Dated 27th April 2009

Document Sample
Dated 27th April 2009 Powered By Docstoc
					            Dated 27th April 2009




    NHS BUSINESS SERVICES AUTHORITY

                     AND

RELIANCE SECURE TASK MANAGEMENT LIMITED




         FRAMEWORK AGREEMENT

   for the provision of Lone Worker Services
                                                                        Contents

              Clause                                                                                                                                  Page

1             Definitions and Interpretation ..................................................................................................... 1
2             Scope of this Framework Agreement ......................................................................................... 2
3             Implementation Plan .................................................................................................................. 3
4             The Available Services............................................................................................................... 3
5             Standards and Regulations ........................................................................................................ 4
6             Ordering Procedures .................................................................................................................. 4
7             Charges for Services .................................................................................................................. 5
8             Representatives ......................................................................................................................... 6
9             Governance ................................................................................................................................ 6
10            Business Continuity.................................................................................................................... 6
11            Management Information ........................................................................................................... 7
12            Amendments to this Framework Agreement.............................................................................. 7
13            Marketing ................................................................................................................................... 7
14            Communications ........................................................................................................................ 7
15            Financial standing of the Supplier .............................................................................................. 8
16            Term, suspension and termination ............................................................................................. 9
17            Consequences of termination and expiry.................................................................................11
18            Force Majeure ..........................................................................................................................12
19            Warranties and representations ...............................................................................................13
20            Limitation of liability ..................................................................................................................14
21            Complaints handling.................................................................................................................16
22            Authority Data ..........................................................................................................................16
23            Data Protection ........................................................................................................................17
24            Personnel Security ...................................................................................................................19
25            Intellectual Property Rights ......................................................................................................19
26            Confidentiality ...........................................................................................................................20
27            Publicity ....................................................................................................................................22
28            Dispute resolution ....................................................................................................................22
29            Insurance .................................................................................................................................22
30            Recovery of sums due .............................................................................................................22
31            Statutory requirements .............................................................................................................22
32            Environmental requirements ....................................................................................................23
33            Discrimination ...........................................................................................................................23
34            Corrupt gifts and payments of commission ..............................................................................23
35            Granting of Trade Marks ..........................................................................................................24
36            Transfer and sub-contracting ...................................................................................................24
37            Rights of Third Parties..............................................................................................................26
38            Audit .........................................................................................................................................27
39            Freedom of information ............................................................................................................28
40            Customer satisfaction monitoring .............................................................................................29
41            Legislative change ...................................................................................................................29
42            Statutory invalidity ....................................................................................................................30
43            Severability ...............................................................................................................................30
44            Waiver ......................................................................................................................................30
45            Non-exclusivity .........................................................................................................................30
46            Law and Jurisdiction .................................................................................................................31
47            Entire agreement ......................................................................................................................31


10-404788-3
              Schedule

1             Definitions ................................................................................................................................33
2             Model Contracts .......................................................................................................................40
              Part 1 - Model Contract (Customer funded) .............................................................................40
              Part 2 - Model Contract (Authority part funded) .......................................................................42
3             The Available Services, Service Management, Minimum Service Levels and Standard
              Service Credits .........................................................................................................................44
              Part 3.1 - Service Management ...............................................................................................44
              Part 3.2 - User Training ............................................................................................................57
              Part 3.3 - Alarm Receiving Centre (ARC) ................................................................................64
              Part 3.4 - User Devices ............................................................................................................72
              Part 3.5 - Networks ..................................................................................................................77
              Part 3.6 - Account Management ..............................................................................................80
              Part 3.7 - Supplier Innovation and Continuous Improvement ..................................................83
              Part 3.8 - Invoicing Mechanism ................................................................................................84
              Part 3.9- Service Levels and Service Credits ..........................................................................87
              Part 3.10 – Service Levels and Service Credits ......................................................................90
              Part 3.11 - Operational Reporting ..........................................................................................108
4             Delays and Implementation ...................................................................................................112
              Part 1 - Delays .......................................................................................................................112
              Part 2 - Implementation Plan .................................................................................................114
5             The Maximum Charges ..........................................................................................................117
6             Ordering Procedures ..............................................................................................................128
              Part 1 – Joint Funded .............................................................................................................130
              Part 2 – Direct Funded ...........................................................................................................131
7             Management Information .......................................................................................................132
8             Agreement Change Procedure ..............................................................................................137
9             Maximum Charges Variation Procedure ................................................................................141
10            Sub-Contractors .....................................................................................................................145
11            Model Self Audit Certificate ....................................................................................................154
12            Governance ............................................................................................................................155
13            Solution ..................................................................................................................................163
14            Security Policy........................................................................................................................173
15            Marketing and Communications ............................................................................................208
16            Part 1 - Exit Assistance ..........................................................................................................214
              Part 2 – Staff Transfer ............................................................................................................216
17            Standards and Regulations ....................................................................................................226
18            Insurance Requirements ........................................................................................................229




10-404788-3
                                                                                      th
This Framework Agreement is made on                                                 27 April 2009

Between

(1)           The NHS Business Services Authority (as agent for the Department of Health) (Authority);
              and

(2)           Reliance Secure Task Management Limited (No. 2057887) whose registered office is at
              Boundary House, Cricketfield Road, Uxbridge, Middlesex UB8 1QG (Supplier).

Whereas

(A)           On 27 May 2008 the Authority placed a contract notice, reference 2008/5 101-135947 in the
              Official Journal of the European Union seeking expressions of interest from Suppliers for the
              provision of services to public sector bodies under a framework agreement;

(B)           Following the subsequent procurement process the Authority selected the Supplier to enter
              into a Framework Agreement;

(C)           The Supplier has agreed to enter into this Framework Agreement with the Authority for the
              provision of Services;

(D)           The Department of Health has designated central funds to support the provision of Services
              within the NHS. These funds may be made available to Customers for procuring Services
              under this Framework Agreement and where such funds are available the Authority shall, in
              addition to a Customer, enter into a Contract with the Supplier for the provision of Services
              but solely for the purpose of making certain payments in respect of the Services; and

(E)           This Framework Agreement provides that Customers may enter into separate Contracts with
              the Supplier by placing an Order.

It is agreed

1             Definitions and Interpretation

1.1           As used in this Framework Agreement:

              (a)     the terms and expressions set out in schedule 1 (Definitions) shall have the meanings
                      set out therein;

              (b)     the masculine includes the feminine and the neuter;

              (c)     the singular includes the plural and vice versa; and

              (d)     the words "include", "include"; and "including" are to be construed as if they were
                      immediately followed by the words "without limitation".

1.2           A reference to any statute, enactment, order, regulation or other similar instrument shall be
              construed as a reference to the statute, enactment, order, regulation or instrument as
              amended by any subsequent statute, enactment, order, regulation or instrument or as
              contained in any subsequent re-enactment thereof.

1.3           A reference to any document other than as specified in clause 1.2 shall be construed as a
              reference to the document as at the date of execution of this Framework Agreement.




10-404788-3                                             1
1.4           Headings are included in this Framework Agreement for ease of reference only and shall not
              affect the interpretation or construction of this Framework Agreement.

1.5           References to "clauses" and "schedules" other than in schedule 2 (Model Contract) are,
              unless otherwise provided or the context so necessitates, references to the clauses of and
              schedules to this Framework Agreement. References to "paragraphs" are, unless otherwise
              provided, references to paragraphs of the schedule in which the references are made.

1.6           References to "clauses" and "schedules" in schedule 2 (Model Contract) are, unless
              otherwise provided or the context so necessitates, references to the clauses of and schedules
              to the Contract and references in schedule 2 (Model Contract) to "paragraphs" are, unless
              otherwise provided, references to paragraphs of the schedule to the Contract in which the
              references are made.

1.7           Terms or expressions contained in this Framework Agreement or a Contract which are
              capitalised but which do not have an interpretation in schedule 1 (Definitions) or schedule 2
              (Model Contract) as appropriate shall be interpreted in accordance with the common
              interpretation within the mobile communications industry where appropriate. Otherwise they
              shall be interpreted in accordance with the dictionary meaning.

1.8           The use of "[]" in schedule 2 (Model Contract) indicates where information shall be inserted
              by the Supplier or Customer for each Contract. Such information shall be obtained from the
              Catalogue and the relevant Order.

1.9           In the event and to the extent only of any conflict between the clauses together with schedule
              1 (Definitions) and the remainder of the schedules, the clauses together with schedule 1
              (Definitions) shall prevail over the remainder of the schedules. The remainder of the
              schedules (other than the Catalogue and schedule 13 (Solution)) shall, in turn prevail over the
              Catalogue and schedule 13 (Solution). In the event of any conflict between the Catalogue and
              schedule 13 (Solution) the Catalogue shall prevail.

2             Scope of this Framework Agreement

2.1           This Framework Agreement governs the overall relationship of the Authority with the Supplier
              with respect to the provision of the Services to Customers. The Customers are entitled (but
              not required) at any time during the Term to order Services from the Catalogue in accordance
              with the Ordering Procedure. The Supplier shall provide to that Customer such Services in
              accordance with all applicable provisions of the relevant Contract.

2.2           The Supplier hereby acknowledges that:

              (a)     all obligations entered into under a Contract, and the liabilities incurred by the
                      Supplier, are given, entered into, or incurred in favour of and for the benefit of each
                      Customer;

              (b)     each Contract forms a separate agreement between the Customer and the Supplier
                      in respect of the Services ordered under it; and

              (c)     with respect to each Contract, the Authority does not give any warranties or
                      indemnities, and does not accept any liability or responsibility under this Framework
                      Agreement for any obligation, debt or liability of or incurred by a Customer under a
                      Contract.




10-404788-3                                             2
2.3           The Supplier shall not commit any act, nor forbear to commit any act, that shall compromise a
              Customer's compliance with the Guidance Notes.

2.4           Any Contract entered into under this Framework Agreement shall commence on the date of
              the execution of that Contract and shall expire no later than five (5) years after such
              execution.

2.5           The Supplier shall not enter into a contract with a Health Service Body for the provision of
              services in the nature of the Available Services, other than in the form of the Model Contract.

3             Implementation Plan

              The Supplier shall implement the Solution in accordance with the Implementation Plan and
              schedule 4 (Delays) and maintain the Solution to enable provision of the Services throughout
              the Term.

4             The Available Services

4.1           Each of the services specified in schedule 3 (Services) shall be made available to Customers
              and Potential Customers and shall be listed as a Catalogue Entry in the Catalogue. When a
              specific Available Service is the subject of an Order by a Customer, it will be referred to in the
              ensuing Contract as an Ordered Service.

4.2           The Supplier shall maintain the organisational and technical ability and capacity to provide the
              Available Services in accordance with this Framework Agreement as the Available Services
              are required from time to time by Customers.

4.3           The Supplier shall enter into a Contract on the terms and conditions prescribed in the relevant
              Model Contract with each Customer that places an Order in accordance with the provisions of
              this Framework Agreement.

4.4           The Supplier shall maintain and keep up to date the Catalogue throughout the Term. Any
              amendment to the Catalogue, other than an amendment to the specification of each
              Catalogue Entry and its relevant Charges, shall be subject to the Agreement Change
              Procedures.

4.5           The Supplier shall, no less than once in every 6 months, carry out a review of:

              (a)     the Available Services;

              (b)     the Solution; and

              (c)     new lone worker devices (New Devices),

              taking account of technological and operational developments and advancements in the
              delivery of services similar to the Services.

4.6           If following a review pursuant to clause 4.5, the Supplier identifies changes to the Available
              Services that could improve the Services then the Supplier shall provide a written report of its
              findings to the Authority within 14 days of such review. Any potential changes or New Devices
              agreed to be considered by the Authority and the Supplier, will be subject to testing by the
              Supplier, at the Supplier's cost, and the Supplier shall submit its findings to the Authority for
              consideration in a written report. Following such consideration, if the Authority wishes to make
              the change or add the New Devices to the Catalogue, the Supplier shall propose such change
              through the Agreement Change Procedures.


10-404788-3                                               3
4.7           The Supplier hereby licenses the Authority for the Term on a royalty-free basis to use, copy
              and publish (electronically and in hard copy formats) the descriptions of the Catalogue Entries
              provided by the Supplier. All Intellectual Property Rights of the Supplier (or its Sub-
              Contractors) in such descriptions (except insofar as such descriptions derive from material
              provided by the Authority) shall remain with the Supplier (or its Sub-Contractors).

4.8           The Supplier shall comply with its obligations in schedule 3 (Services) regarding the recording
              of and provision of information relating to Red Alerts and Amber Alerts.

5             Standards and Regulations

5.1           The Supplier shall provide the Services and meet its responsibilities and obligations
              hereunder in accordance with the Standards and Regulations as set out in schedule 17
              (Standards and Regulations).

5.2           The Supplier shall indemnify, defend and hold harmless the Authority from any fine awarded
              against the Authority by the Regulatory Bodies or any payment required by the Regulatory
              Bodies to be made to any third parties to the extent arising as a result of a breach of contract
              or negligent act or omissions of the Supplier.

6             Ordering Procedures

6.1           Each Customer shall be entitled at any time during the Term to place an order for Services
              from the Supplier by serving an Order in accordance with the Ordering Procedures. Each
              Order will specify which of the Model Contracts the Customer requires the Services to be
              provided under, which shall be dependent upon whether the Authority will provide funding for
              the Services.

6.2           Each Order shall contain the information listed in paragraph 3 of schedule 6 (Ordering
              Procedure).

6.3           The Authority and the Supplier agree that any document or communication, including a
              document or communication in the apparent form of an Order, which:

              (a)     does not contain all of the information listed in paragraph 3 of schedule 6 (Ordering
                      Procedure); and/or

              (b)     purports to exclude or vary any of the terms and conditions of the Model Contract,
                      other than in accordance with the provisions of schedule 6 (Ordering Procedure),

              shall not constitute an Order under this Framework Agreement.

6.4           The Supplier shall, within two (2) Working Days of receipt of an Order; either:

              (a)     acknowledge in writing (which, for the purposes of this clause 6.4(a), shall include
                      email) receipt of that Order to the Customer (with a copy to the Authority) and state
                      that it is unable to fulfil the Order; or

              (b)     acknowledge in writing (which, for the purposes of this clause 6.4(b), shall include
                      email) receipt of that Order to the Customer (with a copy to the Authority) and state its
                      acceptance of that Order.

6.5           In the event that the Supplier accepts the Order in accordance with the provisions of
              clause 6.4(b), the Supplier shall:



10-404788-3                                              4
              (a)     simultaneously with that acceptance notify the Customer of the proposed dates for
                      commencement of the Ordered Services; and

              (b)     following confirmation of the proposed dates for commencement, send the Order duly
                      countersigned by an authorised officer of the Supplier to the Customer (with a copy to
                      the Authority).

6.6           If the Supplier wishes to query any matter in relation to an Order served on it by a Customer,
              the Supplier shall raise the matter with the relevant Customer as soon as practicable and in
              any event within two (2) Working Days of receipt of that Order. The Supplier shall agree the
              Order with the Customer as soon as possible thereafter and in any event no later than the
              Service Commencement Date.

6.7           Subject to clause 6.8, a binding agreement for the provision of the Ordered Services shall be
              formed on the Customer's receipt of the countersigned Order pursuant to clause 6.5(b).

6.8           In respect of any Contract to which the Authority is a party, a binding agreement for the
              provision of the Ordered Services shall not be formed until the Authority has signed the
              Contract, in accordance with schedule 6 (Ordering Procedure).

7             Charges for Services

7.1           Charges

              (a)     The Charges applicable for each Service shall be as set out in schedule 5 (Charges)
                      to each Contract.

              (b)     The Supplier agrees not to levy any Charges under any Contract that are in excess of
                      the Maximum Charges from time to time.

              (c)     The Maximum Charges shall be varied in accordance with the provisions of schedule
                      9 (Charges Variation Procedure).

              (d)     The Supplier may lower any or all of the Charges applicable to the Supplier's
                      Catalogue Entries from time to time by giving 20 Working Days' notice to the
                      Authority, but may at no time ask to have advertised in the Catalogue any Charges
                      that are in excess of the Maximum Charges from time to time.

7.2           Benchmarking

              (a)     The Authority may benchmark the Charges advertised in the Catalogue and/or the
                      Maximum Charges at any time during the Term in order to compare such Charges
                      with charges offered by third parties and by the Supplier to other customers.

              (b)     The Authority shall be entitled to use any model to determine the achievement of
                      value for money to carry out the benchmarking evaluation referred to in clause 7.2(a).

              (c)     The Authority shall be entitled to publish the results of any benchmarking of the
                      Charges to Customers and Potential Customers.

              (d)     The Supplier shall use all reasonable endeavours and act in good faith to supply
                      information required by the Authority in order to undertake the benchmarking referred
                      to in this clause 7.2, such information requirements to be at the discretion of the
                      Authority.



10-404788-3                                             5
8             Representatives

8.1           Each party shall notify the other in accordance with clause 14 (Communications) of the
              persons appointed by it from time to time to fulfil the roles identified in schedule 12
              (Governance). These shall be known as the Authority Representatives and the Supplier
              Representatives (as appropriate) and they shall have the authority to act on behalf of their
              respective party on the matters set out in, or in connection with, this Framework Agreement.
              Either party may, by further written notice to the other party, revoke or amend the authority of
              its Representative or appoint a new Representative.

8.2           The respective Representatives shall be sufficiently senior within the organisation of the
              appointing party, and granted sufficient authority by that party, to ensure full cooperation in
              relation to the operation and the management of this Framework Agreement.

8.3           The Supplier shall ensure that the role of the Supplier Representatives are not vacant for any
              longer than 10 Working Days and that any replacements shall be appropriately qualified and
              experienced and fully competent to carry out the tasks assigned to the Supplier
              Representative whom he or she has replaced.

9             Governance

              The Supplier and the Authority shall comply with their respective contract management
              obligations set out in schedule 12 (Governance).

10            Business Continuity

10.1          The Supplier shall ensure that it is able to implement the Business Continuity Plan at any time
              in accordance with its terms to ensure continuity of service provision and to minimise the
              consequences of any failure in the Solution on the provision of the Services.

10.2          The Supplier shall test the Business Continuity Plan on a regular basis (and in any event not
              less than once in every 12 month period). The Authority may require the Supplier to conduct
              additional tests of the Business Continuity Plan where the Authority considers it necessary,
              including where there has been any change to the Services or any underlying business
              processes, or on the occurrence of any event which may increase the likelihood of the need
              to implement the Business Continuity Plan.

10.3          If the Authority requires an additional test of the Business Continuity Plan it shall give the
              Supplier written notice and the Supplier shall conduct the test in accordance with the
              Authority‟s requirements and the relevant provisions of the Business Continuity Plan. The
              Supplier's costs of the additional test shall be borne by the Authority unless the Business
              Continuity Plan fails the additional test in which case the Supplier's costs of that failed test
              shall be borne by the Supplier.

10.4          Following each test, the Supplier shall send to the Authority a written report summarising the
              results of the test and shall promptly implement any actions or remedial measures which the
              Authority considers to be necessary as a result of those tests.

10.5          The Supplier shall undertake regular risk assessments in relation to the provision of the
              Services not less than once every six months and shall provide the results of, and any
              recommendations in relation to, those risk assessments to the Authority promptly in writing
              following each review.




10-404788-3                                              6
11            Management Information

11.1          The Supplier shall submit Management Information to the Authority in accordance with the
              provisions of schedule 7 (Management Information), throughout the Term and thereafter in
              respect of any extant Contract.

11.2          The Supplier shall implement and maintain an Order processing system that identifies and
              records all Orders. Such system shall enable the Supplier to track all Orders and ascertain
              their status at any time and shall produce the Records specified in clause 38, Audit.

12            Amendments to this Framework Agreement

12.1          No amendment to the provisions of this Framework Agreement, other than a variation of the
              Charges pursuant to the provisions of schedule 9 (Charges Variation Procedure), shall be
              effective unless made in accordance with the Agreement Change Procedures.

12.2          The control of changes to this Framework Agreement shall be in accordance with the
              Agreement Change Procedures. For these purposes a "Change" shall include any
              amendment to this Framework Agreement and any amendments to the Catalogue. For each
              Change that is agreed by the Authority and the Supplier pursuant to this clause 12, this
              Framework Agreement or the Catalogue shall be amended to the extent necessary to give
              effect to that Change, and for this purpose the Authority and the Supplier shall use the form of
              amendment as set out in schedule 8 (Agreement Change Procedures). Unless and until such
              amendment is made in accordance with this clause 12, no Change shall be considered
              effective, and this Framework Agreement and the Catalogue shall not in any way be
              considered to have been varied.

12.3          In the event that a Change is implemented pursuant to the provisions of clause 12.2 and such
              Change is to schedule 2 (Model Contract), the Change shall be implemented in schedule 2
              (Model Contract) and the Authority and the Supplier shall agree implementation of the
              Change to extant affected Contracts as follows:

              (a)     the Change shall not be implemented in any extant Contracts; or

              (b)     the Supplier shall give each Customer that is the party to each such affected extant
                      Contract the option to implement the Change in their Contract pursuant to the
                      procedure for contract change set out in the relevant Contract.

12.4          Subject to clauses 12.2 and 12.3, no change shall be made to any extant Contract without the
              written consent of the Authority.

13            Marketing

              The Supplier shall undertake marketing of this Framework Agreement and Services to
              Potential Customers in accordance with the provisions of schedule 15 (Marketing),
              throughout the Term.

14            Communications

14.1          Except as otherwise expressly provided, no communication from one party to the other shall
              have any validity under this Framework Agreement unless made in writing (which shall, save
              as expressly provided otherwise, exclude communications by e-mail) by or on behalf of the
              party sending such communication.




10-404788-3                                              7
14.2          Any notice or other communication whatsoever which either the Authority or the Supplier is
              required or authorised by this Framework Agreement to give or make to the other shall be
              given or made by first class post in a prepaid letter, addressed to the other at the address
              specified in clause 14.3. Such notice or communication shall be deemed, for the purposes of
              this Framework Agreement, to have been given or made two (2) Working Days after dispatch
              by the sender.

14.3          For the purposes of clause 14.2 the address of each party shall be:

              For the Authority:

              Address:

              Commercial Services (Lone Worker Project)
              Lower Ground
              Bridge House
              152 Pilgrim Street
              Newcastle upon Tyne
              NE1 6SN

              For the attention of: the Lone Worker Contract Manager


              For the Supplier:

              Address:

              Reliance Secure Task Management,
              Surety House,
              Concorde Road,
              Patchway,
              Bristol, BS34 5TB

              For the attention of: the Managing Director

15            Financial standing of the Supplier

15.1          The Authority may from time to time during the Term assess the financial standing of the
              Supplier including an assessment of credit ratings as published by a credit rating agency
              appointed by the Authority. In the event that the Authority considers that the financial status
              of the Supplier represents a substantial risk to the Supplier's ability to perform its obligations
              under Contracts the Authority will discuss that risk with the Supplier.

15.2          Following such discussions, if the Authority concludes that there remains a substantial risk the
              Authority may by notice in writing suspend the right of the Supplier to accept further Orders
              without specific prior written agreement from the Authority.

15.3          In the event that the Authority takes the actions specified in clause 15.2, the Supplier may
              invite the Authority at any time to carry out a new assessment, giving evidence of changes to
              the financial standing of itself.

15.4          Where the Authority carries out a new assessment, and it concludes that there is no longer a
              substantial risk to the Supplier's ability to perform its obligations under Contracts, it shall
              advise the Supplier that the provisions of clause 15.2 no longer apply and recommence the
              publication of Services in the Catalogue.




10-404788-3                                               8
16            Term, suspension and termination

16.1          This Framework Agreement shall commence on the date hereof and, subject to clause 17.7,
              shall remain in force until the earlier of the expiry or early termination of the last Contract
              entered into pursuant to this Framework Agreement unless terminated earlier pursuant to this
              clause 16. The Supplier shall only be entitled to accept Orders or enter into any Contracts for
              a period of three (3) years, subject to an extension at the option of the Authority for a period of
              one (1) year, unless terminated earlier pursuant to this clause 16. The Authority may exercise
              the option to extend the right for the Supplier to accept Orders under this Framework
              Agreement in accordance with this clause 16.1 by serving written notice on the Supplier to
              that effect no later than 6 months before expiry of the three (3) year period.

16.2          The Authority may at any time by notice in writing suspend the right of the Supplier to accept
              further Orders for Services without specific prior written agreement from the Authority in the
              event that:

              (a)     the Supplier does not maintain its ability and capacity in respect of those Services in
                      accordance with the provisions of clause 4.2; or

              (b)     the Supplier fails to submit Management Information in respect of those Services in
                      accordance with the provisions of clause 11.1; or

              (c)     the Supplier commits any breach of any of the Contracts that would entitle the
                      Customer under that Contract to terminate that Contract (whether or not the relevant
                      Customer does terminate that Contract); or

              (d)     any of the Termination Events specified in clause 16.5 occur,

              provided that such notice shall take effect no sooner than 10 Business Days following the
              service of such notice where the events leading to such notice are those listed in clause
              16.2(a) and clause 16.2(b) and in all other circumstances such notice may have immediate
              effect.

16.3          At any time following service of a notice of suspension pursuant to clause 16.2 the Supplier
              may serve notice on the Authority providing full details of the rectification of the events giving
              rise to the suspension and steps taken by the Supplier to prevent their repeat. Following the
              giving of such notice by the Supplier the Authority shall, where it is satisfied, acting
              reasonably, that the events have been rectified and steps taken are sufficient to prevent a
              repeat of such events occurring, restore the ability of the Supplier to accept further Orders for
              Services without specific prior written agreement from the Authority.

16.4          The Authority may at any time by notice in writing terminate this Framework Agreement as
              from the date of service of such notice, or a later date specified in such notice, if any of the
              Termination Events specified in clause 16.5 occur.

16.5          Termination Events

              (a)     A Change of Control where the proposed new owner has:

                      (i)      been convicted of a criminal offence relating to the conduct of its business or
                               profession; or

                      (ii)     committed an act of grave misconduct in the course of its business or
                               profession; or



10-404788-3                                               9
                    (iii)   failed to comply with any obligations relating to the payment of any taxes or
                            social security contributions; or

                    (iv)    made any serious misrepresentations in the tendering process for any project
                            or matter in which the public sector has or had a significant participation; or

                    (v)     previously failed to obtain any licences and/or membership of any body which
                            would be necessary if it were to provide services equivalent to the Services.

              (b)   A Change of Control occurs and there are reasonable grounds for the Authority to
                    withhold its consent relating to the financial standing of the new owner, any security
                    concerns arising from the new ownership or issues relating to the provision of the
                    Services by the new owner.

              (c)   Any of the events listed in clause 16.5(a)(i) to 16.5(a)(iv) occur in relation to or in
                    respect of the Supplier itself, or if the Authority has reasonable grounds to object to
                    the Supplier arising from security concerns in respect of the Supplier.

              (d)   The Supplier:

                    (i)     being an individual, or where the Supplier is a firm, any partner or partners in
                            that firm who together are able to exercise direct or indirect control, as
                            defined by Section 416 of the Income and Corporation Taxes Act 1988, shall
                            at any time become bankrupt or shall have a receiving order or administration
                            order made against him or shall make any composition or arrangement with
                            or for the benefit of his creditors, or shall make any conveyance or
                            assignment for the benefit of his creditors, or shall purport so to do, or
                            appears unable to pay or to have no reasonable prospect of being able to
                            pay a debt within the meaning of Section 268 of the Insolvency Act 1986, or
                            any application shall be made under any bankruptcy or insolvency act for the
                            time being in force for sequestration of his estate, or a trust deed shall be
                            granted by him on behalf of his creditors, or any similar event occurs under
                            the law of any other jurisdiction; or

                    (ii)    being a company, passes a resolution, or the court makes an order that the
                            Supplier or its Parent Company be wound up otherwise than for the purpose
                            of a bona fide reconstruction or amalgamation, or a receiver, manager or
                            administrator on behalf of a creditor is appointed in respect of the business or
                            any part thereof of the Supplier or the Parent Company (or an application for
                            the appointment of an administrator is made or notice to appoint an
                            administrator is given in relation to the Supplier or the Parent Company), or
                            circumstances arise which entitle the court or a creditor to appoint a receiver,
                            manager or administrator or which entitle the court otherwise than for the
                            purpose of a bona fide reconstruction or amalgamation to make a winding-up
                            order, or the Supplier or its Parent Company is unable to pay its debts within
                            the meaning of Section 123 of the Insolvency Act 1986 (except where the
                            claim is made under Section 123(1)(a) and is for an amount of less than ten
                            thousand pounds (£10,000)) or any similar event occurs under the law of any
                            other jurisdiction.

              (e)   Where the circumstances detailed in clause 19.2 (Warranties and Representations)
                    or clause 34.2 (Corrupt Gifts and Payments of Commission) arise.




10-404788-3                                           10
              (f)     The Supplier fails to meet any Default Service Level, as set out in part 3.10 of
                      schedule 3 (Services), on three occasions within any consecutive 12 month period.

              (g)     In the event that any authorisation or licence required by the Supplier to provide the
                      Ordered Services, including any licence under the Wireless Telegraphy Act 1949 and
                      the general authorisation under the Communications Act 2003, is revoked or
                      withdrawn.

16.6          For the purposes of clause 16.5(a) the following shall be disregarded:

              (a)     any change in beneficial or legal ownership of any shares that are listed on a stock
                      exchange resulting in the relevant shareholding being less than or equal to five per
                      cent (5%) of the total issued share capital; and

              (b)     any transfer of shares or of any interest in shares by a person to its Affiliate where
                      such transfer forms part of a bona fide reorganisation or restructuring.

16.7          Without prejudice to the provisions of clause 16.2 the Authority may at any time by notice in
              writing terminate this Framework Agreement forthwith if the Supplier is in material Default of
              any obligation under this Framework Agreement and:

              (a)     the material Default is capable of remedy and the Supplier shall have failed to remedy
                      the material Default within thirty (30) Days of written notice to the Supplier specifying
                      the material Default and requiring its remedy; or

              (b)     the material Default is not capable of remedy.

16.8          The Supplier shall promptly notify the Authority in writing on each occasion of the occurrence
              of any of the events specified in clause 16.5(c).

16.9          The Authority shall only be permitted to exercise its rights pursuant to clause 16.5(c) for six
              (6) Months after service of a notice by the Supplier pursuant to clause 16.8 relative to each
              such Change of Control and shall not be permitted to exercise such rights where the Authority
              has agreed in advance in writing to the particular Change of Control and such Change of
              Control takes place as proposed.

17            Consequences of termination and expiry

17.1          Notwithstanding the service of a notice to terminate this Framework Agreement, the Supplier
              shall continue to fulfil its obligations under this Framework Agreement until the date of expiry
              or termination of this Framework Agreement or such other date as required under this clause
              17.

17.2          A termination of this Framework Agreement shall not cause any Contracts to terminate
              automatically. For the avoidance of doubt, all Contracts shall remain in force unless and until
              they are terminated or expire in accordance with their own terms.

17.3          On termination of this Framework Agreement, the Supplier shall cease to use all Authority
              Data and within ten (10) Working Days of the date of termination, the Supplier shall return to
              the Authority any data and Confidential Information belonging to the Authority in the Supplier's
              possession, power or control, either in its then current format or in a format nominated by the
              Authority, together with all training manuals and other related documentation, and any other
              information and all copies thereof owned by the Authority, save that it may keep one copy of
              any such data or information:



10-404788-3                                             11
              (a)     for a period of up to twelve (12) Months to comply with its obligations under clause
                      17.4, or such period as is necessary for such compliance; and

              (b)     for such period as is necessary to enable the Supplier to perform its obligations under
                      any Contract.

17.4          The Supplier shall comply with its obligations as set out in the Exit Plan, to manage a smooth
              transition of the provision of the Devices and Services from the Supplier to a new contractor
              or the Authority.

17.5          The Parties shall continue to comply with their respective obligations under schedule 9
              (Charges Variation Procedure).

17.6          The Authority shall be entitled to require access to data or information to be provided under
              this Framework Agreement and arising from the provision of the Services by the Supplier until
              the latest of:

              (a)     the expiry of a period of twelve (12) Months following termination or expiry of this
                      Framework Agreement; or

              (b)     the expiry of a period of three (3) Months following the date on which the Supplier
                      ceases to provide any Ordered Services under any Contract.

17.7          The provisions of clauses 1, 14, 17, 19, 20, 22, 23, 25, 26, 28, 30, 35, 37, 42 to 47 (inclusive)
              and the relevant provisions of the Exit Plan, schedules 1 (Definitions) and 7 (Management
              Information) (and without limitation to the foregoing, any other provision of this Framework
              Agreement which by its terms is to be performed or observed notwithstanding termination or
              expiry or which is expressed to survive termination or expiry) shall survive the termination or
              expiry of this Framework Agreement, together with any other provision which is either
              expressed to or by implication is intended to survive termination.

18            Force Majeure

18.1          Subject to the remaining provisions of this clause 18, either party to this Framework
              Agreement may claim relief from liability for non-performance of its obligations to the extent
              this is due to a Force Majeure Event. In particular, the Supplier shall be relieved from its
              Service Credits obligation to the extent that the Services are affected by the Force Majeure
              Event and the Charges shall be reduced to the extent that the Customer does not receive the
              Services as a result of the Force Majeure Event.

18.2          A party cannot claim relief if the Force Majeure Event is attributable to its wilful act, neglect or
              failure to take reasonable precautions against the relevant Force Majeure Event.

18.3          The Supplier cannot claim relief from a Force Majeure Event to the extent that it is required to
              comply with the BCDR Plan but has failed to do so.

18.4          An Affected Party cannot claim relief as a result of a failure or delay by any other person in
              the performance of that other person's obligations under a contract with the Affected Party
              (unless that other person is itself prevented from or delayed in complying with its obligations
              as a result of a Force Majeure Event).

18.5          The Affected Party shall immediately give the other party written notice of the Force Majeure
              Event. The notification shall include details of the Force Majeure Event together with
              evidence of its effect on the obligations of the Affected Party, and any action the Affected
              Party proposes to take to mitigate its effect.


10-404788-3                                               12
18.6          As soon as practicable following after the Affected Party's notification, the parties shall consult
              with each other in good faith and use all reasonable endeavours to agree appropriate terms to
              mitigate the effects of the Force Majeure Event and to facilitate the continued performance of
              this Agreement. Where the Supplier is the Affected Party, it shall comply with its obligations in
              the BCDR Plan, schedule 3 (Services) and schedule 13 (Solutions), and shall take all steps in
              accordance with Good Industry Practice to overcome or minimise the consequences of the
              Force Majeure Event.

18.7          The Affected Party shall notify the other party as soon as practicable after the Force Majeure
              Event ceases or no longer causes the Affected Party to be unable to comply with its
              obligations under this Agreement. Following such notification, this Agreement shall continue
              to be performed on the terms existing immediately before the occurrence of the Force
              Majeure Event unless agreed otherwise by the parties.

19            Warranties and representations

19.1          The Supplier warrants and represents that:

              (a)     it has full capacity and authority and all necessary consents (including, where its
                      procedures so require, the consent of its Parent Company) to enter into and to
                      perform this Framework Agreement and that this Framework Agreement is executed
                      by a duly authorised representative of the Supplier;

              (b)     as at the date hereof, all information contained in its tender for the Services remains
                      true, accurate, and not misleading save as may have been specifically disclosed in
                      writing to the Authority prior to the execution of this Framework Agreement;

              (c)     this Framework Agreement shall be performed in compliance with all applicable laws,
                      enactments, orders, regulations and other similar instruments as amended from time
                      to time;

              (d)     the Services shall be provided and carried out by appropriately experienced, qualified
                      and trained personnel with all due skill, care and diligence;

              (e)     it shall discharge its obligations hereunder with all due skill, care and diligence
                      including good industry practice and (without limiting the generality of this clause 19
                      in accordance with its own established internal procedures;

              (f)     it owns, has obtained or shall obtain valid licences for all Intellectual Property Rights
                      that are necessary for the performance of this Framework Agreement and the use of
                      the Services by Customers;

              (g)     it has taken and shall continue to take all steps, in accordance with good industry
                      practice, to prevent the introduction, creation or propagation of any disruptive element
                      (including any virus, worm and/or trojan horse) into systems, data, software or
                      Confidential Information (held in electronic form) owned by or under the control of, or
                      used by, Customers and/or the Authority;

              (h)     on behalf of itself and its Affiliates or Parent Company, in the three (3) years prior to
                      the date of this Framework Agreement and continuing throughout the Term:

                      (i)      it has conducted all financial accounting and reporting activities in compliance
                               in all material respects with the generally accepted accounting principles that
                               apply to it in any country where it files accounts;



10-404788-3                                              13
                      (ii)     it has been in full compliance with all applicable securities laws and
                               regulations in the jurisdiction in which it is established; and

                      (iii)    it has not performed any act or omission with respect to its financial
                               accounting or reporting which could have an adverse effect on the Supplier's
                               position as an ongoing business concern or its ability to fulfil its obligations
                               under this Framework Agreement;

              (i)     in its acceptance of an Order, it will enter into a contract with a Customer on the
                      terms and conditions of the Model Contract without amendment thereto save for the
                      necessary information to complete the Model Contract as specified in the Order.

19.2          The Supplier acknowledges that:

              (a)     any breach of the warranties in clause 19.1 (other than a breach of clause 19.1(h))
                      shall be remedied as a matter of urgency at no cost to the Authority. Failure to
                      remedy (if capable of remedy) such to comply with clause 19.1 within five (5) Working
                      Days of notification by the Authority shall constitute a breach of this Framework
                      Agreement entitling the Authority to terminate in accordance with clause 16.7; and

              (b)     a breach by the Supplier of its obligations in clause 19.1(h) shall afford the Authority
                      the right to immediately terminate this Framework Agreement without liability or
                      payment of any charges or costs whatsoever.

19.3          Except as expressly stated in this Framework Agreement, all warranties and conditions,
              whether express or implied by statute, common law or otherwise (including fitness for
              purpose) are hereby excluded to the extent permitted by law.

20            Limitation of liability

20.1          Neither the Authority nor the Supplier excludes nor limits liability to the other for:

              (a)     death or personal injury; or

              (b)     for fraud or fraudulent misrepresentation.

20.2          Nothing in this clause 20 shall be taken as limiting the liability of the Supplier in respect of
              clause 23 (Data Protection), clause 25 (IPR), clause 26 (Confidentiality) and Part 2 of
              Schedule 16 (Staff Transfer).

20.3          Subject always to the provisions of clauses 20.1 and 20.2, the aggregate liability of the
              Supplier for each year of this Framework Agreement for all matters for which the Supplier is
              required to maintain insurance under this Framework Agreement, where the liability arises
              under contract, tort (including negligence) or otherwise in connection with this Framework
              Agreement (but excluding any liability governed by any Contracts, these being subject to the
              limitation of liability as set out in the Contracts) shall in no event exceed the level of insurance
              cover required to be maintained in accordance with this Framework Agreement in respect of
              claims relating to a failure by the Supplier to implement or maintain the Solution and in
              respect of all other claims one million pounds (£1,000,000) in the aggregate for each year of
              this Framework Agreement. Subject to clause 20.1, the aggregate liability of the Authority, in
              addition to its obligation to pay any Charges for each year of this Framework Agreement, shall
              not exceed a sum equal to the level of insurance cover required to be maintained by the
              Supplier under this Framework Agreement for claims which would be claimable under such




10-404788-3                                               14
              insurances were the Authority to take out such insurances and in respect of all other claims
              one million pounds (£1,000,000).

20.4          Subject always to the provisions of clauses 20.1 and 20.2, in no event shall either the
              Authority or the Supplier be liable to the other for:

              (a)     indirect or consequential loss or damage; and/or

              (b)     loss of profits, business opportunities, revenue, goodwill or anticipated savings
                      provided that nothing in this clause 20.4 shall prevent the Supplier from recovering
                      the Charges where these are payable by the Authority.

20.5          Subject always to the provisions of clauses 20.1 and 20.2, the provisions of clause 20.4 shall
              not be taken as limiting the right of either the Authority or the Supplier to claim from the other
              for:

              (a)     additional operational and administrative costs and expenses;

              (b)     any costs or expenses rendered nugatory; and

              (c)     damage due to the loss of data, but only to the extent that such losses relate to the
                      costs of working around any loss of data and the direct costs of recovering or
                      reconstructing such data,

              resulting directly from the Default of the other party.

20.6          For the purposes of clause 20.3, "a year of this Framework Agreement" shall mean a period
              of twelve (12) Months commencing on the date hereof or on any anniversary of that date
              thereafter.

20.7          Nothing in this Framework Agreement shall limit the right of the Authority to claim from the
              Supplier any Management Charge properly due to the Authority in accordance with the terms
              of this Framework Agreement. Any such sum shall not be included within the Supplier's
              limitation of liability as set out in clause 20.3.

20.8          Neither party shall be entitled to recover compensation, or make a claim under this
              Framework Agreement, in respect of any loss incurred where it has already been
              compensated for that loss under a Contract.

