SCHEDULE 18. Premises. This Schedule 18 sets out certain terms relating to the Service Provider s Premises.



Similar documents
SCHEDULE 2. Core It Services SOR

Policies and Procedures. Policy on the Use of Portable Storage Devices

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

Policy Document. IT Infrastructure Security Policy

Physical Security Policy

Introduction Management Tenancy terms Applying Licence agreement Payment of fees Insurance Moving in...

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

DATA PROTECTION AND DATA STORAGE POLICY

INFORMATION SECURITY POLICY

Grasmere Primary School Asset Management Policy

Leased Lines Specific Terms and Conditions

COVER SHEET OF POLICY DOCUMENT Code Number Policy Document Name

Policy: Remote Working and Mobile Devices Policy

APPLICANT VERIFICATION SERVICES TERMS AND CONDITIONS OF USE

Leased Lines Terms and Conditions

DATA PROTECTION IT S EVERYONE S RESPONSIBILITY. An Introductory Guide for Health Service Staff

CRM in a Day Support Services Agreement

CCG LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions

How To Protect School Data From Harm

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen. Supplementary data protection agreement. to the license agreement for license ID: between

LAPTOP AND PORTABLE DEVICES AND REMOTE ACCESS POLICY

University of Birmingham. Closed Circuit Television (CCTV) Code of Practice

SCHEDULE 10. Contract Management and Reporting. the Management Information and reporting requirements,

CCTV CODE OF PRACTICE

Data Protection Policy

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

Serviced Office Hire. Page 1 of 12

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

Appendix A. Call-off Terms and Conditions for the Provision of Services

SCHEDULE 3. Milestones and Deliverables. Redacted Version

MIS Privacy Statement. Our Privacy Commitments

SECURITY POLICY REMOTE WORKING

Human Resources Policy documents. Data Protection Policy

SCHEDULE 25. Business Continuity

Video surveillance policy (PUBLIC)

CRM Support Services Agreement

How To Protect Decd Information From Harm

CO-LOCATION SPACE SCHEDULE OF SERVICES Schedule 1

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February Title: Information Security Policy

BARNSLEY CLINICAL COMMISSIONING GROUP S REMOTE WORKING AND PORTABLE DEVICES POLICY

QMULI AD.FAST USER LICENCE

SERVER, DESKTOP AND PORTABLE SECURITY. September Version 3.0

Data Protection and Information Security. Data Security - Guidelines for the use of Personal Data

i. Northern Ireland Science Park (hereafter known as NISP); and ii. [ ] (hereafter known as the Licensee) Address Post Code Details of activity

Physical and Environment IT Security Standards

LSE PCI-DSS Cardholder Data Environments Information Security Policy

A Mobile Phone and Camera Toolkit for Early Years Settings. Early Years Services April 2013 Version 1.0

Information Security Policy for Associates and Contractors

Purpose: To comply with the Payment Card Industry Data Security Standards (PCI DSS)

Information Security Code of Conduct

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Website Hosting General Terms and Service Levels for Web Hosting and E- Mail

Caedmon College Whitby

Remote Access and Home Working Policy London Borough of Barnet

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012

Rotherham CCG Network Security Policy V2.0

Supplier IT Security Guide

Academic Institution Licence for Perpetual Access to the Global Health Archive Database

The Installation, Maintenance and Removal of Data Logging Equipment on Scottish Water s Water Revenue Meters. Terms and Conditions

ARTWORK COMMISSION AGREEMENT

UNESCO-IHE Code of Conduct regarding Information Technology (IT)

Findings from ICO audits and reviews of community healthcare providers. June 2013 to December 2014

MMU Vehicle Hire Policy: Information for Staff booking vehicles

Version: 2.0. Effective From: 28/11/2014

Health and Safety at Work Policy

The following definitions shall apply to the provision of the Service, in addition to those in the BT General Conditions;

E Safety Policy. 6 th March Annually. 26 th February 2014

INFORMATION MANAGEMENT & TECHNOLOGY SECURITY POLICY

ANGUS COUNCIL SUPPLEMENTARY CONDITIONS OF CONTRACT. SC 01 - Contract Performance Guarantee Insurance

The Management of Asbestos containing Materials

MTS GUI LICENCE SCHEDULE TO. MTS Data Terms & Conditions End Customer; or. MTS and EuroMTS Membership Documentation; or. MTS Registered ISV Agreement

Dedicated Server Services Specific Terms and Conditions

Portable Devices and Removable Media Acceptable Use Policy v1.0

Hire Agreement Offices

Newcastle University Information Security Procedures Version 3

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES

ABERDARE COMMUNITY SCHOOL

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Box Hill Senior Secondary College/MYSC

ACCEPTABLE USE OF COMPUTERS IN WILTSHIRE LIBRARIES

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

HIPAA Privacy and Security

Our Customer Relationship Agreement CO-LOCATION SERVICE DESCRIPTION

Smart Meters Programme Schedule 9.1. (TUPE) (CSP South version)

COLOCATION SERVICE SCHEDULE

Corporate Affairs Overview and Scrutiny Committee

TICSA. Telecommunications (Interception Capability and Security) Act Guidance for Network Operators.

