Common use of GENERAL PRINCIPLES AND REQUIREMENTS Clause in Contracts

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]; contain an obligation upon the Contractor to liaise with the Authority and (at the Authority's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority and any of its other Related Service Providers as notified to the Contractor by the Authority from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service Provider; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor (and any Sub-Contractors) and for the Authority; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority as notified by the Authority from time to time to inform decisions in support of the Authority’s business continuity plans.] The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority is minimal as far as reasonably possible; it complies with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invoked.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSupplier; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Customer as notified by the Authority Customer from time to time to inform decisions in support of the AuthorityCustomer’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority Customer is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Charges Contract Price to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Service Provider to liaise with the Authority Authority, Contracting Bodies and (at the Authority's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority and any of its other Related Service Providers as notified to the Contractor Service Provider by the Authority from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] ; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderProvider ; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Service Provider (and any Sub-Contractors) and for the Authority); identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss is minimised and to preserve data integrity; identify the responsibilities (if any) that the Authority has agreed it that it, or Contracting Bodies, will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority and Contracting Bodies as notified by the Authority and Contracting Bodies from time to time to inform decisions in support of the AuthorityAuthority and Customer’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the this Agreement and any Call-Off Agreements at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority and Contracting Bodies is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Service Provider shall not be entitled to any relief from its obligations under the KPIS or Service Levels or to any increase in the Charges Framework Prices or charges payable under any Call-Off Agreement to the extent that a Disaster occurs as a consequence of any breach by the Contractor Service Provider of this Agreement or the relevant Call-Off Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invoked.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSupplier; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ [insert %] of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority as notified by the Authority from time to time to inform decisions in support of the Authority’s business continuity plans.] The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority is minimal as far as reasonably possible; it complies with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invoked.;

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefromthere from; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSupplier; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ [insert %] of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority as notified by the Authority from time to time to inform decisions in support of the Authority’s business continuity plans.] The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority is minimal as far as reasonably possible; it complies with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invoked.;

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority and Customer, any of its other Related Service Providers Providers, or HM Government security requirements in relation to data as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service Provider; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractorscontractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of that data loss is in accordance with the levels set out at 2.9 of the Order Form and to preserve data integrity; identify the responsibilities (if any) that the Authority Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Customer as notified by the Authority Customer from time to time to inform decisions in support of the AuthorityCustomer’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority Customer is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident Incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mailemail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSupplier; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ [insert %] of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority as notified by the Authority from time to time to inform decisions in support of the Authority’s business continuity plans.] The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority is minimal as far as reasonably possible; it complies with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invoked.;

