.
This commit is contained in:
@@ -366,99 +366,211 @@ The Company hereby designates the following series as exclusive internal shared
|
||||
1. **Primary Provider Obligation**: All series shall utilize the designated internal service providers as their exclusive service solution providers for the services described in Section 3.1.1, subject to the following conditions:
|
||||
|
||||
a. **Performance Standards**: Internal service providers must meet or exceed the service level agreements (SLAs) established by the Technology Oversight Committee, which shall:
|
||||
|
||||
i. Be documented in writing and incorporated by reference into this Agreement;
|
||||
|
||||
ii. Include specific, measurable performance metrics for each service category;
|
||||
|
||||
iii. Establish response time requirements for various service priorities;
|
||||
iv. Define availability requirements for critical systems; and
|
||||
v. Be reviewed and updated at least annually.
|
||||
|
||||
iv. Define availability requirements for critical systems;
|
||||
|
||||
v. Include remediation timelines for service disruptions;
|
||||
|
||||
vi. Specify reporting requirements and cadence; and
|
||||
|
||||
vii. Be reviewed and updated at least annually.
|
||||
|
||||
b. **Competitive Pricing**: Internal service providers must offer services at pricing comparable to market rates for equivalent services, as verified by:
|
||||
|
||||
i. Annual independent third-party audit;
|
||||
ii. Benchmark comparison against at least three comparable external providers; and
|
||||
iii. Transparent cost-accounting as described in Section 4.6.5.
|
||||
|
||||
ii. Benchmark comparison against at least three comparable external providers;
|
||||
|
||||
iii. Transparent cost-accounting as described in Section 4.6.5; and
|
||||
|
||||
iv. Quarterly pricing reviews by the Audit and Finance Committee.
|
||||
|
||||
2. **Enforcement Mechanism**: The Company Committee shall be responsible for enforcing the mandatory use requirement and shall:
|
||||
|
||||
a. Conduct quarterly compliance reviews;
|
||||
b. Promptly investigate any reported violations; and
|
||||
c. Recommend appropriate remedial actions to the Board.
|
||||
|
||||
b. Promptly investigate any reported violations;
|
||||
|
||||
c. Issue formal findings within 30 days of any compliance investigation; and
|
||||
|
||||
d. Recommend appropriate remedial actions to the Board.
|
||||
|
||||
#### 3.1.3 - Service Provider Failure Remedies
|
||||
|
||||
1. **Failure Determination**: An internal service provider shall be deemed to have failed if it:
|
||||
a. Fails to meet established performance standards for two consecutive quarters as documented by the Technology Oversight Committee; or
|
||||
b. Experiences a catastrophic service disruption lasting more than 48 hours.
|
||||
|
||||
a. Fails to meet established performance standards for two consecutive quarters as documented by the Technology Oversight Committee;
|
||||
|
||||
b. Experiences a catastrophic service disruption lasting more than 48 hours;
|
||||
|
||||
c. Commits a material breach of its SLA obligations that remains uncured for 30 days after written notice; or
|
||||
|
||||
d. Receives substantiated service quality complaints from more than 50% of its series customers within any six-month period.
|
||||
|
||||
2. **Temporary External Provider Authorization**:
|
||||
|
||||
a. Upon a determination of failure, the affected series may petition the Technology Oversight Committee for a temporary waiver to use external providers.
|
||||
|
||||
b. The petition must:
|
||||
|
||||
i. Identify the specific services affected;
|
||||
|
||||
ii. Document the performance failures;
|
||||
iii. Propose specific external providers; and
|
||||
iv. Include a plan for transitioning back to the internal provider.
|
||||
|
||||
iii. Propose specific external providers;
|
||||
|
||||
iv. Include a transition implementation plan; and
|
||||
|
||||
v. Include a plan for transitioning back to the internal provider.
|
||||
|
||||
c. The Technology Oversight Committee must respond to such petitions within 30 calendar days.
|
||||
|
||||
d. If approved, waivers shall:
|
||||
|
||||
i. Be granted for a specific scope of services;
|
||||
|
||||
ii. Have a defined duration not to exceed 180 days;
|
||||
iii. Include monitoring requirements; and
|
||||
iv. Establish criteria for return to the internal provider.
|
||||
|
||||
iii. Include monitoring requirements;
|
||||
|
||||
iv. Require monthly status reporting; and
|
||||
|
||||
v. Establish criteria for return to the internal provider.
|
||||
|
||||
3. **Remediation Requirements**: During any waiver period, the failed internal service provider must:
|
||||
a. Develop and implement a remediation plan approved by the Technology Oversight Committee;
|
||||
|
||||
a. Develop and implement a remediation plan approved by the Technology Oversight Committee within 15 days of waiver approval;
|
||||
|
||||
b. Provide biweekly progress reports to the Technology Oversight Committee;
|
||||
c. Demonstrate compliance with performance standards for at least 60 consecutive days before the waiver expires; and
|
||||
d. Submit to enhanced monitoring for 180 days following the expiration of any waiver.
|
||||
|
||||
c. Demonstrate compliance with performance standards for at least 60 consecutive days before the waiver expires;
|
||||
|
||||
d. Submit to enhanced monitoring for 180 days following the expiration of any waiver; and
|
||||
|
||||
e. Implement preventative measures to avoid recurrence of the failure conditions.