20.9          The Supplier acknowledges that the Authority can enforce the provisions of the Framework
              Agreement as agent for each Customer, or in the Authority's name in respect of recoverable
              losses incurred by a Customer.

20.10         The liability of the Supplier pursuant to, or in relation with the Framework Agreement arising
              out of the performance or non-performance of the Services shall be specified in each
              Contract.

20.11         The Authority and the Supplier expressly agree that should any limitation or provision
              contained in this clause 20 be held to be invalid under any applicable statute or rule of law, it
              shall to that extent be deemed omitted, but if either of them thereby becomes liable for loss or
              damage which would otherwise have been excluded, such liability shall be subject to the
              other limitations and provisions set out herein.

20.12         Subject to clauses 20.1 and 20.2 neither party shall be liable to the other (the claiming party)
              to the extent that any action, proceeding, liability, tort, claim, loss, expense and/or demand


10-404788-3                                               15
              arises as a result of the claiming party‟s negligence, wilful default or failure to comply with its
              obligations under this Framework Agreement.

21            Complaints handling

21.1          Subject to the provisions of clause 9 (Governance), the Supplier shall inform the Authority of
              any Complaint within five (5) Working Days of becoming aware of that Complaint.

21.2          Without prejudice to any rights and remedies that a complainant may have at law, including
              under this Framework Agreement or a Contract, and without prejudice to any obligation of the
              Supplier to take remedial action under the provisions of this Framework Agreement or a
              Contract, the Supplier shall use all reasonable endeavours to resolve the Complaint and in so
              doing, shall deal with the Complaint fully, expeditiously and fairly.

21.3          Within three (3) Working Days of a request by the Authority, the Supplier shall provide full
              details of a Complaint to the Authority, including details of steps taken to its resolution.

22            Authority Data

22.1          The Supplier shall not delete or remove any proprietary notices contained within or relating to
              the Authority Data.

22.2          The Supplier shall not store, copy, disclose, or use the Authority Data except as necessary for
              the performance by the Supplier of its obligations under this Framework Agreement or as
              otherwise expressly authorised in writing by the Authority.

22.3          To the extent that Authority Data is held and/or processed by the Supplier, the Supplier shall
              supply that Authority Data to the Authority as requested by the Authority in the format
              specified in schedule 3 (Services) and/or in part 1 of schedule 16 (Exit Assistance).

22.4          Upon receipt or creation by the Supplier of any Authority Data and during any collection,
              processing, storage and transmission by the Supplier of any Authority Data, the Supplier shall
              take all precautions necessary to preserve the integrity of the Authority Data and to prevent
              any corruption or loss of the Authority Data, in accordance with the Security Policy.

22.5          The Supplier shall perform secure back-ups of all Authority Data and shall ensure that up-to-
              date back-ups are stored off-site in accordance with the Business Continuity Plan. The
              Supplier shall ensure that such back-ups are available to the Authority at all times upon
              request and are delivered to the Authority at no less than 3 month intervals.

22.6          The Supplier shall ensure that any system on which the Supplier holds any Authority Data,
              including back-up data, is a secure system that complies with the Security Policy, and that
              security is maintained to the level required by schedule 14 (Security Policy) and is subject to
              the audit rights at clause 38 (Audit).

22.7          If the Authority Data is corrupted, lost or sufficiently degraded as a result of the Supplier's
              Default so as to be unusable, the Authority may:

              (a)     require the Supplier (at the Supplier's expense) to restore or procure the restoration
                      of the Authority Data and the Supplier shall do so as soon as practicable but not later
                      than 20 Working Days; and/or

              (b)     itself restore or procure the restoration of the Authority Data, and shall be repaid by
                      the Supplier any reasonable expenses incurred in doing so.



10-404788-3                                              16
22.8          If at any time the Supplier suspects or has reason to believe that Authority Data has or may
              become corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier
              shall notify the Authority immediately and inform the Authority of the remedial action the
              Supplier proposes to take.

23            Data Protection

23.1          With respect to the parties' rights and obligations under this Framework Agreement, the
              parties agree that the Authority is the Data Controller and that the Supplier is the Data
              Processor.

23.2          The Supplier shall:

              (a)     Process the Personal Data only in accordance with instructions from the Authority
                      (which may be specific instructions or instructions of a general nature as set out in
                      this Framework Agreement or as otherwise notified by the Authority to the Supplier
                      during the Term);

              (b)     Process the Personal Data only to the extent, and in such manner, as is necessary
                      for the provision of the Services or as is required by Law or any Regulatory Body;

              (c)     implement appropriate technical and organisational measures to protect the Personal
                      Data against unauthorised or unlawful processing and against accidental loss,
                      destruction, damage, alteration or disclosure. These measures shall be appropriate to
                      the harm which might result from any unauthorised or unlawful Processing, accidental
                      loss, destruction or damage to the Personal Data and having regard to the nature of
                      the Personal Data which is to be protected;

              (d)     take reasonable steps to ensure the reliability of any Supplier Personnel who have
                      access to the Personal Data;

              (e)     obtain prior written consent from the Authority in order to transfer the Personal Data
                      to any Sub-contractors or Affiliates for the provision of the Services;

              (f)     ensure that all Supplier Personnel required to access the Personal Data are informed
                      of the confidential nature of the Personal Data and comply with the obligations set out
                      in this clause 23;

              (g)     ensure that none of Supplier Personnel publish, disclose or divulge any of the
                      Personal Data to any third party unless directed in writing to do so by the Authority;

              (h)     notify the Authority (within five Working Days) if it receives:

                      (i)     a request from a Data Subject to have access to that person's Personal Data;
                              or

                      (ii)    a complaint or request relating to the Authority's obligations under the Data
                              Protection Legislation;

              (i)     provide the Authority with full cooperation and assistance in relation to any complaint
                      or request made, including by:

                      (i)     providing the Authority with full details of the complaint or request;




10-404788-3                                              17
                      (ii)    complying with a data access request within the relevant timescales set out in
                              the Data Protection Requirements and in accordance with the Authority's
                              instructions;

                      (iii)   providing the Authority with any Personal Data it holds in relation to a Data
                              Subject (within the timescales required by the Authority); and

                      (iv)    providing the Authority with any information requested by the Authority;

              (j)     permit the Authority or the Authority Representative (subject to reasonable and
                      appropriate confidentiality undertakings), to inspect and audit, in accordance with
                      clause 21 (Audit), the Supplier's data Processing activities (and/or those of its agents,
                      subsidiaries and Sub-contractors) and comply with all reasonable requests or
                      directions by the Authority to enable the Authority to verify and/or procure that the
                      Supplier is in full compliance with its obligations under this Framework Agreement;

              (k)     provide a written description of the technical and organisational methods employed
                      by the Supplier for processing Personal Data (within the timescales required by the
                      Authority); and

              (l)     not Process Personal Data outside the European Economic Area without the prior
                      written consent of the Authority and, where the Authority consents to a transfer, to
                      comply with:

                      (i)     the obligations of a Data Controller under the Eighth Data Protection Principle
                              set out in Schedule 1 of the Data Protection Act 1998 by providing an
                              adequate level of protection to any Personal Data that is transferred; and

                      (ii)    any reasonable instructions notified to it by the Authority.

23.3          The Supplier shall comply at all times with the Data Protection Requirements and shall not
              perform its obligations under this Framework Agreement in such a way as to cause the
              Authority to breach any of its applicable obligations under the Data Protection Requirements.
              The Supplier's attention is hereby drawn to the Data Protection Requirements.

23.4          The Supplier shall observe the terms of each agreement relating to the safeguarding and
              processing of Personal Data.

23.5          The Authority may from time to time serve on the Supplier an information notice requiring the
              Supplier within such time and in such form as is specified in the information notice, to furnish
              to the Authority such information as the Authority may reasonably require relating to:

              (a)     compliance by the Supplier with the Supplier's obligations under this Framework
                      Agreement or any Contract in connection with the processing of Personal Data;
                      and/or

              (b)     the rights of data subjects, including but not limited to subject access rights.

23.6          The Supplier will allow its data processing facilities, procedures and documentation to be
              submitted for scrutiny by the Authority or its auditors in order to ascertain compliance with the
              relevant laws of the United Kingdom and the terms of this Framework Agreement.

23.7          Save as set out in this clause 23, any unauthorised processing, use or disclosure of Personal
              Data by the Supplier is strictly prohibited.



10-404788-3                                              18
23.8          The Supplier shall be liable for and shall indemnify (and keep indemnified) the Authority
              against each and every action, proceeding, liability, cost, claim, loss, expense (including
              reasonable legal fees and disbursements on a solicitor and client basis) and demands
              incurred by the Authority which arise directly or in connection with the Supplier's data
              processing activities under this Framework Agreement, including without limitation those
              arising out of any third party demand, claim or action, or any breach of contract, negligence,
              fraud, wilful misconduct, breach of statutory duty or non-compliance with any part of the Data
              Protection Requirements by the Supplier or its employees, servants, agents or Sub-
              Contractors other than those arising directly as a result of the Supplier complying with the
              Authority‟s instructions.

24            Personnel Security

24.1          The Supplier shall comply with the Personnel Vetting Procedures in respect of all Supplier
              Personnel employed or engaged in the provision of the Services. The Supplier confirms that
              all Supplier Personnel employed or engaged by the Supplier at the date hereof were vetted
              and recruited on a basis that is equivalent to and no less strict than the Personnel Vetting
              Procedures.

24.2          The Supplier shall provide training on a continuing basis for all Supplier Personnel employed
              or engaged in the provision of the Services in compliance with the Security Policy and
              Security Plan.

25            Intellectual Property Rights

25.1          Save as granted under this Framework Agreement, neither the Authority nor the Supplier
              shall acquire any right, title or interest in the other's pre-existing Intellectual Property Rights.

25.2          The Supplier hereby grants to the Authority, or shall procure the grant to the Authority of:

              (a)     a royalty-free, irrevocable, non-exclusive licence in or in relation to such of the
                      Supplier‟s or any third party‟s Intellectual Property Rights as are necessary for the
                      sole purpose of enabling the Authority to use the Devices and Services in accordance
                      with this Framework Agreement and such licence shall expire upon termination or
                      expiry of this Framework Agreement; and

              (b)     a royalty-free, perpetual, irrevocable, non-exclusive licence in relation to any Project
                      Specific IPR, as are necessary for the purpose of enabling the Authority to use the
                      Solution in accordance with this Framework Agreement, and to enable the transfer of
                      the Solution to an alternative provider.

25.3          The Authority hereby grants to the Supplier a royalty-free, non-exclusive, non-transferable
              licence during the Term to use such of the Authority's Intellectual Property Rights and/or
              Authority Data, as is necessary for the sole purpose of performing the Supplier's obligations
              under this Framework Agreement and the Contracts.

25.4          All title, interest and Intellectual Property Rights in any Materials developed by, for or on
              behalf of the Supplier (excluding for the avoidance of doubt any third party Intellectual
              Property Rights) in anticipation of, in connection with and/or in the course of performance,
              provision or receipt of the Services shall belong to and vest in the Authority.

25.5          The Supplier hereby assigns absolutely (and shall procure that all representatives,
              employees, Sub-Contractors, contractors and agents assign absolutely) to the Authority, by
              way of present assignment of existing and all future property, rights, title and interest and all



10-404788-3                                               19
              Intellectual Property Rights in Materials, all of which shall vest in the Authority immediately
              upon creation of the same with full title guarantee and free from all encumbrances and other
              rights of whatever nature exercisable by any third party, together with the right to take action
              for any past, present and future damages and other remedies in respect of any infringement
              or alleged infringement of such Intellectual Property Rights.

25.6          The Supplier warrants that the provision of the Services and the performance of the Supplier's
              responsibilities hereunder shall not infringe any Intellectual Property Rights of any third party.

25.7          The Supplier shall indemnify the Authority against all claims, demands, actions, costs,
              expenses (including legal costs and disbursements on a solicitor and client basis), losses and
              damages arising from or incurred by reason of any infringement or alleged infringement
              (including the defence of such alleged infringement) of any Intellectual Property Right by the
              availability of the Services or the performance of the Supplier's or the Authority's
              responsibilities hereunder, except to the extent that such liabilities have resulted directly from
              the Authority's failure properly to observe its obligations under this clause 25.

25.8          The Supplier shall promptly notify the Authority if any claim or demand is made or action
              brought against the Supplier for infringement or alleged infringement of any Intellectual
              Property Right that may affect the availability of the Services hereunder.

25.9          If a claim or demand is made or action brought to which clause 25.3 may apply, or in the
              reasonable opinion of the Supplier is likely to be made or brought, the Supplier may at its own
              expense and within a reasonable time either:

              (a)     modify any or all of Available Services without reducing the performance and
                      functionality of the same, or substitute alternative services of equivalent performance
                      and functionality for any or all of the Available Services, so as to avoid the
                      infringement or the alleged infringement, provided that the terms herein shall apply
                      mutatis mutandis to such modified or substituted items or services and such
                      substitution shall not increase the burden on Customers party to a Contract; or

              (b)     procure a licence to use relevant Intellectual Property Rights on terms that are
                      reasonably acceptable to the Authority.

25.10         If the Supplier elects to modify or replace an item pursuant to clause 25.9(a) or to procure a
              licence in accordance with clause 25.9(b), but this has not avoided or resolved such claim,
              then the Authority may terminate this Framework Agreement by written notice with immediate
              effect and, without prejudice to the indemnity set out in clause 25.7, the Supplier shall be
              liable for all reasonable and unavoidable costs of the substitute items and/or services
              including the additional costs in procuring, implementing and maintaining the substitute items.

26            Confidentiality

26.1          The Authority and the Supplier acknowledge that any Confidential Information originating
              from:

              (a)     the Authority, its servants or agents is the property of the Authority; and

              (b)     each Customer, its servants or agents is the property of the Customer; and

              (c)     the Supplier, its employees, servants or agents is the property of the Supplier.

26.2          The Supplier and the Authority shall procure that:



10-404788-3                                              20
              (a)     any person employed or engaged by them shall only use Confidential Information for
                      the purposes of this Framework Agreement;

              (b)     any person employed or engaged by them in connection with this Framework
                      Agreement shall not, in the course of such employment or engagement, disclose any
                      Confidential Information to any third party without the express prior written consent of
                      the originator of that Confidential Information;

              (c)     they shall take all necessary precautions to ensure that all Confidential Information is
                      treated as confidential and not disclosed (save as aforesaid) or used other than for
                      the purposes of this Framework Agreement by their employees, servants, agents or
                      sub-contractors; and

              (d)     without prejudice to the generality of the foregoing neither they nor any person
                      engaged by them whether as a servant or a consultant or otherwise shall use the
                      Confidential Information for the solicitation of business from the other or from a
                      Customer or from any third party.

26.3          The provisions of clause 26.1 and clause 26.2 shall not apply to any information which:

              (a)     is or becomes public knowledge other than by breach of this clause 26; or

              (b)     is in the possession of the recipient without restriction in relation to disclosure before
                      the date of receipt from the disclosing party; or

              (c)     is received from a third party who lawfully acquired it and who is under no obligation
                      restricting its disclosure; or

              (d)     is independently developed without access to the Confidential Information; or

              (e)     must be disclosed pursuant to a statutory, legal or parliamentary obligation placed
                      upon the party making the disclosure, including any requirements for disclosure under
                      the Freedom of Information Act 2000 or the Environmental Information Regulations
                      2004.

26.4          Nothing in this clause 26 shall be deemed or construed to prevent the Authority from
              disclosing any Confidential Information obtained from the Supplier:

              (a)     to any other Health Service Body, or a Contracting Authority, provided that the
                      Authority has required that such information is treated as confidential by such bodies;

              (b)     to any Customer, insofar as is reasonably necessary for the Customer to procure and
                      make best use of the Services, provided that the Authority shall have required that
                      such information be treated as confidential by such Customer and its servants; and

              (c)     to any consultant, contractor or other person engaged by the Authority in connection
                      herewith, provided that the Authority shall have required that such information be
                      treated as confidential by such consultant, contractor or other person, together with
                      their servants.

26.5          Nothing in this clause 26 shall prevent the Supplier or the Authority from using ideas and
              know-how gained during the performance of this Framework Agreement in the furtherance of
              its normal business, to the extent that this does not relate to a disclosure of Confidential
              Information or an infringement by the Authority or the Supplier of any Intellectual Property
              Rights.


10-404788-3                                              21
27            Publicity

27.1          Subject to clause 13 (Marketing), the Supplier shall not use any Authority Marks in any
              promotional or marketing material, make any press announcements or publicise this
              Framework Agreement in any way without the Authority's prior written consent. The Supplier
              shall ensure the observance of the provisions of this clause 27 by all their employees,
              servants, agents and Sub-Contractors.

27.2          The Authority shall be entitled to publicise this Framework Agreement in accordance with any
              legal obligation upon the Authority, including any examination of this Framework Agreement
              by the National Audit Office pursuant to the National Audit Act 1983 or otherwise.

27.3          Subject to clause 27.1, the Supplier shall work with the Authority to prepare a marketing plan
              for the delivery of the Lone Worker Protection Programme.

28            Dispute resolution

28.1          Any dispute arising under, or in connection with this Framework Agreement shall be dealt with
              in accordance with the terms set out in clause 25 of the Model Contract and schedule 2-8
              (Dispute Resolution Procedure) of the Model Contract which shall apply mutatis mutandis to
              the Framework Agreement as if set out fully in the body of this Framework Agreement.

28.2          Each party agrees that the other shall, where relevant to the subject matter of the dispute, be
              entitled to join any Customer in any mediation, arbitration or litigation between the Authority
              and the Supplier and shall be entitled to keep any Customer informed of all disputes between
              the Authority and the Supplier.

29            Insurance

              The Supplier shall take out and maintain, or procure the maintenance of insurances, in
              accordance with the provisions of schedule 18 (Insurance Requirements).

30            Recovery of sums due

              If any sum of money shall be due from the Supplier, the same may be deducted from any sum
              then due or which at any time thereafter may become due to the Supplier under this
              Framework Agreement and any Contract.

31            Statutory requirements

31.1          The Supplier shall observe all statutory provisions and approved safety standards applicable
              to the Services and their provision, including the Authority's Security Policy at schedule 14
              (Security Policy), and shall be responsible for obtaining all licences, consents or permits
              required for the performance of this Framework Agreement and the Contracts.

31.2          The Supplier shall inform the Authority and Customers if the Services are hazardous to health
              or safety and of the precautions that should be taken in respect thereto.

31.3          The Supplier shall take all measures necessary to comply with the requirements of the Health
              and Safety at Work etc. Act 1974 and any other acts, orders, regulations and codes of
              practice relating to health and safety, which may apply to staff in the performance of this
              Framework Agreement and Contracts.




10-404788-3                                             22
32            Environmental requirements

32.1          The Supplier shall comply in all material respects with all applicable environmental laws and
              regulations in force from time to time in relation to the Services, including the Waste Electric
              and Electronic Equipment Regulations Act 2006. Without prejudice to the generality of the
              foregoing, the Supplier shall promptly provide all such information regarding the
              environmental impact of the Services as may reasonably be requested by the Authority.

32.2          The Supplier shall meet all reasonable requests by Customers for information evidencing
              compliance with the provisions of this clause 32 by the Supplier.

32.3          The Supplier shall complete an Environmental Questionnaire within five (5) Working Days of
              execution of this Framework Agreement.

32.4          In the event that circumstances or practices change such that any responses given by the
              Supplier in the Environmental Questionnaire are no longer current, the Supplier shall notify
              the Authority in accordance with the provisions of clause 14 (Communications).

33            Discrimination

33.1          The Supplier shall not unlawfully discriminate within the meaning and scope of the provisions
              of the Sex Discrimination Act 1975, the Race Relations Act 1976, the Disability Discrimination
              Act 1995, the Employment Equality (Religion or Belief) Regulations 2003, the Employment
              Equality (Sexual Orientation) Regulations 2003, the Employment Equality (Age) Regulations
              2006 or any statutory modification or re-enactment thereof or any other Law relating to
              discrimination in employment.

33.2          The Supplier shall take all reasonable steps to secure the observance of the provisions of
              clause 33.1 by the Sub-Contractors employed in the execution of this Framework Agreement.

34            Corrupt gifts and payments of commission

34.1          The Supplier shall not:

              (a)     offer or give or agree to give any person employed by or on behalf of the Authority, a
                      Customer or any other public body ("Relevant Person") or any person acting for and
                      on behalf of a Customer or the Authority any gift or consideration of any kind as an
                      inducement or reward for doing, forbearing to do, or for having done or forborne to do
                      any act in relation to the obtaining or execution of this Framework Agreement or
                      Contracts or any other contract with a Relevant Person or for showing favour or
                      disfavour to any person in relation to this or any other contract with a Relevant
                      Person;

              (b)     enter into this Framework Agreement or Contracts or any other contract with a
                      Relevant Person or any person acting for and on behalf of a Customer or the
                      Authority in connection with which commission has been paid or agreed to be paid by
                      him or on his behalf, or to his knowledge, unless before this Framework Agreement
                      and/or any Contract is made particulars of any such commission and of the terms and
                      conditions of any agreement for the payment thereof have been disclosed in writing to
                      the Authority.

34.2          Any breach of clause 34.1 by the Supplier or by anyone employed by him or acting on his
              behalf (whether with or without the knowledge of the Supplier) or the commission of any
              offence by the Supplier or by anyone employed by him or acting on his behalf under the



10-404788-3                                             23
              Prevention of Corruption Acts 1889 to 1916, in relation to this Framework Agreement or the
              Contracts or any other contract with a Relevant Person, Customer, the Authority or any other
              public body, shall entitle the Authority to terminate this Framework Agreement with immediate
              effect and recover from the Supplier the amount of any loss resulting from such termination
              and/or to recover from the Supplier the amount or value of any such gift, consideration or
              commission.

34.3          Any dispute, difference or question arising in respect of the interpretation of this clause 34,
              the right of the Authority to terminate this Framework Agreement or the amount or value of
              any such gift, consideration or commission shall be decided by the Authority, whose decision
              shall be final and conclusive.

35            Granting of Trade Marks

35.1          The Supplier shall not apply for a Trade Mark in any part of the world in respect of the
              Authority Marks or any derivative of either nor any mark so nearly resembling them as to be
              likely to deceive or cause confusion, either during the Term or at any time thereafter except
              with the express approval of the Authority.

35.2          The Supplier shall ensure that the provisions of this clause 35 shall apply to its Sub-
              Contractors.

35.3          The Supplier hereby acknowledges that title to and goodwill in Intellectual Property Rights in
              the Authority Marks vests with the Authority and its licensors. The Authority hereby grants to
              the Supplier a non-exclusive, non-transferable, revocable licence to use, copy and broadcast
              the Authority Marks solely to the extent necessary for the performance of the Supplier's
              responsibilities hereunder during the Term.

35.4          The Supplier shall not use the Authority Marks in any way which would allow them to become
              generic, lose their distinctiveness, become liable to mislead the public in particular as to their
              quality, nature or geographic origin, or be materially detrimental to or inconsistent with the
              good name, goodwill, reputation and image of the Authority.

35.5          Unless otherwise specified, nothing contained in this Framework Agreement shall entitle the
              Supplier to use the Authority Marks as part of any corporate business or trading name or style
              of the Supplier either during or after termination of this Framework Agreement.

36            Transfer and sub-contracting

36.1          This Framework Agreement is personal to the Supplier. Subject to the provisions of clause
              36.5, the Supplier shall not assign, novate, sub-contract or otherwise dispose of this
              Framework Agreement or any part thereof without the previous consent in writing of the
              Authority.

36.2          Subject to the provisions of clause 36.4, the Authority shall be entitled to:

              (a)     assign, novate or otherwise dispose of its rights and obligations under this
                      Framework Agreement or any part thereof to any Contracting Authority; or

              (b)     novate this Framework Agreement to any other body (including any private sector
                      body) which substantially performs any of the functions that previously had been
                      performed by the Authority,

              provided that where such assignment, novation or other disposal increases the burden of the
              Supplier's obligations pursuant to this Framework Agreement, the Supplier shall be entitled to


10-404788-3                                              24
              such charges as may be agreed between the Authority and the Supplier to compensate for
              such additional burdens.

36.3          Subject to the provisions of clause 36.4, any change in the legal status of the Authority such
              that it ceases to be a Contracting Authority shall not affect the validity of this Framework
              Agreement. In such circumstances, this Framework Agreement shall bind and inure to the
              benefit of any successor body to the Authority.

36.4          If this Framework Agreement is novated to a body which is not a Contracting Authority
              pursuant to clause 36.2(b), or if a successor body which is not a Contracting Authority
              becomes the Authority pursuant to clause 36.3 (in the remainder of this clause 36 both such
              bodies are referred to as the transferee):

              (a)     the rights of termination of the Authority in clause 16.3 and clause 16.7 shall be
                      available, mutatis mutandis, to the Supplier in the event of the bankruptcy, insolvency
                      or Default of the transferee;

              (b)     the transferee shall only be able to assign, novate or otherwise dispose of its rights
                      and obligations under this Framework Agreement or any part thereof with the
                      previous consent in writing of the Supplier; and

              (c)     the following clause shall be varied from the date of the novation or the date of the
                      change of status (as appropriate) as set out below as if this Framework Agreement
                      had been amended by the Authority and the Supplier in accordance with clause 12,
                      Amendments:

                      (i)     clause 30 shall be deleted.

36.5          Notwithstanding the provisions of clause 36.1, the Supplier shall be entitled to Sub-Contract
              its obligations under Contracts in accordance with the provisions of this clause 36 and
              schedule 10 (Sub-Contractors).

36.6          In selecting, appointing and managing sub-contractors, the Supplier shall comply with the
              procedures specified in schedule 10 (Sub-Contractors).

36.7          The Supplier shall not enter into any Sub-Contract for the fulfilment of such responsibilities
              and obligations as are fulfilled by the principal Sub-Contractors listed in schedule 10 (Sub-
              Contractors) by any sub-contractor not listed in schedule 10 (Sub-Contractors) without the
              prior written approval of the Authority in accordance with the provisions of the Agreement
              Change Procedures.

36.8          The Supplier shall, immediately by notice in writing, inform the Authority if it exercises the
              rights available to it in accordance with the safeguards/ protection provisions detailed in the
              table in paragraph 2 of schedule 10 (Sub-Contractors).

36.9          The Supplier shall not remove or change any Sub-Contractor, or the safeguards/protections in
              respect of any Sub-Contractor without giving prior written notice to, and receiving the approval
              of, the Authority in accordance with the provisions of the Agreement Change Procedures.

36.10         The Authority reserves the right to veto or withdraw the approval of the use of any Sub-
              Contractor or partner in the provision of the Services. Such right shall not be exercised
              unreasonably, frivolously or vexatiously.

36.11         In the event that the Authority exercises its right pursuant to clause 36.10 the Supplier shall
              use all reasonable endeavours to maintain the provision of the Services and the Authority and


10-404788-3                                             25
              the Supplier shall enter into good faith negotiations to agree the impact of the situation on the
              provisions of this Framework Agreement.

36.12         The use of Sub-Contractors as set out in schedule 10 (Sub-Contractors) and any subsequent
              approval of other sub-contractors by the Authority under this clause 36 shall not in any way
              constitute any form of recommendation by the Authority of the Sub-Contractor, whether
              implied or otherwise.

36.13         Unless otherwise stated to the contrary, any reference to the Supplier's personnel within this
              Framework Agreement shall include the Sub-Contractor's personnel, and where applicable
              any reference to the Supplier shall include the Sub-Contractor. Notwithstanding any Sub-
              Contracting permitted hereunder, the Supplier shall remain primarily responsible for the acts
              and omissions of its Sub-Contractors as though they were its own.

36.14         In the event that the Supplier, in accordance with the terms of this Framework Agreement,
              enters into a Sub-Contract in connection with this Framework Agreement, the Supplier shall
              ensure that a term is included in the Sub-Contract which requires the Supplier to pay all sums
              due thereunder to the Sub-Contractor within a specified period, not to exceed thirty (30) days,
              from the date of receipt of a valid invoice as defined by the terms of the Sub-Contract.

36.15         The Authority shall not be liable for any payment whatsoever to Sub-Contractors, the burden
              of which shall be solely with the Supplier.

37            Rights of Third Parties

37.1          This Framework Agreement shall not create any rights, under the Contracts (Rights of Third
              Parties) Act 1999 or otherwise, that shall be enforceable by anyone other than the Authority
              and/or the Supplier, except that the rights specified in the following clauses may be enforced
              by the following third party beneficiaries:

              Reference                                                    Third Party Beneficiaries

              Clause 2.1                                                   Customers

              Clause 4.1                                                   Customers

              Clause 4.3                                                    Customers

              Clause 5.1                                                    Customers

              Clause 6                                                      Customers

              Paragraph 4 of Schedule 17 Part 2 (Staff Transfer)             Replacement Contractors

              Paragraph 5 of Schedule 17 Part 2 (Staff Transfer)             Replacement Contractors

              Paragraph 6 of Schedule 17 Part 2 (Staff Transfer)             Replacement Contractors

              Paragraph 7of Schedule 17 Part 2 (Staff Transfer); and          Replacement Contractors

              Paragraph 10 of Schedule 17 Part 2 (Staff Transfer)             Replacement Contractors

37.2          The Authority shall have the right to act as agent for any Customer to enforce on their behalf
              any term of this Framework Agreement, intended for their benefit.




10-404788-3                                              26
37.3          The parties to this Framework Agreement reserve the right to rescind or vary this Framework
              Agreement without the consent of any third party who is expressly entitled to enforce this
              Framework Agreement in accordance with clause 37.1.

38            Audit

38.1          The Supplier shall document, implement and comply with processes, and keep or cause to be
              kept full and accurate Records, such that the Authority (or its statutory auditors or authorised
              agents) may verify that the Supplier has complied and is complying with its obligations under
              this Framework Agreement and any Contracts, during the Term and for a period of six (6)
              years thereafter.

38.2          The Supplier shall provide the Authority with a completed Self Audit Certificate in respect of
              each financial year of this Framework Agreement and any Contract. The Self Audit Certificate
              shall be completed by the Supplier's auditor and provided to the Authority no later than two
              (2) Months after the end of the relevant financial year.

38.3          Without prejudice to the generality of the foregoing, the Supplier shall document, implement
              and comply with processes, and keep or cause to be kept full and accurate Records, such
              that (and such that the Authority or its statutory auditors or authorised agents may verify that):

              (a)     all Contracts made under this Framework Agreement are ascribed hereto and
                      included in the Management Information, thus enabling the Authority to verify the
                      Management Charge;

              (b)     Management Information is checked and signed off by a senior officer, other than the
                      Framework Manager, who understands the obligations and requirements of this
                      Framework Agreement;

              (c)     books of account kept by the Supplier in connection with the provision of the Services
                      are on an open basis to provide clarity on the breakdown of Charges between
                      Device, network services and alarm centre costs;

              (d)     quotations for the provision of Services under this Framework Agreement accurately
                      reflect the Charges and content of the Catalogue;

              (e)     records are kept of all Contracts entered into;

              (f)     Orders are promptly and systematically actioned;

              (g)     sales invoices are correct and issued in a timely manner;

              (h)     Service Levels are monitored, corrective action is taken where necessary, and
                      Customers are credited with Service Credits to which they are entitled;

              (i)     the service desk has undertaken all of its functions (as outlined in schedule 3
                      (Services));

              (j)     complaints are recorded, investigated and resolved;

              (k)     Management Information is accurate and provided promptly to the Authority;

              (l)     the Security of Authority Data and Customer Data is maintained;

              (m)     quality procedures are complied with; and


10-404788-3                                              27
              (n)     external security, quality, environmental management and similar accreditations are
                      maintained.

38.4          The Supplier shall grant to the Authority, any statutory auditors of the Authority and any
              authorised agents of the Authority or of its statutory auditors, the right of reasonable access to
              any premises of the Supplier which are used in connection with the performance of the
              Supplier's responsibilities and obligations under this Framework Agreement and in relation to
              any Contract, together with a right to reasonable access to all computer systems, personnel
              and Records. For the avoidance of doubt, the Authority shall be entitled to carry out audits to
              determine whether the Supplier has performed its obligations under any Contract.

38.5          Further to the provisions of clause 38.4, the Supplier shall provide, or procure the provision of,
              all co-operation and reasonable assistance at all times for the purposes of carrying out an
              audit of the Supplier's compliance with this Framework Agreement or any Contract as well as
              an audit of all activities, performance, security and integrity in connection therewith.

38.6          Without prejudice to the foregoing, in the event of an investigation into suspected fraudulent
              activity or other impropriety by the Supplier or any third party, the Authority reserves for itself,
              any statutory auditor of the Authority or of its statutory auditors, or any Crown Body, the right
              of immediate access to the premises and documents described in clauses 33.1, 33.2 and
              33.3 and the Supplier agrees to render all necessary assistance to the conduct of such
              investigation.

38.7          The Authority shall use all reasonable endeavours to ensure that its auditors cause the
              minimum amount of disruption to the business of the Supplier, and shall comply with the
              building regulations and security requirements of the Supplier while on the Supplier's
              premises.

38.8          The Authority reserves the right to publish the results of any audit exercise undertaken
              pursuant to this clause 38:

              (a)     to Customers and to Potential Customers; and

              (b)     as required to enable the Authority to fulfill its obligations to supply information for
                      parliamentary, governmental, judicial or other administrative purposes.

              The Authority will invite the Supplier to comment on the results of the audit exercise and the
              proposed publicity material and will take account of those comments to the extent that it
              deems fit in any publication. In this respect, the Supplier shall provide comments to the
              Authority within five (5) Working Days.

39            Freedom of information

39.1          The Supplier acknowledges that the Authority is subject to the requirements of the Code of
              Practice on Government Information, FOIA and the Environmental Information Regulations
              and shall assist and cooperate with the Authority to enable the Authority to comply with its
              Information disclosure obligations.

39.2          The Supplier shall and shall procure that its Sub-Contractors shall:

              (a)     transfer to the Authority all Requests for Information that it receives as soon as
                      practicable and in any event within two (2) Working Days of receiving a Request for
                      Information;




10-404788-3                                               28
              (b)     provide the Authority with a copy of all Information in its possession, or power in the
                      form that the Authority requires within five (5) Working Days (or such other period as
                      the Authority may specify) of the Authority's request; and

              (c)     provide all necessary assistance as reasonably requested by the Authority to enable
                      the Authority to respond to the Request for Information within the time for compliance
                      set out in section 10 of the FOIA or regulation 5 of the Environmental Information
                      Regulations.

39.3          The Authority shall be responsible for determining in its absolute discretion whether any
              Information is exempt from disclosure in accordance with the provisions of the Code of
              Practice on Government Information, FOIA or the Environmental Information Regulations.

39.4          In no event shall the Supplier respond directly to a Request for Information unless expressly
              authorised to do so by the Authority.

39.5          The Supplier acknowledges that the Authority may, acting in accordance with the Department
              of Constitutional Affairs' Code of Practice on the Discharge of the Functions of Public
              Authorities under Part 1 of the Freedom of Information Act 2000, be obliged to disclose
              Information, which may include information that is commercially sensitive to the Supplier,
              without consulting or obtaining consent from the Supplier, or despite having taken the
              Supplier's views into account.

39.6          The Supplier shall ensure that all Information is retained for disclosure and shall permit the
              Authority to inspect such records as requested from time to time.

40            Customer satisfaction monitoring

40.1          The Authority may undertake monitoring of Customer satisfaction with the Services.

40.2          The Authority shall adopt such mechanisms as it may deem appropriate for monitoring
              Customer satisfaction.

40.3          The Authority reserves the right to advise Customers and Potential Customers of the findings
              of its Customer satisfaction monitoring, which shall include the right to make available, in
              paper or electronic form, statistical information derived from any Customer satisfaction
              questionnaires issued by the Authority to Customers.

41            Legislative change

41.1          The Supplier shall bear the cost of ensuring that the Services shall comply with all applicable
              statutes, enactments, orders, regulations or other similar instruments (Laws) and any
              amendments thereto or any additional Laws brought into force, except where any such
              amendments to Laws or additional Laws:

              (a)     necessitates a change to the Available Services; and

              (b)     is neither contemplated by the Catalogue nor could reasonably have been foreseen
                      by the Supplier at the date hereof.

41.2          In the event that the provisions of clauses 41.1(a) and 41.1(b) apply, the Authority and the
              Supplier shall use all reasonable endeavours to agree that the Supplier is entitled to relief, or
              such reasonable adjustments to the Charges as may be necessary to compensate the
              Supplier for such additional costs as are both reasonably and necessarily incurred by the
              Supplier in accommodating such amendments to Laws or additional Laws.


10-404788-3                                             29
42            Statutory invalidity

              The Authority and the Supplier expressly agree that should any limitation or provision
              contained in this Framework Agreement or a Contract be held to be invalid under any
              particular statute or law, or any rule, regulation or bye-law having the force of law, it shall to
              that extent be deemed to be omitted but, if the Authority or the Supplier thereby becomes
              liable for loss or damage which would have otherwise been excluded, such liability shall be
              subject to the other limitations and provisions set out herein.

43            Severability

              Subject to the provisions of clause 42 (Statutory Invalidity), if any provision of this Framework
              Agreement is held invalid, illegal or unenforceable for any reason, such provision shall be
              severed and the remainder of the provisions hereof shall continue in full force and effect as if
              this Framework Agreement had been executed with the invalid provision eliminated. In the
              event of a holding of invalidity so fundamental as to prevent the accomplishment of the
              purpose of this Framework Agreement, the Authority and the Supplier shall immediately
              commence good faith negotiations to remedy such invalidity.

44            Waiver

44.1          The failure of the Supplier or the Authority to insist upon strict performance of any provision of
              this Framework Agreement or to exercise any right or remedy to which it is entitled hereunder,
              shall not constitute a waiver thereof and shall not cause a diminution of the obligations
              established by this Framework Agreement.

44.2          A waiver of any default shall not constitute a waiver of any other default.

44.3          No waiver of any of the provisions of this Framework Agreement shall be effective unless it is
              expressed to be a waiver communicated by notice, in accordance with the provisions of
              clause 14, Communications.

45            Non-exclusivity

45.1          For the purposes of this Framework Agreement, the Authority shall:

              (a)      at all times be entitled to enter into separate contracts with separate Suppliers for the
                       provision of any or all services the same as or similar to the Services; and

              (b)      not be deemed, unless expressly stated to the contrary by the Authority, to make any
                       representation or warranty to the Supplier in respect of any Customer other than
                       where the Authority is itself the Customer and enters into any Contract as principal;

              (c)      not be deemed to be an agent of any Customer unless expressly stated to the
                       contrary in this Framework Agreement or by the Authority in an Order.

45.2          No guarantee or representation shall be deemed to have been made by the Authority in
              respect of the total quantities or values of the Services to be ordered by any or all Customers.
              Further, the Supplier acknowledges and agrees that it has not entered into this Framework
              Agreement on the basis of any such guarantee or representation.

45.3          For the avoidance of doubt, nothing in this Framework Agreement shall create an exclusive
              relationship between the Supplier and any Customer for the provision of services.




10-404788-3                                              30
46            Law and Jurisdiction

              Subject to the provisions of clause 28, Dispute Resolution, the Authority and the Supplier
              accept the exclusive jurisdiction of the English courts and agree that this Framework
              Agreement is to be governed by and construed according to English law.

47            Entire agreement

47.1          This Framework Agreement constitutes the entire understanding between the Authority and
              the Supplier relating to the subject matter.

47.2          Neither the Authority nor the Supplier has relied upon any representation or promise except
              as expressly set out in this Framework Agreement.

47.3          Both the Authority and the Supplier unconditionally waives any rights it may have to claim
              damages against the other on the basis of any statement made by the other (whether made
              carelessly or not) not set out or referred to in this Framework Agreement (or for breach of any
              warranty given by the other not so set out or referred to) unless such statement or warranty
              was made or given fraudulently.

47.4          Both the Authority and the Supplier unconditionally waives any rights it may have to seek to
              rescind this Framework Agreement on the basis of any statement made by the other (whether
              made carelessly or not) whether or not such statement is set out or referred to in this
              Framework Agreement unless such statement was made fraudulently.




10-404788-3                                             31
Signed by                                  )        .............................................................................
duly authorised for and on behalf of the   )
Authority                                  )        .............................................................................




Signed by                                  )        .............................................................................
duly authorised for and on behalf of the   )
Supplier                                   )        .............................................................................