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Contracting Body and (at the AuthorityContracting Body's request) any Related Service Provider Suppliers with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Contracting Body and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Contracting Body from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Contracting Body; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSuppliers; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractorscontractors) and for the AuthorityContracting Body; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority Contracting Body has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Contracting Body as notified by the Authority Contracting Body from time to time to inform decisions in support of the AuthorityContracting Body’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority Contracting Body is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Charges Contract Price to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service Provider; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractorscontractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.] identify the responsibilities (if any) that the Authority Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Customer as notified by the Authority Customer from time to time to inform decisions in support of the AuthorityCustomer’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority Customer is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service Provider; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractorscontractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Customer as notified by the Authority Customer from time to time to inform decisions in support of the AuthorityCustomer’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority Customer is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]any Other Supplier; contain an obligation upon the Contractor Supplier to liaise with the Authority and (at the Authority's request) any Related Service Provider Other Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority and any of its other Related Service Providers Other Suppliers in each case as notified to the Contractor Supplier by the Authority from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels multi‑channels (including but without limitation a web-site web‑site (with FAQs), e-mail, phone and faxphone) for both portable and desk top configurations, where required by the Authority;] ; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service Providerany Other Supplier; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-ContractorsSub‑contractors) and for the Authority; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] the accepted amount of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority as notified by the Authority from time to time to inform decisions in support of the Authority’s 's business continuity plans.] The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority is minimal as far as reasonably possible; it complies with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels Performance Indicators or to any increase in the Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invoked.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSupplier; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) methods of recovering or updating data collected (or which ought to have been collected) during a ), within 24 hours of the failure or disruption disruption, such to ensure that there is preservation of data integrity and to restrict loss of data created no more than [ ] of data loss and to preserve data integritytwenty four (24) hours before the failure or disruption; identify the responsibilities (if any) that the Authority Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Customer as notified by the Authority Customer from time to time to inform decisions in support of the AuthorityCustomer’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority Customer is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSupplier; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ [insert %] of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Customer as notified by the Authority Customer from time to time to inform decisions in support of the AuthorityCustomer’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority Customer is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [Goods and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident Incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mailemail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Goods and Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Goods and Services with the goods and services provided by a Related Service ProviderSupplier; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ [insert %] of data loss and to preserve data integrity; [Guidance Note: Consider what an acceptable percentage of data loss would be and insert above.] identify the responsibilities (if any) that the Authority Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Customer as notified by the Authority Customer from time to time to inform decisions in support of the Authority’s Customer's business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Goods and Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failureGoods and Services Failure, or disruption on the operations of the Authority Customer is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Goods and Services or to the business processes facilitated by and the business operations supported by the Goods and Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]; contain an obligation upon the Contractor to liaise with the Authority and (at the Authority's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority and any of its other Related Service Providers as notified to the Contractor by the Authority from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service Provider; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor (and any Sub-Contractors) and for the Authority; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority as notified by the Authority from time to time to inform decisions in support of the Authority’s business continuity plans.] The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority is minimal as far as reasonably possible; it complies with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invoked.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: [set out how the its business continuity and disaster recovery elements of the Plan link to each other]; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSupplier ; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractorscontractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.] identify the responsibilities (if any) that the Authority Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Customer as notified by the Authority Customer from time to time to inform decisions in support of the AuthorityCustomer’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority Customer is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Contracting Body and (at the AuthorityContracting Body's request) any Related Service Provider Suppliers with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Contracting Body and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Contracting Body from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Contracting Body; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefromthere from; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSuppliers; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractorscontractors) and for the AuthorityContracting Body; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.] identify the responsibilities (if any) that the Authority Contracting Body has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Contracting Body as notified by the Authority Contracting Body from time to time to inform decisions in support of the AuthorityContracting Body’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority Contracting Body is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Charges Contract Price to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Contracting Body and (at the AuthorityContracting Body's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Contracting Body and any of its the Contracting Body’s other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Contracting Body from time to time; contain a communication strategy including details of an incident Incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation limitation, via a web-site (with FAQs), e-mailemail, phone and fax) for both portable and desk top desktop configurations, where required by the Authority;] Contracting Body; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services Services provided by a Related Service ProviderSupplier; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractors) and for the AuthorityContracting Body; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority Contracting Body has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Contracting Body as notified by the Authority Contracting Body from time to time to inform decisions in support of the Authority’s Contracting Body's business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failureServices Failure, or disruption on the operations of the Authority Contracting Body is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the business continuity and disaster recovery elements of the BCDR Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [Ordered IT Products and any services provided to the Authority CUSTOMER by a Related Service Provider]; contain an obligation upon the Contractor CONTRACTOR to liaise with the Authority CUSTOMER and (at the AuthorityCUSTOMER's request) any Related Service Provider with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority CUSTOMER and any of its other Related Service Providers as notified to the Contractor CONTRACTOR by the Authority CUSTOMER from time to time; contain a communication strategy including details of an incident and problem management service [*** and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] CUSTOMER ***]; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services Ordered IT Products and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services Ordered IT Products with the services provided by a Related Service Provider; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor CONTRACTOR (and any Sub-Contractors) and for the AuthorityCUSTOMER; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ [*** insert % ***] of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority CUSTOMER has agreed it will assume in the event of the invocation of the BCDR Plan; and [*** provide for the provision of technical advice and assistance to key contacts at the Authority CUSTOMER as notified by the Authority CUSTOMER from time to time to inform decisions in support of the AuthorityCUSTOMER’s business continuity plans.. ***] The BCDR Plan shall be designed so as to ensure that: the Services Ordered IT Products are provided in accordance with the Agreement this Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority CUSTOMER is minimal as far as reasonably possible; it complies with the relevant provisions of ISO/IEC17799:2000ISO 27002:2005, BS15000 ISO 20000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services Ordered IT Products or to the business processes facilitated by and the business operations supported by the ServicesOrdered IT Products. The Contractor CONTRACTOR shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor CONTRACTOR of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSupplier ; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractorscontractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] of data loss and to preserve data integrity; [Guidance: Consider what an acceptable percentage of data loss would be and insert above.] identify the responsibilities (if any) that the Authority Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Customer as notified by the Authority Customer from time to time to inform decisions in support of the AuthorityCustomer’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority Customer is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Plan shall: set out how the its business continuity and disaster recovery elements of the Plan link to each other; provide details of how the invocation of any element of the BCDR Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]Services; contain an obligation upon the Contractor Supplier to liaise with the Authority Customer and (at the AuthorityCustomer's request) any Related Service Provider Supplier with respect to issues concerning business continuity and disaster recovery where applicable; detail how the BCDR Plan links and interoperates with any overarching and/or connected disaster recovery or business continuity plan of the Authority Customer and any of its other Related Service Providers Suppliers as notified to the Contractor Supplier by the Authority Customer from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] Customer; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefromthere from; identification of risks arising from the interaction of the Services with the services provided by a Related Service ProviderSupplier; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractors) and for the AuthorityCustomer; identify the procedures for reverting to "normal service"; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] 0 % of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority Customer has agreed it will assume in the event of the invocation of the BCDR Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority Customer as notified by the Authority Customer from time to time to inform decisions in support of the AuthorityCustomer’s business continuity plans.] . The BCDR Plan shall be designed so as to ensure that: the Services are provided in accordance with the Agreement Contract at all times during and after the invocation of the BCDR Plan; the adverse impact of any Disaster, service failure, or disruption on the operations of the Authority Customer is minimal as far as reasonably possible; it complies aligns with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Plan. The BCDR Plan must be upgradeable and sufficiently flexible to support any changes to the Services or to the business processes facilitated by and the business operations supported by the Services. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels or to any increase in the Contract Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invokedContract.