TEXTURA AUSTRALASIA PTY LTD ACN ( Textura ) CONSTRUCTION PAYMENT MANAGEMENT SYSTEM TERMS AND CONDITIONS OF USE

WRDC Business Centre 6-8 Queen Street Newton Stewart Wigtownshire DG8 6JL Tel: Fax:

Terms and Conditions of Use - Connectivity to MAGNET

Lease Contract for Commercial Premises

Clause 1. Definitions and Interpretation

Office 365 Data Processing Agreement with Model Clauses

The University of Information Technology Management System

SCHEDULE 16. Exit Plan. sets out the strategy to be followed on the termination (including Partial Termination) or expiry of this Agreement; and

Dene Community School of Technology Staff Acceptable Use Policy

Transcription:

Business Operations- Schedule 18 (Premises) SCHEDULE 18 Premises This Schedule 18 sets out certain terms relating to the Service Provider s Premises. 1. Service Provider's Premises The following provisions shall apply in respect of the Service Provider s Premises: 1.1 The Service Provider shall be responsible for providing suitable premises and shall be fully liable for all costs associated with the Service Provider s Premises. The Service Provider s selection of its Premises shall be subject to the prior written approval of TfL, such approval is not to be unreasonably withheld or delayed. 1.2 The Service Provider s Premises for the Service System(s) shall be in secure Data Centres located in the UK or EEA. 1.3 The Service Provider acknowledges that TfL and TfL s authorised representatives, sub-contractors and agents shall have access to relevant parts of the Service Provider s Premises in order to: inspect the performance of the Services; inspect the operation and maintenance of all equipment used in the provision of the Services; monitor the Service Provider s compliance with its obligations under this Agreement, including but not limited to, Test Witnessing and in accordance with Clause 36 (Audit and Inspection); or monitor the Service Provider in accordance with Clause 35 (TfL Monitoring Staff). 1.4 The Service Provider will provide TfL and TfL s authorised representatives, as notified by TfL from time to time, sub-contractors and agents with all necessary security authorisations/passes and inductions to allow them access to the Service Provider s Premises. 1.5 The Service Provider shall provide and maintain permanent, dedicated access at the Operational Premises for TfL Personnel which shall include permanently based operational TfL Personnel and such number of TfL Personnel shall be twelve (12) (or such greater number as TfL confirms in writing to the Service Provider, up to a maximum of twenty-four (24) in aggregate). 1.6 In respect of TfL's authorised representatives, sub-contractors and agents who will remain on the Service Provider s Premises on a long-term basis in connection with the provision or receipt of the Services, the Service Provider shall provide such additional facilities as are reasonably requested by TfL. These facilities shall include, but are not limited to: a desk and workstation of the same functionality as the Service Provider provides for its management level staff; 11/17332045_1 1

secure, lockable storage space for personal belongings; use of such on-site facilities as are available to the Service Provider's Personnel at the Premises; for Service Provider s Premises which are not located in a city centre, 13 (thirteen) car parking spaces for use by TfL's authorised representatives; (I) (J) (K) (L) (M) (N) (O) (P) MS Office workstations; scanners; letter quality printers (including colour); fax machine; telephones with voicemail; access to all Service System(s) using the access controls implemented by the Service Provider in accordance with Schedule 2 (Statement of Requirements (General)), and in accordance with Schedule 14 (Security Policy); access to the TfL network by allowing support for the TfL Citrix access client which uses double authenticated access; sufficient bandwidth to meet the Requirements; access to suitable toilet, shower facilities and changing areas; access to kitchen and communal rest areas; access to all areas of the Operational Premises; and dedicated TfL meeting room capable of holding twelve (12) people (and such meeting room may only be used by the Service Provider if not required by TfL). 1.7 The Service Provider shall obtain all necessary planning consents for the Service Provider Premises and meet all costs associated with its maintenance, equipment and operation. 1.8 The Service Provider shall ensure that any leases in relation to the Service Provider Premises are in the Service Provider's name (save, to the extent agreed by TfL in writing, in relation to any shared service premises) and are for the duration of the Initial Term, and any possible extension to the Term. 1.9 The Service Provider shall ensure that it provides standard word processing functions for use on the workstations by its Personnel in the delivery of the Services. 1.10 The Service Provider shall ensure that the word processing functions provided in accordance with paragraph 1.9 include as a minimum the ability to: 11/17332045_1 2