10-404788-3                                    32
                                                   Schedule 1

                                                   Definitions

              Affected Party means the party seeking to claim relief in respect of a Force Majeure Event

              Affiliate means any person, partnership, joint venture, corporation or other form of enterprise,
              domestic or foreign, including but not limited to subsidiaries, that directly or indirectly are
              controlled by, or are under common control with the Supplier or a Parent Company

              Agreement Change Note (ACN) means the agreement change note specified in schedule 8
              (Agreement Change Procedure)

              Agreement Change Procedures means the procedures specified in schedule 8 (Agreement
              Change Procedure) for making changes to this Framework Agreement

              Alarm Handling Software means Supplier software used to manage alarm handling in the
              Alarm Receiving Centre (ARC)

              Amber Alert means an alert to the ARC from a Device recording User details, location, tasks
              and potential risks

              ARC means the alarm receiving centre

              Authorised Customer Representative means the authorised Customer representative(s)
              referred to in schedule 12 (Governance)

              Authority Cause means any breach by the Authority of its obligations under this Framework
              Agreement

              Authority Data means:

              (a)     the data, text, drawings, diagrams, images or sounds (together with any database
                      made up of any of these) which are embodied in any electronic, magnetic, optical or
                      tangible media, and which are:

                      (i)     supplied to the Suppler by or on behalf of the Authority; or

                      (ii)    generated, processed, stored or transmitted by the Supplier pursuant to this
                              Framework Agreement; or

              (b)     any Personal Data for which the Authority is the Data Controller

              Authority Marks means the NHS' and the Authority‟s (or its licensor‟s) trade marks (whether
              registered or not), logos and brands pertinent to this Framework Agreement

              Available Service means any of the Services listed in schedule 3 (Services)

              BCDR Plans means the business continuity and disaster recovery plans set out or referred to
              in schedule 13 (Solution) as may be amended from time to time

              Business Continuity Plan means the plan set out in schedule 13 (Solution), as may be
              amended from time to time




10-404788-3                                             33
              Catalogue means the catalogue of Services that shall be made available to the Authority by
              the Supplier in electronic format. The Catalogue shall specify the Catalogue Entries

              Catalogue Entry means a listing of a Service in the Catalogue

              Change has the meaning given in clause 12.2

              Change of Control means a change of control as defined by Section 416 of the Income and
              Corporation Taxes Act 1988 in the Supplier or its Parent Company

              Charges means in relation to any Contract, the charges set out in schedule 2-2 (Services)
              and 2-3 (Charges) of that Contract

              Charges Variation Procedure means the procedure for varying the Charges specified in a
              Contract specified in schedule 2-2 (Services) and 2-3 (Charges) of the relevant Contract

              Complaint means any complaint made by a Customer in respect of the Supplier not fulfilling
              its obligations under the terms of a Contract, other than not meeting any applicable Service
              Levels

              Confidential Information means any information, however it is conveyed, that relates to the
              business, affairs, developments, trade secrets, know-how, personnel and Suppliers of either
              party, including Intellectual Property Rights, together with all information derived from the
              above in relation to the Framework Agreement or the Contracts, any information related to the
              Services, Users of the Device and/or Red Alerts and Amber Alerts, and any other information
              clearly designated as being confidential (whether or not it is marked as confidential) or which
              ought reasonably to be considered to be confidential

              Contract means the binding agreement for the provision of Ordered Services entered into by
              the Supplier and a Customer (and where relevant the Authority) in accordance with the
              provisions of this Framework Agreement. Each Contract shall be constructed by the Supplier,
              using the relevant Model Contract in schedule 2 (Model Contract)

              Contract Change Procedure means the contract change procedure, specified in clause 6
              (Amendments to this Contract) of any Contract, for making changes to a Contract

              Contracting Authority means a contracting Authority as defined in Regulation 5(2) of the
              Public Contracts Works Services and Supply (Amendment) Regulations 2000

              Customer means a Potential Customer that has entered into Contract or has made an Order

              Data Controller shall have the same meaning as set out in the Data Protection Act 1998

              Data Protection Requirements mean the Data Protection Act 1998, the EU Data Protection
              Directive 95/46/EC,    the   Regulation    of   Investigatory    Powers     Act 2000,    the
              Telecommunications (Lawful Business Practice) (Interception of Communications)
              Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection
              Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive)
              Regulations 2003, and all applicable laws and regulations relating to processing of personal
              data and privacy, including where applicable the guidance and codes of practice issued by
              the Information Commissioner

              Days means calendar days




10-404788-3                                             34
              Default means any breach of the obligations of any party (including fundamental breach or
              breach of a fundamental term) or any default, act, omission, negligence or negligent
              statement of any party, its employees, agents or sub-contractors in connection with or in
              relation to the subject matter of this Framework Agreement, including Contracts arising
              hereunder, and in respect of which such party is liable to the other

              Default Service Level means the threshold level of service performance identified as such in
              the table in part 3.10 of schedule 3 (Services)

              Device means a lone worker device as specified in schedule 3 (Services) including any
              accessories or peripheral items supplied by the Supplier pursuant to this Framework
              Agreement or a Contract

              Device Refresh means refresh of device on replacement and shall include one or more of
              firmware upgrade, battery and casing

              Environmental Information Regulations mean the Environmental Information
              Regulations 2004 and any guidance and/or codes of practice issued by the Information
              Commissioner in relation to such regulations

              Environmental Questionnaire means the environmental questionnaire that can be accessed
              directly via the dedicated website: http://seq.ogcbuyingsolutions.gov.uk/Suppliers/

              Escalation Contact is the escalation point(s) that the ARC will contact in the event of a Red
              Alert

              False Alarm is a Red Alert signal that is accidentally or unintentionally activated

              Force Majeure Event means the occurrence after the date of this Framework Agreement of:

              (a)     war, civil war, armed conflict or terrorism; or

              (b)     nuclear, chemical or biological contamination unless the source or the cause of the
                      contamination is the result of the actions of or the breach by the Supplier or its Sub-
                      Contractors; or

              (c)     pressure waves caused by devices travelling at supersonic speeds,

              which directly causes either party (the Affected Party) to be able to comply with all or a
              material part of its obligations under this Framework Agreement

              Framework Agreement means this Framework Agreement, comprised of the clauses and
              schedules

              Framework Manager means a representative of either party responsible for ensuring the
              parties are performing their obligations under this Framework Agreement

              FOIA means the Freedom of Information Act 2000 and any subordinate legislation made
              under this Act from time to time together with any guidance and/or codes of practice issued by
              the Information Commissioner in relation to such legislation

              Genuine Alarm means a Device activated due to User's perceived personal safety risk

              Genuine Alarm Escalated to the Emergency Services means an Alarm raised by a User
              and escalated to the Emergency Services


10-404788-3                                              35
              Genuine Alarm Closed Safely means an Alarm raised by a User due to a perception of risk
              where the alarm is subsequently closed by the User due to risk disappearing

              Good Industry Practice means the exercise of that degree of skill, care, prudence,
              efficiency, foresight and timeliness as would be expected from a leading company within the
              relevant industry or business sector

              Guidance Notes means the guidance notes that advise Potential Customers on the
              appropriate use of this Framework Agreement to be provided by the Authority

              Health Service Body means a health service body as defined in Section 9(4) National Health
              Service Act 2006 and any foundation trust.

              Implementation Plan means the plan for the implementation of the Solution attached at part
              2 of schedule 4 (Implementation Plan)

              Indexing has the meaning ascribed to it in schedule 9 (Charges Variation Procedure)

              Information has the meaning given under section 84 of the Freedom of Information Act 2000

              Intellectual Property Rights means patents, trade marks, service marks, design rights
              (whether registrable or otherwise), applications for any of the foregoing, copyright, database
              rights, trade or business names and other similar rights or obligations whether registrable or
              not in any country (including but not limited to the United Kingdom)

              Invoicing Procedure means the procedure by which the Supplier invoices the Customer, as
              set out in schedule 2-2 (Services) and 2-4 (Invoicing Procedure) of each Contract

              Law means any applicable law, statute, bye-law, regulation, order, regulatory policy, guidance
              or industry code, rule of court or directives or requirements of any Regulatory Body, delegated
              or subordinate legislation or notice of any Regulatory Body

              Location Fix means last known good position obtained either by an Amber Alert, location
              based tracking service or GPS unit

              Lone Worker Guidance is Guidance provided by the Authority to NHS healthcare
              organizations and their staff to assist them to develop, implement and disseminate local
              policies and procedures that address the needs of, and minimise the risks faced by lone
              workers and to meet their legislative responsibilities under the Health and Safety at Work Act
              (1974)

              Materials means all training materials, protocols, alarm receiving centre scripts and
              documentation produced by the Supplier for the provision of the Services including the User
              Information form

              Management Information means information supplied by the Supplier to the Authority in
              accordance with the provisions of schedule 7 (Management Information)

              Maximum Charges means the maximum charges set out in schedule 5 (Charges) as the
              same may be varied from time to time in accordance with schedule 9 (Maximum Charges
              Variation Procedure).

              Maximum Charges Variation Procedure means the procedure for varying the Maximum
              Charges specified in schedule 9 (Maximum Charges Variation Procedure).



10-404788-3                                             36
              Milestone means the milestones set out in part 2 of schedule 4 (Implementation Plan)

              Milestone Date means the date for achievement of the relevant Milestone set out in part 2 of
              schedule 4

              Minimum Service Levels means the minimum levels of service set out in schedule 3
              (Services)

              Model Contract means each of the model contracts in schedule 2 (Model Contract) which
              specifies the terms and conditions for Contracts

              Month means a calendar month and “Monthly” shall be similarly construed

              NHS means the National Health Service in England

              OJEU Notice means contract notice dated 27 May 2008, reference 2008/5 101-135947
              placed by the Authority in the Official Journal of the European Union

              Operational Change means any change, decision or item specifically identified as such in
              this Framework Agreement

              Operational Change Procedure means the procedures specified in schedule 8 (Agreement
              Change Procedure) for making operational changes

              Order means an order for Services served by the Customer on the Supplier in accordance
              with the Ordering Procedures

              Ordered Service means an Available Service selected by a Customer and included in
              schedule 2-2 (Services) of a Contract following the placing of an Order

              Ordering Procedures means the ordering procedures specified in schedule 6 (Ordering)

              Parent Company means any company which is the ultimate Holding Company of the
              Supplier or any other company of which the ultimate Holding Company of the Supplier is also
              the ultimate Holding Company and which is either responsible directly or indirectly for the
              business activities of the Supplier or which is engaged in the same or similar business to the
              Supplier. The term “Holding Company” shall have the meaning ascribed by Section 1159 of
              the Companies Act 2006 or any statutory re-enactment or amendment thereto

              Personnel Vetting Procedures means the Authority's procedures and departmental policies
              for the vetting of personnel whose role will involve the handling of information of a sensitive or
              confidential nature or the handling of information which is subject to any relevant security
              measures. This should include as a minimum a face to face interview, a full 5 year written
              employment check and two personal references.

              Potential Customer means any of the bodies referred to in the OJEU Notice as being
              customers or potential customers of the services to be provided under this Framework
              Agreement

              Process shall have the same meaning as under the Data Protection Act 1998

              Project Specific IPR means IPR in items created by the Supplier (or by a third party on
              behalf of the Supplier) specifically for the purposes of this Framework Agreement




10-404788-3                                              37
              Quarter means a three (3) Month period beginning on 1 January, 1 April, 1 July or 1 October.
              The term “Quarterly” shall be similarly construed

              Records means such full and accurate records as are required to be kept by the Supplier to
              satisfy the requirements of clause 38, Audit

              Red Alert means an alarm activation to the ARC from a Device which is listened to and
              recorded by the ARC

              Regulatory Bodies means those government departments and regulatory, statutory and
              other entities, committees and bodies which, whether under statute, rules, regulations, codes
              of practice or otherwise, are entitled to regulate, investigate, or influence the matters dealt
              with in this Framework Agreement or any other affairs of the Authority and “Regulatory Body”
              shall be construed accordingly

              Relevant Person has the meaning given in clause 34.1(a).

              Reports means reports submitted by the Supplier to the Customer as specified in schedule 2-
              2 (Services) and 2-5 (Contract and Service Management)

              Requests for Information means a request for information or an apparent request under the
              Code of Practice on Access to Government Information, FOIA or the Environmental
              Information Regulations

              Security Policy means the security policy in schedule 14 (Security Policy)

              Self Audit Certificate means the certificate, a model of which is in schedule 11 (Model Form
              of Audit Certificate), to be completed by the Supplier‟s auditor and provided to the Authority in
              accordance with the provisions of clause 38, Audit

              Service Commencement Date means the date of commencement of the provision of the
              Ordered Services by the Supplier in accordance with the Order

              Service Credits means the service credits specified in part 3.9 and 3.10 of schedule 3
              (Services) which shall be payable to the Authority by the Supplier in the event that the Service
              Levels are not met in respect of Ordered Services

              Service Desk means Supplier second line technical support team/function that deal with
              technical failures or issues with Devices

              Service Incident is an event which results in disruption to the Services

              Service Level Failure means a failure on the part of the Supplier to deliver the Services to a
              User in accordance with the terms of a Contract

              Service Levels means the levels of service defined in part 3.9 and 3.10 of schedule 3
              (Services)

              Service Maintenance means Supplier second line technical support team/function that deal
              with technical failures or issues with Devices

              Services means the services to be provided under this Framework Agreement and “Service”
              shall be construed accordingly




10-404788-3                                             38
              Solution means the organisational and technical framework, including the alarm receiving
              centre necessary to provide the Services to Customers as set out in schedule 13 (Solution)

              Standard Operating Procedures or SOP's means the drilled down day to day operational
              procedures and process maps that describe, in detail, each activity carried out to deliver the
              Services

              Standards and Regulations means the standards and regulations as set out in schedule 17
              (Standards and Regulations) which the Supplier shall comply in the provision of Ordered
              Services and in relation to its responsibilities and obligations hereunder

              Status Check is the process by which a Device is checked for battery charge level and
              strength of network

              Sub-Contractor means any supplier and/or key third party selected, appointed and managed
              by the Supplier, subject to the Authority‟s consent pursuant to the provisions of clause 36.1, in
              accordance with the provisions of schedule 10 (Sub-contractors), including the Sub-
              Contractors specified in schedule 10 (Sub-contractors). The terms “Sub-Contract” and “Sub-
              Contracting” shall be similarly construed

              Supplier Personnel means all employees, agents, consultants and contractors of the
              Supplier and/or of any Sub-contractor

              Technology Refresh means full Device repair and refurbishment, battery replacement, and
              software upgrade (if applicable), testing and repackaging in new plastics

              Term means the term of this Framework Agreement as set out in clause 16.1 (Term,
              Suspension and Termination), subject to an early termination pursuant to clause 16.3 (Term,
              Suspension and Termination),

              Termination Events means each of the events specified in clause 16.5 (Term, Suspension
              and Termination),

              Trade Mark means a sign, including words, logos, pictures or a combination of these, which
              distinguishes the Services of one Supplier from those of another, or as otherwise set out in
              the Trade Marks Act 1994

              User means an individual whom the Customer permits to use the Ordered Services in
              accordance with the terms of a Contract

              User Information means personal data provided to the Supplier by the User which is
              captured by the User Information form

              User Information Form means the form issued to all Users to capture User, contact and
              work details, and personal information which shall include a signed agreement of the User's
              consent for the Supplier to obtain an approximate location fix in the event of a Genuine Red
              Alert, and the consent for the Supplier to hold the information contained on the form in
              accordance with the Data Protection Act 1998

              Working Days means Monday to Friday inclusive, excluding English public and bank
              holidays

              Year means a calendar year




10-404788-3                                             39
                            Schedule 2

                          Model Contracts

              Part 1- Model Contract (Customer funded)




10-404788-3                     40
10-404788-3   41
              Part 2- Model Contract (Authority part funded)




10-404788-3                        42
10-404788-3   43
                                                    Schedule 3

    The Available Services, Service Management, Minimum Service Levels and Standard Service
                                            Credits

1             Introduction

1.1           This schedule 3 specifies:

              (a)     each of the Services that the Supplier shall make available to Potential Customers;

              (b)     the Service Management provisions;

              (c)     the Minimum Service Levels applicable to each of the Services; and

              (d)     the Standard Service Credits applicable where Service Levels are not met.

2             The Services - Implementation and Mobilisation

              The Services that will be supplied by the Supplier in respect of implementation and
              mobilisation are as set out in schedule 4 (Delays and Implementation).

                                           Part 3.1 - Service Management

1             Service Desk

1.1           The Service Desk shall operate as a managed service with a single point of contact for all
              Service interactions with the Supplier, irrespective of whether this is in relation to order and
              fulfilment, queries, faulty or damaged Devices, lost or stolen Devices, or request for change
              (RFC). The Supplier shall process Orders for the Services that are in written format, in
              accordance with schedule 6 (Ordering Procedure,) from the Authorised Customer
              Representative.

1.2           The Supplier shall provide a dedicated freephone number for Users to contact the Service
              Desk. The Service Desk, provided by the Supplier to support the Services, is accessed
              through a non geographical, non premium number: 0800 8407121. The Customer should
              ensure that this number is not blocked on their telephone systems so as to ensure Users
              have access to adequate ongoing information and support.

1.3           Should calls to the Service Desk be recorded for training purposes, the Supplier shall notify
              the caller either by automated message before being connected to the Service Desk Supplier
              Personnel, or the Service Desk Supplier Personnel shall inform the caller verbally on
              answering the call.

1.4           The Authority, Users, Customers, and Authorised Customer Representatives shall be able to
              communicate with the Service Desk via:

              (a)     Telephone

              (b)     Email

              (c)     Fax

              (d)     Web portal




10-404788-3                                             44
              (e)    Letter

1.5           Location

              The Service Desk shall be co-located in Pontefract within the Alarm Response Centre (ARC).

              (a)    Primary Site:

                     Reliance Security Group Limited
                     PO Box 159
                     Pontefract West Yorkshire
                     WF8 1NB

              (b)    Disaster Recovery (DR) Location:

                     Reliance Security Group Limited
                     PO Box [ ]
                     Manchester
                     M22 55QZ

1.6           Service Desk Hours of Operation

              (a)    The Service Desk shall be available between 6am and 8pm, Monday to Friday,
                     excluding weekends and Bank Holidays.

              (b)    There shall be an overlap of Service Desk Supplier Personnel in which a full
                     handover of activity and events shall occur within the Service Desk Working Day.

1.7           Out of Hours Service Desk Operation

              (a)    Between the hours of 8pm and 6am, weekends/bank holidays shall be covered by the
                     ARC Supplier Personnel. The ARC Supplier Personnel shall:

                     (i)      Take all out of hours Service Desk calls;

                     (ii)     Log all RFC‟s for Services on the customer relationship management system
                              (CRM);

                     (iii)    Provide User advice;

                     (iv)     Carryout first level diagnostic for technical questions or faulty/damaged
                              Devices;

                     (v)      Carry out a Location Fix via the location tracking software for lost/stolen
                              Devices and log requests for replacement Devices;

                     (vi)     Advise response time with the User;

                     (vii)    Provide CRM reference numbers;

              (b)    Out of hours requests for further action, process and follow up shall be logged at the
                     time of the call and passed to the Service Desk Supplier Personnel via CRM. The
                     Service Desk Supplier Personnel shall action, process and follow up on the calls
                     during core hours of operation.




10-404788-3                                            45
1.8           Use of dedicated/non dedicated staff

              The facility at Pontefract and the Service Desk Supplier Personnel shall be dedicated to the
              Services, with Supplier Personnel performing all administration tasks relating to implementing
              new Users and ongoing support for existing Users. The Service Desk Supplier Personnel
              shall be able to access all associated systems to ensure quick and effective resolution of all
              issues, managing all enquiries and queries through to resolution, engaging with the ARC and
              Service Maintenance functions as necessary.

1.9           Resource Levels

              The Supplier shall provide sufficient Supplier Personnel to ensure it can perform the Services
              to the agreed Service Levels.

1.10          Managing peaks and troughs in Service Desk workload including absences

              The Supplier shall manage peaks and troughs, including absences, to ensure it can perform
              the Services to the agreed Service Levels.

1.11          Managing Attrition

              (a)     Attrition for the Service Desk Supplier Personnel shall be managed by actively
                      engaging staff in the following ways:

                      (i)      Monthly 1-2-1 performance sessions where goals related to performance
                               against KPI‟s shall be discussed;

                      (ii)     Quarterly Individual Development Plan (IDP) sessions that agree plans for
                               achieving career goals, e.g. gaining leadership experience;

                      (iii)    Monthly Supplier Personnel team briefings to improve communication and
                               encourage participation;

                      (iv)     Continuous improvement scheme to reward Supplier Personnel for making
                               suggestions to improve the way Supplier Personnel work;

                      (v)      Regular team building events;

                      (vi)     A staff forum where Service Desk Supplier Personnel shall be given the
                               opportunity to raise areas of concern or make suggestions;

                      (vii)    Provide leadership and training opportunities for Supplier Personnel; and

                      (viii)   Investing in, and implementing technical solutions to improve operating
                               efficiency.

              (b)     Given the sensitive nature of the Services, the Supplier shall use reasonable
                      endeavours to maintain annual attrition levels below 15%. Where yearly attrition
                      exceeds 15%, or the Supplier anticipates that the 15% threshold may be exceeded,
                      the Supplier shall notify the Authority and discuss and agree an action plan to
                      stabilise the attrition rate. The Supplier shall form a project team whose primary task
                      shall be to look at possible reasons for higher than anticipated attrition. The project
                      team shall look at:

                      (i)      Local competition, e.g. new ARC established;


10-404788-3                                             46
                      (ii)    Supplier Personnel pay and conditions versus other local employers; and

                      (iii)   Service Desk related issues contributing to higher attrition.

1.12          Recruitment, training and accreditation of Service Desk Supplier Personnel

              (a)     All vetting and recruitment of Service Desk Supplier Personnel shall be in accordance
                      with clause 24 (Personnel Security).

              (b)     Selection shall be by way of competency based interviews and satisfactory results of
                      computer literacy tests. All recruits shall undergo a comprehensive induction process
                      to introduce employees to the Service Desk, ARC and Devices. This includes health
                      and safety information as well as fire evacuation procedures.

              (c)     The Supplier Personnel shall be trained in the following:

                      (i)     The Services - An Introduction

                              (A)     Service Desk processes and protocols;

                              (B)     Risks/dangers faced by NHS lone workers;

                              (C)     Difference to traditional alarms;

                              (D)     Device use and maintenance;

                              (E)     User Service needs; and

                              (F)     Examples of good/bad Red/Amber Alerts.

                      (ii)    Conducting Dynamic Risk Assessments

                      (iii)   Delivering Excellent Customer Service

                              (A)     Dealing with difficult customers;

                              (B)     Dealing with difficult situations;

                              (C)     Working within time bound parameters;

                              (D)     Working with stressful situations; and

                              (E)     Taking objective decisions.

                      (iv)    Understanding the Customer

                              (A)     NHS organisational structure;

                              (B)     NHS Users and their situations;

                              (C)     NHS acronyms and definitions;

                              (D)     NHS User work profiles;

                              (E)     NHS User environmental knowledge; and




10-404788-3                                             47
                              (F)      NHS working Conditions.

                     (v)      Use of CRM;

                     (vi)     Use of Alarm Handling Software;

                     (vii)    Telephone techniques;

                     (viii)   Email etiquette; and

                     (ix)     Soft skills.

              (d)    All Supplied Personnel shall have individual training records that keep a record of all
                     training received and shall be reviewed regularly.

              (e)    All Service Desk Supplier Personnel shall undergo training and competency
                     assessment before inclusion in the rota. They shall be continually assessed and
                     receive ongoing and annual refreshment training in accordance with contract and
                     service needs, and in accordance with development reviews and individual
                     assessment.

              (f)    The Authority will accept and test the training material in accordance with the
                     Operational Change Procedure with any further amendments being in accordance
                     with the same procedure.

1.13          Vetting of Service Desk Supplier Personnel

              (a)    All vetting and recruitment of Service Desk Supplier Personnel shall be in accordance
                     with clause 24 (Personnel Security).

              (b)    The Supplier shall employ a series of rigorous checks on all candidates for
                     employment. These include:

                     (i)      Five year employment and education screening check;

                     (ii)     Mandatory take up of character references;

                     (iii)    Credit check; and

                     (iv)     Criminal Records Bureau (CRB) check.

1.14          Service Maintenance (second line support)

              (a)    The Supplier shall provide a second line support function as an extension to the
                     Service Desk. The Service Maintenance Supplier Personnel shall be co-located in
                     Pontefract within the Service Desk and Alarm Receiving Centre.

              (b)    Service Maintenance shall be available between 9am and 5pm Monday to Friday and
                     will provide sufficient Supplier Personnel to ensure it can perform the Services to the
                     agreed Service Levels.

              (c)    Service Maintenance shall provide the following functions:

                     (i)      Configuration of all Devices with SIM cards, logging details on the Alarm
                              Handling Software;



10-404788-3                                           48
                     (ii)     Re-configuration of Devices and logging any change on the Alarm Handling
                              Software;

                     (iii)    Second line technical support to all Users on problem solving, usability
                              issues, SIM issues;

                     (iv)     Shipping and receipt of any faulty, damaged, lost or stolen Devices and/or
                              their replacements in line with agreed service levels; and

                     (v)      Managing the Technology Refresh of any Device returned.

1.15          Ordering and Fulfilment process

              The Supplier shall adhere to the Ordering Procedures set out in schedule 6 (Ordinary
              Procedures).

1.16          Production and Authority acceptance (in accordance with the Operational Change Procedure)
              of Service Desk Standard Operating Procedures, scripts and process flows.

              (a)    The Supplier shall design a set of bespoke process maps, protocols and scripts to
                     deal with the range of Service Desk transactions. The Authority will accept and test
                     the SOP‟s, scripts and process flows as defined in the Implementation Plan in
                     accordance with the Operational Change Procedure. The Supplier shall conduct
                     reviews with the Authority in order to modify, expand or amend existing process
                     maps, protocols and scripts to conform to the needs of the Authority. These reviews
                     shall be conducted by the Supplier, in the form of Supplier operational and account
                     management staff, as required. Any further amendments will be in accordance with
                     the Operational Change Procedure.

1.17          Capture and Collation of User Data

              (c)    The Supplier shall capture and collate data for all Users. Every User shall complete
                     and sign a User Information Form, which provides information specific to individual
                     Users, an example of which is attached at Appendix 1.

                     The minimum/mandatory data set required for setting up a User is:

                     (i)      First Name;

                     (ii)     Surname;

                     (iii)    Date of birth;

                     (iv)     Job role;

                     (v)      Customer;

                     (vi)     Department;

                     (vii)    Work mobile (if issued);

                     (viii)   Site contact telephone number (if available);

                     (ix)     Password (for example: mother‟s maiden name);




10-404788-3                                              49
                      (x)       2 x escalation contacts (in hours): name, position and contact number(s);

                      (xi)      1 x escalation contact (out of hours): name, position and contact numbers;
                                and

                      (xii)     Sex.

                      The additional (desirable) information required for setting up a User is:

                      (xiii)    Title (Mr/Mrs/Miss/Ms/Other);

                      (xiv)     Known as/nickname;

                      (xv)      Work email;

                      (xvi)     Personal mobile;

                      (xvii)    Normal working pattern;

                      (xviii)   Hair colour;

                      (xix)     Ethnic origin;

                      (xx)      Height;

                      (xxi)     Weight;

                      (xxii)    Car details (make/model/registration/colour; and

                      (xxiii)   Medical conditions.

              (b)     All Users must complete and sign a User Information Form which includes consent
                      for the use of the Location Fix in the event of a Genuine Alarm and accepts terms
                      relating to data security. The Supplier shall only perform a Location Fix on a Device if:

                      (i)       Requested by the User;

                      (ii)      Genuine Alarm activated; and

                      (iii)     Device reported lost or stolen.

              (c)     The minimum/mandatory and additional (desirable) data set shall be used to populate
                      the CRM/Alarm Handling Software User record.

              (d)     Escalation details for each User shall be obtained from the Authorised Customer
                      Representatives prior to „go live‟.

              (e)     Users must have completed and signed a User Information Form, and successfully
                      completed the lone worker training programme before they can utilise the Device and
                      Services.

1.18          Integrity and security of data

              (a)     All data relating to the Device (e.g. serial number, software version number,
                      commission date) SIM (e.g. phone number and serial number), and User, shall be



10-404788-3                                               50
                     kept secure within a dedicated CRM system. All of this data shall be kept up to date
                     in real time, with a time/date stamp audit trail.

              (b)    All Supplier users of the CRM application shall need to supply a username and
                     password to gain access. Remote CRM users (i.e. Supplier Account Managers,
                     Supplier Trainers, Supplier Service Maintenance) shall only be able to access the
                     CRM system from the Supplier‟s PCs which are part of the Supplier domain. The
                     CRM application shall not be available across the Internet.

              (c)    The CRM application will be available to Supplier‟s remote CRM users across a
                     Virtual Private Network (VPN).

              (d)    The Supplier shall comply with ISO/IEC 27001 accreditation in relation to data
                     security, as detailed in schedule 14 (Security Policy).

1.19          Customer Surveys

              (a)    The Service Desk shall monitor User feedback on satisfaction levels via all
                     communication channels (telephone, e-mail and letters on a monthly basis and
                     produce result and trend analysis with recommendations and actions to enable the
                     Supplier continuously to improve the quality of the Service. The Supplier shall provide
                     the results of this feedback to the Authority within 5 Working Days of the end of each
                     reporting period. The Service Desk‟s User feedback monitoring each month shall
                     target 1% of all Users. If less than 30% of Users engaged in this process are willing to
                     provide feedback, an alternative means of communication to that initially employed
                     shall be used, so as to increase the level and quality of feedback received.

              (b)    The User feedback shall contain, but not be limited to, considerations of the quality of:

                     (i)     The Service;

                     (ii)    The Device;

                     (iii)   Training;

                     (iv)    Service maintenance;

                     (v)     Service Desk support;

                     (vi)    ARC support; and

                     (vii)   Publicity and communication, including the website.

              (c)    In addition, the Supplier shall conduct a more detailed annual survey targeting all
                     registered Users. This survey shall secure a response of at least 25% of Users and
                     the results shall be made available to the Authority within one month of the closing
                     date of returns.

              (d)    The Supplier shall ensure that the content of User feedback and User Satisfaction
                     Surveys are accepted and tested by the Authority in accordance with the Operational
                     Change Procedure, with any further amendments being in accordance with the same
                     procedure.

1.20          Dealing with Service Desk Queries:



10-404788-3                                            51
              (a)     The CRM application to be used by the Service Desk Supplier Personnel shall be
                      fully auditable and transparent to Supplier Authorised Personnel, logging and tracking
                      all enquiries and interactions with clients, regardless of nature. This is supported by
                      the Return Merchandise Authorisation (RMA) process and RFC processes, which are
                      fully transparent and auditable to Supplier Authorised Personnel.

              (b)     Users shall be informed of resolution timescales at the outset of each enquiry.

              (c)     The Service Desk shall validate the authenticity of Users making service changes
                      through standard identification questions (name, Device details etc), in line with the
                      Security Policy.

              (d)     The Supplier shall obtain verbal agreement from Users before any call is closed
                      down. This shall be supported by confirmation of actions/resolutions, typically by
                      email or text. Where the Supplier is unable to contact the User for verbal agreement
                      to close a call, or where the User is not satisfied with the resolution and that
                      appropriate action has been taken by the Service Desk to resolve the issue, the
                      Service Desk Supplier Personnel shall contact the appropriate Authorised Customer
                      Representative to agree call closure or appropriate action.

              (e)     The Service Desk Supplier Personnel shall attempt to contact the User two times on
                      consecutive days and then escalate to the Users Escalation Contact, with the Service
                      Desk attempting to contact the Escalation Contact two times on consecutive days,
                      after which the Service Desk will close the communication.

1.21          User Refresher Training

              As detailed in Part 3.2 (User Training), the Service Desk Supplier Personnel shall, at the
              request of the User, either provide telephone refresher training at the time of the request, or
              arrange refresher training via the Supplier trainer. The Service Desk Supplier Personnel shall
              confirm training arrangements, made with the Supplier trainer, to the User via email.

1.22          Services Disruption

              As described in Part 3.5 (Networks), the Service Desk shall notify any Users and Authorised
              Customer Representative, in the affected area, of an unplanned network outage via email or
              text, within a maximum of 8 minutes of notification from the Network Operator. The Supplier
              shall notify Users of the outage and that for an estimated period of time they should not rely
              on their Device. Any communication to Users and Authorised Customer Representatives shall
              provide a clear indication of the estimated time of the outage and the start time of the outage,
              if it is planned. The communication shall also include the Service Desk telephone number for
              any User or Authorised Customer Representative to call should they have any questions.

1.23          Escalation Contact Audit Process

              In addition to specific requests from Users and Authorised Customer Representatives to
              change escalation details, the Service Desk shall carry out an audit of escalation details kept
              on record to ensure that Escalation Contacts are kept up to date. The Service Desk shall
              carryout an audit of 5% of Users, on a quarterly basis.

1.24          Dealing with faulty Devices, User damage and stolen Devices:

              (a)     Faulty/Damaged Device Process




10-404788-3                                             52
                    (i)     Users shall either telephone the Service Desk to report a faulty/damaged
                            Device, or log a CRM case via the web portal;

                    (ii)    The User shall be given a reference number generated by the CRM system
                            to enable them to track progress via the Service Desk;

                    (iii)   The Service Desk shall carry out an initial diagnostic to establish the cause of
                            the fault. Where User error is identified as the cause, the Service Desk
                            Supplier Personnel shall provide advice on the correct use and provide
                            details of refresher training, should it be required;

                    (iv)    Where the Device has no signal or is diagnosed as faulty or damaged as a
                            result of the initial diagnostic carried out by the Service Desk Supplier
                            Personnel, the User shall be advised to put the Device on charge to enable
                            Service Maintenance to carry out further diagnostic and resolution;

                    (v)     Where faults cannot be remedied remotely, the Service Desk Supplier
                            Personnel shall contact the User to arrange a next Working Day delivery of a
                            replacement Device/SIM. The Supplier shall agree with the User the most
                            appropriate delivery address for them; this must take account of their working
                            pattern and where they expect to be during the agreed date for delivery. Any
                            replacement Device/SIM sent to the User shall also include prepaid
                            packaging for the User to return any faulty Device or SIM, once they have
                            completed the movement of SIM card from faulty Device to new Device. The
                            Service Desk Supplier Personnel shall contact the User to ensure that the
                            replacement Device/SIM has been received before the call is closed on the
                            CRM system;

                    (vi)    The User shall return the faulty Device/SIM to the Supplier via the prepaid
                            packaging. The Supplier accepts any risk associated with non-returned
                            Devices.

              (b)   Lost/Stolen Device Process

                    (i)     Users shall contact the Police to report the loss or theft of the Device and
                            obtain a crime/incident reference number. The User shall then telephone the
                            Service Desk to report a lost or stolen Device;

                    (ii)    The User shall be given a reference number generated by the CRM system
                            to enable the progress of the request to be tracked via the Service Desk or
                            the web portal;

                    (iii)   The Service Desk shall arrange a next Working Day delivery of a
                            replacement Device. The Supplier shall agree with the User the most
                            appropriate delivery address for them; this must take account of their working
                            pattern and where they expect to be during the agreed date for delivery. Any
                            replacement Device sent to the User shall also include prepaid packaging for
                            the User to return any retrieved Device, which shall then be posted back to
                            the Supplier; and

                    (iv)    The User shall be transferred to the ARC Supplier Personnel who shall
                            attempt to find the location of the lost or stolen Device via the location
                            tracking software. The Device location, if found, shall be given to the User to
                            either report to the Police (if stolen), or to attempt to retrieve the Device (if


10-404788-3                                           53
                             lost, and safe to do so). If the Device is located the User shall send the
                             Device to the Supplier for reallocation at a later date. The Supplier accepts
                             any risk associated to non-returned Devices. The Service Desk Supplier
                             Personnel shall contact the User to ensure that the replacement Device/SIM
                             has been received before the call is closed on the CRM system;

1.25          Requests for change

              (a)    User/Customer Details

                     (i)     Users/Customers shall telephone, email or fax the Service Desk, or log a
                             request via the web portal;

                     (ii)    The Supplier Service Desk Personnel shall give the request a reference
                             number generated by the CRM system to enable the progress of the request
                             to be tracked via the Service Desk;

                     (iii)   Where Service Desk Supplier Personnel change User/Customer details on
                             the CRM system or the Alarm Handling Software, all changes shall be
                             recorded and time and date stamped, right through to each key stroke made
                             by the individual;

                     (iv)    Once changes to User/Customer details have been made in the CRM system
                             and Alarm Handling Software by the Service Desk Supplier Personnel, the
                             User/Customer shall receive notification, via email or text, to confirm those
                             changes. The email or text message shall include the new details entered in
                             the CRM system; and

                     (v)     In addition to specific requests from Users to change User details, the
                             Service Desk shall take a proactive approach to ensure that details are kept
                             up to date, by periodically prompting 100% of Users to check/update their
                             details, typically by email or text, a minimum of once a year.

              (b)    Device Reallocation

                     (i)     Authorised Customer Representatives shall telephone, email or fax the
                             Service Desk, or log a request via the web portal;

                     (ii)    The request shall be given a reference number generated by the CRM
                             system to enable the progress of the request to be tracked via the Service
                             Desk;

                     (iii)   The Service Desk shall obtain a completed and signed User Information
                             Form from the new User and immediately update the CRM system, the Alarm
                             Handling Software, and the location tracking software with the new User
                             details. The Service Desk Supplier Personnel shall arrange training for the
                             new User. The new User CRM record shall be suspended until training has
                             taken place; and

                     (iv)    Details of the old User will be deleted or marked as old as requested.

              (c)    Device Configuration

                     (i)     Users and Authorised Customer Representatives shall telephone, email or
                             fax the Service Desk, or log a request via the web portal;


10-404788-3                                           54
                     (ii)    The request shall be given a reference number generated by the CRM
                             system to enable the progress of the request to be tracked via the Service
                             Desk. The User will be told to put the Device on charge and confirm this;

                     (iii)   Configuration requirements shall be recorded by the Service Desk and
                             passed directly via CRM to Service Maintenance, second tier support, for
                             remote configuration;

                     (iv)    Configuration requests shall be carried out by Service Maintenance within 8
                             Working Hours from the time the Device is placed on charge by the User. On
                             completion, Service Maintenance will inform the Service Desk via the CRM
                             system; and

                     (v)     The Service Desk shall notify the User of changes via e-mail or text,
                             immediately following configuration changes.

              (d)    Device Cancellation/Termination/Suspension

                     (i)     Authorised Customer Representatives shall contact the Supplier Account
                             Manager, who shall log the request with the Service Desk via telephone or
                             the web portals;

                     (ii)    Cancellation is defined as those instances where the Customer has signed
                             the Contract but subsequently decides to cancel the Contract or User(s) from
                             the Contract before commencement of the Services. If the Customer provides
                             written (to include email) notification to the Service Desk of the Cancellation
                             within 10 Days of all parties signing the Contract as set out in clause 15.1(a)
                             (Termination and Cancellation) of the Contract then no Charges shall be
                             applied as detailed in schedule 5 (Maximum Charges);

                     (iii)   For termination, the Service Desk shall arrange the return of the Device for
                             future allocation, termination of the SIM, update the CRM system, and
                             remove the existing User from the location tracking software. Early
                             termination fees will apply as detailed in schedule 5 (Maximum Charges); and

                     (iv)    For suspensions, the Authorised Customer Representative shall have the
                             ability to suspend Devices for a minimum of `1 month and a maximum of 3
                             months, as outlined in schedule 5 (Maximum Charges). For periods over 12
                             weeks the responsibility shall be for the Authorised Customer Representative
                             to redeploy the Device. The Authorised Customer Representative shall inform
                             the Supplier of the expected duration of the suspension, and the Supplier
                             shall notify the Authorised Customer Representative a week before the end
                             of the suspension period.

1.26          Interface with the ARC

              The CRM system shall be accessible to authorised Supplier Personnel in both the Service
              Desk and the ARC. The CRM system shall be used for recording and updating User details,
              User history, Device details, RFCs, and caller interaction logging.

1.27          User Information Resources for different categories of NHS staff e.g. User, LSMS, Customer
              etc and to include Information website




10-404788-3                                           55
              (a)    The Service Desk shall provide the following information to Users, Authorised
                     Customer Representatives and Customers:

                     (i)     Frequently asked questions (FAQs) relating to both Device (for example, how
                             to use, when to use, network coverage issues);

                     (ii)    Queries relating to the Services (for example, "how do I change personal
                             details, reallocate Devices, book training or refresher training");

                     (iii)   On-the-phone User refresher training; and

                     (iv)    Authorised Customer Representative contact details for Users.

              (b)    The Supplier shall also develop a web portal for Users, Authorised Customer
                     Representatives and Customers to provide the following information:

                     (i)     Service Desk contact details;

                     (ii)    FAQs;

                     (iii)   General information - Services and Device;

                     (iv)    On-line training for Users;

                     (v)     On-line queries logging; and

                     (vi)    RFC logging.

              (c)    Through dialogue with the Authority and Customers, the Supplier shall ensure the
                     online support to Users is continuously developed. Any amendments shall be
                     updated in accordance with the Operational Change Procedure.

1.28          Complaint Handling

              (a)    Users, Customers, Authorities, and Authorised Customer Representatives shall
                     telephone, email, fax or write to the Service Desk, or log a complaint via the web
                     portal. All complaints shall be acknowledged by the Supplier by e-mail within 2
                     Working Hours of receipt, including resolution timescale.

