"), the Beneficiary shall given notice to the Indemnifier as soon as
reasonably practicable and in any event within 10 Working Days of receipt of the same.
10.3
Subject to paragraphs 10.4 and 10.5, on the giving of a notice by the Beneficiary pursuant to
paragraph 10.2 above, where it appears that the Beneficiary is or may be entitled to
indemnification from the Indemnifier in respect of all (but not part only) of the liability arising
out of the Claim, the Indemnifier shall (subject to providing the Beneficiary with a secured
indemnity to its reasonable satisfaction against all costs and expenses that it may incur by
reason of such action) be entitled to dispute the Claim in the name of the Beneficiary at the
Indemnified own expense and take conduct of any defence, dispute, compromise or appeal of
the Claim and of any incidental negotiations relating to the Claim. If the Indemnifier does elect
to conduct the Claim, the Beneficiary shall give the Indemnifier all reasonable co-operation,
access and assistance for the purposes of such Claim and, subject to paragraph 10.5 below,
the Beneficiary shall not make any admission which could be prejudicial to the defence or
settlement of the Claim without the prior written consent of the Indemnifier.
10.4
With respect to any Claim conducted by the Indemnifier pursuant to paragraph 10.3 above:
10-404788-3
(a)
the Indemnifier shall keep the Beneficiary fully informed and consult with it about
material elements of the conduct of the Claim;
(b)
the Indemnifier shall not bring the name of the Beneficiary into disrepute;
(c)
the Indemnifier shall not pay or settle such Claim without the prior written consent of
the Beneficiary, such consent not to be unreasonably withheld or delayed; and
223
(d)
10.5
the Indemnifier shall conduct the Claim with all due diligence.
The Beneficiary shall be entitled to have conduct of the Claim and shall be free to pay or settle
any Claim on such terms as it thinks fit and without prejudice to its rights and remedies under
this Agreement if:
(a)
the Indemnifier is not entitled to take conduct of the Claim in accordance with
paragraph 10.3 above;
(b)
the Indemnifier fails to notify the Beneficiary of its intention to take conduct of the
relevant Claim within 10 Working Days of the notice from the Beneficiary under
paragraph 10.2 above or if the Indemnifier notifies the Beneficiary that it does not
intend to take conduct of the Claim; or
(c)
the Indemnifier fails to comply in any material respect with the provisions of paragraph
10.4 above.
11
Sensitive claims
11.1
With respect to any Claim for which the Authority or the Supplier or the Supplier Party are the
Beneficiary and the conduct of which the Authority or Supplier acting reasonably, considers is
likely to have an adverse impact on the general public's perception of the Authority or the
Supplier or the Supplier Party ("Sensitive Claim"), the Indemnifier shall only be entitled to
take conduct of any defence, dispute, compromise or appeal of the Sensitive Claim with the
Beneficiary's prior written consent. If the Beneficiary withholds such consent and elects to
conduct the defence, dispute, compromise or appeal of the Sensitive Claim itself, it shall
conduct the Sensitive Claim with all due diligence and if any failure to do so results in an
increase in the amount recoverable by the Beneficiary in respect of an indemnity under this
Agreement, the Indemnifier shall only be liable to indemnify the Beneficiary in respect of that
amount which would have been recoverable by the Beneficiary had it conducted the Sensitive
Claim with all due diligence.
11.2
The Beneficiary shall be free at any time to give written notice to the Indemnifier that it is
retaining or taking over (as the case may be) the conduct of any Claim, to which paragraph
10.3 above applies notwithstanding that it does not have the right to do so pursuant to
paragraph 10.3 if, in the reasonable opinion of the Beneficiary the Claim is, or has become, a
Sensitive Claim. In such cases, the provisions of paragraph 11.1 above shall apply.