create documents; edit documents; save documents; compare documents; share documents; upload documents; cut and paste from and to different documents within the Service System only; and any other functions which are provided as standard on the most recent word processing packages such as MS Office, as amended from time to time. 1.11 The Service Provider will provide all assistance reasonably requested by TfL and its authorised representatives, sub-contractors and agents in connection with TfL exercising its rights under this Agreement. 1.12 The Service Provider will ensure that all assets, equipment and documentation belonging to TfL which are stored and/or utilised at any of the Service Provider s Premises are clearly labelled as the property of TfL and are kept and/or stored securely in an identifiable state separately from any assets, equipment and documentation belonging to the Service Provider. 1.13 The Service Provider shall ensure that all areas of the Service Provider s Premises are covered by CCTV. For avoidance of doubt such areas shall include but not be limited to main operational areas; all communal areas; and external areas. 1.14 TfL shall ensure that any of its authorised representatives, sub-contractors and agents who are present on the Service Provider s Premises shall comply with such reasonable rules, requirements or regulations as are notified in writing by the Service Provider to TfL from time to time including (without limitation) in relation to: Health and Safety Legislation and other health and safety requirements the Service Provider may reasonably require from time to time; and security and confidentiality. 1.15 The Service Provider shall ensure that the Operational Premises location and suitability of the facilities are Approved in advance by TfL. 1.16 The Service Provider shall ensure that the Operational Premises are made available to TfL Personnel twenty four (24) hours a day, 7 days a week, 365 days a year. 2. Premises Rules and Regulations 11/17332045_1 3

2.1 The Service Provider shall develop the Premises Rules and Regulations, and submit them to TfL for Assurance, for all Premises and facilities used to provide Operational Services, incorporating rules regarding: planned visit notification; use of wireless communication devices including mobile phones; presence of cameras and recording devices, portable storage devices including USB memory sticks, MP3 or similar devices; security; smoking, eating and drinking including alcohol; taking personal belongings into data centres and call centres; vehicle parking; and email and internet usage. 2.2 The Service Provider shall ensure that the Premises Rules and Regulations are contained in manuals that are readily available in soft and hard copy to all Personnel at all Premises. 2.3 The Service Provider shall conduct audits of the Premises Rules and Regulations quarterly to ensure they are being adhered to and implement any necessary measures to remedy any issues. 2.4 The Service Provider shall ensure that compliance with the Premises Rules and Regulations is an access requirement for all Personnel and visitors. 3. Premises Security 3.1 The Service Provider shall develop (prior to selecting the Premises), maintain, submit to TfL for Assurance and apply security clearance processes and procedures in accordance with Good Industry Practice. 3.2 The Service Provider shall apply the security clearance procedures referred to in paragraph 3.1 to all Service Provider Personnel and other visiting personnel, including TfL Personnel. 3.3 The Service Provider shall ensure that all personal items, including bags, coats, cameras, recording devices, mobile phones, any computer based devices and pedestal units, are prohibited from all operational and Service Management areas in the Premises. 3.4 The Service Provider shall ensure that the layout and furnishings of secure areas minimise opportunities for concealment of items and persons. 3.5 The Service Provider shall, in accordance with the Security Plan, ensure that User access to designated secure areas shall be automatically recorded and logged. The Service Provider shall retain the logs in accordance with Schedule 2 (Statement of Requirements), Appendix 14: Data Retention. 3.6 The Service Provider shall ensure that physical access to the Service System(s) is 11/17332045_1 4

denied to any individuals who do not have the appropriate and specific authorisation from the Service Provider's Security Manager. 3.7 The Service Provider shall ensure that all activities within the Service Provider Premises captured by CCTV are digitally recorded onto suitable digital media. 3.8 The Service Provider shall ensure that only the Service Provider s Personnel who are responsible for processing the immediate workload and are authorised to open and scan mail are permitted to be in the Post Room, except for the Service Provider's management Personnel, authorised TfL Personnel and audit service personnel for monitoring purposes only. 3.9 The Service Provider shall ensure that the Post Room is treated as a high security and confidentiality area in order to protect Customers' data and interests at all times. 3.10 The Service Provider shall provide secure storage facilities outside of the Post Room for all Personnel working within the Post Room to store personal belongings. 3.11 The Service Provider shall ensure that the Post Room is equipped with appropriate furnishings that allow maximum security for the storage and processing of mail. 3.12 The Service Provider shall ensure that TfL Personnel are located within a restricted access area (such that TfL controls which Service Provider Personnel have access) within the Operational Premises which is of a size suitable to accommodate the number of TfL Personnel specified by TfL in the Implementation Plan at the Operational Premises at any one time. 4. Data Centre Premises 4.1 The Service Provider shall ensure that all data centres are monitored on a continuous basis (24 hours a day, 7 days a week, 365 days a year) for all activity. 4.2 The Service Provider shall ensure that all access to data centres is logged such that: card access will be logged through the Service Provider's card access system and the data kept in accordance with the Data Retention Policy; and visitors to the data centres will be logged by the Service Provider's reception staff and associated control system and the data kept in accordance with the Data Retention Policy. 4.3 The Service Provider shall ensure that no data centre is accessed by unauthorised users. 4.4 The Service Provider shall ensure that all data centres are secure in accordance with Schedule 14 (Security Policy). 5. Business Continuity Premises 5.1 The Service Provider shall ensure that the Business Continuity Premises are located further than seven (7) miles from the live Service System(s). 11/17332045_1 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information