              (b)    Complaints shall be logged on the CRM system and given a reference number to
                     enable the progress of the complaint to be tracked via the Service Desk.

              (c)    Complaints shall be categorised as follows:

                     (i)     Service; and

                     (ii)    Technology.

              (d)    All first stage complaints shall be sent to the Service Desk Supplier Personnel
                     (Supervisor), who shall investigate the complaint and respond within 5 Working Days.

              (e)    In the event that the complaint is not resolved to the complainant‟s satisfaction, the
                     Service Desk Supplier Personnel (Supervisor) shall escalate the complaint to a
                     second stage, and confirm the resolution timescale to the complainant. The
                     complaint shall be escalated to the Supplier Personnel (Operations Manager) and the



10-404788-3                                            56
                     Supplier Personnel (Account Manager). Both the Supplier Personnel (Operations
                     Manager) and the Supplier Personnel (Account Manager) shall investigate the
                     complaint, liaising directly with the Authorised Customer Representative and respond
                     within 5 Working Days of receipt from the Service Desk Supplier Personnel
                     (Supervisor) (maximum of 10 Working Days from the initial complaint).

              (f)    Information surrounding each complaint shall be provided to the Authority as set out
                     in schedule 7 (Management Information).




                                            Part 3.2 - User Training

1             User Training

1.1           The Service shall comprise of an integral training model to ensure that every User receives
              comprehensive training in order to understand how and when to operate the Device, and the
              support provided by the Supplier to the User. The Supplier shall ensure that face-to-face
              training shall be the primary format for the Service. The User training provided by the
              Supplier shall conform with the Authority‟s lone worker Guidance

1.2           Scheduling User Training

              (a)    Implementation-Roll Out

                     Once an Order has been obtained, the Supplier account manager shall be
                     responsible for setting up a project team made up of the following:

                     (i)      Supplier account manager;

                     (ii)     Authorised Customer Representative(s);

                     (iii)    Representative bodies (at Customer‟s discretion); and

                     (iv)     Department managers (at Customer‟s discretion).

              (b)    The project team shall attend a face-to-face meeting within one month of the effective
                     date, based on the Order, agree:

                     (i)      Number of Devices versus Users (pooled Devices);

                     (ii)     Local knowledge on most suitable Network Operator;

                     (iii)    The Authorised Customer Representative and a deputy;

                     (iv)     Department managers contact details;

                     (v)      Escalation Contact points;

                     (vi)     Customer lone worker Policy and Procedure;

                     (vii)    Police contact – Crime Reduction Officer (CRO);

                     (viii)   Suitable training course locations to cope with the User numbers;

                     (ix)     Training course roll out; and


10-404788-3                                             57
                      (x)        Go live roll out.

              (c)     The training course and go live roll out shall take into account User holiday and
                      seasonal availability trends.

              (d)     The Service Desk shall use the CRM system to create a framework of training course
                      times, dates and locations.

              (e)     The Service Desk shall contact the Authorised Customer Representative by
                      telephone or email and agree allocation of each User to a specific training course.
                      Where User emails are provided by the Authorised Customer Representative, the
                      Service Desk Supplier Personnel shall confirm details of the schedule training via
                      email to the User. The Supplier shall provide the schedule of User training to the
                      Authorised Customer Representative.

              (f)     The Supplier shall work closely with the Authorised Customer Representative to
                      maximise attendance for each training course.

              (g)     Individual Training

                      (i)        Where individual training is required by the User post implementation/roll out,
                                 the User shall be able to join one of the daily courses delivered by the local
                                 Supplier trainer. In addition, the Supplier shall provide a monthly face to face
                                 training course, organised by Customer or by region. Each course shall be
                                 limited to 15 Users and shall last no longer than 2 hours;

                      (ii)       The Supplier shall also run web training courses on Friday of each week for
                                 Users who request further training via the web portal or the Service Desk.
                                 The training courses shall typically last 1 to 1.5 hours.

1.3           Type of training

              The Supplier shall agree with the Authorised Customer Representative the appropriate
              timescale for training. For urgent training requests, the Supplier shall provide training within 2
              Working Days.

              (a)     Face to face

                      The Supplier shall provide face to face training for Users in courses for a maximum of
                      15 persons, each course lasting no more than 2 hours. Where Users do not return
                      completed User Information Forms prior to training, the Supplier trainer shall provide
                      the User with a User Information Form for completion at the training course. Devices
                      shall be handed out to individuals at the time of training. Device go-live shall normally
                      commence 5 Working Days post training to allow Users to become accustomed to the
                      Device in test mode and for User details to be set up on the Alarm Handling Software.
                      With the agreement of the User, this period can be shortened to no less than 2
                      Working Days.

              (b)     Web training

                      The Supplier shall provide web-based training for:

                      (i)        Users who are unable to attend face to face training;




10-404788-3                                                58
                    (ii)    Users who require refresher training, and are unable to attend face to face
                            training; and

                    (iii)   Urgent training requests where face to face training is not practical.

                    The User shall log on to the web application and shall view training slides (controlled
                    by the trainer) and also join a teleconference call. Users shall receive an email
                    „invitation‟ to the course which shall include the relevant information to access the
                    web portal. The Supplier shall post the pre-configured Device to the User prior to
                    web-based training. The Supplier shall agree with the User the most appropriate
                    delivery address for them; this must take account of their working pattern and where
                    they expect to be during the agreed date for delivery. Users shall be required to have
                    their Devices with them during the training course.

              (c)   Training for grouped and/or pooled Devices

                    The Supplier shall deliver training via face to face and web training methods as
                    described 1.3(a) and (b) above. The training shall be tailored for Users of pooled
                    Devices and shall inform the User of the importance of leaving their full name as part
                    of any Amber Alert message to enable the ARC Supplier Personnel to identify the
                    User in the event of a Red Alert. Failure to leave name details shall not result in a
                    drop in ARC response times, but it may inhibit a fully effective response from the
                    emergency services.

              (d)   Other training (e.g. webex)

                    The Supplier shall provide administrator training to the Authorised Customer
                    Representative. The training shall cover the administration processes during
                    implementation, and ongoing day-to-day User support processes. Training courses
                    shall last 1.5 hours. The Supplier shall provide Administrator training via the following
                    methods:

                    (i)     Face to face training at the Customer premises;

                    (ii)    Web-based training; and

                    (iii)   Face to face courses held regionally.

              (e)   Refresher training

                    Refresher training content shall be tailored to the requirements of the Users attending
                    the course, and shall also include some/all of the content mentioned in (f)(i) to (x).

                    (i)     The Supplier shall provide self-help online support where Users shall be able
                            to access:

                            (A)     Frequently Asked Questions (FAQs);

                            (B)     Video clips to show the ARC and Service Desk operation;

                            (C)     Descriptions and commentary of the key functions of the Devices;

                            (D)     Downloadable training literature; and

                            (E)     Request for further assistance.


10-404788-3                                           59
                      (ii)     The Supplier shall run web training courses on Friday of each week for Users
                               who request further training via the web portal or the Service Desk. The
                               training courses shall typically last 1 – 1.5 hours.

                      (iii)    The Supplier shall provide telephone refresher training for Users as required.

                      (iv)     The Supplier shall provide a monthly refresher face to face training course,
                               organised by Customer or by region. Each course shall be limited to 15
                               Users and shall last no longer than 2 hours.

              (f)     Course content objectives

                      The Supplier shall include the following content in User training via face to face or
                      web based formats:

                      (i)      The rationale for the Department of Health‟s objective for the protection of
                               NHS staff together with the User's responsibilities for their own safety and the
                               use of the Service;

                      (ii)     Key Services      constituents   (Devices,   ARC,    Service   Desk,    Service
                               Maintenance);

                      (iii)    How to the use the Device;

                      (iv)     When to use the Device;

                      (v)      Alarm handling process and escalation through to the emergency services;

                      (vi)     Dynamic risk assessment process linking the Customer‟s lone worker Risk
                               Assessment with the Supplier‟s Solution;

                      (vii)    Customer responsibilities;

                      (viii)   User responsibilities;

                      (ix)     Go live process; and

                      (x)      Ongoing User support (post training)

              (g)     The Supplier shall provide Users with their own individual Device or a test Device to
                      use during the training course. A test Device shall only be used when:

                      (i)      The training is for a pooled Device: the trainer shall ensure that test Devices
                               are available for all Users to practice with (Devices shall be returned at the
                               end of the training session);

                      (ii)     Additional Users attend the course – (Devices shall be returned at the end of
                               the training session).

1.4           Administrator Training

              The Supplier shall include the following content in Administrator training:

              (a)     Key Services constituents (Devices, ARC, Service Desk, Service Maintenance);




10-404788-3                                              60
              (b)     Process of setting Users up on the CRM system and the Alarm Handling System
                      (User information forms and Escalation Contacts);

              (c)     Request for change (RFC) and Return of Merchandise Authorisation (RMA)
                      processes;

              (d)     Ongoing User support (post training).

1.5           Location of training

              (a)     Face to face and administrator training shall be conducted at the Customer‟s own
                      premises, as agreed by the customer project team. These Customer locations shall
                      be the primary location for training sessions for ease of User attendance and
                      administration. The secondary option shall be regional Customer sites. The Supplier
                      shall also offer their own national training locations as a tertiary option, at no cost to
                      the Customer.

              (b)     Training locations shall be recommended by the customer project team and assessed
                      for suitability by the Supplier trainer. Customer training locations shall accommodate
                      a minimum of 20 persons (Users/Trainers/Authorised Customer Representatives) and
                      have the necessary power sockets to enable laptop/projectors to be utilised.

1.6           Storage of Devices on Trust Premises

              (a)     The Supplier may, at the discretion of the Customer, store Devices on Customer
                      premises for the purposes of User training, at no cost to the Customer.

              (b)     The full risk and liability in the devices will remain with the Supplier.

              (c)     The Customer retains the right to refuse such storage of Devices or to require the
                      Supplier to remove any stored Devices from its premises with reasonable notice and
                      at no cost to the Customer.

1.7           Creation and Authority acceptance (in accordance with Operational Change Procedure) of
              course material and documentation

              (a)     Creation

                      The Supplier shall, prior to delivery of any training courses, create and provide the
                      Authority with all course material and documentation that shall be issued in all forms
                      of training for the Service. This material shall be in the form of a Supplier controlled
                      document.

              (b)     Acceptance in accordance with the Operational Change Procedure.

                      The Authority will accept and test the training material in accordance with the
                      Operational Change Procedure. The Authority shall provide, in writing, to the Supplier
                      any requests for amendments and the amendments accepted shall be included on
                      the amendment record associated with the specific Supplier controlled document.
                      Any further amendments shall be accepted in accordance with the Operational
                      Change Procedure.

1.8           Supplier provision of Training Materials and Documentation

              The Supplier shall ensure that:


10-404788-3                                               61
              (a)     A comprehensive User guide is included with each Device;

              (b)     A brief User guide is included with each Device;

              (c)     Each User is given a Device at the point of face to face User training;

              (d)     Hard copies of the training presentation, in a note-taking format, provided to the User
                      during face to face training;

              (e)     Administrator training is supported by hard copies of the training presentation in a
                      note-taking format, and shall also include controlled documents associated with all
                      procedures (flow charts, procedures, forms); and

              (f)     All training materials and documents are controlled documents, and are available to
                      download from the web portal.

1.9           Production and Authority acceptance (in accordance with the Operational Change Procedure)
              of User training Standard Operating Procedures, scripts and process flows.

              All materials and documentation described in paragraph 1.6 above shall be developed by the
              Supplier in close partnership with the Authority. The Authority will accept and test the
              materials in accordance with the Operational Change Procedure. This shall include both the
              development of initial materials and the ongoing development during the course of the
              Framework Agreement. Any further amendments shall be accepted in accordance with the
              Operational Change Procedure.

1.10          Capture and Collation of User Training Data

              The Supplier shall record scheduled training dates and venues against each User via the
              CRM system. Following scheduled training, and confirmation from the Supplier trainer of the
              User‟s attendance, the Service Desk Supplier Personnel shall update the CRM system with
              actual training details.

1.11          Mechanism for identifying refresher training

              (a)     Users shall be able to request refresher training via:

                      (i)     The Authorised Customer Representative;

                      (ii)    The Supplier account manager;

                      (iii)   The Service Desk; and

                      (iv)    The web portal.

              (b)     The Service Desk shall proactively identify/recommend/suggest refresher training
                      based on:

                      (i)     Contact with Users following False Alarms; and

                      (ii)    The analysis of User activity as part of the compilation of monthly reports into
                              the Authorised Customer Representative.

1.12          Training Record keeping process




10-404788-3                                             62
              The Supplier shall retain training records via the CRM system for the duration of each contact.

1.13          User Accreditation

              Users who attend and complete the User training, to the satisfaction of the Supplier trainer,
              shall be accredited as having completed the User training. Trainers shall confirm which Users
              attended each course by completing the attendance record, and the Service Desk shall
              produce a monthly report of attendees to the Authorised Customer Representative.

1.14          Vetting of Trainers

              The vetting of trainers shall be in accordance with clause 24 (Personnel Security).        The
              Supplier shall provide trainers who:

              (a)     Have been cleared in accordance with HM Government‟s Vetting Policy, as a
                      minimum; and

              (b)     Have completed and conformed with the Supplier 10 year employment history check,

              in accordance with the BS7858 standard

1.15          Recruitment, training and accreditation of Trainers

              (a)     The recruitment of all trainers shall be in accordance with clause 24 (Personnel
                      Security). The Supplier shall maintain an effective recruitment process to ensure
                      there are sufficiently trained and accredited trainers to meet the Services to the
                      agreed Service Levels. Trainers shall complete the Supplier‟s induction programme
                      prior to delivering User training.

              (b)     Trainers shall complete the Supplier‟s train the trainer programme and shall be
                      accredited accordingly.

              (c)     Trainers shall complete a lone worker induction programme to include:

                      (i)     User training;

                      (ii)    Alarm Handling;

                      (iii)   Nature of risks and environments of Users;

                      (iv)    Service Desk processes;

                      (v)     CRM - call handling; and

                      (vi)    Shadowing existing Trainers.

              (d)     The Supplier will provide refresher training for the trainers based on amendments to
                      the lone worker Service.

              (e)     Users shall be given the opportunity to complete a training feedback form for every
                      training course attended. The feedback form shall cover:

                      (i)     Trainer delivery;

                      (ii)    Appropriateness of course content;



10-404788-3                                              63
                      (iii)   Training materials; and

                      (iv)    Course facilities.

              (f)     The Supplier account manager shall review all training feedback forms on a monthly
                      basis. Negative and positive comments regarding the training delivery shall be
                      investigated / discussed with the Supplier trainer and, as required, the Supplier
                      Account Manager shall implement a corrective action plan which shall be made
                      available for discussion with the Authorised Customer Representative(s) and/or the
                      Authority as appropriate.

              (g)     Supplier trainers shall be continually assessed and receive ongoing and annual
                      refresher training in accordance with contract and service needs, and in accordance
                      with development reviews and individual assessment.

                                   Part 3.3 - Alarm Receiving Centre (ARC)

1             ARC Description and Introduction

1.1           The Supplier shall provide an Alarm Receiving Centre (ARC) capable of monitoring Users
              Red Alerts, Amber Alerts and Status Checks covering every geographical location where
              NHS lone workers need to operate within England. The ARC shall be accredited to BS5979
              Cat II. The Services provided shall support a range of User profiles to support the differing
              needs of the diverse User groups. The User profiles shall allow bespoke escalation
              procedures and direct communications with the emergency services. The Services shall
              facilitate Status Checks, support a wide range of User Devices and a variety of tracking
              options (from basic tracking to more accurate tracking). The ARC shall record audio in the
              event of a Red Alert or Amber Alert activated by the User and the Supplier Personnel shall
              monitor and record events in a way that is legally admissible in prosecution cases that arise.

1.2           The Supplier will submit for review and acceptance by the Authority, ARC Standard Operating
              Procedures (SOP‟s). The Authority will accept and test the SOPs in accordance with the
              Operational Change Procedure any further amendments being in accordance with the same
              procedure.

1.3           Location

              The ARC shall be located in the British Telecom exchange in Pontefract, West Yorkshire and
              shall be accredited to BS5979 Cat II. This governs its technical specification and the
              procedures by which it shall operate.

              (a)     ARC Location:

                      Reliance Security Group Limited
                      PO Box 159
                      Pontefract West Yorkshire
                      WF8 1NB

              (b)     Disaster Recovery (DR) Location:

                      Reliance Security Group Limited
                      PO Box [ ]
                      Manchester
                      M22 55QZ



10-404788-3                                             64
1.4           Hours of operation

              The Supplier shall provide ARC Services 24 hours per day, 365 days per year.

1.5           Use of dedicated/non dedicated staff

              The ARC shall utilise Supplier Personnel that are dedicated to the Services.

1.6           Resource levels

              The Supplier shall provide sufficient Supplier Personnel to ensure it can perform the Services
              to the agreed Service Levels.

1.7           Managing peaks and troughs in ARC workload including absences

              (a)     The Supplier shall manage peaks and troughs, including absences, to ensure it can
                      perform the Services to the agreed Service Levels.

              (b)     To ensure Service Levels are achieved during periods of alarm volume peaks, the
                      Supplier shall:

                      (i)       construct resource requirement schedules and shift detail, to respond to any
                                anticipated alarm peak;

                      (ii)      dedicate ARC Supplier Personnel to the Services. In addition there will be an
                                additional 30% of trained ARC Supplier Personnel, made available to support
                                the dedicated team during peak periods; and

                      (iii)     train All ARC Supplier Personnel to the standards detailed in paragraph
                                1.9(e) below.

1.8           Managing Attrition

              (a)     Attrition for the ARC Supplier Personnel shall be managed by actively engaging staff
                      through the following:

                      (i)       Monthly 1-2-1 performance sessions where goals related to performance
                                against KPIs shall be discussed;

                      (ii)      Quarterly Individual Development Plan (IDP) sessions that agree plans for
                                achieving career goals, e.g. gaining leadership experience;

                      (iii)     Monthly team briefings for Supplier Personnel to improve communication and
                                encourage participation;

                      (iv)      Continuous improvement scheme to reward Supplier Personnel for making
                                suggestions to improve the way Supplier Personnel work;

                      (v)       Regular team building events;

                      (vi)      A staff forum where ARC Supplier Personnel shall be given the opportunity to
                                raise areas of concern or make suggestions;

                      (vii)     Provide leadership and training opportunities for Supplier Personnel; and




10-404788-3                                              65
                      (viii)   Investing in, and implementing technical solutions to improve operating
                               efficiency.

              (b)     Given the sensitive nature of the Services, the Supplier shall use reasonable
                      endeavours to maintain annual attrition levels below 15%. Where yearly attrition
                      exceeds 15%, or the Supplier anticipates that the 15% threshold may be exceeded,
                      the Supplier shall notify the Authority and discuss and agree an action plan to
                      stabilise the attrition rate. The Supplier shall form a project team whose primary task
                      shall be to look at possible reasons for higher than anticipated attrition. The project
                      team shall look at:

                      (i)      Local competition, i.e. new ARC established;

                      (ii)     Staff pay and conditions versus local employers; and

                      (iii)    ARC related issues contributing to higher attrition.

1.9           Recruitment, training and accreditation of ARC Supplier Personnel.

              (a)     The vetting and recruitment of all ARC Supplier Personnel shall be in accordance
                      with clause 24 (Personnel Security).

              (b)     Selection shall be by way of competency based interviews and satisfactory results of
                      computer literacy tests. All recruits shall undergo a comprehensive induction process
                      to introduce new Supplier Personnel to the ARC, Service Desk, and Devices. This
                      includes health and safety information as well as fire evacuation procedures.

              (c)     The ARC Supplier Personnel shall be trained in the following:

                      (i)      The Services - An Introduction. To cover:

                               (A)     ARC processes and protocols;

                               (B)     Risks/dangers faced by lone workers;

                               (C)     Difference to traditional alarms;

                               (D)     Device use and maintenance;

                               (E)     User Service needs;

                               (F)     Examples of good/bad Red/Amber Alerts;

                               (G)     Escalation procedures; and

                               (H)     Types of Device.

                      (ii)     Lone worker Operating Procedures

                               (A)     Technical competence training and test to include training to
                                       establish a Location Fix; and

                               (B)     Side-by-side evaluation (minimum of 24 hours).




10-404788-3                                               66
                    (iii)    Conducting dynamic risk assessments (a continuous process of identifying
                             hazards and risks and taking steps to eliminate or reduce them in the rapidly
                             changing circumstances of an incident).

                    (iv)     Delivering excellent customer service, though:

                             (A)      Dealing with difficult customers;

                             (B)      Dealing with difficult situations;

                             (C)      Working within time bound parameters;

                             (D)      Working with stressful situations; and

                             (E)      Taking objective decisions.

                    (v)      Understanding the Customer

                             (A)      NHS organisational structure;

                             (B)      NHS Users and their situations;

                             (C)      NHS acronyms and definitions;

                             (D)      NHS User work profiles;

                             (E)      NHS User environmental knowledge; and

                             (F)      NHS working conditions.

                    (vi)     Use of CRM

                    (vii)    Use of Alarm Handling Software

                    (viii)   Use of location tracking software

                    (ix)     Telephone techniques

                    (x)      Email etiquette

                    (xi)     Soft skills

                    (xii)    Required process for the provision of evidence

              (d)   All ARC Supplier Personnel shall have individual training records that keep a record
                    of all training received and shall be reviewed regularly.

              (e)   All ARC Supplier Personnel shall undergo training and competency assessment
                    before inclusion in the rota. They shall be continually assessed and receive ongoing
                    and annual refreshment training in accordance with contract, service needs, and any
                    changes to Services in accordance with development reviews and individual
                    assessment.

              (f)   The Authority will accept and test the training material in accordance with the
                    Operational Change Procedure, with any further amendments being in accordance
                    with the same procedure.


10-404788-3                                             67
1.10          Vetting of ARC Supplier Personnel

              The vetting and recruitment of all ARC Supplier Personnel shall be in accordance with clause
              24 (Personnel Security). The Supplier shall employ a series of rigorous checks on all
              candidates for employment. These include:

              (a)     Five year employment and education screening check;

              (b)     Mandatory take up of character references;

              (c)     Credit checks of all staff; and

              (d)     CRB checks.

1.11          ARC Supplier Personnel performance

              The Supplier shall ensure that the ARC Supplier Personnel meet the performance
              requirements to deliver the Services as follows:

              (a)     ARC Supplier Personnel response to an incoming Red Alert shall be within 10
                      seconds;

              (b)     The Supplier shall monitor, review and assess, on a monthly basis, 10% of Red Alerts
                      taken by each ARC Supplier Personnel to ensure processes and protocols are
                      followed;

              (c)     The Supplier shall monitor, review and assess, on a monthly basis, 10% of all notes
                      taken by each ARC Supplier Personnel to ensure Service Levels are met with respect
                      to management information reports;

              (d)     As detailed in Part 3.1 (Service Management), the Supplier shall monitor User
                      feedback on satisfaction levels via all communication channels (telephone, e-mail and
                      letter) on a monthly basis and produce result and trend analysis with
                      recommendations and actions to enable the Supplier to continuously improve the
                      quality of the Service. The Supplier shall provide the results of this feedback to the
                      Authority within 5 Working Days of the end of each reporting period.

2             ARC processes and response to Alerts

2.1           Amber Alerts shall be recorded by the Alarm Handling Software and shall only be listened to
              by ARC Supplier Personnel during quality audits, and in the event of a Red Alert.

2.2           All Amber Alert audio that is not related to a Red Alert shall be deleted by the Supplier after
              24 hours.

2.3           Recording shall commence on receipt of a Red Alert and shall be automatically prioritised by
              the Alarm Handling Software. The ARC Supplier Personnel shall commence monitoring the
              voice channel within 10 seconds, and monitor and assess the situation to determine whether
              it is a False Alarm or a Genuine Alarm.

2.4           For False Alarms.

              In the first instance, the Supplier shall contact the User, via the telephone number provided on
              the User Profile Form and ask them to manually reset the Device;




10-404788-3                                             68
              (a)     In the event that the ARC Supplier Personnel cannot contact the User, the recording
                      shall continue, and the Supplier shall follow the escalation procedure and telephone
                      the contact(s) provided by the Authorised Customer Representative;

              (b)     In the event that the ARC Supplier Personnel cannot contact either the User, or the
                      Escalation Contact, recording shall continue and voicemails shall be left for the User
                      and the Escalation Contacts every 20 minutes, to advise them to contact the ARC.
                      The recording shall continue until the Device battery expires.

2.5           Genuine Alarms.

              The ARC Supplier Personnel shall listen to the live audio, perform a Location Fix on the User,
              cross- reference the location with the message left on the Amber Alert audio recording, and
              conduct dynamic risk assessments. Where the ARC Supplier Personnel deems it appropriate
              further Location Fixes can be acquired. As a result the Genuine Alarm will be classified
              either:

              (a)     Genuine Alarm Closed Safely

                      (i)     This occurs when the Red Alert is cancelled by the User because they are no
                              longer at risk. The Supplier Personnel shall then contact the User by
                              telephone to:

                              (A)     confirm the situation is satisfactorily closed

                              (B)     ensure that the Supplier understands the reasons for the User
                                      activating the Alarm

                              (C)     provide User reassurance that

                      (ii)    In the event that the ARC Supplier Personnel cannot contact the User the
                              Supplier shall follow the escalation procedure and telephone the contact(s)
                              provided by the Authorised Customer Representative.

                      (iii)   In the event that the ARC Supplier Personnel cannot contact either the User,
                              or the Escalation Contact, voicemails shall be left for the User and the
                              Escalation Contacts every 20 minutes, to advise them to contact the ARC.

              (b)     Genuine Alarm Escalated to the Emergency Services

                      (i)     The ARC Supplier Personnel shall listen to the live audio, perform a Location
                              Fix on the User, cross- reference the location with the message left on the
                              Amber Alert audio recording, (where available) and conduct dynamic risk
                              assessments until the situation requires the escalation procedure to be
                              followed.

                      (ii)    The Supplier Personnel shall escalate the alarm to the Police or the
                              appropriate emergency services, and also contact the specified Escalation
                              Contact, should the outcome of the audio assessment meet any of the
                              following criteria:

                              (A)     Physical/verbal assault/robbery;

                              (B)     Potential assault about to take place;



10-404788-3                                             69
                              (C)     User in distress and/or asks for assistance; and

                              (D)     User asks for the Police or other Emergency Services.

                      (iii)   In the event that the ARC Supplier Personnel cannot contact the Escalation
                              Contacts, voicemails shall be left for the Escalation Contacts every 20
                              minutes, to advise them to contact the ARC.

2.6           Liaison & Co-ordination with Emergency Services

              (a)     The ARC shall utilise the Unique Reference Number (URN) process developed by the
                      Association of Chief Police Officers (ACPO). When dealing with Emergency Services
                      that do not use the URN process, the ARC Supplier Personnel shall dial 999, and ask
                      to be put through to the emergency services local to the Device location;

              (b)     The last known Location Fix and all User Information shall be made available to the
                      emergency services, including known user medical conditions;

              (c)     The ARC Supplier Personnel shall listen until the User confirms they are safe.

2.7           Escalation

              User Escalation Contact details shall be stored in the Alarm Handling Software and shall be
              referred to by the ARC Supplier Personnel when escalation is required.

2.8           Poor coverage

              (a)     The Supplier shall provide management information, via the Alarm Handling
                      Software, relating to poor GSM network coverage at the end of each reporting period
                      to the Authorised Customer Representative. Users who have issues with network
                      coverage will be highlighted in this report.

              (b)     As outlined in Part 3.5 (Networks), where inadequate coverage for a User is identified
                      the Supplier shall contact the User and instigate a proactive discussion. If the User
                      could achieve better coverage on another network the Supplier shall arrange a „SIM
                      swap‟ onto that network.

              (c)     In the event that poor or no coverage is the result of network outages the process
                      outlined in Part 3.5 (Networks) shall be followed by the Supplier.

2.9           Inactivity Checks

              The Supplier shall provide management information, via the Alarm Handling Software,
              relating to low (less than 10% of the average monthly Amber Alerts) or no Device activity.
              This report shall be supplied to the Authorised Customer Representative on a monthly basis
              and the threshold of checks shall be reviewed, and any amendments shall be updated in
              accordance with the Operational Change Procedure on a quarterly basis.

2.10          (Quality checks on Amber Alerts and Red Alerts

              The Supplier shall complete quality checks on all Red Alerts, all Amber Alert messages
              associated with Red Alerts, and 1% of all other Amber Alerts. Particular focus shall be
              applied to new Users. The quality checks shall involve:

              (a)     Audibility


10-404788-3                                            70
              (b)    Timing

              (c)    Fullness of information (i.e. postcode, house number) and

              (d)    Quality of risk evaluation

              and this assessment and feedback shall form part of the Management Information reports to
              the Customer and Authorised Customer Representative.

2.11          Production and Authority acceptance (in accordance with the Operational Change Procedure)
              of Standard Operating Procedures, Scripts and Process Flows:

              (a)    The Supplier shall design a set of bespoke Standard Operating Procedures, scripts
                     and process maps, to deal with the range of ARC functions. The Authority will accept
                     and test the SOPs in accordance with the Operational Change Procedure.

              (b)    The Supplier shall conduct reviews with the Authority in order to modify, expand or
                     amend existing Standard Operating Procedures, scripts, and process maps to
                     conform to the needs of the Authority. These reviews shall be conducted by the
                     Supplier, in the form of Supplier operational and account management staff, as
                     required. Any further amendments shall be accepted in accordance with the
                     Operational Change Procedure.

3             Capture and Collation of User Data

3.1           Recording of evidence and provision of evidence

              The Supplier shall record Red Alerts and Amber Alerts, via the Alarm Handling Software, in a
              format that can be used in a court as evidence. Where incidents occur that may require
              provision of evidence, the Supplier shall adhere to the following:

              (a)    The Supplier shall report Red Alerts to the Authorised Customer Representative
                     within 15 minutes of the Red Alert closure;

              (b)    At the conclusion of a Genuine Alarm, and where evidence is required by the Police
                     or the Authorised Customer Representative/LSMS, the associated data shall be
                     downloaded from the appropriate server i.e. Alarm Handling Software/telephone
                     system, to an encrypted copy disc. The quality of the storage data shall be
                     comparable to that of the original. The copy data shall be placed in secure storage
                     inside the BS5979 CAT II Centre;

              (c)    The Authorised Customer Representatives/LSMS shall be sent within one hour of the
                     closure of an incident, an email containing unique incident details of all Genuine
                     Alarms, Genuine Alarms closed safely and False Alarms where the ARC Supplier
                     Personnel believe and incident has taken place, together with a link to a secure
                     password protected website location. The Authorised Customer Representative-
                     LSMS shall be able to access, and listen to, the associated audio via the secure
                     password protected website location. The audio clips will be removed from the unique
                     secure location after a period of 30 days, unless a request is made to extend the
                     period;

              (d)    The ARC Supplier Personnel shall sign a witness statement and retain a copy for
                     Supplier records;




10-404788-3                                           71
              (e)     Where the Police or Authorised Customer Representative/LSMS review a recording,
                      the Supplier shall enter the details in the recorded material register;

              (f)     The Supplier shall record Police visits in the daily occurrence book;

              (g)     Audio discs shall be placed in an evidence bag with the ARC Supplier Personnel
                      witness statement, sealed and labelled. Details of which shall be recorded in the
                      recorded material register; and

              (h)     Either the Police or the Authority shall collect and sign for the evidence bag.

3.2           Archiving Requirement

              The Supplier shall adhere to the following archiving requirements:

              (a)     Recordings of Genuine Alarms shall be retained by the ARC for the Police and the
                      Authorised Customer Representative (LSMS) to access for 12 months and shall be
                      securely disposed by the Supplier at the end of the retention period;

              (b)     In exceptional circumstances, on the request of the Authorised Customer
                      Representative (LSMS), the Supplier shall retain recordings of Genuine Alarms in
                      support of criminal, civil or local action against an offender by the Customer for an
                      agreed period of time. Recordings shall be securely disposed of by the Supplier to the
                      timescales outlined by the Customer;

              (c)     Where a Genuine Alarm is activated but closed safely by the User, without the Police
                      being called, the recording of the Genuine Alarm shall be retained by the ARC for the
                      Police and Authorised Customer Representative to access for 12 months;

              (d)     False Alarm recordings shall be deleted from the Suppliers ARC operating software
                      within 24 hours. Where the ARC Supplier Personnel (LSMS) believe that an incident
                      has taken place even though the User has agreed to close the Alarm, the ARC shall
                      notify the Authorised Customer Representative who shall listen to the recording to
                      ascertain if any further action is required before the recording is deleted;

              (e)     The Supplier will provide recordings to the Authorised Customer Representative
                      (LSMS) if requested to do so in order to fulfil any legal obligation on part of the
                      Customer;

              (f)     Amber Alerts associated with Red Alerts shall be retained for 12 months; and

              (g)     Amber Alerts not associated with Red Alerts shall be retained for three months for
                      User safety development purposes, quality control and in anonymised form for
                      training of ARC Supplier Personnel.




                                             Part 3.4 - User Devices

1             User Devices


1.1           Devices issued are safety equipment, and provided to Users by the Customer and Supplier in
              support of providing a safe working environment, as required under Health and Safety




10-404788-3                                             72
              legislation. Users shall be encouraged to take all due care to maintain the Device in good
              working order.

1.2           Authorised Devices at the date of signing the Agreement are:

                       Identicom i750       Discreet GSM based Device for Users whose primary risk is
                                            verbal abuse or physical attack

                       Identicom i757       Discreet GSM based Device for Users whose primary risk is
                                            verbal abuse or physical attack, with added benefit of GPS
                                            location for Users operating in more rural locations or where
                                            Amber Alerts are not always possible

                       Identicom i770       Discreet GSM based Device with „man down‟ functionality for
                                            Users who also have working environment risks (e.g. slips,
                                            falls, chemicals, travel in rural locations)

                       Identicom i777       Discreet GSM based Device with „man down‟ and GPS location
                                            for Users with environmental risks and where more accurate
                                            location is required

                       User/Trust           Any mobile phone capable of having speed dials set up on keys
                       supplied Mobile      5 & 8. Mobile phones with touch-screens, auto key-locks or flip
                       Phone                phone mechanisms are excluded




1.3           In addition to the above, the Supplier will make available other authorised Devices, additional
              to the Identicom range, subsequent to the initial roll out. These Devices will meet in all
              respects the full functionality required by the Authority and will provide Customers with
              flexibility and choice in their buying options in order to meet the diverse requirements of
              Users.

1.4           The Supplier will also support User provided mobile phone handsets where the mobile
              technology is of a standard supportable by the ARC, the recording requirement, and meets
              the mandatory requirements listed in Appendix 2 for acceptable mobile phone specification. If
              the SIM card is provided by the User, the User shall bear the network costs associated with
              that SIM card. The Supplier shall not warrant either a mobile or a SIM card not provided by
              the Supplier.

1.5           The Supplier shall also support existing Devices in use by Customers where those Devices
              are deemed fit for purpose by the Supplier and therefore suitable for inclusion in this
              Framework Agreement. The Supplier shall not provide any additional warranty over and
              above that which might already exist on transfer of the existing Device, but shall accept all
              warranties that exist on transfer. The mandatory requirements for a Device to be listed on an
              Order are that the Device will need to be less than 36 months old, with the option to retain the
              existing customer SIM card, or the existing customer SIM card being exchanged for a
              Supplier SIM card.

1.6           Authorised Device specifications

              The authorised Device minimum specifications are detailed in Appendix 2.

1.7           Ongoing Device review



10-404788-3                                             73
              The Supplier shall undertake a product review in line with clauses 4.5 and 4.6 (Available
              Services) of this Framework Agreement.

1.8           Faulty Devices shall be dealt with in accordance with Part 3.1 (Service Management)
              paragraph 1.24.

1.9           Requests for change shall be managed by the Supplier via the Service Desk as detailed in
              Part 3.1 (Service Management) paragraph 1.25.

1.10          Device Pooling and Device Sharing

              (a)    The Customer may ask the Supplier to make Devices available, for both pooling and
                     sharing. In these circumstances, no more than 3 Users shall be allocated to a
                     Device, and the Escalation Contact shall remain the same for all Users.

              (b)    Sharing is when more than one User shares the same Device on a regular or
                     programmed basis (for instance, in a job share).

              (c)    Pooling is when there exist a number of Devices held in common use by a group of
                     (nor more than ten) Users.

              (d)    The quality of the Service shall remain the same for individual Users as for sharing
                     and pooled Users.

              (e)    The ARC shall handle pool and shared Devices as per an individually issued Device.
                     However to close an Alarm safely it is important that all pooled and shared Device
                     Users leave their name on every Amber Alert in order that the correct User is
                     contacted by the ARC Supplier Personnel to close an Alarm down.

              (f)    The Supplier shall train all pooled Device Users. During User training, the Supplier
                     shall train Users in the correct use of a pooled Device. The User shall leave their full
                     name as part of any Amber Alert message to enable the ARC Supplier Personnel to
                     identify the User in the event of a Red Alert. Failure to leave name details will not
                     result in a drop in ARC response times but it may inhibit a fully effective response
                     from Emergency Services.

1.11          Device Pooling Reallocation Process

              (a)    Where pooled Devices need to be reallocated, for example, to another department,
                     the Authorised Customer Representative shall raise a RFC via the Service Desk. This
                     process is detailed in Part 3.1 paragraph 1 (Service Desk). The request shall be
                     given a reference number generated by the CRM system to enable the progress of
                     the request to be tracked via the Service Desk.

              (b)    The Service Desk shall obtain a completed and signed User Information Form from
                     the new Users and immediately update the CRM system, the Alarm Handling
                     Software, and the location tracking software with the new User details. The Service
                     Desk Supplier Personnel shall arrange training for the new Users. The new User
                     CRM records shall be suspended until training has taken place.

              (c)    Where the Users have previously completed training, the Device shall be activated on
                     receipt.

              (d)    Details of the old Users shall be deleted or marked as old as requested.



10-404788-3                                            74
              (e)    The RFC shall be closed by the Supplier on confirmation of (i) Completion of training
                     course; and (ii) Receipt of Device.

2             Supplier Management and control of the process of linking Device, SIM and User
              Information

2.1           The linking of Device, SIM and User Information shall be managed as a two stage process by
              the Supplier:

              (a)    Stage one Device and the SIM:

                     (i)     The unique serial numbers of the Device and the SIM as well as the SIM
                             mobile number shall be recorded by Service Maintenance directly to the
                             Alarm Handling Software by way of a web based portal.

                     (ii)    The Device at this point shall be given a unique identifying number by the
                             Alarm Handling Software which shall serve to track the relationship between
                             Device and SIM thereafter. The Device shall be labelled clearly with the
                             Device type, serial number, SIM phone number and the unique identifying
                             number. SIMs shall be made live and Devices shall then be tested directly
                             with the Alarm Handling Software, charged, turned off and posted to the
                             Trainer/User.

              (b)    Stage two, allocation Device and SIM to the User:

                     (i)     This function shall be carried out at the point of training or at a point previous
                             where the User‟s information is gathered in full on the User information form.

                     (ii)    The unique identifying number shall be allocated to the User and all User
                             data fields completed on the Alarm Handling Software. This function shall be
                             carried out by the Service Desk. The Service Desk shall also check all data
                             entered, and ready the system for the agreed go-live date.

2.2           Technology Refresh

              (a)    Where a Device is returned to the Supplier (e.g. faulty, damaged, termination of
                     service, or a recovered lost or stolen Device), the Supplier shall perform a Device
                     Refresh where applicable.

              (b)    The Device Refresh shall include full Device repair and refurbishment, battery
                     replacement, and software upgrade (if applicable). The Device shall be tested and
                     repackaged in new plastics. Any device judged to be beyond economical repair shall
                     be scrapped.

              (c)    The Supplier shall undertake root cause analysis on returned Devices and report the
                     results to the Authority.

              (d)    The Supplier shall not be responsible for Technology Refresh of existing Devices in
                     use by Customers.

2.3           Mandatory and Optional Accessories

              (a)    Each Device shall come with a mandatory accessory list, included within the price of
                     providing the Services to each User (including pooled Device Users), and is detailed
                     in the Maximum Charges.


10-404788-3                                            75
              (b)     The mandatory accessories shall be provided to each User at the time that the
                      Device is issued, and will be provided, including if lost or damaged, by the Supplier
                      for the duration of the Contract.

              (c)     Mandatory Accessories:

                                       Part number   Description

                                         EXT1001     Identicom power supply

                                         EXT1002     UK plug adapter for power supply

                                         EXT1007     Identicom lanyard (blue)

                                         EXT1008     Identicom plastic lapel clip

                                         PLA1005     Identicom lanyard plug (x3)

                                          QRG001     Quick Reference Guide

                                         PLA1004     Identicom SIM door



              (d)     Optional Device Accessories. which shall be available at additional cost to the
                      Customer:


                                       Part number   Description

                                         EXT1001     Identicom additional power supply

                                         EXT1013     Identicom Manual (E/F/G)

                                         EXT1017     Identicom in-car charger

                                         EXT1012     Identicom silicon rubber case



2.4           Device Manufacture

              The Devices shall be manufactured in the United Kingdom. In the event that the Supplier
              wishes to change the location of manufacture the Supplier shall make such request via the
              Agreement Change Procedure. Any reduction in manufacturing costs, achieved as a result of
              industrialisation and/or new location, will be reflected into the Maximum Charges in the form
              of reduced pricing.

