Common use of BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS Clause in Contracts

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's Suppliers approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Goods and/or Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or goods, services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Goods and/or Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8Schedule; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services Services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or goods, services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8Schedule; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer Purchaser expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier Service Provider upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier Service Provider ensures continuity of the business operations of the Customer Purchaser supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier Service Provider in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the SupplierService Provider's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware hardware/software configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service Services recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] ; any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier Service Provider shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier Service Provider in relation to its obligations pursuant to this Schedule 8Schedule; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or goods, services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8Schedule; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods Products and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods Products and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods Products and/or Services in Servicesin order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods Products and/or Services; set out the goods Products and/or services to Servicesto be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods Products and/or Services (such goods Products and/or services Services and steps, the “Business Continuity Goods Products and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods Products and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods Products and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods Products and/or Services;] ; any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods Products and/or Services during Servicesduring any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier Service Provider upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services Services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services Services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plannot used; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier Service Provider ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier Service Provider in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the SupplierService Provider's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plannot used; details of how the Supplier Service Provider shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier Service Provider in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer Contracting Authority expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services Services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services Services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer Contracting Authority supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's ’s approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services Services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services Services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity BCDR Plan shall set out the Business Continuity Plan and the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer Authority expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan BCDR shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS Disaster Recovery ‑ Principles and Contents The BCDR Plan shall set out the Disaster Recovery Plan shall be designed so as and how the Supplier will use its reasonable endeavours to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer Authority supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery BCDR Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up back‑up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8schedule; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or and Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or and Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or and Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or and Services; set out the goods and/or services and Services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services and Services and steps, the “Business Continuity Goods and/or and Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or and Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or and Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or and Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer Purchaser expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier Service Provider upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels Levels, if applicable, in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier Service Provider ensures continuity of the business operations of the Customer Purchaser supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier Service Provider in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the SupplierService Provider's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware hardware/software configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service Services recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] ; any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the applicable Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier Service Provider shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier Service Provider in relation to its obligations pursuant to this Schedule 8Schedule; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer Authority expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or goods, services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels KPIs and/or service levels under any relevant Call Off Agreement with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels KPIs and/or service levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer Authority supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] ; any applicable Service Levels KPIs and/or service levels under any relevant Call Off Agreement with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels KPIs and/or service levels under any relevant Call Off Agreement in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8Schedule; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services Services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services Services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity PlanNot Used; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery PlanNot used; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services Services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or goods, services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] ; any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8Schedule; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's Suppliers approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] ; any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services Services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or such, services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8Schedule; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services Services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's Suppliers approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] ; any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer Purchaser expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier Service Provider upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the applicable Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier Service Provider ensures continuity of the business operations of the Customer Purchaser supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier Service Provider in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the SupplierService Provider's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware hardware/software configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service Services recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] ; any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the applicable Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier Service Provider shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier Service Provider in relation to its obligations pursuant to this Schedule 8Schedule; and testing and management arrangements.

BUSINESS CONTINUITY PLAN - PRINCIPLES AND CONTENTS. The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the provision of Goods and/or Services remain supported and to ensure continuity of the business operations supported by the Services including, unless the Customer expressly states otherwise in writing: the alternative processes (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the provision of Goods and/or Services; and the steps to be taken by the Supplier upon resumption of the provision of Goods and/or Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall: address the various possible levels of failures of or disruptions to the provision of Goods and/or Services; set out the goods and/or services to be provided and the steps to be taken to remedy the different levels of failures of and disruption to the Goods and/or Services (such goods and/or services and steps, the “Business Continuity Goods and/or Services”); specify any applicable Service Levels with respect to the provision of the Business Continuity Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Business Continuity Plan; and clearly set out the conditions and/or circumstances under which the Business Continuity Plan is invoked. DISASTER RECOVERY PLAN - PRINCIPLES AND CONTENTS The Disaster Recovery Plan shall be designed so as to ensure that upon the occurrence of a Disaster the Supplier ensures continuity of the business operations of the Customer supported by the Services following any Disaster or during any period of service failure or disruption with, as far as reasonably possible, minimal adverse impact. The Disaster Recovery Plan shall be invoked only upon the occurrence of a Disaster. The Disaster Recovery Plan shall include the following: the technical design and build specification of the Disaster Recovery System; details of the procedures and processes to be put in place by the Supplier in relation to the Disaster Recovery System and the provision of the Disaster Recovery Services and any testing of the same including but not limited to the following: [data centre and disaster recovery site audits; backup methodology and details of the Supplier's approach to data back-up and data verification; identification of all potential disaster scenarios; risk analysis; documentation of processes and procedures; hardware configuration details; network planning including details of all relevant data networks and communication links; invocation rules; Service recovery procedures; and steps to be taken upon resumption of the provision of Goods and/or Services to address any prevailing effect of the failure or disruption of the provision of Goods and/or Services;] ; any applicable Service Levels with respect to the provision of the Disaster Recovery Services and details of any agreed relaxation to the Service Levels in respect of the provision of other Goods and/or Services during any period of invocation of the Disaster Recovery Plan; details of how the Supplier shall ensure compliance with security standards ensuring that compliance is maintained for any period during which the Disaster Recovery Plan is invoked; access controls to any disaster recovery sites used by the Supplier in relation to its obligations pursuant to this Schedule 8; and testing and management arrangements.