|
||||
|
||||
#### 3.1.4 - Innovation Exception Process
|
||||
|
||||
1. **Innovation Exception Criteria**: Series may request permission to utilize specialized external services not offered by internal providers when:
|
||||
|
||||
a. The service represents a significant competitive advantage that would materially enhance the requesting series’ business operations;
|
||||
b. The internal service provider has confirmed in writing that it cannot reasonably develop equivalent capabilities within 90 days; and
|
||||
c. The requesting series has conducted and documented a thorough evaluation of alternatives.
|
||||
|
||||
b. The internal service provider has confirmed in writing that it cannot reasonably develop equivalent capabilities within 90 days;
|
||||
|
||||
c. The requesting series has conducted and documented a thorough evaluation of alternatives;
|
||||
|
||||
d. The external solution complies with all Company security and compliance requirements; and
|
||||
|
||||
e. Implementation of the external solution will not compromise system integration or data security.
|
||||
|
||||
2. **Exception Request Process**:
|
||||
|
||||
a. Requests must be submitted in writing to the Technology Oversight Committee;
|
||||
|
||||
b. Requests must include:
|
||||
|
||||
i. Detailed description of the required service;
|
||||
|
||||
ii. Documentation of business necessity;
|
||||
|
||||
iii. Analysis of competitive advantage;
|
||||
iv. Proposed external provider information;
|
||||
v. Security and compliance assessment; and
|
||||
vi. Implementation timeline.
|
||||
|
||||
iv. Proposed external provider information including due diligence materials;
|
||||
|
||||
v. Security and compliance assessment;
|
||||
|
||||
vi. Data integration and protection plan;
|
||||
|
||||
vii. Implementation timeline; and
|
||||
|
||||
viii. Cost-benefit analysis comparing the external solution to internal alternatives.
|
||||
|
||||
c. The Technology Oversight Committee must respond within 45 days.
|
||||
|
||||
d. The Technology Oversight Committee must provide written justification for any denial.
|
||||
|
||||
3. **Exception Implementation**:
|
||||
|
||||
a. Approved exceptions shall be documented in the series’ electronic records;
|
||||
|
||||
b. The Technology Oversight Committee shall conduct quarterly reviews of all approved exceptions;
|
||||
c. Exceptions shall expire after 12 months unless renewed through the same process; and
|
||||
d. The Technology Oversight Committee shall maintain a catalog of all approved exceptions.
|
||||
|
||||
c. Exceptions shall expire after 12 months unless renewed through the same process;
|
||||
|
||||
d. The Technology Oversight Committee shall maintain a catalog of all approved exceptions; and
|
||||
|
||||
e. Internal service providers shall develop plans to incorporate frequently requested exceptions into their standard service offerings.
|
||||
|
||||
#### 3.1.5 - Service Division Operations
|
||||
|
||||
1. **Operational Requirements**: Each service division shall:
|
||||
|
||||
a. Operate as a cost center pursuant to Section 4.6.5;
|
||||
|
||||
b. Maintain transparent cost accounting with quarterly reporting to all series;
|
||||
|
||||
c. Be subject to Board oversight through appropriate committees;
|
||||
|
||||
d. Select and manage external vendors as needed following procurement guidelines established by the Board;
|
||||
|
||||
e. Develop and maintain appropriate service standards and SLAs;
|
||||
|
||||
f. Conduct annual customer satisfaction surveys among series;
|
||||
g. Implement continuous improvement processes with measurable objectives; and
|
||||
h. Maintain appropriate cybersecurity and compliance certifications.
|
||||
|
||||
g. Implement continuous improvement processes with measurable objectives;
|
||||
|
||||
h. Maintain appropriate cybersecurity and compliance certifications;
|
||||
|
||||
i. Establish disaster recovery and business continuity plans;
|
||||
|
||||
j. Conduct quarterly technology and service reviews; and
|
||||
|
||||
k. Provide monthly service performance metrics to all series.
|
||||
|
||||
2. **Board Oversight Responsibilities**: The Board of Directors, through its committees, shall establish and oversee:
|
||||
|
||||
a. Performance metrics and reporting requirements;
|
||||
|
||||
b. Service level frameworks;
|
||||
|
||||
c. Cost allocation methodologies;
|
||||
|
||||
d. Technology and service strategies;
|
||||
|
||||
e. Vendor selection criteria;
|
||||
|
||||
f. Quality control measures;
|
||||
g. Dispute resolution procedures for service conflicts; and
|
||||
h. Other operational parameters as needed.
|
||||
|
||||
g. Dispute resolution procedures for service conflicts;
|
||||
|
||||
h. Compliance standards and monitoring;
|
||||
|
||||
i. Cybersecurity requirements and testing; and
|
||||
|
||||
j. Other operational parameters as needed.
|
||||
|
||||
3. **Service Roadmap Requirements**: Each service provider shall:
|
||||
|
||||
a. Maintain a three-year service development roadmap;
|
||||
|
||||
b. Conduct quarterly roadmap reviews with all series;
|
||||
c. Incorporate series feedback into roadmap updates; and
|
||||
d. Align roadmap priorities with overall TSYS Group strategic objectives.
|
||||
|
||||
c. Incorporate series feedback into roadmap updates;
|
||||
|
||||
d. Align roadmap priorities with overall TSYS Group strategic objectives;
|
||||
|
||||
e. Include specific technology innovation initiatives;
|
||||
|
||||
f. Establish clear timelines for major service enhancements; and
|
||||
|
||||
g. Document resource allocation for strategic initiatives.
|
||||
|
||||
|
||||
### Section 3.2 - Electronic Records Requirement
|
||||
|
||||
|
||||
Reference in New Issue
Block a user