2.5           Short-term Rental Pool

              (a)     The Supplier shall provide a facility for Customers‟ to procure a Contract for the
                      Service for periods of time not less than six months and not more than twelve for the
                      purposes of short term operational requirements, where a longer contract term is not
                      appropriate.

              (b)     The Supplier will provide the Customer with a Device or Devices taken from a central
                      pool established for this purpose, and will allocate these to Users following the
                      process outlined in Part 3.1, paragraph 1 (Service Desk).

              (c)     Sharing of such Devices between Users is permitted.




10-404788-3                                             76
                                               Part 3.5 - Networks

1             Network Operators

1.1           The Supplier shall utilise its and the NHS‟ existing relationships with Vodafone (the “Network
              Operator”) to provide the GSM network component of the Services. The Supplier shall also
              maintain relationships with O2 and Orange to ensure that competativeness in the supply of
              network services is maintained.

1.2           The Supplier is responsible for procuring the related Services and the Network Operators
              compliance with the Service Levels. The Supplier shall manage the Network Operator to
              ensure that related Services meet the Service Levels detailed in this Framework Agreement.

1.3           The Supplier shall ensure that the Network Operator has the ability to provide Services to all
              Users in order to ensure best network coverage is provided.

1.4           To achieve best value, the Supplier shall award the contract to provide network services to
              one Network Operator, but have the ability to switch to another Network Operator to improve
              Service Levels and/or improve pricing if at any time during the contract period this may be
              required. In the event that the Supplier wishes to change the Network Operator it shall notify
              the Authority who shall not unreasonably refuse a request in the event that the Supplier can
              demonstrate that Service Levels and/or User experience will not deteriorate.

1.5           Where possible the Supplier shall ensure that all SIM cards used shall be limited in the
              numbers they can dial or text to ensure risk of SIM misuse is minimised.

2             Network Services Provided

              The Network Operator delivers an estimated minimum „outdoor‟ coverage of 99% of UK
              population for its 2G (voice and text messaging) services. The Services shall utilise 2G
              services and shall not be reliant in any way on more recent 2.5G (GPRS) or 3G services
              which have lower quoted coverage levels.

3             Coverage Mapping & SIM Swapping

3.1           As part of any initial implementation carried out, the Supplier shall make an active
              assessment of the mobile coverage in the areas where Users shall be operating. As well as
              relying on coverage maps from the Network Operator the Supplier shall also seek known
              opinions regarding coverage from Users and managers (local knowledge) and in some cases,
              where appropriate, the Supplier shall actively go out and test coverage in certain areas of
              concern. Such testing shall deliver back to the Service Desk an actual measured value from
              test Devices, showing the coverage level achieved. A record of these tests and their results
              shall be maintained by the Supplier. From this test data, the Supplier‟s implementation team
              can make an informed judgement about which network is best to use. In areas where there
              are existing black spots and/or poor network availability the Supplier shall utilise the network
              that offers best coverage.

3.2           Following implementation and rollout the Supplier Service Desk Personnel shall proactively
              monitor the coverage of Devices deployed by looking at Status Check signals returned from
              Devices. If any are identified as providing inadequate coverage for that User then the Service
              Desk shall contact the User and instigate a proactive discussion and if the User could achieve
              better coverage on another network the Service Desk shall arrange a „SIM swap‟ onto that
              network.




10-404788-3                                             77
3.3           The „SIM swap‟ procedure will be carried out from the Service Desk and with the full
              knowledge of the User involved. A live SIM from an alternative network shall be dispatched
              directly to the User. The replacement SIM shall be accompanied by clear instruction for the
              User to contact the Service Desk on receipt to undertake a ten minute SIM swap procedure.
              The Service Desk Supplier Personnel shall walk the User through the SIM swap and then ask
              the User to place the unit on charge. Once confirmed as being on charge the Service Desk
              Supplier Personnel shall then initiate configuration of the SIM over the air.

3.4           The Service Desk will then confirm to the User when this process has been completed. The
              User shall then be instructed to return the original SIM in a prepaid envelope that has been
              provided.

3.5           The SIM swap process shall not be available to Users where their own mobile phone is being
              utilised as the lone worker device.

4             Network Availability

4.1           The Network Operator shall report monthly and the Supplier shall undertake a formal
              quarterly review process against the following primary service levels relating to availability
              and quality of service:

              (a)     Call completion success rate;

              (b)     Dropped call rate;

              (c)     Call set up success rate;

              (d)     Cell availability;

              (e)     SMS „end to end‟ transaction success rate within 90 seconds; and

              (f)     Average SMS transaction time.

4.2           If, during a Red Alert activation, the call is dropped by the network, the ARC Supplier
              Personnel shall dial back into the Device and pick the call back up discreetly. The ARC
              Supplier Personnel shall be able to do this as one of the authorised numbers configured into
              the Device.

4.3           The Network Operator shall be required to provide a monthly summary of its performance
              against each of these Service Levels within 10 Working Days of the end of the calendar
              month. The Network Operator shall also commit to meeting with the Supplier on a quarterly
              basis to review performance. A summary of all Network Operator Service Levels shall be
              included in the regular reporting to the Authority.

4.4           Any failure of any individual Service Level shall be highlighted by the Network Operator in
              their monthly report and shall require the Network Operator to detail remedial action taken to
              ensure correction of the issue(s) that has caused the drop in Service Level. All
              communication of these incidents shall be between the Supplier‟s Contract Manager and the
              nominated Service Manager at the Network Operator.

4.5           If the same Service Level is missed two months in a row or two months in every four, then
              escalation of the issue shall be expected from the Network Operator. A formal request for
              rectification shall be made by the Supplier to an escalated senior management point of
              contact at the Network Operator. A formal response shall be provided by the Network
              Operator within 10 Working Days. Failure to provide a suitable corrective action shall result in


10-404788-3                                             78
              new connections to the Network Operator being temporarily suspended pending further
              investigation and rectification. Devices returned for Technology Refresh shall also be
              swapped to an alternative Network Operator.

4.6           Continued failure to meet agreed Service Levels with the Network Operator shall result in
              discussion taking place between the Supplier, Network Operator and the Authority (where
              appropriate). If the Service Level failure is deemed critical by the Supplier, and accepted by
              the Authority and the Network Operator is unable or unwilling to provide resolution within an
              acceptable timeframe, then the Network Operator shall be given notice of the Supplier‟s intent
              to move existing and all new connections to an alternative Network Operator.

4.7           If a mass SIM swap is required then the Supplier shall manage this in a structured and
              deliberate way so as to minimise disruption to Services. This shall in the first instance entail
              an analysis of the existing Network Operator Service Levels and applying these at the level of
              the Customer. If the existing Network Operator Service Levels are consistently being met at
              Customer level then these SIMs shall not be subject to a SIM swap. Instead, focus shall be
              applied to those Customer areas where the Service Levels is not being met. Once identified,
              the Supplier shall provide a pool of replacement Devices configured with an alternative
              Network Operator SIM. These shall be used to replace Devices identified as needing to be
              swapped. The Supplier shall terminate SIMs associated with returned Devices. The Supplier
              shall carryout a Technology Refresh on the returned Devices, which shall then be used to
              swap out the next batch of Devices identified as needing to be swapped. This process shall
              be managed several times over during the course of an agreed period until all Devices
              affected by the existing Network Operator are swapped.

5             Communication of Outage

5.1           The Service Desk shall notify Users and Authorised Customer Representative of an
              unplanned network outage.

5.2           The CRM system used by the Supplier shall enable a report to be run that shall identify all
              Users by location (based on Trust address). This report shall be run from notification of an
              unplanned outage from the Network Operator. This shall identify all Users and Authorised
              Customer Representatives in the affected area.

5.3           An automated email and text message shall be sent from the CRM system within the
              following 8 minutes to notify Users of the outage, and that for an estimated period of time they
              should not rely on their Device to perform.

5.4           Any communication to Users and Authorised Customer Representatives shall provide a clear
              indication of the estimated time of the outage. The communication shall also include the
              Service Desk phone number for any User or Authorised Customer Representative to call
              should they have questions.

6             Dealing with Planned and Unplanned Outages

6.1           Local planned and unplanned outages.

              The Network Operator shall manage a rolling program of planned local cell outages. These
              are required to maintain software, firmware and to carry out any required hardware
              maintenance. All planned outages shall be carried out during 10pm to 4am as this is the least
              busy period for the Network Operator. All planned outages shall be managed cell by cell and
              never involve neighbouring cells. This shall ensure that coverage is least effected as
              neighbouring cells provide coverage to that cell effected.


10-404788-3                                             79
6.2           The Network Operator shall provide the Supplier with between two and five Days notice of a
              planned outage. Whilst the Supplier shall maintain a note of these planned outages to assist
              with any incoming technical support questions, planned outages shall not be communicated
              given their unlikely effect on the Services.

6.3           Unplanned outages shall be graded according to their severity level, all Network Operators
              adopt the same logic summarised as follows:

              (a)     P0 – Catastrophic outage of the Network Operator‟s regional service centre causing
                      significant disruption to a wide range of clients across a whole region.

              (b)     P1 – Thousands of Users effected or multiple cell sites affected

              (c)     P2 – Multiple sites effected but up to an estimated 1000 Users affected

              (d)     P3 – Single cell site outage but coverage not likely to be affected

6.4           The Supplier shall be notified by e-mail of any P0, P1 and P2 level outages, normally within 2
              hours of the occurrence. Any such occurrence shall be communicated by the Supplier as
              described in e) above. The Supplier shall also communicate any extension to the unplanned
              outage if it is not rectified within the original quoted timescale. P3 outages shall only be
              communicated to the Supplier once they become a planned maintenance outage (if required).
              It should be noted that the Network Operator‟s board level operations staff are automatically
              notified of any P0 and P1 unplanned outages to ensure all actions are taken to rectify the
              issue.

6.5           Regional planned and unplanned outages

              No regional planned outages are undertaken by the Network Operator. Unplanned outages
              shall be handled as described at paragraph 6.3 above.

6.6           National planned and unplanned outages

              No national planned outages are undertaken by the Network Operator. Unplanned outages
              shall be handled as described at paragraph 6.3 above.

                                        Part 3.6 - Account Management

1             Initial Account Management

1.1           Framework Agreement

              (a)     Partnership Board

                      (i)     The Supplier shall appoint senior executives to the Partnership Board and
                              they shall carry out their role as indicated in schedule 12 (Governance)
                              paragraph 3.2 and 3.3. The Supplier shall ensure that the Partnership Board
                              meet in accordance with the Governance Meeting plan at schedule 12
                              (Governance) paragraph 5.3.

              (b)     Account Management

                      (i)     The Supplier shall provide a dedicated Contract Management team with
                              sufficient capacity to manage the contract to the full satisfaction of the
                              Authority. These roles and responsibilities are detailed in schedule 12


10-404788-3                                             80
                               (Governance) paragraph 4.1. The Supplier Contract Management team shall
                               include the following roles:

                               (A)      Supplier Framework Manager / Contract Director

                               (B)      Service Maintenance Manager

                               (C)      User Training Manager

                               (D)      Service Desk Supervisor

                               (E)      National Account Manager

                               (F)      ARC Manager

              (c)     The Supplier shall manage the Service as a coherent, single entity, joining together
                      the elements of Service Desk, Device, Network, Training, Service Maintenance and
                      ARC.

1.2           Call off Contract level

              (a)     The Supplier shall provide an Account Management structure that shall be
                      responsible for delivering front-line relationship management to Customers and
                      Authorised Customer Representatives. Each Customer shall be allocated a named
                      Supplier Account Manager, who shall be responsible for liaising with the Authorised
                      Customer Representative. The Supplier Account Manager shall ensure the rapid
                      resolution of any issues raised by the Customer or Authorised Customer
                      Representative and provide accurate and timely Management Information and
                      manage the implementation/mobilisation of all Devices for that Customer.

              (b)     The Supplier Account Manager shall be responsible for acting as the single point of
                      contact for all Customer issues and coordinating all internal Supplier teams (Training,
                      Service Desk, ARC, and Service Maintenance).

              (c)     The Supplier Account Manager shall be available for regular meetings with each
                      Customer. These meetings shall be agreed between the Supplier and the Customer
                      according to the Customer‟s needs, but shall be at least monthly initially, in
                      accordance with the schedule 12 (Governance) paragraph 5.3.

              (d)     The Supplier shall provide each Supplier Account Manager with a mobile telephone
                      and e-mail address to enable Customers to contact them directly.

              (e)     The Supplier shall ensure that each Supplier Account Manager is appropriately
                      trained. This shall include internal training and NHS induction training, followed by
                      annual ongoing training.

              (f)     Supplier Account Managers shall report to the Supplier National Account Manager.

1.3           Supplier Account Managers shall be responsible for:

              (a)     New Orders

                      (i)      The Supplier Account Manager shall liaise with the Customer and obtain an
                               Order in accordance with the Ordering Procedures. The Account Manager




10-404788-3                                             81
                            shall also set up a joint project team to manage the implementation. The
                            project team shall include the following personnel:

                            (A)     Supplier account manager;

                            (B)     Authorised Customer Representative;

                            (C)     Customer Associate Director;

                            (D)     Union Representatives (at Customer‟s discretion);

                            (E)     Department Managers (at Customer‟s discretion); and

                            (F)     Customer Administration Representative.

                    (ii)    The project team shall be responsible for agreeing/obtaining the following:

                            (A)     Number of Devices versus Users (pooled Devices);

                            (B)     Local knowledge on preferred network if available;

                            (C)     Name & contact details for the Authorised Customer Representative;

                            (D)     Users by department;

                            (E)     Escalation point of contact by department, by User;

                            (F)     Lone Worker Policy & Procedure;

                            (G)     Police contact – Crime Reduction Officer (CRO); and

                            (H)     Go-live time frame following training.

              (b)   Pre-mobilisation which shall include the following:

                            (A)     Oversee all the implementation tasks;

                            (B)     Review the lone worker policies and procedures for each Customer;

                            (C)     Identify Quarterly Business Reporting dates and attendees for each
                                    Customer;

                            (D)     Identify and meet the appropriate contact in the Customer‟s Accounts
                                    department; and

                            (E)     Communicate project progress          to   Customer   and   Authorised
                                    Customer Representative.

              (c)   Implementation/Mobilisation

                    (i)     The Supplier Account Manager shall manage and deliver the implementation
                            for each Customer:

                            (A)     Agreeing deliverables with the Customer;




10-404788-3                                           82
                               (B)      Establishing project timetable with Customer and Authorised
                                        Customer Representative;

                               (C)      Briefing the Supplier Training manager on requirements;

                               (D)      Briefing the Supplier Service Desk on requirements;

                               (E)      Overseeing deployment of Devices;

                               (F)      Overseeing training of Users; and

                               (G)      Distributing publicity information to the Authorised Customer
                                        Representative throughout the term of the Framework and each
                                        contract.

2             Ongoing Account Management

2.1           Framework Agreement

              Will be as described in paragraph 1.1 of part 3.6, above.

2.2           Call off contract level

              Post-Implementation the Supplier Account Manager shall:

              (a)     Carry out Monthly Supplier/Customer meetings with each Authorised Customer
                      Representative that they are responsible for and discuss progress in respect of the
                      contract(s) and performance, management and information provided via the
                      Management Information monthly reporting process;

              (b)     Review Management Information requirements;

              (c)     Identify additional training needs;

              (d)     Manage deployment for Devices for new starters/leavers;

              (e)     Conduct incident reviews;

              (f)     Confirm invoice details monthly;

              (g)     Oversee resolution of any issues raised through the Service Desk;

              (h)     Support any specific marketing tasks identified; and

              (i)     Meet with Customer Service Representative to allow access to, and review of, regular
                      recordings when incidents occur and may require provision of evidence.

                         Part 3.7 - Supplier Innovation and Continuous Improvement

1             Innovation

1.1           The Supplier shall be innovative in their internal, Authority and Customer facing processes by
              harnessing new technology, new processes, good ideas and the latest market best practice.

1.2           The Supplier shall focus on sound communication in delivery of Services with the Authority
              and Customers and shall actively encourage Customer feedback from all meetings and


10-404788-3                                                 83
              correspondence to enable improvement of Service provision in any way feasible. The
              Supplier shall use this feedback to improve on existing delivery processes or adopt new ones,
              incorporate new ideas into practices and look to incorporating new, or develop existing
              technologies (for example adding additional components to our database), to deliver
              improvements in the quality and delivery of Services. This shall assist in achieving better
              long-term value for money for the duration of the Contract.

2             Continuous Improvements

2.1           The Supplier shall demonstrate an ingrained ethos of continuous improvement, both in
              internal management and Customer facing activities. By maintaining open communication
              with the Authority and Customers, including actively using management information, the
              Supplier shall be able to measure experiences and outcomes of all Service activities. The
              Supplier shall work alongside the Authority and Customers to maintain a process of
              continuous improvement of the Services, by using the User survey and satisfaction process
              as outlined in part 3.1. This shall enable the Supplier to objectively assess and modify the
              Services processes as well as to monitor the quality of the provision to maintain best practice
              and achieve continuous improvements for the benefit of the Authority, the Customers and the
              Users.

2.2           Additionally, the Supplier‟s internal "Management Development Programme" and "Academy"
              serves to ensure that best practice is adopted by those engaged in management activities,
              both in Service delivery and internal process frameworks. This forms a key component of the
              Suppliers ethos of delivering added value and continuous improvement not only as an
              employer but also as a Service provider to the Authority, Customers and Users.

2.3           Best Value Improvements – To ensure that the Authority and Customers receives the
              fundamental underpinnings of best value (economy, efficiency and effectiveness) in Services,
              Supplier innovation and improvement will be an agenda item at all Authority review meetings
              with the Supplier presenting Management Information, as per schedule 7 (Management
              Information) to the Authority and Customers on the agreed basis as per schedule 12
              (Governance). The Supplier shall use the information to review with the Authority and the
              Customers the methodology and outcomes of the Services, and to assess the efficiency of
              supply in order to agree what best value improvements shall be implemented in the Services
              provision. The Supplier shall also assess whether additional forms of Management
              Information should be provided to the Authority or Customers which would enable further
              analysis and consequent improvements to the value of the Services.

2.4           Innovation and improvements would be implemented to either improve service quality and/or
              enable the Supplier to generate efficiencies that enable a reduction in operating/subcontractor
              costs that can be passed back to the Authority and Customers in reducing the Maximum
              Charges.

                                        Part 3.8 - Invoicing Mechanism

1             Invoicing

1.1           The Supplier shall be entitled to raise an invoice in respect of any payment which falls
              payable to the Supplier pursuant to each Contract/Order.

1.2           Invoicing and charges relating to the Services for a Device subscription, will only commence
              after the respective User is in receipt of an active Device and has received and passed their
              training.




10-404788-3                                             84
1.3           The Supplier shall submit invoices directly to the invoice address as specified in each
              Contract/Order.

1.4           Invoices shall specify:

              (a)     the invoice number;

              (b)     the date of the invoice;

              (c)     the unique (Order) reference;

              (d)     the Service Period or other period(s) to which the relevant Charge(s) relate;

              (e)     any service credits due (these will be those applicable if incurred at Framework
                      Agreement level);

              (f)     a contact name and telephone number of a responsible person in the relevant party‟s
                      finance department in the event of administrative queries; and

              (g)     total value excluding Value Added Tax (VAT);

              (h)     the VAT percentage;

              (i)     the total value including VAT;

              (j)     the tax point date relating to the rate of VAT shown; and

              (k)     the banking details for payment to the relevant party via electronic transfer of funds
                      (i.e. name and address of bank, sort code, account name and number).

1.5           The Customer (or Authority for Model 1 – Jointly Funded Devices as detailed in schedule 6
              (Ordering Procedure) shall pay all valid invoices submitted in accordance with the provisions
              of the Contract/Order.

1.6           Each invoice shall at all times be accompanied by sufficient information to enable the
              Customer or Authority to reasonably assess whether the Charges detailed thereon are
              properly payable. Any such assessment by the Customer shall not be conclusive. The
              Supplier undertakes to provide to the Customer any other documentation reasonably required
              by the Customer from time to time to substantiate an invoice.

1.7           All Supplier invoices shall be expressed in sterling or such other currency as shall be
              permitted by the Authority in writing.

1.8           The Supplier‟s contact details for invoicing queries is:

              Finance Department
              Reliance Secure Task Management Ltd
              18 Concorde Road
              Patchway
              Bristol
              BS34 5TB
              01179336600




10-404788-3                                              85
2             Management Fee

2.1           The Supplier shall pay a management fee of 3% of spend to the Authority. This management
              fee shall be 3% of the total monthly invoice fee arising from all Contracts spend and will be
              invoiced as follows:

              (a)     Within 5 Working Days at the end of each invoice month, the Supplier will submit a
                      statement to the Authority of invoices to the Customers and Authority (where
                      appropriate) in aggregate, against all related Contracts; stating the total amount of the
                      fee payable to the Authority;

              (b)     The Authority will submit to the Supplier an invoice payable within 30 days for the fee
                      detailed in the statement provided;

              (c)     The Supplier will submit fees to the Authority in accordance with the invoice; and

              (d)     The Customer and or the Authority shall have the option of BACS or Direct Debit to
                      make payment of invoices.




10-404788-3                                             86
                                                      Part 3.9

1             Service Levels and Service Credits

1.1           The performance management regime for this Agreement and related Contracts ensures that
              the Supplier maintains the standard of delivery at the contracted level, in addition it provides
              the Authority with the means to get the Supplier to restore service should service delivery
              drop below the agreed level.

1.2           Performance management will be managed using three approaches;

              (a)     Level 1; Performance management utilising Service Levels. Where Required Service
                      Levels (as detailed below) are not met, then Service Credits will be applicable using
                      the process outlined in this schedule. The Supplier will be required to design, deliver
                      and implement a rectification plan outlining the reason for the failure, analysis of the
                      causes of the failure, actions required to restore the Service Level, timeline for the
                      implementation of the plan, including the expected date by which the Service Level
                      will be restored, resources needed to complete the plan, any dependencies outside
                      the control of the Supplier having a direct impact on delivery of the plan, key risks and
                      issues. It will be the responsibility of the Supplier to demonstrate that the scope of the
                      plan is sufficient to deliver the expected output (the “Rectification Plan”).

              (b)     Level 2; Performance management, utilising Service Levels. The Supplier will be
                      required to design, deliver and implement a Rectification Plan as detailed above.

              (c)     Level 3; in respect of Management Information supplied, the Authority may require
                      the Supplier to produce and deliver an explanatory report detailing the causes and
                      circumstances that have resulted in a deterioration or significant change in the
                      delivery of a particular aspect of the Services. The Supplier shall provide the report
                      for the Authority‟s consideration. Where the Authority, acting reasonably, believes
                      that a Rectification Plan is required the Supplier shall provide a Rectification Plan to
                      resolve the performance management issue. Level 3 performance Management
                      Information will be provided as detailed in schedule 7 (Management Information).

1.3           The table below sets out the Service Levels and Service Credits applicable to the Services
              covered by this Agreement, with the Services mainly being provided to Customers under
              Contract(s).

1.4           The Supplier‟s performance against Service Levels will be calculated and reported through
              the Management Information process detailed in schedule 7 (Management Information).
              Supplier Service Level performance will be monitored and assessed under the Agreement,
              although performance is being measured against the Services being provided across all
              Contracts nationally.

1.5           Service Levels will be reported, managed and calculated at the Agreement level on a monthly
              basis unless stated otherwise in the table (the “Measurement Period”). Where Level 1
              Service Levels fall below the Required Service Level, the Supplier shall provide Service
              Credits to all Customers with Contracts within that given Measurement Period, and calculated
              as a cash amount on a pro rated basis dependant on the number of Users that received
              Services in that Measurement Period. Service Credits are generated through the mechanism
              set out in below.

1.6           Other than in paragraph 1.7, where Service Credits are due these shall be payable to
              Customers by means of a credit on the Customer's next monthly invoice.


10-404788-3                                              87
1.7           In relation to centrally funded Services, where the Authority is responsible for payment of
              Services the Service Credits shall be payable by means of a credit on the Authority's next
              monthly invoice.

1.8           The Total At Risk amount = 2% of the total Charges invoiced in the given calendar month of
              measurement. There are a total of 800 points available for distribution across all Service
              Levels (the "Allocated Points”). Each Service Level has a number of Allocated Points
              attributed to it, as demonstrated in the Allocate Points column. Allocated Points will accrue in
              relation to the Supplier's actual performance, where that actual performance is below the
              Required Service Level as specified in paragraph 1.9(b). The Allocated Points accrue as
              described below. An accrual multiplier operates once a Required Service Level has been
              breached, by reference to the Supplier's actual performance.

1.9           The Service Level mechanism will apply to all Level 1 Service Levels detailed in the table
              below and will be applied as follows:

              (d)     Each Level 1 Service Level has a number of Allocated Points attributed to it, as
                      demonstrated in the Allocated Points column.

              (e)     The first Service Credit applies when the actual Service Level percentage falls below
                      the Required Service Level by the accrual multiplier percentage e.g. if Required
                      Service Level is 100% and accrual multiplier for that Service Level is 1% then if the
                      Suppliers performance for that Service Level is 99.0% or lower then a Service Credit
                      will be payable.

              (f)     If the Required Service Level is 100%, the accrual multiplier is 1% and the Suppliers
                      actual Service Level is 98%, then the service is 2.0% below the Required Service
                      Level. If the accrual multiplier is 1% then the Allocated Points will be doubled for that
                      Service Level.

              (g)     The Supplier shall report Service Level performance to two decimal places and
                      mathematical rounding shall apply, that is, the Supplier rounds the third decimal place
                      so that any figure up to 0.5 is rounded down and any figure from 0.5 and above is
                      rounded up.

              (h)     For the avoidance of doubt, the maximum number of points that can be converted to
                      Service Credits in any one month is 800, even if the number of points exceeds 800.
                      The maximum at risk amount is 2% as detailed in paragraph 1.8 above.

1.10          At the end of each Month the accrued number of Allocated Points will be converted into
              Service Credits. Each Allocated Point is worth the Total At Risk amount divided by 800.

1.11          Twice per Year the Authority has the right to request of the Supplier that up to two Service
              Levels be changed, with not less than two (2) months written notice. The Service Levels shall
              be amended according to the procedures outlined in schedule 8 (Agreement Change
              Procedure).

1.12          Twice per Year the Authority may request of the Supplier to adjust the Allocated Points across
              the Service Levels. The Service Levels, shall be amended according to the procedures
              outlined in schedule 8 (Agreement Change Procedure).

1.13          For all Service Levels that are designated a Default Service Level the Authority shall have the
              right to terminate the Agreement for Supplier breach pursuant to clause 16.5(f) when the
              Supplier fails to meet any Default Service Level on three occasions within any consecutive 12



10-404788-3                                             88
              month period. For the avoidance of doubt, each occasion that the Supplier fails to meet a
              Default Service Level shall be classified as one instance. Any combination of three Default
              Service Levels will result in the ability of the Authority to terminate the Agreement for Supplier
              breach.

1.14          With respect to the Default Service Level, any references to percentage amounts below the
              Required Service Level refer to absolute percentages (e.g. 2% below 98% is 96%).




10-404788-3                                              89
                                                                Part 3.10 – Service Levels and Service Credits

Number                                                                                                                Required                                   Default
                Service Level                          Measurement Period/Commentary                                                   Accrual       Allocated
                                                                                                                    Service Level                                Service
                    Title                                                                                                              Multiplier     Points
                                                                                                                                                                  Level
  1            Availability    –                                                                                    100%               0.5%         Level 1;     Yes – 3%
               Service      Desk   Monthly.                                                                         availability                    Allocated    below
               Availability                                                                                         across       the                Points 60    Required
                                                                                                                    required                                     Service
                                                                                                                    Service Desk                                 Level
                                   Service Desk to be available for the required opening hours being 6am to 8pm     opening hours
                                   Monday to Friday, excluding weekends and Bank Holidays.

                                   Available in this regard means that Supplier Personnel are available to answer
                                   the telephone or deal with other forms of communication.

                                   Measures the time the Supplier‟s Service Desk is available (as described
                                   above).


                                           Total Hours Available        
                                    Total Hours Contractually Specified   100%
                                                                        
                                                                        




 10-404788-3                                                                                  90
Number                                                                                                             Required                                    Default
                Service Level                           Measurement Period/Commentary                                               Accrual        Allocated
                                                                                                                 Service Level                                 Service
                    Title                                                                                                           Multiplier      Points
                                                                                                                                                                Level
  2            Availability   –     Monthly                                                                      100%               0.25%        Level 1;      Yes – 3%
               ARC Availability                                                                                  availability                    Allocated     below
                                    ARC available 24 x 7 x 365. Available in this regard means that Supplier     within       the                Points 100    Required
                                    Personnel are available to deal with Red Alerts, Amber Alerts or undertake   measurement                                   Service
                                    their other duties e.g. quality checks.                                      period                                        Level
                                    Measures the time the Supplier‟s ARC is available (as described above).




                                            Total Hours Available        
                                    
                                     Total Hours Contractually Specified   100%
                                                                          
                                                                         

  3            Availability     –   Monthly.                                                                     99%                1%           Level 1;      Yes – 3%
               Networks                                                                                          availability                    Allocated     below
                                                                                                                 within       the                Points 90     Required
                                                                                                                 Measurement                                   Service
                                                                                                                 Period                                        Level
                                    Availability of the GSM network measured nationwide across the Services


                                     Total HoursNetwork Available
                                    
                                                                  100%
                                                                  
                                             Total Hours         




 10-404788-3                                                                                 91
Number                                                                                                              Required                                    Default
                Service Level                         Measurement Period/Commentary                                                  Accrual        Allocated
                                                                                                                  Service Level                                 Service
                    Title                                                                                                            Multiplier      Points
                                                                                                                                                                 Level
  4            Availability -     Monthly.                                                                        99%                1%           Level 1;      Yes – 2%
               Information                                                                                        availability                    Allocated     below
               website and e-     Information website and e-learning to be available 24 hours a day.              within       the                Points 20     Required
               learning           Measures the time the information website and e-learning facility for new       measurement                                   Service
               availability       Users and refresher training for existing Users is available                    period                                        Level



                                          Total Hours Available        
                                  
                                   Total Hours Contractually Specified   100%
                                                                        
                                                                       

 1A            Service Desk 1A    Monthly.                                                                        98% within 30      1%           Level 1;      Yes – 3%
               - Call Answer                                                                                      Seconds                         Allocated     below
               Timeliness     –   Average speed of answer of calls into the Service Desk, to be answered within                                   Points 40     Required
               answer    within   30 seconds. This time frame includes the pre recorded message that informs                                                    Service
               30 seconds         the caller that the call may be recorded for training purposes.                                                               Level

                                  Measures the percentage of telephone calls answered by Supplier Personnel
                                  within the Service Desk within the allowable time period


                                   Total Number Of Calls Answered Within 30 Seconds 
                                  
                                                                                      100%
                                                                                     
                                            Total Number of Calls Answered          

 1B            Service Desk -     Monthly.                                                                        100% within 75     Not          Level 2;      Yes – 3%
               Call    Answer                                                                                     Seconds            applicable   No Service    below
               Timeliness     –   Average speed of answer of calls into the Service Desk, to be answered within                                   Credits.      Required
               answer    within   75 seconds. This time frame includes the pre recorded message that informs                                                    Service
               75 seconds         the caller that the call may be recorded for training purposes.                                                               Level




 10-404788-3                                                                                92
Number                                                                                                          Required                                Default
                Service Level                        Measurement Period/Commentary                                            Accrual       Allocated
                                                                                                              Service Level                             Service
                    Title                                                                                                     Multiplier     Points
                                                                                                                                                         Level



                                Measures the percentage of telephone calls answered by Supplier Personnel
                                within the Service Desk within the allowable time period

                                This measure to include those calls that are included in Service Desk 1A.


                                 Total Number Of Calls Answered Within 75 Seconds 
                                
                                                                                    100%
                                                                                   
                                          Total Number of Calls Answered          

  2            Service Desk -   Monthly.                                                                      No more than    Not          Level 2;     No
               Abandoned                                                                                      2%              Applicable   No Service
               Calls            Measures the number of calls at the Service Desk which are either abandoned                                Credits
                                or dropped.



                                 Total Number Of Calls Abandoned / Dropped 
                                
                                                                            100%
                                                                            
                                           Total Number of Calls           




 10-404788-3                                                                               93
Number                                                                                                            Required                                   Default
                Service Level                       Measurement Period/Commentary                                                 Accrual        Allocated
                                                                                                                Service Level                                Service
                    Title                                                                                                         Multiplier      Points
                                                                                                                                                              Level
  3            Service Desk -   Monthly.                                                                        40% for Month     Not          Level 2; No   No
               Immediate Call                                                                                   1 from the date   Applicable   Service
               Resolution       Measures the ability of Service Desk to achieve call resolution when the User   of signing the                 Credits.
                                first contacts the Service Desk.                                                Framework
                                                                                                                Agreement


                                 Total Number Of Calls Resolved During the                                    45% for Month
                                                                                                              2 from the date
                                            Initial Contact                   100%
                                                                                                              of signing the
                                           Total Number of Calls
                                                                                                              Framework
                                                                                                              Agreement

                                                                                                                50% for Month
                                                                                                                3 from the date
                                                                                                                of signing the
                                                                                                                Framework
                                                                                                                Agreement

                                                                                                                65% for Month
                                                                                                                4 from the date
                                                                                                                of signing the
                                                                                                                Framework
                                                                                                                Agreement
                                                                                                                With a further
                                                                                                                review after 12
                                                                                                                months.




 10-404788-3                                                                              94
Number                                                                                                                    Required                                 Default
                Service Level                           Measurement Period/Commentary                                                   Accrual        Allocated
                                                                                                                        Service Level                              Service
                    Title                                                                                                               Multiplier      Points
                                                                                                                                                                    Level
 4A            Service Desk -     Monthly.                                                                              95% within 1    1%           Level 1;      Yes –
               Service    Desk                                                                                          Working Day                  Allocated     10%
               Communication      Measures the time taken to resolve a communication raised with the Service                                         Points        below
               Resolutions        Desk. This measure to include those calls not resolved during initial contact as                                   40            Required
               within        1    detailed in Service Desk 3 above, but to exclude those cases resolved within                                                     Service
               Working Day        the Required Service Level specified in Service Desk 3 above.                                                                    Level


                                   Total Number Of Email, Fax, Letter and Calls Resolved Within 1 Working   
                                                                                                            
                                        Day () Total Number of Calls Re solved During First Contact        
                                      Total Number of Email, Fax, Letter and Calls () Total Number of        100%
                                                                                                            
                                                                                                            
                                         Emails, Fax, Letter and Calls Resolved During First Contact        



 4B            Service Desk -     Monthly.                                                                              100% within 2   1%           Level 1;      No
               Service    Desk                                                                                          Working Days                 Allocated
               Remaining          In the event that the Supplier cannot resolve a communication raised with the                                      Points 30
               Communication      Service Desk within 1 Working Day (the timescales detailed in Service Desk
               Resolutions        4A), this metric will measure the time taken to resolve outstanding cases
               within       1-2   within 2 Working Days.
               working days




 10-404788-3                                                                                     95
Number                                                                                                              Required                                Default
                Service Level                         Measurement Period/Commentary                                               Accrual       Allocated
                                                                                                                  Service Level                             Service
                    Title                                                                                                         Multiplier     Points
                                                                                                                                                             Level
                                   Total Number Of Email, Fax, Letter and Calls Resolved Within 2     
                                                                                                      
                                   Working Days () Total Number of Emails, Calls, Fax and            
                                              Letter Resolved Within 1 Working Day                    
                                                                                                        100%
                                   Total Number of Email, Fax, Letter and Calls () Total Number of   
                                   Emails, Fax, Leters and Calls Resolved Within 1 Working Day        
                                  
                                                                                                      
                                                                                                       
                                                                                                      



 5A            Service Desk –     Monthly.                                                                        98% within 1    1%           Level 1;     Yes – 5%
               Update                                                                                             Working Day                  Allocated    below
               information/       Measures the time taken for the Service Desk Supplier Personnel to update                                    Points 30    Required
               systems            information and systems following a communication from a Customer, User or                                                Service
               updated within 1   Authorised Customer Representative.                                                                                       Level
               Working Day
                                      Total Number Of Communications that Require Inf ormation /    
                                                                                                    
                                             Systems to be Updated Within 1 Working Day             
                                   Total Number of Communications that Require Informatio / Systems   100%
                                                                                          n
                                                                                                    
                                                                                                    
                                                               to be Updated                        




 10-404788-3                                                                                 96
Number                                                                                                              Required                                 Default
                Service Level                         Measurement Period/Commentary                                               Accrual        Allocated
                                                                                                                  Service Level                              Service
                    Title                                                                                                         Multiplier      Points
                                                                                                                                                              Level
 5B            Service Desk –     Monthly                                                                         100% within 2   0.5%         Level 1;      No
               Update                                                                                             Working Days                 Allocated
               information/       In the event that the Supplier cannot update information/systems in 1 Working                                Points 30
               systems            day as detailed in Service Desk 5A, this measure will apply to measure the
               updated within 2   time taken to resolve outstanding cases.
               Working Days
                                  This measure excludes those cases resolved within 1 Working Day as detailed
                                  in Service Desk 5A above.


                                       Total Number Of Communications that Require Inf ormation /     
                                                                                                      
                                      Systems to be Updated Within 2 Working Days () Total No. of    
                                           CommunicationsUpdated Within 1 Working Day                 
                                                                                                        100%
                                   Total Number of Communications that Require Informatio / Systems
                                                                                           n           
                                                                                                      
                                          to be Updated () Total No. of Communications Updated       
                                                                                                      
                                                         Within 1 Working Day                         




 10-404788-3                                                                                97
Number                                                                                                                    Required                                   Default
                Service Level                           Measurement Period/Commentary                                                     Accrual        Allocated
                                                                                                                        Service Level                                Service
                    Title                                                                                                                 Multiplier      Points
                                                                                                                                                                      Level
  6            Service Desk –                                                                                           98%                            Level 2; No   Yes – 5%
               Order Fulfilment   Monthly.                                                                                                             Service       below
                                                                                                                                                       Credits       Required
                                  Based on the agreed delivery date between the Customer and Supplier, this                                                          Service
                                  measures the order fulfilment timescale as to when the User actually receives                                                      Level
                                  the Device and training.

                                  In 98% of all cases the User shall have received the configured Device and
                                  have been trained by the agreed delivery date.




                                        Number Of Cases where Configured Device and Training Received       
                                                                                                            
                                             by User to Agreed Delivery Date in the Measurement Period      
                                   Number of Cases where Customer and Supplier had agreed that Configured     100%
                                                                                                            
                                   Device and Training was Due to be Delivered in the Measurement Period    
                                                                                                            



 7A            Service Desk –     Monthly.                                                                              95%    of   all   Not          Level 2; No   No
               Complaints                                                                                               complaints        Applicable   Service
               resolved within    Measures the percentage of complaints that are resolved within an agreed              received to be                 Credits




 10-404788-3                                                                                     98
Number                                                                                                          Required                                   Default
                Service Level                        Measurement Period/Commentary                                              Accrual        Allocated
                                                                                                              Service Level                                Service
                    Title                                                                                                       Multiplier      Points
                                                                                                                                                            Level
               5 Working Days    timeframe.                                                                   resolved within
                                                                                                              5      Working
                                 95% of all complaints to be resolved within 5 Working Days.                  Days

                                 Resolved is defined as complaint investigated and communicated back to the
                                 User, Authorised Customer Representative or Customer and they agree that
                                 they are satisfied with the response.


                                  Total Number Of Complaint s Answered Within 5 Working Days 
                                 
                                                                                               100%
                                                                                              
                                                  Total Number of Complaint s                

 7B            Service Desk –    Monthly.                                                                     100% of all       1%           Level 1;      No
               Complaints                                                                                     complaints                     Allocated
               resolved within   Measures the percentage of complaints that are resolved within an agreed     received to be                 Points 40
               10      Working   timeframe                                                                    resolved within
               Days                                                                                           10     Working
                                 100% of all complaints to be resolved within 10 Working Days                 Days

                                 Resolved is defined as complaint investigated and communicated back to the
                                 User, Authorised Customer Representative or Customer they agree that they
                                 are satisfied with the response.

                                 This measure includes those complaints resolved within 5 Working Days
                                 (Service Desk 7A).