12
Recovery of sums
12.1
If the Indemnifier pays to the Beneficiary an amount in respect of an indemnity and the
Beneficiary subsequently recovers (whether by payment, discount, credit, saving, relief or
other benefit or otherwise) a sum which is directly referable to the fact, matter, event or
circumstances giving rise to the Claim, the Beneficiary shall forthwith repay to the Indemnifier
whichever is the lesser of
10-404788-3
(a)
an amount equal to the sum recovered (or the value of the discount, credit, saving,
relief, other benefit or amount otherwise obtained) less any out-of-pocket costs and
expenses properly incurred by the Beneficiary in recovering or obtaining the same;
and
(b)
the amount paid to the Beneficiary by the Indemnifier in respect of the Claim under the
relevant indemnify,
224
provided that there shall be no obligation on the Beneficiary to pursue such recovery and that
the Indemnifier is repaid only to the extent that the amount of such recovery aggregated with
any sum recovered from the Indemnifier exceeds any loss sustained by the Beneficiary
(including for this purpose any indirect Losses sustained by the Beneficiary which may be
excluded by this Agreement from being recovered from the Indemnifier).
13
Insurance
13.1
Any person taking any of the steps contemplated by paragraphs 10.2 to 11.1 shall comply with
the requirements of any insurer who may have an obligation to provide an indemnity in respect
of any liability arising under this Agreement
14
Mitigation
14.1
Each of the Authority and the Supplier shall at all times take all reasonable steps to minimise
and mitigate any loss for which the relevant party is entitled to bring a claim against the other
party pursuant to the indemnities in this schedule.
15
Taxation
15.1
If any payment by one party under an indemnity in this Agreement is subject to income tax or
corporation tax (or any tax replacing either or both of them) in the hands of the recipient (or a
withholding made by the paying party in respect of tax), the recipient may demand in writing to
the party making the payment that the payment shall be increased by such amount as would
ensure that, after taking into account any such tax payable in respect of such additional
amount, the recipient receives and retains a net sum equal to the amount it would have
otherwise received had the payment not been subject to such tax or withholding.
10-404788-3
225
Schedule 17
Standards and Regulations
1
User Devices;
1.1
All Device variants shall comply with the following standards:
(a)
European and International Standards
(b)
Approved GSM Telecommunications modules
(c)
R&TTE – Radio and Telecommunication Terminal Equipment Directive
(d)
FCC – Federal Communications Commission (USA)
(e)
UL – Underwriters Laboratories Inc
(f)
IC – Industry Canada
(g)
GCF – Global Certification Forum
(h)
PTCRB – North American Type Certification Review Board
(i)
CE – European Consumer Goods Quality Control
(j)
Local GSM network operator certifications
(k)
Devices tested and passed for SAR and EMC Compliance to European and
International standards
(l)
All Devices shall incorporate approved battery modules with integrated safety circuits
(m)
All Devices shall conform with CE specification where applicable and shall be CE
marked
(n)
Devices shall conform to EN55022 Emissions and susceptibility and the EEC low
voltage directive
User provided mobile phone handsets supported by the Supplier shall meet the mandatory
requirements listed below:
1.2
(o)
No flip phones
(p)
No key locks to be deployed
(q)
No touch screen phones
(r)
No phones where speed dials cannot be easily set up by the User
(s)
No ‘qwerty’ keyboard based phones
Device Disposal
The Supplier shall dispose of returned Devices in accordance with the Waste Electrical and
Electronic Equipment Regulations 2006 (WEEE) where applicable.
10-404788-3
226
1.3
ARC Building
The ARC building shall conform to BS5979 Cat ii accredited by the Security Systems and
Alarm Inspection Board (SSAIB) which is a UKAS approved board.
1.4
User/Customer Communications and Data
The handling of the communications and data by the Supplier shall comply with the following
standards:
1.5
(a)
ISO/IEC27002 and ISO/IEC27001
(b)
Data Protection Act 1998
(c)
Regulation of Investigatory Powers Act 2000 (RIPA)
(d)
Telecommunications (Lawful Business Practices) (Interception of
Regulations 2000
(e)
Telecommunications
(Data
Human Rights Act 1998
(f)
The Suppliers Data Protection obligation’s in clause 22 and 23 of the Agreement and
20 and 21 of the Contract
(g)
BS7858: security screening of individuals employed in a security environment
Protection
and
Privacy)
Communications)
Regulations
1999
Account Management
The Supplier shall manage the Services adhering to the Information Technology Infrastructure
Library (ITIL) framework of best practice approaches, intended to facilitate the delivery of high
quality information technology (IT) services.