GENERAL PRINCIPLES AND REQUIREMENTS. The BCDR Part A of the Service Continuity Plan shall: set out how the business continuity and continuity, disaster recovery and insolvency continuity elements of the Plan plan link to each other; provide details of how the invocation of any element of the BCDR Service Continuity Plan may impact upon the operation of the Services [and any services provided to the Authority by a Related Service Provider]; contain an obligation upon the Contractor Supplier to liaise with the Authority and (at the Authority's request) any Related Service Provider with respect to issues concerning business continuity and continuity, disaster recovery and insolvency continuity where applicable; detail how the BCDR Service Continuity Plan links and interoperates with any overarching and/or connected disaster recovery or recovery, business continuity and/or insolvency continuity plan of the Authority and any of its other Related Service Providers in each case as notified to the Contractor Supplier by the Authority from time to time; contain a communication strategy including details of an incident and problem management service [and advice and help desk facility which can be accessed via multi-channels (including but without limitation a web-site (with FAQs), e-mail, phone and fax) for both portable and desk top configurations, where required by the Authority;] ; contain a risk analysis, including: failure or disruption scenarios and assessments and estimates of frequency of occurrence; identification of any single points of failure within the Services and processes for managing the risks arising therefrom; identification of risks arising from the interaction of the Services with the services provided by a Related Service Provider; identification of risks arising from an Insolvency Event of the Supplier, any Key Sub-contractors and/or Supplier Group member; and a business impact analysis (detailing the impact on business processes and operations) of different anticipated failures or disruptions; provide for documentation of processes, including business processes, and procedures; set out key contact details (including roles and responsibilities) for the Contractor Supplier (and any Sub-Contractorscontractors) and for the Authority; identify the procedures for reverting to "“normal service"”; set out method(s) of recovering or updating data collected (or which ought to have been collected) during a failure or disruption to ensure that there is no more than [ ] the accepted amount of data loss and to preserve data integrity; identify the responsibilities (if any) that the Authority has agreed it will assume in the event of the invocation of the BCDR Service Continuity Plan; and [provide for the provision of technical advice and assistance to key contacts at the Authority as notified by the Authority from time to time to inform decisions in support of the Authority’s business continuity plans.] . The BCDR Service Continuity Plan shall be designed so as to ensure that: the Services are provided in accordance with the this Agreement at all times during and after the invocation of the BCDR Service Continuity Plan; the adverse impact of any Disaster, ; service failure; an Insolvency Event of the Supplier, any Key Sub-contractor and/or any Supplier Group member; or disruption on the operations of the Authority Authority, is minimal as far as reasonably possible; it complies with the relevant provisions of ISO/IEC17799:2000, BS15000 (as amended) IEC 22301 and all other industry standards from time to time in force; and there is a process for the management of disaster recovery testing detailed in the BCDR Service Continuity Plan. The BCDR Service Continuity Plan must shall be upgradeable and sufficiently flexible to support any changes to the Services or Services, to the business processes facilitated by and the business operations supported by the Services, and/or changes to the Supplier Group structure. The Contractor Supplier shall not be entitled to any relief from its obligations under the Service Levels Performance Indicators or to any increase in the Charges to the extent that a Disaster occurs as a consequence of any breach by the Contractor Supplier of this Agreement. PART B - BUSINESS CONTINUITY ELEMENT - PRINCIPLES AND CONTENTS The Business Continuity Plan shall set out the arrangements that are to be invoked to ensure that the business processes and operations facilitated by the Services remain supported and to ensure continuity of the business operations supported by the Services including but not limited to and unless the Authority expressly states otherwise in writing: the alternative processes, (including business processes), options and responsibilities that may be adopted in the event of a failure in or disruption to the Services; and the steps to be taken by the Contractor upon resumption of the Services in order to address any prevailing effect of the failure or disruption including a root cause analysis of the failure or disruption. The Business Continuity Plan shall address the various possible levels of failures of or disruptions to the Services and the services to be provided and the steps to be taken to remedy to the different levels of failure and disruption. The Business Continuity Plan shall also clearly set out the conditions and/or circumstances under which the Disaster Recovery Plan is invoked.