                                  Total Number Of Compla int s Re solved Within 10 Working Days 
                                 
                                                                                                 100%
                                                                                                 
                                                  Total Number of Compla int s                  




 10-404788-3                                                                               99
Number                                                                                                              Required                                 Default
                Service Level                          Measurement Period/Commentary                                              Accrual        Allocated
                                                                                                                  Service Level                              Service
                    Title                                                                                                         Multiplier      Points
                                                                                                                                                              Level

                                   In addition, the Supplier shall report on the total number of complaints
                                   received in month as detailed in schedule 7 (Management Information)

  8            Service Desk 8 –    Monthly                                                                        100% within 8   0.5%         Level 1;      No
               Notification of a                                                                                  mins                         Allocated
               Service Incident    Measures    the    time    taken    for  the     Supplier    to     notify                                  Points 30
                                   Customers/Users/Authorised Customer Representatives in respect of Service
                                   Incidents.

                                   Supplier to notify Customers/Users/Authorised Customer Representatives via
                                   SMS of Service Incident within 8 minutes being known followed by updates via
                                   email until Service Incident resolved in all cases.


                                    Number Of Notifications Within 8 min 
                                   
                                                                          100%
                                                                          
                                       Total Number of Notifications     


  1            ARC - Response      Monthly.                                                                       100%            0.5%         Level 1;      Yes – 3%
               to Red Alerts                                                                                                                   Allocated     below
                                   Measures the time taken for an ARC Supplier Personnel to listen into a Red                                  Points 100    Required
                                   Alert                                                                                                                     Service




 10-404788-3                                                                               100
Number                                                                                                          Required                                 Default
                Service Level                        Measurement Period/Commentary                                            Accrual        Allocated
                                                                                                              Service Level                              Service
                    Title                                                                                                     Multiplier      Points
                                                                                                                                                          Level
                                                                                                                                                         Level
                                   Total Number Of Red Alerts Actively listened to By   
                                                                                        
                                         Supplier Personnel Within 10 Seconds            100%
                                               Total Number of Red Alerts               
                                                                                        
                                                                                        

  2            ARC – Genuine      Monthly                                                                     100%            0.5%         Level 1;      Yes – 5%
               Alarm     Alerts                                                                                                            Allocated     below
               Incident Reports   Measures the time taken for Genuine Alarm Alerts to be emailed to the                                    Points 30     Required
               to be Passed to    Authorised Customer Representative within 15 minutes of the Genuine Alarm                                              Service
               Authorised         being completed.                                                                                                       Level
               Customer
               Representative      Total Number Of Genuine Alarms Emailed to 
                                                                                
                                   Authorised Customer Representative Within 15 
                                   Minutes of Genuine Alarm being Completed 
                                                                                 100%
                                      Total Number of Genuine Alarms Within     
                                           the Measurement Period               
                                  
                                                                                
                                                                                 
                                                                                




 10-404788-3                                                                              101
Number                                                                                                         Required                                 Default
                Service Level                      Measurement Period/Commentary                                             Accrual        Allocated
                                                                                                             Service Level                              Service
                    Title                                                                                                    Multiplier      Points
                                                                                                                                                         Level
  3            ARC 3 – Close    Monthly                                                                      97%             1%           Level 1;      Yes – 5%
               down of False                                                                                                              Allocated     below
               Alerts           Measures the telephone contact with Users or Escalation Contact to confirm                                Points        Required
                                close down within 1 hour of the False Alert being completed.                                              20            Service
                                                                                                                                                        Level
                                 Total Number Of False Alarms Cases Closed Down         
                                                                                        
                                    Following Telephone Contact With the User           
                                      or Escalation Contact Within 1 Hour               
                                                                                          100%
                                        Total Number of False Alarms Within             
                                              the Measurement Period                    
                                
                                                                                        
                                                                                         
                                                                                        

 1A            Device Failure   Monthly                                                                      95% within 1    2%           Level 1;      No
                                                                                                             Working Day                  Allocated
                                Measures how quickly requests for replacement Devices are actioned and                                    Points 70
                                Device replaced. Replaced means dispatched for receipt by User within 1
                                Working Day.


                                                                                    
                                                                                    
                                 Number of Devices Replaced Within 1 Working Day    
                                 Total Number of Requests for Replacement Devices    100%
                                                                                    
                                                                                    
                                         Within the Measurement Period              
 1B            Device Failure   Monthly.                                                                     100% within 2   -N/A         Level 2; No   No
                                                                                                             Working Days                 Service
                                Measures how quickly Requests for replacement Devices are actioned and                                    Credits
                                Device replaced. Replaced means dispatched for receipt by User within 2




 10-404788-3                                                                             102
Number                                                                                                                  Required                                  Default
                Service Level                          Measurement Period/Commentary                                                   Accrual        Allocated
                                                                                                                      Service Level                               Service
                    Title                                                                                                              Multiplier      Points
                                                                                                                                                                   Level
                                Working Days.


                                                                                                          
                                                                                                          
                                      Total Number of Devices Replaced Within 2 Working Days             
                                 those Cases that are Re placed Within 1 Day (as Detailed in Figure 1A)   
                                                                                                            100%
                                        Total Number of Requests for Re placement Devices Within          
                                                                                                          
                                        the Measurement Period  those Cases that are Re placed           
                                                                                                          
                                          Within 1 Day (as Detailed in Device Failure 1A)                 
  2            Device Failure   Monthly                                                                               Device Failure   Not          Level 2; No   No
                                                                                                                      requiring        Applicable   Service
                                Measures the number of faulty Devices that require replacement. This                  replacement                   Credits
                                measurement includes battery failures                                                 shall      not
                                                                                                                      exceed 5%
                                                                                            
                                                                                            
                                              Total Number of Faulty Devices                
                                 Total Number of User Devices Covered by Currwent Contracts   100%
                                                                                            
                                                                                            
                                            in the Measurement Period                       




 10-404788-3                                                                                       103
Number                                                                                                                    Required                                 Default
                Service Level                         Measurement Period/Commentary                                                     Accrual        Allocated
                                                                                                                        Service Level                              Service
                    Title                                                                                                               Multiplier      Points
                                                                                                                                                                    Level
  1            Reporting    –   Monthly                                                                                 98%             2%           Level 1;      No
               Authority    &                                                                                                                        Allocated
               Customer         Measures the provision of accurate reporting to agreed timelines                                                     Points 70
               Reporting
               Completeness      Number of Re ports Containing the Agreed Level of Info Pr ovided Within   
                                                                                                           
                                 10 Working Days at the End of Period in which Re port is Re quired          100%
                                            Total Number of Re ports Pr ovided in the Period               
                                
                                                                                                           
                                                                                                            
                                                                                                           

  1            Training –       Monthly                                                                                 98%             Not          Level 2; No   No
               Device                                                                                                                   Applicable   Service
               configured for   Measures that the Device is specifically configured to the User and is available                                     Credits.
               trainee          for the User to operate at their training event (excludes pooled Device Users)


                                 Total Number of Initial Training Interventions Where the Device is     
                                                                                                        
                                            Specifically Configured to the User                           100%
                                          Total Number of Initial Training Interventions                
                                
                                                                                                        
                                                                                                         
                                                                                                        
                                Note; an initial training intervention is the first training session that a User must
                                undertake in order that they can be certified as having the required skills to
                                successfully operate the Device.

                                Note; test Devices are not classified as meeting the criteria in that they are not
                                specifically configured for the User, unless used in training sessions for pooled
                                Device Users.




 10-404788-3                                                                                   104
Number                                                                                                                      Required                                    Default
                Service Level                           Measurement Period/Commentary                                                     Accrual        Allocated
                                                                                                                          Service Level                                 Service
                    Title                                                                                                                 Multiplier      Points
                                                                                                                                                                         Level
  2            Training – Face    Monthly.                                                                                95%             Not          Level 2; No      No
               to face training                                                                                                           Applicable   Service
               ratio                                                                                                                                   Credits.
                                  Measures the percentage of face to face initial training interventions compared                                      If the webex
                                  to other types of initial training/webex.                                                                            ratio
                                                                                                                                                       materially
                                                                                                                                                       higher than
                                   Total Number of Initial Training Interventions Where Training                                                     that costed
                                                                                                                                                     the Authority
                                                 Delivery Method is Face to Face                          100%
                                                                                                                                                     will require
                                            Total Number of Initial Training Interventions
                                  
                                                                                                        
                                                                                                                                                      the Supplier
                                                                                                                                                     to re-baseline
                                                                                                                                                       the Maximum
                                                                                                                                                       Charges to
                                  Note; an initial training intervention is the first training session that a User must                                account for
                                  undertake in order that they can be certified as having the required skills to                                       reduced
                                  successfully operate the Device.                                                                                     Supplier
                                                                                                                                                       personnel
                                  Each User is calculated separately irrespective of the number of Users                                               numbers
                                  attending the session                                                                                                involved in
                                                                                                                                                       training
                                                                                                                                                       interventions.




 10-404788-3                                                                                     105
Number                                                                                                              Required                                 Default
                Service Level                        Measurement Period/Commentary                                                Accrual        Allocated
                                                                                                                  Service Level                              Service
                    Title                                                                                                         Multiplier      Points
                                                                                                                                                              Level
  1            User             Monthly                                                                           75%             Not          Level 2; No   No
               Satisfaction                                                                                                       Applicable   Service
                                Measures levels of User satisfaction to ensure and agreed percentage is rated                                  Credits.
                                as good or excellent by User. Relates to Services provided by the ARC,
                                                                    nd
                                Service Desk, training others e.g. 2 line support


                                 Total Number of Users That Respond to User Satisfaction Survey and   
                                                                                                      
                                          State that their Interaction is Good or Excellent             100%
                                 Total Number of Users that Respond to User Satisfaction Survey       
                                
                                                                                                      
                                                                                                       
                                                                                                      

                                Note; the total number of Users that respond to User satisfaction surveys must
                                be a minimum of 1%
  1            Attrition        Yearly                                                                            15%             Not          Level 2; No   No
                                                                                                                                  Applicable   Service
                                This measure assesses Supplier Personnel attrition levels. It looks at the                                     Credits.
                                number of Supplier Personnel that work on the Services and either (1) leave
                                the employment of the Supplier; or (2) move to other Supplier activities that
                                are unrelated to the Services; or (3) move to other activities within the
                                Suppliers organisation including its parent company and other related entities.




                                 Total Number of Supplier Personnel Providing the Services 
                                                                                              
                                                that Leave in a Year                          
                                 Total Number of Supplier Personnel that Provide the Services  100%
                                                                                              
                                                                                              




 10-404788-3                                                                                106
Number                                                                    Required                                Default
                Service Level     Measurement Period/Commentary                         Accrual       Allocated
                                                                        Service Level                             Service
                    Title                                                               Multiplier     Points
                                                                                                                   Level
               Total     Points
               Allocated                                                                             800




 10-404788-3                                                      107
                                       Part 3.11 - Operational Reporting

1             Reports

1.1           The following reports are all specified in schedule 7 (Management Information):

              (a)     SMS (Framework and Drill down of call off contracts);

              (b)     LSMS Reporting;

              (c)     Use of Exception Reporting; and

              (d)     Customer Reporting.




10-404788-3                                             108
              Appendix 1




10-404788-3         109
10-404788-3   110
                                                    Appendix 2

                                               Authorised Devices



  Identicom           Model
  number                                i750                   i757          i770               i777
  Dimensions                        102 x 72 x 12       102 x 72 x 12    102 x 72 x 12     102 x 72 x 12
  Weight (average            inc
  lanyard)                              78g                    85g           78g                85g
  Operating temp range              -10C to +40C        -10C to +40C     -10C to +40C      -10C to +40C
  Communication system                 GSM                  GSM             GSM                GSM
                                     900Mhz &             900Mhz &        900Mhz &           900Mhz &
  GSM Frequencies                    1800Mhz              1800Mhz         1800Mhz            1800Mhz
  GPS                                     *                   Sirf III         *               Sirf III
  Battery life – standard             60hours                48hours       60hours            48hours
  Battery life - talk time            2.5hours               2.5hours      2.5hours           2.5hours
  Case                              ABS Plastic          ABS Plastic      ABS Plastic       ABS Plastic
  Minimum          Software
  Version                              v5.10                  v5.10          v5.10             v5.10



Additional Devices

The Supplier will support User provided mobile phone handsets which meet the mandatory
requirements listed below:

                              (A)    No flip phones

                              (B)    No key locks to be deployed

                              (C)    No touch screen phones

                              (D)    No phones where speed dials cant be easily set up by the User

                              (E)    No „qwerty keyboard‟ based phones




10-404788-3                                            111
                                                     Schedule 4

                                           Delays and Implementation

                                                    Part 1- Delays

1             Introduction

              This schedule 4 sets out the procedure to be followed in the circumstances that there is any
              delay in the implementation of the Solution.

2             Delays

2.1           If, at any time, the Supplier becomes aware that it will not (or is unlikely to) achieve any
              Milestone by the Milestone Date it shall immediately notify the Authority of the fact of the
              Delay and summarise the reasons for it.

2.2           The Supplier shall, as soon as possible and in any event not later than 10 days after the initial
              notification under paragraph 2.1, give the Authority full details in writing of:

              (a)      the reasons for the Delay;

              (b)      consequences of the Delay; and

              (c)      if the Supplier claims that the Delay is due to an Authority Cause, the reason for
                       making that claim.

2.3           Whether the Delay is due to an Authority Cause or not, the Supplier shall deploy all additional
              resources, and take all reasonable steps to eliminate or mitigate the consequences of the
              Delay.

2.4           Any disputes about or arising out of Delays shall be resolved through the Dispute Resolution
              Procedure. Pending the resolution of the Dispute both parties shall continue to work to
              resolve the causes of, and mitigate the effects of, the Delay.

3             Correction Plan

3.1           The Supplier shall submit a draft Correction Plan where:

              (a)      it becomes aware that it will not achieve a Milestone by the Milestone Date; or

              (b)      it has failed to achieve a Milestone by its Milestone Date, for whatever reason.

3.2           The draft Correction Plan shall identify the issues arising out of the Delay and the steps that
              the Supplier proposes to take to achieve the Milestone in accordance with this Framework
              Agreement.

3.3           The draft Correction Plan shall be submitted to the Authority for its approval as soon as
              possible and in any event not later than 10 days (or such other period as the Authority may
              permit and notify to the Supplier in writing) after the initial notification under paragraph 2.1 or
              the issue of a Non-conformance Report.

3.4           The Authority shall not withhold its approval of a draft Correction Plan unreasonably. If the
              Authority does not approve the draft Correction Plan it shall inform the Supplier of its reasons
              and the Supplier shall take those reasons into account in the preparation of a further draft




10-404788-3                                              112
              Correction Plan, which shall be resubmitted to the Authority within 5 Working Days of the
              rejection of the first draft.

3.5           The Supplier shall comply with its Correction Plan following its approval by the Authority.

4             Delays to Milestones

4.1           If a Milestone is not achieved other than as a result of an Authority Cause (in which case
              paragraph 5 applies), the Authority shall issue a Non-conformance Report to the Supplier
              setting out reasons for the relevant Milestone not being achieved and the consequential
              impact on any other Milestones. The Authority will then have the options set out in paragraph
              4.2.

4.2           The Authority may at its discretion (without waiving any rights in relation to the other options)
              choose to:

              (a)     issue a Milestone Achievement Certificate conditional on the remediation of the non-
                      conformities in accordance with an agreed Correction Plan; and/or

              (b)     refer the matter to the Escalation Process and if the matter cannot be resolved
                      exercise any right it may have under clause 16 (Termination).

4.3           Where the Authority issues a conditional Milestone Achievement Certificate as specified in
              paragraph 4.2 (b), it can choose (but does not have to) to revise the failed Milestone Date and
              any subsequent Milestone Date.

4.4           Any Correction Plan shall be agreed before the issue of a conditional Milestone Achievement
              Certificate unless the Authority is willing to agree otherwise. In the latter case the Supplier
              shall submit a Correction Plan for approval by the Authority within 10 Working Days of receipt
              of the Non-conformance Report.

5             Delays to Milestones Due to Authority Cause

5.1           Without prejudice to paragraph 2.3 and subject to paragraph 4, if the Supplier would have
              been able to Achieve the Milestone by its Milestone Date but has failed to do so as a result of
              an Authority Cause the Supplier will have the rights and relief set out in this paragraph 5:

5.2           The Supplier shall:

              (a)     subject to paragraph 6, be allowed an extension of time equal to the Delay caused by
                      that Authority Cause; and

              (b)     not be in breach of this Framework Agreement as a result of the failure to achieve the
                      relevant Milestone by its Milestone Date;

5.3           The Authority Representative shall:

              (a)     consider the duration of the Delay, the nature of the Authority Cause and the effect of
                      the Delay and the Authority Cause on the Supplier's ability to comply with the
                      Implementation Plan;

              (b)     consult with the Supplier Representative in determining the effect of the Delay;

              (c)     fix a revised Milestone Date; and




10-404788-3                                             113
              (d)     if appropriate, make any consequential revision to subsequent Milestones in the
                      Implementation Plan.

5.4           Any Change that is required to the Implementation Plan pursuant to paragraph 5.1 or the
              Charges shall be implemented in accordance with the Contract Change Procedure. If the
              Supplier's analysis of the effect of the Delay in accordance with paragraph 3.2 permits a
              number of options, then the Authority shall have the right to select which option shall apply.

5.5           The Authority shall not delay unreasonably when considering and determining the effect of a
              Delay under this paragraph 5 or in agreeing a Change pursuant to the Contract Change
              Procedure.

5.6           The Supplier shall and shall procure that each Sub-Contractor shall take and continue to take
              all reasonable steps to eliminate or mitigate any losses and/or expenses that it incurs as a
              result of an Authority Cause.

6             Delays not Due to One Party

6.1           Without prejudice to paragraph 2.3 and subject to paragraph 2.4, where a Delay is attributable
              in part to an Authority Cause and in part is the responsibility of the Supplier the parties shall
              negotiate in good faith with a view to agreeing a fair and reasonable apportionment of
              responsibility for the Delay. If necessary, the parties may escalate the matter in accordance
              with the Dispute Resolution Procedure.

                                          Part 2- Implementation Plan

7             Introduction

7.1           The Implementation Plan includes SOP's, process maps, scripts etc to be submitted to the
              Authority using the Operational Change Procedure.

8             Milestones

8.1           The Supplier shall, in accordance with Part 1 of Schedule 4, use best endeavours to meet the
              Milestones by the Milestone Dates as indicated below:

                     Milestone                                                                Milestone
      Ref.                                     Milestone Tasks              Dependency
                      Service                                                                   Date

                                      Finalising the Security Plan based                         ISO
       01               ARC             on the ISO27001 accreditation         Supplier       accreditation
                                               and gap analysis                              due 30 June
                                                                                                 2009

                                      Submission and Acceptance of
                                      training materials, SOP‟s, scripts                     (1) Working
                                      and processes,                                        towards ISO
                                      Accreditation of ISO27001/2,                          Accreditation,
                                                                              Supplier /
       02               ARC            Personnel recruitment & training                       (as above)
                                                                              Authority
                                           completed and IT systems
                                         configured and all other tasks                      (2) Training
                                            associated with ensuring                             to be
                                       readiness of the ARC for Service                     complete by
                                                    delivery                                30 April 2009




10-404788-3                                             114
                                                                                (3) ARC SOP
                                                                                     to be
                                                                                  submitted
                                                                                and accepted
                                                                                  by 24 April
                                                                                     2009

                               Submission and Acceptance of
                              training materials, SOP‟s, scripts
                                       and processes.
                              Personnel recruitment & training
                                                                   Supplier /   Training and
       03     Service Desk     completed and IT infrastructure
                                                                   Authority     final testing
                                configured and all other tasks
                                                                                complete by
                                   associated with ensuring
                                                                                30 April 2009
                              readiness of the ARC for Service
                                           delivery



                              Submission and Acceptance of                           Key
                                   Marketing material.                           marketing
                               Press releases, advertising,                       material
                                        editorials                               accepted.
                                and lone worker literature                       Distribution
                                                                   Supplier /
       04      Marketing               distributed,                              by 30 April
                                                                   Authority
                              Web Portal established and all                        2009
                               other tasks associated with
                                ensuring readiness of the                        Web Portal
                                   Marketing strategy                           complete by
                                                                                24 April 2009



                              Submission and Acceptance of
                               User training material and all
                                                                   Supplier /
       05     User Training     other tasks associated with
                                                                   Authority     Complete
                              ensuring readiness to complete
                                       User Training



                                  Personnel recruitment and
                              training completed, infrastructure
                Service         established and all other tasks                 Staff training
       06                                                          Supplier
              Maintenance          associated with ensuring                         to be
                                readiness to complete Service                   completed by
                                  Maintenance requirements                      30 April 2009



                                 Personnel recruitment and
                Account       training completed and all other                     (1) Staff
       07                                                          Supplier
              Management         tasks associated to ensure                     training to be
                                  readiness of the Account                      completed by
                              Management team to complete                       30 April 2009




10-404788-3                                    115
                                         delivery
                                                                             (2) National
                                                                               Account
                                                                            Manager final
                                                                            interviews on
                                                                            27 April 2009



                                Sufficient and appropriate
                             Devices and SIM stock levels and
       08     Supply Chain     all other tasks associated to     Supplier   1 May 2009
                              ensure readiness of the Supply
                                Chain to complete delivery

                             Finalising   the     long   term
                             agreement       with      Jemline
       09        ARC         Developments as the host site for   Supplier    Complete
                             the DR solution for the ARC &
                             Service Desk




10-404788-3                                  116
                                                    Schedule 5

                                             The Maximum Charges

1             Introduction

1.1           This schedule details the agreed pricing model that will apply to the provision of the Services.
              It outlines individual rates that will be used as a basis for calculating the Supplier‟s Charges
              for Services as well as creating a basis for calculating Suppliers pricing for proposed new
              services. This mechanism shall apply for the term of the Framework Agreement and all
              related Contracts.

1.2           The Maximum Charges shall be subject to the Maximum Charges Variation Procedure.

2             Definitions

              For the purposes of this schedule the following definitions shall apply:

              Additional Pooled/Shared User means those Users that share a Device, up to a maximum
              of 3 Users but excluding the first User.

              Optional Device Accessories means optional Device accessories which, with the exception
              of the Identicom manual (E/F/G) which is free, can be purchased by Customer‟s at their
              additional expense as detailed in this schedule.

              Minimum Required Device Mandatory Accessories means the minimum additional
              components that will be provided to the Customer, as detailed in Schedule 3 (Services), and
              as are included within the price of the Services.

              Volume Discount(s) means the discount that will be applied to the Maximum Charges when
              certain volume thresholds are achieved as detailed in paragraph 3.8.

3             Calculation of Maximum Charges

3.1           The Maximum Charges for the provision of the Services are detailed in Table 2A and 2B
              below, and this represents an all inclusive price for the Services that are specified in this
              Agreement and summarised in Table 1 below.




10-404788-3                                             117
Table 1 - Service Features
                                         New Device - One User                               Managed Services                             Short Term Rental                                   Pooled/Shared Usage of Device
                                                                                                       Customer               Customer
                                                                                i777     –   Customer owned       Customer    owned                                              i777     –                                          i777     –
                                                      i770     –                GSM          owned     Mobile     owned       Identicom                i770     –                GSM                       i770     –                GSM
                                                      GSM                       Identicom    Mobile    Phone      Identicom   Device                   GSM                       Identicom                 GSM                       Identicom
                                                      Identicom    i757     –   with GPS     Phone & and SIM      Device &    and SIM                  Identicom    i757     –   with GPS                  Identicom    i757     –   with GPS
                                         i750     –   with man     GSM          and man      Customer Provided    Customer    Provided    i750     –   with man     GSM          and man      i750     –   with man     GSM          and man
                                         GSM          down         Identicom    down         owned     by         owned       by          GSM          down         Identicom    down         GSM          down         Identicom    down
                                         Identicom    function     with GPS     function     SIM       Supplier   SIM         Supplier    Identicom    function     with GPS     function     Identicom    function     with GPS     function
Contract Term Option
1 Year                                   ●            ●            ●            ●            ●        ●           ●           ●                                                               ●            ●            ●            ●
2 Year                                   ●            ●            ●            ●            ●        ●           ●           ●                                                               ●            ●            ●            ●
3 Year                                   ●            ●            ●            ●            ●        ●           ●           ●                                                               ●            ●            ●            ●
4 Year                                   ●            ●            ●            ●            ●        ●           ●           ●                                                               ●            ●            ●            ●
5 Year                                   ●            ●            ●            ●            ●        ●           ●           ●                                                               ●            ●            ●            ●
Less than 1 year                                                                                                                          ●            ●            ●            ●

Minimum Required Device Mandatory
Accessories
Identicom Device                         ●            ●            ●            ●                                                         ●            ●            ●            ●            ●            ●            ●            ●
Identicom Power Supply                   ●            ●            ●            ●                                                         ●            ●            ●            ●            ●            ●            ●            ●
UK Plug adapter for power supply         ●            ●            ●            ●                                                         ●            ●            ●            ●            ●            ●            ●            ●
Identicom lanyard (blue)                 ●            ●            ●            ●                                                         ●            ●            ●            ●            ●            ●            ●            ●
Identicom plastic lapel clip             ●            ●            ●            ●                                                         ●            ●            ●            ●            ●            ●            ●            ●
Identicom lanyard plug (x3)              ●            ●            ●            ●                                                         ●            ●            ●            ●            ●            ●            ●            ●
Identicom SIM Door                       ●            ●            ●            ●                                                         ●            ●            ●            ●            ●            ●            ●            ●
SIM Card                                 ●            ●            ●            ●                     ●                       ●           ●            ●            ●            ●            ●            ●            ●            ●

Device / User Services
Warranty - Damage/Fault                  ●            ●            ●            ●                                                         ●            ●            ●            ●            ●            ●            ●            ●
Battery Replacement                      ●            ●            ●            ●                                                         ●            ●            ●            ●            ●            ●            ●            ●
Replacement - Loss / Theft               ●            ●            ●            ●                                                         ●            ●            ●            ●            ●            ●            ●            ●
SIM Warranty / Replacement               ●            ●            ●            ●                     ●                       ●           ●            ●            ●            ●            ●            ●            ●            ●
Standard Training                        ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Training User Guide & Quick Reference
Guide                                    ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Additional Pooled/Shared User Training                                                                                                                                                        ●            ●            ●            ●

Network Services
GPS Location                                                       ●            ●                                                                                   ●            ●                                      ●            ●
GSM Location                             ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Auto Man Down Facility                                ●                         ●                                                                      ●                         ●                         ●                         ●
SIM Coverage Swap / Return               ●            ●            ●            ●                     ●                       ●           ●            ●            ●            ●            ●            ●            ●            ●




       10-404788-3                                                                       118
Table 1 - Service Features
                                        New Device - One User                               Managed Services                             Short Term Rental                                   Pooled/Shared Usage of Device
                                                                                                      Customer               Customer
                                                                               i777     –   Customer owned       Customer    owned                                              i777     –                                          i777     –
                                                     i770     –                GSM          owned     Mobile     owned       Identicom                i770     –                GSM                       i770     –                GSM
                                                     GSM                       Identicom    Mobile    Phone      Identicom   Device                   GSM                       Identicom                 GSM                       Identicom
                                                     Identicom    i757     –   with GPS     Phone & and SIM      Device &    and SIM                  Identicom    i757     –   with GPS                  Identicom    i757     –   with GPS
                                        i750     –   with man     GSM          and man      Customer Provided    Customer    Provided    i750     –   with man     GSM          and man      i750     –   with man     GSM          and man
                                        GSM          down         Identicom    down         owned     by         owned       by          GSM          down         Identicom    down         GSM          down         Identicom    down
                                        Identicom    function     with GPS     function     SIM       Supplier   SIM         Supplier    Identicom    function     with GPS     function     Identicom    function     with GPS     function
Amber Alert Function                    ●            ●            ●            ●            ●         ●          ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Red Alert Function                      ●            ●            ●            ●            ●         ●          ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Audio Evidence Capture                  ●            ●            ●            ●            ●         ●          ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Battery Status Check                    ●            ●            ●            ●                                 ●           ●           ●            ●            ●            ●            ●            ●            ●            ●



Contract Services
Product Review                          ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Project Management                      ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Free Phone - Service Desk Access        ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Web Portal Access                       ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Management Information                  ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Sales, marketing & publicity            ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
New Device Testing                      ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Account Management                      ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Billing & Reporting                     ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Manned Alarm Response Service           ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Service Desk                            ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●

Billing Options
Early Payment Option by Direct Debit–
Discounted Payment Terms                ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●
Standard Payment Terms - 30 Days        ●            ●            ●            ●            ●        ●           ●           ●           ●            ●            ●            ●            ●            ●            ●            ●

Key:
Feature included in Service Option      ●
Feature excluded from Service Option    Blank




        10-404788-3                                                                     119
       3.2           The Charges for the Services will be dependant on the Term of the Contract and will be as
                     shown in Table 2A and 2B. The Charges are per month and per User, and the rate shown
                     shall apply to the entire duration of the Term of Contract, subject to Maximum Charge
                     Variation Procedure.

       Table 2A

 Maximum Charges - New Device One User
               i750    –       i770     –   i757-GSM     i777–          Customer      Customer     Customer   Customer
               GSM             GSM          Identicom    GSM            Owned         Owned        Owned      Owned
               Identicom       Identicom    with GPS     Identicom      Identicom     Identicom    Mobile     Mobile
Contract                       with man                  with GPS       Device &      Device &     phone &    Phone
Term                           down                      and man        Customer      Supplier     Customer   Device &
                               function                  down           owned SIM     provided     owned      Supplier
                                                         function                     SIM          SIM        provided
                                                                                                              SIM

 1 Year
                 £15.55          £17.07       £19.56       £21.17        £5.41         £7.29         £5.41       £7.29

 2 Year
                 £11.15          £12.37       £13.76       £15.08        £5.41         £7.29         £5.41       £7.29

 3 Year
                 £9.68           £10.81       £11.83       £13.05        £5.41         £7.29         £5.41       £7.29

 4 Year
                 £8.95           £10.03       £10.87       £12.05        £5.41         £7.29         £5.41       £7.29

 5 Year
                 £8.52           £9.57        £10.30       £11.45        £5.41         £7.29         £5.41       £7.29
 Short
 Term
 Rental
 Monthly         £11.15          £12.37       £13.76       £15.08        N/A           N/A           N/A         N/A
 Charge
 (6-12
 months)



       Table 2B

Maximum Charges – Additional Pooled/Shared User – One Off Charge – No monthly fee Services as detailed
                                       in paragraph 3.6 below

Additional Pooled/Shared User Training Charge – Supplier
                                                                    29.65 per additional Pooled/Shared User
to invoice on receipt of Services



       3.3           The only items that are separately chargeable under this Agreement are:

                     (a)    Optional Device Accessories as detailed in paragraph 4.


       10-404788-3                                          120
              (b)    Termination assistance in excess of the requirements specified in Part 1 of schedule
                     16 (Exit Assistance).

              (c)    Early termination charges as detailed in paragraph 5; and

              (d)    User telephone charges that are unrelated to the Services as specified in paragraph
                     11.

3.4           The Supplier commits to provide the required number of Supplier Personnel to meet the
              Service Levels and provide the Services detailed in this Agreement.

3.5           All Maximum Charges are inclusive of all Supplier costs and expenses and are shown per
              calendar month except where expressly stated otherwise, in sterling, and exclusive of VAT
              where applicable. VAT will be charged and payable at the prevailing rate and shown
              separately on all invoices.

3.6           In respect of pooled or shared Devices up to a maximum of 3 Users are permitted to share a
              single Device, and:

              (a)    The Maximum Charge for the first User will be for a single User for the Contract Term
                     as shown in Table 2A above; and

              (b)    The Maximum Charges for each Additional Pooled/Shared User will be calculated at
                     the Additional Pooled/Shared User Rate as shown in Table 2B above.

3.7           Reallocation of Device

              A Device can be re-allocated from one User to another within a Customer‟s organisation at no
              additional charge.

3.8           Volume Discounts

              (a)    In respect of Table 2A only the Maximum Charges shall be adjusted by taking into
                     account the following Volume Discount structure. The level of Volume Discount that
                     will be applied to new Contract(s) will be considered on the year anniversary of the
                     Agreement, and each year thereafter.

              (b)    The Maximum Charges relating to existing Contracts will not be impacted by this
                     paragraph 3.8. That is, Maximum Charges for current Services will remain static over
                     the duration of the Contract, other than as amended via the Maximum Charges
                     Variation Procedure.

              (c)    The Volume Discount shall be applicable where the thresholds in Table 3 below have
                     been achieved. Volume Discounts shall be calculated by counting the number of
                     Users that are currently receiving Services under Contracts on the Agreement yearly
                     anniversary date.

              (d)    In respect of new Contracts the Supplier shall apply the lowered pricing and update
                     the Catalogue within 5 Working Days of the Discount Threshold being achieved.

              (e)    For the avoidance of doubt, where Maximum Charges are adjusted as a result of
                     Volume Discount thresholds the new Maximum Charge will be subject to the



10-404788-3                                          121
                        Maximum Charges Variation Procedure as specified in Schedule 9 (Maximum
                        Charges Variation Procedure).

              Table 3


    Volume Discounts
    No. of Users receiving Services                No. of Users receiving Services         Discount Applied
    From                                           To
    102000                                         141000                                  4.00%
    141001                                         181100                                  An additional 1.00%
    181101                                         221100                                  An additional 1.00%
    221101                                         251000                                  An additional 1.00%



4             Optional Device Accessories

4.1           The Supplier shall provide the following Optional Device Accessories, at the Maximum
              Charges stated in Table 4, when requested by the Customer. Optional Device Accessories are
              on a capital sum basis and become the property of the Customer.

              Table 4

         Optional Device Accessories
         Accessory                                             Part number                     Purchase Price
         Identicom additional power supply                     EXT1001                         £9.27
                                                                                               PDF version Free on
         Identicom Manual (E/F/G) – PDF Version                EXT1013
                                                                                               request
         Identicom In - Car Charger                            EXT1017                         £12.36
         Identicom Silicon Rubber Case                         EXT1012                         £12.36



5             Early Termination Fee

5.1           Where a Customer terminates or purports to terminate the Services relating to a User or
              Contract/Order prior to the expiry of the relevant initial Term of Contract then, other than on
              expiry or in the case of termination by the Customer under clause 16.4 and 16.7, the
              Customer shall pay to the Supplier an early termination fee set out in Table 5. This early
              termination fee shall be a one off payment and the amount will vary depending on when the
              Services are terminated e.g. the early termination fee to terminate a 5 year contract in Year 1
              is £39.96 but the cost of terminating the same contract in Year 4 is £18.40.

5.2           Where a Customer terminates or purports to terminate the Services relating to a User or
              Contract/Order during a contract extension period then, other than on expiry or in the case of
              termination by the Customer under clause 16.4 and 16.7, the Customer shall pay to the
              Supplier an early termination fee set out in Table 5. This early termination fee shall be a one
              off payment.




10-404788-3                                            122
5.3           Where a Customer terminates or purports to terminate a Short Term Rental Contract other
              than on expiry or in the case of termination by the Customer under clause 16.4 and 16.7 the
              Customer will be required to pay the full contracted rental Charges that are remaining.

5.4           For the avoidance of doubt where the Customer wishes to cancel a Contract within 10
              Working Days of the parties signing the Contract then this shall be treated as Cancellation and
              the provisions of paragraph 10 shall apply.

              Table 5 - Early Termination Fee

Early Termination Fees – One Off Charge per User

Identicom                               Year of Termination

Initial Contract Term                   1        2             3            4             5
1 Year                                  £18.40   N/A           N/A          N/A           N/A
2 Year                                  £23.79   £13.00        N/A          N/A           N/A
3 Year                                  £29.18   £18.40        £13.00       N/A           N/A
4 Year                                  £34.57   £23.79        £18.40       £13.00        N/A
5 Year                                  £39.96   £29.18        £23.79       £18.40        £13.00
Early Termination during a              £13.00   £13.00        £13.00       £13.00        £13.00
Contract Extension
Managed Services : Own
Mobile or Identicom SIM and             Year of Termination
Customer owned SIM

Initial Contract Term                   1        2             3            4             5
1 Year                                  £17.55   N/A           N/A          N/A           N/A
2 Year                                  £22.10   £13.00        N/A          N/A           N/A
3 Year                                  £26.64   £17.55        £13.00       N/A           N/A
4 Year                                  £31.19   £22.10        £17.55       £13.00        N/A
5 Year                                  £35.74   £26.64        £22.10       £17.55        £13.00
Early Termination during a              £13.00   £13.00        £13.00       £13.00        £13.00
Contract Extension
Customer      owned   Mobile
Phone and SIM Provided by               Year of Termination
Supplier

Initial Contract Term                   1        2             3            4             5
1 Year                                  £17.55   N/A           N/A          N/A           N/A
2 Year                                  £22.10   £13.00        N/A          N/A           N/A
3 Year                                  £26.64   £17.55        £13.00       N/A           N/A
4 Year                                  £31.19   £22.10        £17.55       £13.00        N/A
5 Year                                  £35.74   £26.64        £22.10       £17.55        £13.00
Early Termination during a              £13.00   £13.00        £13.00       £13.00        £13.00
Contract Extension




10-404788-3                                            123
Pooled/Shared            Usage      of
                                         Year of Termination
Device

Initial Contract Term                    1        2             3            4             5
1 Year                                   £18.40   N/A           N/A          N/A           N/A
2 Year                                   £23.79   £13.00        N/A          N/A           N/A
3 Year                                   £29.18   £18.40        £13.00       N/A           N/A
4 Year                                   £34.57   £23.79        £18.40       £13.00        N/A
5 Year                                   £39.96   £29.18        £23.79       £18.40        £13.00
Early Termination during a               £13.00   £13.00        £13.00       £13.00        £13.00
Contract Extension



6             Termination Assistance

6.1           Included within the Charges the Supplier shall provide the Termination Assistance as specified
              in Part 1 of schedule 16 (Exit Assistance).

6.2           If the Authority or Customer require termination assistance in excess of that specified, in line
              with Part 1 of schedule 16 (Exit Assistance) the Supplier shall provide such assistance, and
              shall charge on a time and materials basis, using the principles established in paragraph 9.

7             Temporary Suspension

7.1           In the event that the Customer wishes to suspend the Services in respect of a User, and does
              not wish to re-allocate the Device, the Supplier shall suspend charges for Services for the
              period of the suspension.

7.2           For charging purposes the Customer is only permitted to suspend the Services for a minimum
              of 1 month and a maximum of 3 months within a single year of a contract.

7.3           Temporary suspension will not be permitted for Devices contracted on Short Term Rental.

8             Individual User cannot access or make use of the Services due to Geographical
              Location

              In the event that an individual User is unable to access or make use of the Services due to
              geographical location and the inability of any Network Operator to provide network availability
              in that location, the Customer shall arrange for the User to return the Device to the Supplier
              within the first two months of the Contract. Any Charges paid in respect of that User will be re-
              credited to the Customer, or the Authority in the case of Authority funded Devices during the
              centrally funded two year period.

9             New Requirement Not in the Original Scope of Services -                    Maximum Charges
              Mechanism

9.1           Where the Supplier is to provide new or additional services the parties shall agree the
              Maximum Charges payable by reference to the principles underlying this schedule, and
              specifically that the contract margin will be no greater than 7%;

9.2           There shall be no margin applied to products and services supplied by the Supplier's Device
              subcontractors.


10-404788-3                                            124
9.3           In relation to any such new requirement, the Supplier shall provide to the Authority the same
              level of „open book‟ price visibility as was provided during the competitive process leading up
              to contract award.

10            Cancellation

10.1          Cancellation is where the Customer has signed a Contract but subsequently decides to cancel
              the Contract or User(s) from the Contract before commencement of the Services, in
              accordance with clause 15.1(a) of the Contract. If the Customer provides written (to include
              email) notification to the Service Desk of the Cancellation, within 10 Days of all parties signing
              the Contract then no charges will be applied and the Contract, will be cancelled without any
              implication to the Customer (no Cancellation charges payable).

10.2          Upon Cancellation, any equipment received by the Customer/User shall be returned to the
              address specified through the Cancellation process.

10.3          In the event that a Customer wishes to cancel the Contract after more than 10 Days of all
              parties signing the Contact then early termination fees shall apply as detailed in paragraph 5
              of this schedule.

11            Mobile Phones– Call Charges Unrelated to the Provision of Services

11.1          For mobile phones where the Supplier provides the Services and the SIM Card, the Supplier
              shall recharge to the Customer, through the normal monthly invoicing process, the cost of all
              calls not associated with the Services. Call charges shall be itemised and shall include the
              name and mobile number of the User.

11.2          For mobile phones where the User provides the SIM Card, the Supplier has reduced the price
              of the Services to take account of an assumed volume of network usage to utilise the
              Services.

12            Gainshare

12.1          Subject to the Agreement, particularly clauses 4.5, 4.6 (the Available Services), schedule 10
              (Sub-Contractors) and schedule 12 (Governance), if the Supplier decides to adopt new or
              revised technology, processes or methods of delivery that, in the reasonable opinion of the
              Supplier, will materially change the way in which Services are supplied, including revised
              supply chain, revised Device manufacture location, or any other change in the way the
              Services are supplied, whether or not that change will result in a material cost saving to the
              Supplier in providing the Services, the Supplier shall promptly notify the Authority and brief the
              Authority on the economic or business reasons for the change, and the Supplier and the
              Authority will use their reasonable endeavours to agree change, and the manner in which the
              Maximum Charges may, if appropriate, be accordingly revised.