1.6
Networks
The Supplier shall monitor that any Network provider supporting the Service, adhere to, as a
minimum the following standards:
ISO 9001:2000 Quality management systems & processes
BS 25999 Business Continuity Management
ISO 14001 Environmental management system
ISO 9001 Registration upgraded from the 1994 to 2000 version.
1.7
Service Desk
The Service Desk shall be located in the ARC building, which shall conform to BS5979 Cat ii
accredited by the Security Systems and Alarm Inspection Board (SSAIB) which is a UKAS
approved board.
The Supplier shall also conform to the following Call Centre Association (CCA) standards:
(a)
10-404788-3
Training and staff development
227
(b)
Internal communication and dispute resolution
(c)
Compliance with legislative requirements (e.g. Data Protection, Health & Safety, Equal
Opportunities, etc.)
(d)
Customer feedback procedures
(e)
Performance level monitoring
(f)
Complaints handling
2
Compliance with European and International Standards
2.1
All Device variants shall use approved GSM Telecommunications modules, and shall meet the
following standards:
(a)
R&TTE – Radio and Telecommunication Terminal Equipment Directive
(b)
FCC – Federal Communications Commission (USA)
(c)
UL – Underwriters Laboratories Inc
(d)
IC – Industry Canada
(e)
GCF – Global Certification Forum
(f)
PTCRB – North American Type Certification Review Board
(g)
CE – European Consumer Goods Quality Control
(h)
Local GSM network operator certifications
2.2
The Supplier shall provide Devices that meet the Standard Absorption Rate (SAR) and
Electromagnetic Compatibility (EMC) Compliance to European and International standards,
and shall retain compliance as and when Standards are revised. (FCC approvals test reports
available on request). Devices shall incorporate approved battery modules with integrated
safety circuits.
2.3
All User Devices shall be designed to conform with CE specification, where applicable, and
shall be CE marked. User Devices shall also conform to EN55022 Emissions and
susceptibility and the EEC low voltage directive.
10-404788-3
228
Schedule 18
Insurance Requirements
1
Introduction
1.1
This Schedule 18 sets out the Insurance Requirements with which the Supplier shall comply
with in its provision of the Ordered Services.
2
Requirements
2.1
The Supplier shall, during the Term and until the expiry or earlier termination of this
Agreement:
(a)
maintain in force the following insurance policies:
(i)
public liability insurance for a minimum amount of £5 million on an each and
every claims basis;
(ii)
employer’s liability insurance for a minimum amount of £10 million on an each
and every claims basis; and
(iii)
product liability insurance for a minimum amount of £10 million on an each
and every claims basis,
(together “the Supplier Policies”);
10-404788-3
(b)
do nothing to invalidate any of the Supplier Policies;
(c)
on reasonable request from the Authority produce to the Authority such documentary
evidence of such insurance including copies of broker letters or cover notes relating to
such insurance and payment of premiums for the Supplier Policies as the Authority
may reasonably require; and
(d)
procure that the terms of the Supplier Policies shall not be altered in such a way as to
diminish the benefit of the Supplier Policies as provided at the Effective Date.
229
Related documents
Enquiries - Supplier Transactions
Enquiries - Supplier Transactions
Gary Frostick`s presentation
Gary Frostick`s presentation
SUPPLIER DEVELOPMENT ENGINEER/METALLURGIST
SUPPLIER DEVELOPMENT ENGINEER/METALLURGIST
Buyer`s Mind-set Selling
Buyer`s Mind-set Selling
Conflict of Interest Notice - Northrop Grumman Corporation
Conflict of Interest Notice - Northrop Grumman Corporation
Category: Obligations Relating to Non-State Actors Sub
Category: Obligations Relating to Non-State Actors Sub
INDUSTRIAL ENGINEERING ROLES IN INDUSTRY
INDUSTRIAL ENGINEERING ROLES IN INDUSTRY
Download
advertisement