13            Early Payment Option by Direct Debit – Discounted Payment Terms

13.1          The Supplier will offer an early payment by direct debit discount in respect of all fees and
              charges resulting from this Agreement and/or each Contract.

13.2          Where a direct debit mandate has been completed to facilitate early payment to the Supplier
              within 5 Working Days of an invoice being issued, a discount will be applicable to each such
              invoice.


10-404788-3                                             125
                                                                                          st        st      st
13.3          The applicable early payment discount will be calculated quarterly, on 1 April, 1 July, 1
              October and 1 January of each year.

13.4          Where early payment by direct debit has been selected a credit will be shown as an „early
              payment discount adjustment‟ on each monthly invoice. The discount will be credited to the
              invoice in which it applies and will be itemised separately, showing the percentage discount
              and cash value of the discount. The credit shall be calculated as follows;

              Discounted Invoice = Standard Terms Invoice Value x D

              Where:

                                                          i  2%
                                                     D           25
                                                            365

              Where:

              D = Discount adjustment factor applied to invoices valid for Early Payment Discount.

              i = London Interbank Offered Rate (LIBOR) at the quarterly date of calculation as stated
              above.

              The Catalogue shall be updated with within 5 Working Days to show the latest early payment
              by direct debit discount.

14            Marketing and Publicity

              The Supplier is required to market and publicise the Services as detailed in schedule 15
              (Marketing), and incorporated into the Maximum Charges.

15            Authority Funding

15.1          For Contracts that are part funded by the Authority with the Authority as a signatory, the
              Authority shall be responsible for payment of the Services, as outlined in schedule 3
              (Services), in Years 1 and 2 of the Contract. The Customer shall be liable for Services in
              subsequent years.

15.2          The Authority shall not be liable for any other costs that arise in Years 1 and 2 as a result of
              Customer requests or actions including;

              (a)      Optional Device Accessories as specified in paragraph 4;

              (b)      Non Services-related mobile calls as specified in paragraph 11;

              (c)      Cancellation charges as specified in paragraph 10;

              (d)      Additional termination assistance charges as specified in paragraph 6; and

              (e)      Additional Pooled/Shared User costs as specified in paragraph 3.6;

              for the avoidance of doubt these additional items will be payable by the Customer directly,
              where due.



10-404788-3                                            126
16            Management Fee

              The Supplier shall pay a management fee of 3% in respect of all sums payable under this
              Agreement and all Contracts.

17            Contract Extensions

              In the event that the Customer extends their Contract, then the Maximum Charges that will
              apply shall be the same monthly Charge as was payable during the initial Term of the
              Contract.




10-404788-3                                         127
                                                     Schedule 6

                                                Ordering Procedures

1             Introduction

1.1           This schedule specifies the procedures that Customers must follow with the Supplier to place
              an Order.

1.2           Customers are entitled to place Orders at any time during the Term to order Services. Such
              Services shall be provided by the Supplier as Ordered Services in accordance with the
              provisions of the Contract.

1.3           A Contract shall be entered into by the Supplier accepting an Order, served by a Customer,
              for the provision of Ordered Services in accordance with these Ordering Procedures.

2             Procedures

2.1           Two process maps have been included within this schedule explaining the ordering
              procedures relating to:

              (a)      Model Contract 1: Joint Funded (NHSBSA/NHS Bodies) Subscriptions;

              (b)      Model Contract 2: NHS Body Directly Funded Subscriptions;

3             Orders

3.1           An Order shall comprise:

              (a)      the Customer‟s Name, Registered Address, Registration Number;

              (b)      the Customer‟s requirement in terms of either (i) Device Subscriptions and quantities;
                       and/or (ii) “One-Off” Optional Items/Services;

              (c)      a unique Order reference number;

              (d)      the call-off contract terms & conditions;;

              (e)      the Customer‟s invoice address; and invoice contact;

              (f)      the Customer Authorised Representative(s) and contact details;

              (g)      User Details;

              (h)      Requested delivery date or delivery timetable;

              (i)      Training – (i) required method(s) of training; (ii) proposed training venue (Customer to
                       provide training venue).

              (j)      Any other Customer / User information requested by the Supplier to deliver the
                       Ordered Services




10-404788-3                                              128
4             Acknowledgement Of The Order

4.1           On receipt of an Order, the Supplier shall send an acknowledgement of that Order to the
              Customer within two (2) Working Days.




10-404788-3                                        129
                                                                                               Part 1 – Joint Funded


                         NHS BODY                                                                  NHS                                                                        SUPPLIER

                                            NHS Body Advised
                                                                                                 BSA
                                                                              1.   LWP Procurement process concluded.
                                                                                   NHSBSA Finalises Costs/Services and advises
                                                                                   NHS Bodies
           2.    NHS Body confirms (joint funded)
                 requirements using proforma (provided
                 by the NHSBSA)
                                                                                      3.    NHSBSA (SMS) consolidates
                                                           Advise BSA                      requirements from all NHS Bodies.
                                                             by set
                                                            deadline                                                                                              5.       Supplier populates draft Call-Off
                                                                                                                                                    Supplier
                                                                           4. NHSBSA formally advises NHS Body and Supplier                                             Contract (from initial proforma
                                                                                                                                                    Advised
                                                                              that NHS Body has been allocated:                                                         forwarded by NHSBSA)
                                                                              £x (2 year funding) for „x‟ no. of devices and that
                                                     NHS                                                  rd
                                                                              this funding is subject to 3 year funding by NHS
                                                     Body
                                                                              Body
                                                    Advised
                                                                                                                                                               6. Supplier arranges meeting(s) with NHS
7.     NHS body/Supplier finalise all arrangements and                                                                                                            Body authorised representatives
                                                                                                                    Meeting(s)
      agree final version of (joint funded) contract                                                                Arranged


                                                                                                                                            8.   Three copies of Call-Off contract produced for NHS Body.
                                                                                                                                                 Signed by the Supplier (quoting NHSBSA unique contract
                                                                                                                                                 reference and NHS Body‟s order/contract reference –Note:
     9. NHS Body Reviews and signs (3) copies of                           10. NHSBSA (SMS) reviews and signs copies
                                                                                                                                                 These references will be used for payment control)
       Contract and forwards to NHSBSA for final                               of Contract, retaining one copy for records
       signature.                                                              and forwarding other (2) copies to NHS
                                                                               Body and Supplier

                 11. Signed Contract retained by NHS Body          Signed Contract (1 copy)                          Signed Contract (1 copy)         12. Signed Contract retained by Supplier for records
                     for records


                                              NOTE: If NHS Body wants to order further Devices (funded directly by them) then a separate Call-Off contract/order will
                                                                                have to be created (See Part 2 Order Process)




        10-404788-3                                                                                           130
                                                                                   Part 2 – Direct Funded


                                                                                                                                              Supplier
                                     NHS Body


     1.    NHS Body either (1) requests meeting with                                                           2.        Meeting arranged with NHS Body; or NHS Body is
           Supplier‟s Account Manager; or (2) the NHS Body                                                               provided with access to Lone Worker Solution Overview
           will access/download Lone Worker Solution                                                                     and (Call-Off Contract) Order Form, completion
           overview (rates/Service Levels etc) from web-site; or                                                         instructions and rates.
           be provided with information by e-mail on application




               3.   NHS Body completes Lone Worker (Call-Off Contract)
                    Order form defining contract length, number of                                                  4.     Supplier reviews (Call-Off contract) Order form and liaises with NHS
                    Users/subscriptions required – completing all mandatory                                                Body‟s authorised representative(s) to arrange training and finalise
                    fields on Lone Worker Order form & schedules, attaching       Discussion (if required)                 arrangements
                    NHS Body‟s official Order (with both forms being
                    approved/authorised in accordance with NHS Body‟s
                    standing financial instructions).
                                                                                                                    5.     Supplier signs Lone Worker (call-off contract) Order
                                                                                                                           Form; retaining one copy & sending second copy
                                                                                                                           back to NHS Body as Confirmation of Order.

          6.    Lone Worker Order form (signed by both parties)
                returned to NHS Body, including schedule
                confirming key dates, training arrangements etc.

                                                                                                                                7.   Implementation commences in
                                                                                                                                     accordance with agreed plan




Notes:
1.     A separate (Call-Off Contract) Order will be created for additional subscription(s) the NHS Body wishes to place.
2.     The NHS Body (in consultation with the Supplier (if required)) will be responsible for managing/overseeing the total number of subscriptions and the respective terms/rate
       being applied for their organisation – ensuring that the most cost effective solution is being employed.
3.     The LWP Call-Off Contract Terms & Conditions will apply to all Lone Worker orders (NHS Body‟s Terms & Conditions will not apply).

  10-404788-3                                                                                      131
                                                  Schedule 7

                                           Management Information

1             Introduction

1.1           This schedule 7 specifies the Management Information that the Supplier shall provide to the
              Authority and/or the Customer.

2             Management Information

2.1           The Supplier shall provide Management Information reports electronically to the Authority at:
              loneworkerprotection@cfsms.nhs.uk.

2.2           Authority reports shall be submitted within 8 days following month end, as outlined in
              schedule 12 (Governance).

2.3           Customer reports shall be submitted within 10 Working Days of the end of the monthly
              reporting period.

2.4           Project Management and Implementation Programme Management Information in respect of
              the Contract, will be provided in the agreed Customer format prior to the implementation of
              the Services.

2.5           Management Information specifications are detailed in the table below:




10-404788-3                                           132
                                                                                                    Authority                                                       Customer
                                                                                      Authority                                     Authority       Customer
                                                                                                     Contract       Strategic                                        Contract        Annual
                                                                      REPORT :       Operational                                    Exception      Operational
                                                                                                   Management       Reporting                                        Manager         Reports
                                                                                       Report                                        Report         Reporting
                                                                                                      Report                                                          Report
                                                                    REPORT                         Centrally and   Centrally and   Centrally and   Centrally and   Centrally and   Centrally and
                                                               BROKEN DOWN           Customer       Customer        Customer        Customer        Customer        Customer        Customer
                                                                        BY :                         Funded          Funded          Funded          Funded          Funded          Funded
                                                                  FREQUENCY :         Monthly        Monthly        Quarterly      As Required       Monthly         Monthly         Annually

      General

      Service Credits due in respect of failure to attain Service Levels including
1                                                                                                                                                               
      a description as to the reason(s) for failure
      Percentage Service Credit that will be rebated on the next months
2                                                                                                                                                                 
      invoice
3     Number of Users and breakdown by Device                                                                                                                   

4     Number of suspensions and each suspension period                                                                                                          

5     Number of cancellations                                                                                                                                   

      Number of terminations within the Term of the Contract, to include the
6                                                                                                                                                               
      number of months of subscription remaining at the point of termination

7     Number of devices reallocated following early termination                                                                                                     

      Spend to date and spend in year (April to April) in respect of NHS and
8                                                                                                                                                                   
      Framework wide

9     Supplier order pipeline                                                                                                                                     

10    Invoices raised and invoices outstanding                                                                                                                        

11    Executive Summary                                                                                                 

12    Total Contracted value of Agreement                                                                               

13    Operational, technical and Product Review Report                                                                  

14    New developments                                                                                                                                              

15    Proposed efficiencies including continuous improvement                                                            

16    Attrition Levels                                                                                                                                                                

17    Exception Report showing each case that the Supplier has agreed to                                                                




10-404788-3                                                                                            133
      lower Charges than the Maximum Charges

18    Disputes between Supplier and Customer                                                                                                              
                                                                                              Authority                                                       Customer
                                                                                Authority                                     Authority       Customer
                                                                                               Contract       Strategic                                        Contract        Annual
                                                                    REPORT :   Operational                                    Exception      Operational
                                                                                             Management       Reporting                                        Manager         Reports
                                                                                 Report                                        Report         Reporting
                                                                                                Report                                                          Report
                                                                                             Centrally and   Centrally and   Centrally and   Centrally and   Centrally and   Centrally and
                                                           REPORT BROKEN
                                                                               Customer       Customer        Customer        Customer        Customer        Customer        Customer
                                                                DOWN BY :
                                                                                               Funded          Funded          Funded          Funded          Funded          Funded
                                                               FREQUENCY :      Monthly        Monthly        Quarterly      As Required       Monthly         Monthly         Annually

19    Number of „hits‟ on marketing Web site                                                                      

20    Number of expressions of interest achieved from marketing Web site                                          

21    Breakdown of publicity marketing undertaken across NHS Customers                                                                                         

      ARC

22    Performance against Service Levels                                                                                                      

23    Number of genuine alarms reviewed by LSMS                                                                                                
      Number of Cases, detailing instances where a recording is supplied to
24                                                                                                                                             
      the Police
      Aggregated number of Cases, detailing instances where a recording is
25                                                                                                                                            
      supplied to the Authorised Customer Rep

26    Number of status checks including the average per User                                                                                  

27    Aggregate number of dropped Red Alerts                                                                                                  

28    Number of False Alarms                                                                                                                  

29    Number of Amber Alerts                                                                                                                  

30    Feedback on [x] % review of Amber Alerts                                                                                                    

31    Number of Genuine Alarms Closed Safely                                                                                                  

      Number of Genuine Alarms (i) attack (ii) medical (iii) car breakdown
32                                                                                                                                            
      (iv) other
33    Number of Genuine Alarms escalated to the Emergency Services                                                                            




10-404788-3                                                                                      134
      Aggregated response times for Emergency Services from operator
34                                                                                                                                         
      notification
35    Aggregate Operator response times                                                                                                   

36    User satisfaction survey results                                                                                                                
                                                                                          Authority                                                       Customer
                                                                            Authority                                     Authority       Customer
                                                                                          Contract        Strategic                                       Contract         Annual
                                                                REPORT :   Operational                                    Exception      Operational
                                                                                         Management       Reporting                                       Manager          Reports
                                                                             Report                                        Report         Reporting
                                                                                           Report                                                          Report
                                                                REPORT                   Centrally and   Centrally and   Centrally and   Centrally and   Centrally and   Centrally and
                                                                BROKEN      Customer      Customer        Customer        Customer        Customer        Customer        Customer
                                                              DOWN BY :                    Funded          Funded          Funded          Funded          Funded          Funded

                                                           FREQUENCY :       Monthly       Monthly        Quarterly      As Required       Monthly         Monthly         Annually

37    Breakdown of all complaints received                                                                                                              

      Networks

38    Performance against Service Levels                                                                                                  

39    Number of cases of poor network coverage                                                                                            

40    Number of cases of SIM swap outs due to poor network coverage                                                                       

      Training

41    Number of Users trained, face to face/on line                                                                                       

42    Performance against Service Levels                                                                                                  

      Report on the status of all new Contracts where an agreed
43                                                                                                                                          
      delivery/training date has been delayed

      Device and Device Usage

44    Performance against Service Levels                                                                                                  

45    Device inactivity % per Customer                                                                                                    

46    Number of cases of Device theft or loss                                                                                             




10-404788-3                                                                                  135
      Number of reported faulty Devices (i)on receipt of Device (ii) During the
47                                                                                                                                                
      Term of the Contract
      Number of faulty Devices (i) within 12 month warranty (ii) within extended
48    warranty (iii) Device replaced where no fault found (iv) Device replaced                                                                    
      due to accidental or malicious damage
                                                                                                  Authority                                                       Customer
                                                                                    Authority                                     Authority       Customer
                                                                                                  Contract        Strategic                                       Contract         Annual
                                                                     REPORT :      Operational                                    Exception      Operational
                                                                                                 Management       Reporting                                       Manager          Reports
                                                                                     Report                                        Report         Reporting
                                                                                                   Report                                                          Report
                                                                     REPORT                      Centrally and   Centrally and   Centrally and   Centrally and   Centrally and   Centrally and
                                                                     BROKEN         Customer      Customer        Customer        Customer        Customer        Customer        Customer
                                                                   DOWN BY :                       Funded          Funded          Funded          Funded          Funded          Funded

                                                                FREQUENCY :          Monthly       Monthly        Quarterly      As Required       Monthly         Monthly         Annually

      Service Desk                                                                                                                                 

49    Performance against service levels                                                                                                          

50    Number if calls resolved on first contact                                                                                                   

51    Number of calls referred to Technical administration                                                                                        

52    Number of calls closed without agreement of User or Escalation Point                                                                        




10-404788-3                                                                                          136
                                                   Schedule 8

                                          Agreement Change Procedure

1             Introduction

1.1           This schedule 8 sets out:

          (a)       the Agreement Change Procedure to be used by the Authority and the Supplier to effect
                    changes to this Framework Agreement; and

          (b)       the Operational Change Procedure.

2             Principles

2.1           The Authority and the Supplier shall conduct discussions relating to proposed changes to this
              Framework Agreement in good faith. Neither party shall unreasonably withhold or delay
              consent to the other party‟s proposed changes.

2.2           Until such time as an Agreement Change Note (ACN) has been signed by both parties, the
              Supplier shall continue to provide and make available to Customers the Services in
              accordance with this Framework Agreement and relevant Contracts.

2.3           Any work undertaken by the Supplier, its Sub-Contractors or agents in connection with any
              proposed change to this Framework Agreement (other than that which has previously been
              agreed in accordance with the provisions of paragraph 2.2) shall be undertaken entirely at the
              expense and liability of the Supplier unless otherwise agreed between the Authority and the
              Supplier in advance.

2.4           Any discussions, negotiations or other communications which may take place between the
              parties in connection with any proposed change to this Framework Agreement, including but
              not limited to the submission of any written communications, prior to the signing by both
              parties of the relevant ACN, shall be without prejudice to the rights of either party.

3             Agreement Change Procedure

3.1           Should either party wish to amend this Framework Agreement, that party‟s Framework
              Manager shall submit a draft ACN for discussion detailing the proposed change to the other
              party‟s Framework Manager using the pro forma at Appendix 1.

3.2           Discussion between the parties following the submission of a draft ACN shall result in either:

              (a)     no further action being taken on that draft ACN; or

              (b)     agreement between the parties on the changes to be made to this Framework
                      Agreement (including agreement on the date upon which the changes are to take
                      effect (the “effective date”)), such agreement to be expressed in the form of
                      proposed revisions to the text of the relevant parts of this Framework Agreement.

3.3           Where agreement is reached in accordance with paragraph 3.2(b) the party submitting the
              draft ACN shall prepare the final ACN for execution by both parties. The final ACN, the
              content of which has been agreed between the parties in accordance with paragraph 3.2(b),
              shall be uniquely identified by a sequential number allocated by the Authority.




10-404788-3                                            137
3.4           Two (2) copies of each ACN shall be signed by the Supplier and submitted to the Authority
              not less than ten (10) Working Days prior to the effective date agreed in accordance with
              paragraph 3.2(b).

3.5           Subject to the agreement reached in accordance with paragraph 3.2(b) remaining valid, the
              Authority shall sign both copies of the approved ACN within five (5) Working Days of receipt
              by the Authority. Following signature by the Authority, one (1) copy of the signed ACN shall
              be returned to the Supplier by the Authority.

3.6           An ACN signed by both parties shall constitute an amendment to this Framework Agreement
              pursuant to clause 12 (Amendments to this Framework Agreement).

3.7           The ACN pro forma is set out in Appendix 1 of this schedule.

4             Operational Change Procedure

4.1           Any "Operational Change", proposed by the Supplier shall be submitted in writing to the
              Authority for acceptance.

4.2           The Authority shall review any Operational Change proposals submitted pursuant to
              paragraph 4.1, and by written notice to the Supplier, without prejudice to its other rights and
              remedies, may elect as its sole option to:

              (a)     accept the Operational Change;

              (b)     return the Operational Change proposal, and invite the Supplier to re-submit the
                      proposal together with any clarifications or amendments as the Authority may
                      reasonably determine; or

              (c)     reject the Operational Change.

4.3           The principles set out in paragraph 2 shall also apply to the Operational Change Procedure,
              and no Operational Change shall be implemented by the Supplier unless and until written
              notice of acceptance, is issued by the Authority.




10-404788-3                                            138
                                                         APPENDIX 1

                            Agreement Change Note for the Agreement Change Procedure




              Sequential Number:              [to be allocated by the Authority‟s Framework Manager]




              Title:                         ...........................................................




              Originator:                    .........................for the [Authority/Supplier]




              Date change first proposed:    ...........................................................




              Number of pages attached:      ................……………………………




              WHEREAS the Supplier and the Authority entered into a Framework Agreement for the
              provision of lone worker Services dated [date] and now wish to amend that Framework
              Agreement;




              Reason for proposed change

              [Party proposing change to complete]

              Full details of proposed change

              [Party proposing change to complete]

              Details of likely impact, if any, of proposed change on other aspects of the Framework
              Agreement

              [Party proposing change to complete]

              Effect of proposed change on extant Contracts

              [Party proposing change to complete in accordance with clause 12.3]

IT IS AGREED as follows:




10-404788-3                                               139
1             With effect from [date] the Framework Agreement shall be amended as set out below:

              [Details of the amendments to the Framework Agreement to be inserted here – to include the
              explicit changes required to the text in order to effect the change, i.e.
              clause/schedule/paragraph number, required deletions and insertions etc]

2             Save as herein amended, all other terms and conditions of the Framework Agreement
              inclusive of any previous ACNs shall remain in full force and effect.




              Signed for and on behalf of the Supplier




              By ....................................................................................................




              Name ..............................................................................................




              Title .................................................................................................




              Date ................................................................................................




              Signed for and on behalf of the Authority




              By          ..............................................................................................




              Name ..............................................................................................




              Title       …………………………………………………………………….




              Date        ...............................................................................................




10-404788-3                                                                   140
                                                     Schedule 9

                                     Maximum Charges Variation Procedure

1             Introduction

1.1           This schedule 9 details the Maximum Charges Variation Procedure applicable to this
              Framework Agreement.

1.2           The Charges shall only be varied through:

              (a)      Indexing, in accordance with the provisions of paragraph 2; and

              (b)      agreement between the parties at any time to decrease any of the Maximum Charges
                       and the date from which such decrease shall apply.

2             Indexing

2.1           The Indexation Factor will be RPIX- The “Retail Prices Index excluding mortgage interest rates
              (RPIX)” as published by the Office of National Statistics at the year anniversary of the
              Agreement. The most recently published RPIX rate will be used to calculate revised Maximum
              Charges.

              (a)      Indices are available at the following website:

                       http://www.statistics.gov.uk/CCI/SearchRes.asp?term=chmk&x=28&y=13

2.2           In the event that any changes occur to the basis of RPIX, or it is no longer published, the
              Authority and the Supplier shall agree a fair and reasonable adjustment to that index or, if
              appropriate, shall agree a revised formula that in either event will have substantially the same
              effect as that specified in this schedule 9. Where the published figure specified in paragraph
              2.1 is stated to be a provisional figure or is subsequently amended, that figure shall apply as
              ultimately confirmed or amended unless the Authority and the Supplier shall agree otherwise.

                                                                                                       st
2.3           In respect of new Contacts, schedule 5 (Maximum Charges) shall be varied on the 1 Year
              anniversary of the Agreement, and on each subsequent anniversary using the following
              formula;


                                  RPIXd  
                NBCa   EBCa  
                       
                                            
                                   RPIXp  
                                          
                                        

              Where:

              NBCa = New Base Charge of New Orders

              EBCa = Existing Base Charge of New Orders

              RPIX = The “Retail Prices Index excluding mortgage interest rates (RPIX)” as published by the
              Office of National Statistics (http://www.statistics.gov.uk/instantfigures.asp).

              RPIXd = the value of the most recently published RPIX figures preceding the date when the
              indexation of the Charges is to be given effect.

              RPIXp is the value of RPIX in respect of 12 months prior to the current Anniversary year.


10-404788-3                                              141
              The Existing Base Charge = the price that applies on signing the Agreement, as amended on
              the anniversary of the Framework Agreement, when a New Base Charge will be calculated in
              accordance with the principles detailed in this schedule 9..

2.4           The Maximum Charges in respect of all Contracts that exist at the point at which revised
              Framework Agreement pricing is agreed, shall be varied on the anniversary of each individual
              Contract using the following formula;


                                                   RPIXd  
                                                    RPIXp    EBCo 1  Z 
              NBCb   EBCb  EBCo 1  Z   
                                                          
                                                             
                                                         

              Where:

              NBCb = New Base Charge for Existing Orders

              EBCb = Existing Base Charge of Existing Orders

              EBCo = Base Charge at commencement of Agreement

              Z       = % of the Base Charge at commencement of Agreement subject to Indexation as
              specified in Appendix 1 : % Of Maximum Charges subject to Indexation – Existing Orders

              RPIX = The “Retail Prices Index excluding mortgage interest rates (RPIX)” as published by the
              Office of National Statistics (http://www.statistics.gov.uk/instantfigures.asp).

              RPIXd = the value of the most recently published RPIX figures preceding the date when the
              indexation of the Charges is to be given effect.

              RPIXp = the value of RPIX in respect of 12 months prior to the current Anniversary year.

              The Existing Base Charge for Existing Orders (ECBb) = the price that applies on signing
              the Agreement as amended on the anniversary of the Framework Agreement when a New
              Base Charge will be calculated in accordance with the principles detailed in this schedule 9..

              The Existing Base Charge at commencement of Agreement (EBCo) = the price that
              applies on signing the Agreement.

3             Procedure for agreeing to Lower Maximum Charges

3.1           Either party shall have the right from time to time during the Term to give notice to request a
              review of the Maximum Charges whether or not such a request is occasioned by any
              benchmarking undertaken by the Authority under clause 7.2 (Benchmarking). As soon as
              reasonably practicable after the date of the notice, the Supplier shall meet with the Authority to
              discuss in good faith the variation of the Charges. Any variation in the Charges shall be
              recorded in writing and shall take effect on the date agreed between the parties. The Authority
              shall not give notice under this paragraph more frequently that at three (3) months intervals
              during the Term.

3.2           In the event that, following a variation of the Maximum Charges in accordance with the
              Framework Agreement, the Charges under any Contract are above the level of the Maximum
              Charges; such Charges shall automatically be reduced to the level of the Maximum Charges
              with effect from the date that the revised Maximum Charges take effect.




10-404788-3                                             142
4             Implementation Of Adjusted Maximum Charges

4.1           Variations to Maximum Charges shall be made in accordance with the provisions of this
              schedule 9. The Supplier shall amend the Charges shown in the Catalogue to reflect such
              variations, where necessary.

4.2           The Supplier shall apply any adjustment to the Authority or Customer‟s invoice (as
              appropriate) immediately. Variations to the Charges applicable to each Contract shall be made
              in accordance with the provisions of that Contract.




10-404788-3                                           143
                                                     Appendix 1

                  In respect of existing Contracts the Table below details the percentage of Maximum Charges
                  that will be subject to indexation;




                         % Of Maximum Charges subject to Indexation - Existing Contracts

                                                   i750 – GSM      i770 – GSM      i757 – GSM      i777 – GSM
                                                    Identicom       Identicom       Identicom       Identicom
                                                                     with man        with GPS        with GPS
                                                                       down                          and man
                                                                     function                          down
                                                                                                     function

Contract Rental New Device : One User - Monthly Charge

1 Year                                                     39%             41%             37%                 39%
2 Year                                                     53%             55%             51%                 53%
3 Year                                                     61%             63%             59%                 61%
4 Year                                                     66%             68%             64%                 66%
5 Year                                                     69%             71%             68%                 70%


   Short Term Rental - Monthly Charge                      53%             55%             51%                 53%


Pooled Devices
1st User                                                          As Contract Rental New Service
Additional User Training Charge - Initial
Charge per additional user                                                    100%


Managed Services - Monthly Charge
                                                      Customer     SIM Provided
                                                     owned SIM       by Supplier
Customer owned Mobile Phone                                91%             93%
Customer owned Identicom Device                            91%             93%




    10-404788-3                                         144
                                                     Schedule 10

                                                   Sub-Contractors

  1             Introduction

  1.1           This schedule 10 contains:

                (a)     Details of the Sub-Contractors to be employed by the Supplier in the provision of
                        Services pursuant to individual Contracts, and the safeguards/ protection taken in
                        respect of such Sub-Contractors; and

                (b)     The procedure to select, appoint and manage Sub-Contractors.

  2             Sub-Contractors and Safeguards / Protection

  2.1           The table of Sub-Contractors and safeguards/ protections, details in Part 1 the Sub-
                Contractors in use as at the date of this Agreement; and in Part 2, the potential sub-
                contractors that the Supplier has identified as an alternative/contingency.

  2.2           The Supplier shall not be permitted to change from a Sub-contractor listed in Part 1 to a
                potential sub-contractor listed in Part 2, without the prior written approval of the Authority in
                accordance with the Agreement Change Procedure.



Part 1

   Name and full                           Obligation                   Details of Safeguards and Protection

   contact details
                                                                      The Supplier has put in place the following
                                                                      safeguards to secure the delivery of
                                                                      Devices     from    its     Sub-Contractor
                                                                      (Connexion2) to enable the Supplier to fulfil
                                                                      its obligations under the Contracts:

                                                                      1.The sub-contract will step down the key
                                                                      obligations of the Supplier under the
                                                                      Contracts to Connexion2, including most
                                                                      importantly the Service Levels and
                                                                      business       continuity       provisions
                               The provision of Identicom Devices
                               and warranty on sub-contract to the
                                                                      2. The Supplier shall also have the
                               Supplier
                                                                      following rights to ensure continuity of
                                                                      supply, particularly to secure the supply of
                                                                      critical                        components:
Connexion2 Ltd
Momentum House                                                        2.1 to take over third party supply contracts;
Carrera Court
Church Lane
Dinnington                                                            2.2 to have direct agreements with third
S25 2 RG                                                              party                         suppliers;

                                                                      2.3 to require Connexion2 to hold adequate
                                                                      buffer stock of components based on

  10-404788-3                                            145
Part 1

   Name and full                   Obligation                   Details of Safeguards and Protection

   contact details
                                                              anticipated                          demand;

                                                              2.4 to require Connexion2 to maintain
                                                              business        continuity     plans

                                                              2.5 a bespoke escrow agreement with a
                                                              reputable       escrow     agent      requiring
                                                              Connexion2 to deposit the source code
                                                              relating to all intellectual property in an
                                                              escrow agreement for access by the
                                                              Supplier in the event that Connexion2
                                                              becomes;
                                                                   (i) insolvent,
                                                                   (ii) appoints administrators; or
                                                                   (iii) is in material breach of its
                                                              contractual obligations to the Supplier;

                                                              2.6 to step in to Connexion2's major supply
                                                              contracts if Connexion2 should fail
                                                              (financially or operationally)



Vodafone Specialist                                            The Supplier has agreed terms with
Communications                                                Vodafone. The contract for Services will be
Limited.                                                      signed once the contract with the NHS has
3 The Courtyards,     Primary provider of SIM cards and       been signed. Our contract is stand alone
Phoenix Square        Network services on sub-contract to     relating directly to the provision of services
Wyncolls Road
Colchester            the Supplier                            to the NHS
Essex
CO4 9PE                                                       Contract Term: TBC

                                                              Renewal Date: TBC
BT Global Services
1 River Gate                                                  Contract Term: Annual
Temple Quay           Supplier of landlines to the Supplier
Bristol
BS1 6ED                                                       Renewal Date: July 2009

British                                                       Contract Term: 27 years remaining on
Telecommunications                                            lease Agreement
PLC       (Company
Number 1800000)       Landlord only for ARC, Pontefract       Renewed: Sept 2008
81 Newgate Street
London EC1A 7AJ




  10-404788-3                                     146
Part 2

   Name and full                   Obligation                  Details of Safeguards and Protection

   contact details
                                                             1. The Supplier to ensure Connexion2
                                                             provide and maintain a business continuity
                                                             plan that includes alternative manufacturing
                                                             sources and 1st/2nd sources for all
VC Electronics Ltd                                           components.
Unit 14, Goldthorpe
Industrial Estate,     Manufacture of Devices under sub-
                                                             2. Sub-Contractor (VC Electronics) contract
Rotherham,             contract to Connexion2 Ltd (Primary
                                                             includes suitable SLA's to ensure effective
South Yorkshire        source)
S63 9BL                                                      availability of goods and services.

                                                             3. Sub-Contractor (VC Electronics) contract
                                                             includes „back to back‟ business continuity
                                                             plans and provisions.

                                                             1. The Supplier to ensure Connexion2
                                                             provide and maintain a business continuity
                                                             plan that includes alternative manufacturing
NSH Techlogistics                                            sources and 1st/2nd sources for all
Ltd                                                          components.
Unit 2
Trillenium             Manufacture of Devices under sub-
                                                        nd   2. Sub-Contractor (NSH Techlogisitics)
Coleshill              contract to Connexion2 Ltd (2
                                                             contract includes suitable SLA's to ensure
B46 1JU                source) and primary repair agent
                                                             effective availability of goods and services.

                                                             3. Sub-Contractor (NSH Technlogistics)
                                                             contract includes „back to back‟ business
                                                             continuity plans and provisions.



                                                             1. The Supplier to ensure Connexion2
                                                             provide and maintain a business continuity
                                                             plan that includes alternative manufacturing
Ikon Electronics Ltd                                         sources and 1st/2nd sources for all
Knaresborough
                                                             components.
Technology Park
Manse Lane             Manufacture of devices under sub-
Knaresborough          contract to Connexion2 Ltd            2. Sub-Contractor (Ikon Electronics)
                          rd
North Yorkshire         (3 source)                           contract includes suitable SLA's to ensure
HG5 8LF Manse                                                effective availability of goods and services.
Lane
Knaresborough
North Yorkshire                                              3. Sub-Contractor (Ikon Electronics)
HG5 8LF                                                      contract includes „back to back‟ business
                                                             continuity plans and provisions.


                       Component Supplier for electronic
                                                             1. The Supplier to ensure Connexion2
                       components on sub-contract to
                                                             provide and maintain a business continuity
                       Connexion2 Ltd
                                                             plan that includes alternative manufacturing

  10-404788-3                                   147
Part 2

   Name and full                   Obligation                  Details of Safeguards and Protection

  contact details
Abacus Group PLC                                             sources and     1st/2nd   sources   for   all
Unit 5B, Waltham Park                                        components.
White Waltham,
Maidenhead
Berkshire                                                    2. Sub-Contractor (Abacus Group) contract
SL6 3TP
                                                             includes suitable SLA's to ensure effective
                                                             availability of goods and services.

                                                             3. Sub-Contractor (Abacus Group) contract
                                                             includes „back to back‟ business continuity
                                                             plans and provisions.



                                                             1. The Supplier to ensure Connexion2
                                                             provide and maintain a business continuity
                                                             plan that includes alternative manufacturing
2001 Electronic                                              sources and 1st/2nd sources for all
Components Ltd                                               components.
Eastman Way
Stevenage Business      Component Supplier for electronic    2.   Sub-Contractor   (2001     Electronic
Park                    components on sub-contract to        Components Ltd) contract includes suitable
Pin Green
Stevenage               Connexion2 Ltd                       SLA's to ensure effective availability of
Hertfordshire                                                goods and services.
SG1 4SZ
                                                             3.    Sub-Contractor  (2001     Electronic
                                                             Components Ltd) contract includes „back to
                                                             back‟ business continuity plans and
                                                             provisions.


                                                             1. The Supplier to ensure Connexion2
                                                             provide and maintain a business continuity
                                                             plan that includes alternative manufacturing
                                                             sources and 1st/2nd sources for all
Alpha Micro Ltd
Springfield House                                            components.
Cranes Road             Component     Supplier  for   IPB
Basingstoke             batteries  on    sub-contract   to   2. Sub-Contractor (Alpha Micro) contract
Hampshire               Connexion2 Ltd                       includes suitable SLA's to ensure effective
RG24 9LJ                                                     availability of goods and services.

                                                             3. Sub-Contractor (Alpha Micro) contract
                                                             includes „back to back‟ business continuity
                                                             plans and provisions.

Cinterion Wireless
Modules GmbH            Primary supplier of GSM Modem on     1. The Supplier to ensure Connexion2
                        sub-contract to Connexion2 Ltd       provide and maintain a business continuity
Mr. Arthur Woode        (previously Siemens)                 plan that includes alternative manufacturing
The Carriage Barn
  10-404788-3                                   148
Part 2

   Name and full                    Obligation                 Details of Safeguards and Protection

   contact details
Bartlett's Court                                             sources and     1st/2nd   sources    for   all
Bath             Road,                                       components.
Maidenhead
Berkshire                                                    2. Sub-Contractor (Cinterion Wireless
SL6 3RX                                                      Modules) contract includes suitable SLA's
                                                             to ensure effective availability of goods and
                                                             services.

                                                             3. Sub-Contractor (Cinterion Wireless
                                                             Modules) contract includes „back to back‟
                                                             business continuity plans and provisions.


                                                             The Supplier to ensure Connexion2 provide
                                                             and maintain a business continuity plan
                                                             that includes alternative manufacturing
Wavecom Ltd                                                  sources and 1st/2nd sources for all
Wavecom Northern                                             components.
Europe Ltd.              Secondary supplier of GSM Modem
Suite 6, The Hub
                         on sub-contract to Connexion2 Ltd   2. Sub-Contractor (Wavecom) contract
Fowler Avenue
Farnborough                                                  includes suitable SLA's to ensure effective
Business Park                                                availability of goods and services.
Farnborough
GU14 7JP
                                                             3. Sub-Contractor (Wavecom) contract
                                                             includes „back to back‟ business continuity
                                                             plans and provisions

                                                             The Supplier to ensure Connexion2 provide
                                                             and maintain a business continuity plan
                                                             that includes alternative manufacturing
GSPK Ltd                                                     sources and 1st/2nd sources for all
Knaresborough Tec-                                           components.
hnology Park,
Manse Lane               Primary supplier of PCB on sub-
Knaresborough            contract to Connexion2 Ltd          2. Sub-Contractor (GSPK Ltd) contract
North Yorkshire                                              includes suitable SLA's to ensure effective
HG5 8LF                                                      availability of goods and services.

                                                             3. Sub-Contractor (GSPK Ltd) contract
                                                             includes „back to back‟ business continuity
                                                             plans and provisions


AV Injection                                                 The Supplier to ensure Connexion2 provide
Junction Road                                                and maintain a business continuity plan
Sutton in Ashfield       Supplier of Identicom Form Factor
                                                             that includes alternative manufacturing
Nottinghamshire          on sub-contract to Connexion2 Ltd
NG17 5G                                                      sources and 1st/2nd sources for all
                                                             components.



  10-404788-3                                    149
Part 2

   Name and full                          Obligation                   Details of Safeguards and Protection

   contact details
                                                                     2. Sub-Contractor (AV Injection) contract
                                                                     includes suitable SLA's to ensure effective
                                                                     availability of goods and services.

                                                                     3. Sub-Contractor (AV Injection) contract
                                                                     includes „back to back‟ business continuity
                                                                     plans and provisions




Computer Network                                                     Supplier has new system contract. Full
Services                                                             support and warranty.
Huntingdon Business
Park                         Supplier of Telephony to the Supplier
                                                                     24/7 technical support contract
Blackstone Road
Huntingdon
PE29 6EX                                                             Contract Term: 5 years

                                                                     Renewal Date: Sept 2013
Monitor Software
Limited                                                              Contract Term: Annual
3rd Floor
Marlborough House                                                    Renewal Date: May 2009
                             Supplier of Alarm Handling Software
Westminster Place
                             to the Supplier
York Business Park
York
YO26 6RW

                                                                     Contract in place for data storage renewed
Jemline                                                              annually & Due Nov 2009
Developments Ltd
Signal House                                                         Contract in place for DR
Lyon Road                    Landlord for DR, Manchester             Renewed annually & Due Nov 2009
Harrow
Middlesex
HA12AG                                                               In discussions for longer term agreement
                                                                     for co location for additional services



                                                                     Specific contract for the lone worker under
TOPdesk UK limited,
London House,                                                        negotiations.
                             Supplier of the CRM package to the
271/273 King Street,
                             Supplier
London                                                               Current Maintenance contract: Annual
W6 9LZ
                                                                     Renewal Date: Apr 2009

  3             Procedure To Select, Appoint And Manage Sub-Contractors

  3.1           Subject always to the provision of clause 36 (Transfer and Subcontracting), the Supplier shall
                ensure that the Service is maintained at best value without compromising quality or cost. Sub-

  10-404788-3                                           150
              Contractors shall be evaluated, selected and measured on their ability to supply, manage and
              execute the Supplier‟s requirements in a professional, efficient and timely manner.

3.2           In particular the Supplier shall identify and evaluate Sub-Contractors against a range of criteria
              that allow the Supplier to assess the likelihood of the Sub-Contractor defaulting on the delivery
              requirements necessary to sustain a successful outcome for the Services. These criteria shall
              cover, but not be limited to the Sub-Contractor‟s:

              (a)     Financial viability;

              (b)     Management capacity;

              (c)     Workforce resilience;

              (d)     Organisation details (including financial status and insurance);

              (e)     Technical capabilities and competence;

              (f)     Approach & methodology;

              (g)     Health and Safety issues;

              (h)     Quality Management issues;

              (i)     Environmental management;

              (j)     Training and recruitment;

              (k)     Business Continuity Plan;

              (l)     Adherence to legislative and regulatory requirements;

              (m)     Data Protection Policy;

              (n)     Conformance to the Supplier‟s corporate governance processes;

              (o)     Commitment to achieve best value and optimum Supplier performance through
                      securing volume leverage across the range of the Supplier‟s business;

              (p)     Respect of IPR and the confidentiality of information;

              (q)     With whom long-term supply partnerships are created to ensure stability and security
                      of supply that are consistent with supporting best practice in a healthy competitive
                      environment; and

              (r)     That share risk and reward appropriately with the Supplier.

3.3           Profiling and assessment of Sub-Contractor risks shall be a key element of the Supplier's Risk
              Management process and shall remain under review and independent verification by the
              Supplier‟s insurance advisors. It shall also be a key element of the Business Continuity Plan.

3.4           The risk relating to all Sub-Contractors will rest (both financial and operational) completely with
              the Supplier.

3.5           The Supplier shall provide a risk assessment of its Sub-Contractors to include consideration of
              the following:

10-404788-3                                             151
              (a)   Failure of Sub-Contractor to perform, leading to contract or service delivery failure.

                    The Supplier shall be responsible for the delivery of all sub-contract activity that
                    supports the Services. The Supplier shall appraise, appoint and monitor the
                    performance of any sub-contractor and to have in place adequate contingency plans
                    to ensure no disruption to the Services.

              (b)   Failure of Sub-Contractor to perform to the standards expected.

                    (i)     The Supplier shall be responsible for the standards achieved in support of the
                            Service by any Sub-Contractor.

                    (ii)    Subject to clause 36 (Transfer and Sub-contracting), in its management of
                            Sub-Contractors the Supplier shall demonstrate a fair and robust supplier
                            management process. It shall formalise its relationship with a contract or
                            service level agreement. This document shall encompass all aspects of the
                            supply agreement, including but not limited to:

                            (A)      Scope of supply including terms and conditions, risks and price;

                            (B)      Scheduling of review meetings and parties to be present;

                            (C)      Agreed minimum quality levels;

                            (D)      Agreed minimum delivery performance levels;

                            (E)      Agreed stock holdings;

                            (F)      Response times;

                            (G)      A listing of the management reports and schedule of release;

                            (H)      Escalation points within all interested parties;

                            (I)      Manage the performance of Sub-Contractors through the use of
                                     jointly agreed Key Performance Indicators (KPIs) and back-to-back
                                     contract terms that shall include:

                                     1)      Percentage of deliveries arriving at agreed time;

                                     2)      Percentage of goods below agreed quality levels;

                                     3)      Average response time;

                                     4)      Number of pricing discrepancies, and

                                     5)      Customer satisfaction survey results;

                            (J)      Agreed penalties for non/poor performance;

                            (K)      Payment terms, including payment of invoices, debiting accounts and
                                     credit periods;

                            (L)      Step down risks and responsibilities;



10-404788-3                                           152
              (M)   Rights of step-in over the sub-contractor and its own supply chain
                    partners;

              (N)   Parent/Third Part guarantees/performance bonds;

              (O)   Change of ownership obligations;

              (P)   IP and Source Code protection; and

              (Q)   Default and termination rights.




10-404788-3                         153
                                                                   Schedule 11

                                                       Model Self Audit Certificate

1             Introduction

1.1           This schedule 11 contains a Model Self Audit Certificate.

                                                       MODEL SELF AUDIT CERTIFICATE

              Dear Sirs




              In accordance with the Framework Agreement entered into on [ADD DATE] between the NHS
              Business Services Authority and Reliance Secure Task Management Limited (the Supplier),
              we confirm the following:-

              1.        In our opinion the Supplier has in place suitable systems for identifying and recording
                        the transactions taking place under the provisions of the above Framework
                        Agreement.

              2.        We have tested the systems and found them to be operating satisfactorily.

              3.        We have tested a sample of the transactions during our audit for the financial year
                        ended [Add financial year] and confirm that they are correct and in accordance with
                        the terms and conditions of the above Framework Agreement.




              Name: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                      Auditor‟s Stamp

              Signed: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .




              Date: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .




10-404788-3                                                               154
                                                   Schedule 12

                                                   Governance

1             Introduction

1.1           This schedule sets out the high level procedures and processes to be followed by the
              Supplier in conjunction with the Authority and Customers to ensure appropriate governance of
              the Services and their management during the term of the Agreement and shall include:

              (a)     Governance principles;

              (b)     The role of the partnership board;

              (c)     Governance bodies and structure;

              (d)     Governance roles & responsibilities;

              (e)     Governance meetings; and

              (f)     Governance reporting.

2             Governance Principles

2.1           The Governance structure is underpinned by the following key principles:

              (a)     the Framework Agreement will be maintained and managed between the Authority
                      and the Supplier via scheduled and structured meetings and informal communication;

              (b)     each Contract will be maintained and managed by the Supplier and Customer who
                      will hold scheduled and structured communications and informal communications;

              (c)     the Services shall be managed at a consolidated level by the Authority, who shall
                      control any proposed changes to the Services and/or related scripts, process flows
                      and standard operating procedures in accordance with the Operational Change
                      Procedures;

              (d)     the parties shall form a "Partnership Board" to undertake the activities defined in
                      paragraph 3 of this schedule; and

              (e)     where a change is agreed it will be implemented through the Agreement Change
                      Procedure, or the Operational Change Procedure, as appropriate.

2.2           The provisions of this schedule as they relate to the resolution of issues are without prejudice
              to express provisions including clause 28 (Dispute Resolution) of this Framework Agreement
              or clause 27 (Dispute Resolution) and schedule 2-6 (Dispute Resolution Procedure) of any
              Contract in relation relating to Dispute resolution.

3             The Partnership Board

3.1           The Supplier shall appoint senior executives from the Reliance Security Group to comprise
              the Supplier side of the Partnership Board. The Partnership Board shall work in a strategic
              way to align the objectives of Supplier and Authority and shall meet at a mutually convenient
              location on a quarterly basis.




10-404788-3                                            155
3.2           The Authority shall appoint senior executives from the NHS Business Services Authority to be
              members of the Partnership Board. The role of the Partnership Board shall be to:

              (a)     Review current performance/Service delivery;

              (b)     Consider ideas for improving the quality of the Service;

              (c)     Enhance and maximise the marketing of the Service;

              (d)     Consider Authority queries and issues;

              (e)     Commission and consider the results of studies, surveys and project that the Supplier
                      and Authority shall jointly consider important to the delivering the Service
                      successfully;

              (f)     Consider a continuous improvement plan;

              (g)     Consider new technologies/devices for potential inclusion in the Framework
                      Agreement in accordance with clause 4.5 and 4.6 (the Available Services) and agree
                      any amendments to the Catalogue using the Agreement Change Procedures.

3.3           The Supplier shall provide, as members of the Partnership Board, the following as a
              minimum:

              (a)     A Board Director selected from either Reliance Secure Task Management, Reliance
                      High-Tech or Reliance Security Group;

              (b)     The Director, Reliance ARC; and

              (c)     The Supplier Framework Manager.

4             Roles & Responsibilities

4.1           The table below shows each role, and their key responsibilities, and the dedicated contract
              management team with sufficient capacity to manage the Framework Agreement and
              Contracts to the full satisfaction of the Authority. The Supplier shall manage the Services as a
              coherent, single entity, joining together the elements of Service Desk, Device, Airtime,
              Training, Technical Administration and ARC.

              The table below details the roles and their key responsibilities:


Customer Role               Supplier Role              Supplier Key responsibilities

                                                        nd
MD of Counter               Managing Director –        2 escalation point as defined in paragraph 7 below
Fraud    Security           Reliance Secure Task
Management                  Management
Services

                                                        st
Head of SMS                 Director of Operations     1 escalation point as defined in paragraph 7 below
                            – Reliance Secure
                            Task Management




10-404788-3                                             156
Customer Role   Supplier Role        Supplier Key responsibilities


Authority       Supplier Framework       1. The overall performance of the Service
Framework       Manager/Contract
Manager         Director                 2. Strategic support to the Partnership Board

                                         3. Legislative compliance

                                         4. Relations with the Authority, Authorised
                                            Customer Representatives and Users

                                         5. Marketing and Communications

                                         6. Promotion of Services to Potential Customers

                                         7. Agree Operational Change Procedures

                                         8. Service lead in relation to Maximum Charges
                                            Variation procedure

                                         9. Service lead in relation to new Devices being
                                            introduced as a result of the new Device
                                            review process

                                         10. Relationship account management

                                         11. Ensure deliver consistent Services to meet
                                             the Service Levels and fulfil obligations in the
                                             Agreement and each Contract

                                         12. Drive continuous improvement initiatives and
                                             service or technological innovations

                                         13. National performance management

                                         14. Overall responsibility for promotion          of
                                             Services to Potential Customers

                                         15. Environmental issues

                                         16. The provision of all contractual commitments
                                             to the Authority including, but not limited to:

                                         17. Management Information

                                         18. Quarterly Business Reviews

                                         19. Complaint Management

                                         20. Rectification Plans when required

                                         21. Management of an Incident and Issues
                                             Management Process




10-404788-3                           157
Customer Role   Supplier Role              Supplier Key responsibilities


                                               22. Arranging meetings, arranging venues in
                                                   consultation with the Authority, issuing
                                                   meeting materials to attendees and
                                                   completing minutes of meetings

                                               23. The Contract Director shall be responsible for
                                                   the line management of the Training
                                                   Manager, the National Accounts Manager
                                                   and the ARC Manager.

                Service Maintenance        The Service Maintenance Manager shall be
                Manager                    responsible for all the processes, systems and service
                                           delivery relating to the configuration of all Devices
                                           with SIM cards; the subsequent re-configuration of
                                           any Device in the field that requires a change as
                                           requested      by       the   Authorised    Customer
                                                                 nd
                                           Representative; 2 line technical support to all
                                           Users or Authorised Customer Representatives on
                                           problem solving, usability and SIM issues; the
                                           shipping and receipt of any faulty Devices and/or their
                                           replacements in line with agreed Service Levels and
                                           managing the Technology Refresh of any Device
                                           returned.

                User            Training   The User Training Manager shall be responsible for
                Manager                    managing the training deliverables for the contract;
                                           delivering the Training Plan; line management of the
                                           training team and of ensuring effective scheduling to
                                           meet the agreed Service Levels.

                Service           Desk     The Service Desk Supervisor shall be the line
                Supervisor                 manager for all Service Desk Supplier Personnel and
                                           shall be responsible for delivering the Service Desk
                                           Schedule; rota management; training and provision of
                                           appropriate Management Information in respect of the
                                           Services




10-404788-3                                 158
Customer Role   Supplier Role             Supplier Key responsibilities


                National        Account   The National Account Manager shall be the line
                Manager                   manager for the Account Managers, and shall be
                                          responsible for delivering first-line accountability of
                                          the Service to Authorised Customer Representatives
                                          and for the Sales and Marketing Plan, and shall have
                                          responsibility for:

                                              1. Promotion of Services to Potential Customers

                                              2. Put in place signed contracts          with all
                                                 Customers

                                              3. Complaint Management

                                              4. Ongoing Customer account management

                                              5. Production of Non -Conformance reports

                                              6. Notification that Supplier unlikely to achieve
                                                 the implementation timetable, summarising
                                                 the Delay and the reasons for it

                                              7. Completion of a Correction Plan

                                              8. Arranging progress meetings, arranging
                                                 venues in consultation with the Customer,
                                                 Potential Customer or Authorised Customer
                                                 Representative, issuing meeting materials to
                                                 attendees and completing minutes of
                                                 meetings

                ARC Manager               The ARC Manager shall be responsible for the line
                                          management of the ARC Supplier Personnel and the
                                          Service Desk Supervisor, delivering the ARC
                                          schedule and rota management and training
                                          requirements for the Supplier‟s ARC personnel.




10-404788-3                                159
5             Governance Meetings

5.1           This paragraph describes in more detail the regular meetings which will be scheduled as a
              minimum requirement to ensure strong communication is maintained at all levels of the
              relationship. The Authority and/or Customer may convene additional meetings at any time
              provided that reasonable notice is given to the Supplier. The Authority may invite additional
              stakeholders at its discretion.

5.2           In the event that a representative identified in column 3 (Attendees) cannot attend the
              relevant meeting, such representative shall be entitled to (i) provide its decision or approval
              on any issue to be raised at the meeting in writing within 2 days following such meeting, or (ii)
              nominate an alternative representative to attend the meeting by giving not less than 2 days
              notice to the other party.

5.3           Governance Meetings shall be as follows:

                                                                                 Review,   Decisions        and
          Meeting or Forum        Frequency            Attendees
                                                                                 Approvals

          Supplier/Customer       Monthly              Supplier                  1.      Discuss progress in
          Meeting                                                                     respect of Contract(s) -
                                                       Supplier Account               implementation and
                                                       Manager                        provision of ongoing
                                                                                      Services
                                                       Customer
                                                                                 2.       Discuss
                                                       Authorised Customer            performance
                                                       Representative                 management and
                                                                                      information provided via
                                                                                      the Management
                                                                                      Information monthly
                                                                                      reporting process

          Supplier/Authority      Monthly or other     Supplier                  1.       To include a review
                                  period as agreed                                    of the Services at a
                                  between the          Supplier Framework             national level,
                                  parties using the    Manager/Contract               performance
                                  Operational          Director and invited           management, review
                                  Change               Sub-Contractors as             Management
                                  Procedure            required                       Information, Service
                                                                                      Levels and Service
                                                       Authority                      Credits, complaints,
                                                                                      User satisfaction,
                                                       Authority Framework
                                                                                      survey results, areas of
                                                       Manager and invited
                                                                                      improvement,
                                                       stakeholders
                                                                                      continuous
                                                                                      improvement
                                                       The Authority
                                                       Commercial
                                                                                 2.       Proposed changes
                                                       Directorate as
                                                                                      to the Services that will
                                                       required
                                                                                      effect the Operational
                                                                                      Change Procedure




10-404788-3                                             160
                                                                 Review,   Decisions          and
          Meeting or Forum    Frequency   Attendees
                                                                 Approvals

                                                                 3.       Proposed changes
                                                                      to the Services that will
                                                                      effect the Agreement
                                                                      Change Procedure
                                                                      including agreeing a
                                                                      recommendation for the
                                                                      Partnership Board in
                                                                      respect of the inclusion
                                                                      of new Devices in the
                                                                      Catalogue following a
                                                                      Product Review

                                                                 4.       Proposed changes
                                                                      that will require
                                                                      reference to the
                                                                      Maximum Charges
                                                                      Variation Procedure

                                                                 5.       Commercial review
                                                                      to include spend,
                                                                      Service Credits
                                                                      awarded, management
                                                                      fee

          Partnership Board   Quarterly   Supplier               1.       Strategic issues
                                                                      which both parties
                                          Board Director              believe require joint
                                          selected from either        consideration.
                                          Reliance Secure Task
                                          Management,            2.       Performance
                                          Reliance High-Tech          management including
                                          or Reliance Security        aggregated view of
                                          Group.                      Service Level/Service
                                                                      credit status,
                                          The Director,               complaints, User
                                          Reliance ARC                satisfaction survey
                                                                      results, areas of
                                          The Supplier                improvement,
                                          Framework Manager           continuous
                                                                      improvement

                                                                 3.       Decisions on the
                                          Authority
                                                                      inclusion of new
                                                                      Devices in the
                                          Authority Framework
                                                                      Catalogue following a
                                          Manager and invited
                                                                      Product Review
                                          stakeholders




10-404788-3                               161
5.4           Where a governance body identified in the table above reaches a decision or grants an
              approval, that body shall be responsible for ensuring that such decision or approval is clearly
              and accurately documented in writing and circulated amongst the members of each such
              body.

6             Governance Reporting

6.1           This paragraph identifies the regular reports required to be produced by the Supplier in order
              to drive the governance meetings and processes.

6.2           Reporting information shall be provided to facilitate the governance meetings as follows:

                                                                                    To Be Delivered          by
          Report                     Content                        Period
                                                                                    Agreed Date

          Monthly Customer           Content will be produced as    Monthly         Within 8 days following
          Reporting                  detailed in Schedule 7                         month end
                                     (Management Information)

          Monthly Authority          Content will be produced as    Monthly         Within 8 days following
          Reporting                  detailed in Schedule 7                         month end and 1 week
                                     (Management Information)                       prior to
                                                                                    Supplier/Authority
                                                                                    monthly meeting as
                                                                                    requested




7             Escalation Procedure

7.1           In the event of a dispute the matter shall be referred by the Authority or the Supplier as
              follows:

                                     Supplier             Authority
          Escalation Route                                                        Escalation Process
                                     Representative       Representative

          1st Line Point             Director     of      Head of SMS             If the escalated issue
                                     Operations    –                              cannot be resolved within
                                     Reliance Secure                              10 Working Days of
                                     Task                                         referral the matter shall be
                                                                                                              nd
                                     Management                                   referred     to   the     2
                                                                                  escalation point

              nd
          2 Line Point               Managing             Managing Director of    If the escalated issue
                                     Director      –      CFSMS                   cannot be resolved within
                                     Reliance Secure                              10 Working Days of
                                     Task                                         referral the matter shall be
                                     Management                                   referred to mediation as
                                                                                  detailed in clause 28 of the
                                                                                  Framework        Agreement
                                                                                  (Dispute Resolution)




10-404788-3                                            162
                                                   Schedule 13

                                                      Solution

1             Introduction

1.1           The Supplier Solution is an end to end Solution that offers Users the assurance and
              protection needed when working in isolation or vulnerable situations. The Services is based
              from a BS 5979 Cat II centre with 100% availability utilising the appropriate monitoring
              software and equipment.

1.2           The Supplier shall operate to the highest operating standards and comply with ISO 27001/2
              Information Security Management. The ARC shall offer a robust solution even when faced
              with the most severe incidents which effect business operations.

1.3           The ARC is accredited with BS 5979 Cat II, and adheres to the following physical security
              controls;

              (a)     Dual thickness walls;

              (b)     Access control;

              (c)     Airlock;

              (d)     Independent air supply system;

              (e)     Gas detectors;

              (f)     CCTV internal;

              (g)     Blast proof windows;

              (h)     Secure server room;

              (i)     Secure telephone system; and

              (j)     Firewalls providing secure encrypted MPLS between sites.

2             ARC Solution Overview

2.1           The ARC is available 24 hours a day, 365 days per year. This centre (or virtual centre) is
              capable of monitoring Users Red Alerts, Amber Alerts and Status Checks covering every
              geographical location where NHS lone workers need to operate within England.

2.2           The Services provided will support a range of User profiles to support the needs of different
              situations arising from the diverse User groups and range of NHS bodies. The User profiles
              will allow bespoke escalation procedures e.g. escalation to colleagues instead of emergency
              response from the Police. The default profile should result in escalation to the Police service if
              appropriate.

2.3           The ARC is able to listen to and record events in a way that is legally admissible in
              prosecution cases that arise from incidents.

2.4           The Alarm Handling Software is designed for high availability with both on and off site
              replication through redundancy of data and systems, enabling continuous access and alarm




10-404788-3                                             163
              handling capabilities. The handling and management of lone worker alarms is provided
              through the specialised Sentinel Plus+ alarm handling platform. Support of the bespoke
              elements is separately provided by Monitor Computer Systems, based in York. Over a
              number of years development work has been undertaken by Monitor Computer Systems to
              develop a product to reflect our experience of the lone worker Services.

2.5           In the event of an individual component failure, there is dual redundancy of systems at the
              primary site. If a catastrophic failure such as fire, flooding, power failure, criminal attack
              occurred at the primary site then Disaster Recovery (DR) is invoked and the signals
              redirected to the Disaster Recovery site servers. The Alarm Handling Software is actively
              health monitored so that proactive measures are taken in the event of a component failure (i.e
              RAID Hard Disk failure).

3             Service Desk Solution Overview

3.1           The Service Desk is co-located in Pontefract within the Alarm Response Centre (ARC) and is
              available between 6am and 8pm, Monday to Friday, excluding weekends and Bank Holidays.
              There will be an overlap of Service Desk Personnel in which a full handover of activity and
              events will occur within the Service Desk Working Day.

3.2           Between the hours of 8pm and 6am, weekends/Bank Holidays will be covered by the ARC
              Personnel. The facility at Pontefract and the Service Desk Personnel are to be dedicated to
              the Services, with Personnel performing all administration tasks relating to implementing new
              Users and ongoing support for existing Users.

3.3           The Service Desk Personnel will be able to access all associated systems to ensure quick
              and effective resolution of all issues, managing all enquiries and queries through to resolution,
              engaging with the ARC and Service Maintenance functions as necessary.

4             Service Desk Customer Relationship Software (CRM)

4.1           The CRM application used by the Service Desk will be fully auditable and transparent to
              Supplier Authorised Personnel, logging and tracking all enquiries and interactions with clients,
              regardless of nature. The Service Desk will use a new IT system to capture requests from
              Customers and Users and to co-ordinate the work done by the following groups of Supplier
              workers:

              (a)     The Service Desk Supplier Personnel at the call centre in Pontefract;

              (b)     The ARC Supplier Personnel at the ARC in Pontefract;

              (c)     The Supplier account managers working out in the field with the Customers;

              (d)     The Supplier trainers working out in the field delivering training to the Users; and

              (e)     The Supplier Service Maintenance Personnel configuring and issuing Devices and
                      providing technical support based in the ARC.

4.2           The Supplier will use the Microsoft CRM application to co-ordinate the work of the Service
              Desk operation. This application was chosen for the following reasons:

              (a)     MS-CRM includes a lot of the standard helpdesk functionality already required for the
                      Lone Worker Protection project;




10-404788-3                                             164
              (b)     MS-CRM supports workflow between teams of users. It is easy to set up queues of
                      cases for different teams and to automatically move cases from one queue to another
                      as the status of the case changes;

              (c)     MS-CRM includes a Knowledge Base module which can be used by the Service
                      Desk to solve common User problems directly over the phone;

              (d)     MS-CRM is a web application and can be accessed by remote users who are not
                      within the Service Desk such as Supplier trainers and Supplier account managers;
                      and

              (e)     MS-CRM integrates with Microsoft Outlook. Emails correspondence is easily stored
                      in the CRM database and calendar appointments and tasks can be set up through
                      CRM and can be notified to users through the Outlook calendar and task list.

4.3           The MS-CRM application is available to the following groups of Supplier remote users across
              a Virtual Private Network:

              (a)     Supplier account managers; and

              (b)     Supplier trainers

4.4           All users of the CRM application will have to supply a username and password to be able to
              access the system. The remote users will only be able to access the CRM system from
              Supplier PCs which are part of the Supplier domain. The CRM application will not be
              available to Supplier users across the Internet.

4.5           All data in the MS-CRM system will be stored in a Microsoft SQL server database. The SQL
              server database is a robust database technology based on a transactional processing
              schema which is backed up whilst the system is still live. The Supplier will configure the SQL
              database to use „log-shipping‟ of the CRM database to the Disaster Recovery Site. The log
              shipping technology ensures that the remote copy of the database will always be constant. In
              the event of a problem with the database server at the primary site it will be possible for the
              Service Desk users to be switched to connect to the servers at the Disaster Recovery Site
              with minimal interruption to the Service Desk operations.

5             Signalling

5.1           The Sentinel Plus (Alarm Handling) software signal processing servers receive the inbound
              messages from a range of paths including IP, PSTN/WILLDN, GSM, SMS.

5.2           Once a signal has been received and processed by one of the signal processing servers it is
              matched with the relevant User details and presented in the alarm queue for the ARC
              Supplier Personnel to handle. Reverse channel commands can also take place to perform
              actions such as requesting the location of a Device.

6             Database

6.1           The Alarm Handling Software utilises an IBM Informix WGE2000 Database Server for storing
              alarm handling data, with RSS database for storing all User details, action information, and
              media files.

6.2           The database servers run on HP DL380 servers with RAID0+1 hard disk configuration.




10-404788-3                                            165
6.3           In the event of a failure, business will continue utilising the replicated off and on site
              databases.

7             Remote Replication

              Data between the primary and secondary database server is constantly replicated using IBM
              Informix RSS functionality. This data is also replicated over a high-speed internet link to the
              Disaster Recovery site, which is situated more than 60 miles away.

8             Maintenance Plan

8.1           System maintenance is performed by the Supplier onsite technical support team. On a daily
              basis logs are checked and notifications reviewed for any potential faults or security
              breaches.

8.2           The schedule of work is detailed in the Supplier‟s maintenance plan, and is stored in a
              controlled document library.

9             Telephony system

9.1           Telephony is delivered via a Mitel 3300 IP telephony platform. The system provides a range
              of features such as automatic call distribution (ACD), call recording and reporting. It is
              covered by a 24/7 support and maintenance contract with Computer Network Services (CNS).
              Critical high risk components (such as hard drive, power supplies or fans) are configured in a
              dual redundant mode to minimise risk of failure.

9.2           In the event of a catastrophic failure, calls will be alternatively routed utilising the Supplier‟s
              BT SmartNumbers Telephony DR solution.

9.3           The system is monitored by the network monitoring system and errors and early warning
              messages captured and acted upon immediately.

10            Firewalls

10.1          Site to site connectivity is delivered by a series of distributed Cisco ASA 5510 firewalls with a
              dual active failover configuration at critical points for added resilience. The Supplier firewall
              policies are configured to only allow traffic to and from trusted sources, and all operational
              data is encrypted to a 3DES standard whilst being sent between locations. The firewalls are
              managed by authorised Supplier Technical Support Personnel. Changes to the configuration
              polices are reviewed by the Supplier Technical Manager as part of the system request for
              change (RFC) process. The system is supported 24/7 by the Supplier on-call Technical
              Support Team.

10.2          The system is monitored by the network monitoring system and errors and early warning
              messages captured and acted upon immediately.

11            Security

11.1          All Supplier Personnel network users are required to authenticate with the network before
              they can gain access to any resources. User permissions are set by the Supplier Network
              Support Team by request of the Supplier Operations Manager. Supplier Super user and
              Administrator privileges are gained only following a request to the Supplier Technical Director
              and Supplier Technical Manager though the system request for change (RFC) process.




10-404788-3                                              166
11.2          In the event of a disaster, all security policies remain and Supplier Personnel are required to
              authenticate with the network via the offsite domain controller.

11.3          The Supplier operates a policy that data on all mobile Supplier Personnel laptops are
              encrypted as standard.

11.4          Network security policies are in place and will not allow Supplier Personnel to extract data
              from the network (ie. Burn onto CD or put onto other external storage device such as USB
              memory stick), without permission from the Supplier Network Manager. The protection is
              based on both physical and software restrictions. Access to removable storage points such as
              USB ports and CD drives is limited by physical means such as client workstations being in an
              enclosed cabinet away from reach of operators with further restrictions based on Windows
              Active Directory and Group Policy software permissions to use removable devices.




11.5          The above diagram is illustrative of the business processes and not the network layout.
              Firewalls are located between network subnets relating to the various physical locations such
              as Manchester (Second Site), Uxbridge (Group Services such as email and
              intranet resources) and other partners or customer VPN connections. Rules on each of our
              Firewalls dictate which types of traffic can access what particular services on a particular
              server.




10-404788-3                                            167
12            Business Continuity

12.1          Where an incident occurs between the hours of 6pm and 8am that requires management
              attention, due its impact on business operations, the ARC „Out of Hours‟ escalation procedure
              is activated by the Supplier team leader.

12.2          Where an incident occurs between the hours of 8am to 6pm the Supplier crisis management
              team is available on site.

12.3          The Supplier notifies Customers, Users, and Authorised Customer Representatives of any
              Service disruption with 2 Working Hours, via SMS or email, including a clear indication of the
              estimated time of the Service disruption.

12.4          An incident is any occurrence that takes place, which may or may not impact business
              operations, that is not a usual or normal occurrence. An incident can be hardware or software
              related or may affect the building and or personnel and is not a „business as usual‟ (BAU)
              event. Where such an incident occurs, the Supplier on-duty team leader will make an
              assessment as to the nature of the incident. Where the Supplier team leader concludes that
              the incident is hardware, software or building related, a log of the incident is be made in the
              SysAid application.

12.5          Where an assessment has been made by the Supplier team leader that escalation of an
              incident is required, the Supplier team leader will ascertain who the designated Supplier
              Centre On-Call Representative (COCR) is, as per the „Out of Hours‟ Escalation procedure.

12.6          The Supplier team leader will provide a synopsis of the incident/problem to the Supplier
              COCR, the SysAid case number and any other relevant information.

12.7          Upon receipt of an „Out of Hours‟ escalation call, the Supplier COCR will make an
              assessment of the incident using the details provided. The assessment will result in one of the
              following three actions:

              (a)     Non Urgent – Resolve during normal business day – No action required;

              (b)     Fix Required Now – No escalation necessary; or

              (c)     Fix Required Now – Escalation required due to current/potential operational impact.

12.8          Where a fix is required with no escalation needed, the procedure will end; once the fix has
              been implemented successfully and Service is restored to business as usual. In situations
              where a fix AND escalation is required due to the operational impact of an incident, the
              Supplier COCR will contact the Supplier Centre Operations Manager (COM) and advise them
              of the issues.

12.9          If the incident is deemed to be non urgent, the Supplier COCR will make arrangements to
              have the issue rectified during the next normal business day.

12.10         A report/synopsis of all incidents will be made via email to the Supplier COM detailing the
              incident, impact and fix implemented.

12.11         When an incident occurs that is escalated to the Supplier COCR, the Supplier COCR may
              escalate it to the Supplier COM due to its operational impact. The Supplier COM will work
              with the Supplier COCR to:

              (a)     Fix the problem;



10-404788-3                                            168
              (b)     Investigate and implement a workaround;

              (c)     Co-ordinate Service delivery; and

              (d)     Escalate the problem further where appropriate.

12.12         Where a technical fix or the implementation of a workaround allows for the full or partial
              resumption of Service, the Supplier COM and the Supplier COCR will manage the incident
              through to satisfactory closure.

12.13         In situations where no fix can be implemented or a reasonable workaround found, and where
              there is deemed to be a risk that business as usual will not resume, the Supplier COM will
              activate the Crisis Management Team (CMT).

12.14         The Supplier COM will make contact with each member of the Supplier CMT to join a
              conference call at a designated time.

12.15         The Supplier CMT will discuss the incident, agree actions, and agree checkpoint calls to
              discuss progress until the incident is resolved.

              CMT Member Contact Details:

                                                         Office
                    Name                 Title                          Mobile                E-mail
                                                        Number
                                                      01977         07798        paul.holdstock
               Paul Holdstock    RMS Director
                                                      696600        746933       @relitech.co.uk
                                 Operations           0208          07710        gareth.storey
               Gareth Storey
                                 Director             3912200       704282       @relitech.co.uk
               Darren            Technical            0208          07730
                                                                                 darren.wildgoose@relitech.co.uk
               Wildgoose         Director             3912200       427517
                                 Centre
                                                      01977         07960        jed.yaqub
               Jed Yaqub         Operations
                                                      696623        872881       @relitech.co.uk
                                 Manager
                                                      01977         07872        shaun.wilcock
               Shaun Wilcock     Technical Engineer
                                                      696607        816365       @relitech.co.uk



12.16         The Supplier CMT will use the Assumptions Based Communications Dynamics (ABCD)
              methodology as detailed in ISO27001 for incident resolution. The Supplier CMT will assign
              resource to focus on the following priorities:

              (a)     Find a fix for the problem

              (b)     Work on a primary workaround

              (c)     Work on a secondary workaround

              (d)     Prepare the DR solution for possible activation

12.17         The Supplier CMT will assess progress on each of the above points at every checkpoint call.

12.18         The Supplier CMT may not necessarily decide to invoke DR where no immediate fix for a
              problem is found. The Supplier CMT may decide that although the problem is Service




10-404788-3                                            169
              impacting, limited Service should continue in parallel to a fix being sought due to the
              substantial impact of DR being invoked.

12.19         The Supplier Director and Supplier Operations Director will be responsible for invoking DR
              based upon the scenario being managed by the Supplier CMT and the recommendations of
              the Supplier Centre Operations Manager and Supplier Technical Team. There is no fixed
              timeline for the Supplier CMT to invoke DR.

13            DR Invocation and Site

13.1          In the event of an incident of such a magnitude that Services can no longer be delivered from
              the Supplier primary site, Service will be moved to the DR site at Delta House, based in
              Wythenshawe, Manchester. The site will have all the facilities necessary to accommodate the
              Supplier Personnel to either co-locate the operation from, or to relocate to, in the event of a
              catastrophic disaster.

13.2          In the event that DR is invoked and personnel on shift are indisposed due to circumstances
              outside the Supplier‟s control, replacement personnel will be contacted using contact lists that
              are held off-site by the Supplier Centre Operations Manager and Supplier Operations Analyst.
              The Supplier will keep contact list up to date.

13.3          The Supplier will adhere to ARC physical security standards whilst working at the DR site and
              the Supplier Personnel will adhere to the following:

              (a)     ARC Identification passes (where available) will be worn at all times;

              (b)     Any passes issued to staff will be worn and clearly visible;

              (c)     Security doors must not be propped open to allow easier access;

              (d)     All doors in the DR site have swipe access locks to ensure security;

              (e)     Anyone requiring access to any building or room within the building will be directed to
                      Security at the main reception area – access will not be granted to people who do not
                      have a valid pass;

              (f)     Any suspicious persons will be brought to the attention of a senior member of staff
                      immediately; and

              (g)     When in a shared area of the building, conversations on detailed matters of any ARC
                      business will not occur.

14            Systems

14.1          The Supplier will maintain an actionable business continuity plan to ensure that Service
              delivery is possible from a DR facility in the event of a catastrophic failure or disaster that
              would render the primary site unusable. A disaster can be an event such as a severe fire,
              aircraft impact or a total loss of communications which completely disables the primary site.

14.2          The Supplier will comply with BS5979. The Supplier will maintain a replicated system, at the
              Disaster Recover site, that will mirror that of the primary site.

14.3          The replicated system will handle lone worker signals in the event of a disaster.




10-404788-3                                             170
14.4          The replicated system will allow the ARC to continue Service and operation offsite in the
              event of a catastrophic disaster.

14.5          Information will be kept live and current between the site databases by real time database
              replication. In the event of a disaster the only experienced down time will be the time taken for
              BT to divert communication paths over to the DR site.




10-404788-3                                             171
14.6          The Supplier will test DR procedures on a regular basis. The test schedule is detailed in the
              Supplier Maintenance Plan. Routine incremental and complete backups will be performed on
              a daily and monthly basis. Details of the schedule is included the Supplier Backup Procedure
              documentation. The Supplier will use a network and system monitoring software package.
              Any failures, major or minor, will be detected by the monitoring software and escalated to the
              Supplier Technical Support Team for resolution.




10-404788-3                                           172
                                                   Schedule 14

                                                  Security Policy

1             Definitions

              For the purposes of this schedule the following definitions shall apply:

              Breach of Security means the occurrence of unauthorised access to or use of any Authority
              premises, the Services, the Solution or any ICT or data (including the Authority's Data) used
              by the Authority or the Supplier in connection with this Agreement

              IT Security Officers shall be IT competent and security aware users and shall have the same
              meaning as set out in the manual of protective security

              Security Plan means the Supplier's security plan prepared pursuant to paragraph 3, and set
              out in Appendix 3 to this schedule

              Security Policy means, to the extent applicable, the Information Security Management NHS
              Code of practice as replaced or updated from time to time

              Security Tests shall have the meaning set out in paragraph 4.1

2             Introduction

2.1           This schedule covers:

              (a)     principles of security for the Supplier System, derived from the Security Policy,
                      including without limitation principles of physical and information security;

              (b)     wider aspects of security relating to the Service;

              (c)     the creation of the Security Plan;

              (d)     audit and testing of the Security Plan;

              (e)     conformance to ISO/IEC:27002 (Information Security Code of Practice) and ISO/IEC
                      27001 (Information Security Requirements Specification) (Standard Specification);
                      and

              (f)     Breaches of Security.

3             Principles of security

3.1           The Supplier acknowledges that the Authority places great emphasis on confidentiality,
              integrity and availability of information and consequently on the security of the ARC and the
              security for the Solution. The Supplier also acknowledges the confidentiality of Authority Data.

3.2           The Supplier shall be responsible for the security of the Solution and shall at all times provide
              a level of security which:

              (a)     is in accordance with Good Industry Practice and Law;

              (b)     complies with the Security Policy;

              (c)     meets any specific security threats to the Solution; and



10-404788-3                                                173
              (d)     complies with ISO/IEC27002 and ISO/IEC27001 in accordance with paragraph 6 of
                      this schedule.

3.3           Without limiting paragraph 3.2, the Supplier shall at all times ensure that the level of security
              employed in the provision of the Services is appropriate to maintain the following at
              acceptable risk levels (to be defined by the Authority):

              (a)     loss of integrity of Authority Data;

              (b)     loss of confidentiality of Authority Data;

              (c)     unauthorised access to, use of, or interference with Authority Data by any person or
                      organisation;

              (d)     unauthorised access to network elements, buildings, and tools used by the Supplier
                      in the provision of the Services;

              (e)     use of the Solution or Services by any third party in order to gain unauthorised access
                      to any computer resource or Authority Data; and

              (f)     loss of availability of Authority Data due to any failure or compromise of the Services.

4             Security plan

4.1           Introduction

              (a)     The Supplier shall develop, implement and maintain a Security Plan to apply during
                      the Term (and after the end of the Term (as applicable) in accordance with part 1 of
                      schedule 16 (Exit Assistance)) which will be approved by the Authority, tested,
                      periodically updated and audited in accordance with this schedule.

              (b)     The draft Security Plan provided by the Supplier as part of its bid is set out in
                      Appendix 2.

              (c)     The Security Plan in place as at the date hereof, is set out in Appendix 3.

4.2           Development

              (a)     As at the date hereof, and in accordance with paragraph 4.4 (Amendment and
                      Revision), the Supplier has prepared and delivered to the Authority for approval the
                      full and final Security Plan, as set out in Appendix 3, which is based on the draft
                      Security Plan set out in Appendix 2.

              (b)     If the Security Plan is approved by the Authority it will be adopted immediately. If the
                      Security Plan is not approved by the Authority the Supplier shall amend it within 10
                      Working Days of a notice of non-approval from the Authority and re-submit to the
                      Authority for approval. The parties will use all reasonable endeavours to ensure that
                      the approval process takes as little time as possible and in any event no longer than
                      15 Working Days (or such other period as the parties may agree in writing) from the
                      date of its first submission to the Authority. If the Authority does not approve the
                      Security Plan following its resubmission, the matter will be resolved in accordance
                      with the Dispute Resolution Procedure. No approval to be given by the Authority
                      pursuant to this paragraph may be unreasonably withheld or delayed. However any
                      failure to approve the Security Plan on the grounds that it does not comply with the




10-404788-3                                              174
                    requirements set out in paragraphs 3.3(a) to 3.3(e) shall be deemed to be
                    reasonable.

4.3           Content

              (a)   The Security Plan will set out the security measures to be implemented and
                    maintained by the Supplier in relation to all aspects of the Services and all processes
                    associated with the delivery of the Services and shall at all times comply with and
                    specify security measures and procedures which are sufficient to ensure that the
                    Services comply with:

                    (i)     the provisions of this schedule (including the principles set out in
                            paragraph 2;

                    (ii)    the provisions of schedule 3, part 1 (Services Description) relating to security;

                    (iii)   ISO/IEC27002 and ISO/IEC27001;

                    (iv)    the data protection compliance guidance produced by the Authority;

                    (v)     the minimum set of security measures and standards required where the
                            system will be handling Protectively Marked or sensitive information;

                    (vi)    any other extant national information security requirements and guidance, as
                            provided by IT Security Officers; and

                    (vii)   appropriate ICT standards for technical countermeasures which are included
                            in the Solution.

              (b)   The references to standards, guidance and policies set out in paragraph 3.3(a) shall
                    be deemed to be references to such items as developed and updated and to any
                    successor to or replacement for such standards, guidance and policies, from time to
                    time.

              (c)   In the event of any inconsistency in the provisions of the above standards, guidance
                    and policies, the Supplier should notify the Authority's Representative of such
                    inconsistency immediately upon becoming aware of the same, and the Authority's
                    Representative shall, as soon as practicable, advise the Supplier which provision the
                    Supplier shall be required to comply with.

              (d)   The Security Plan will be structured in accordance with ISO/IEC27002 and
                    ISO/IEC27001, cross-referencing if necessary to other schedules of this Framework
                    Agreement which cover specific areas included within that standard.

              (e)   The Security Plan shall be written in plain English, in language which is readily
                    comprehensible to the staff of the Supplier and the Authority engaged in the Services,
                    and shall not reference any other documents which are not either in the possession of
                    the Authority or otherwise specified in this schedule.

4.4           Amendment and Revision

              (a)   The Security Plan will be fully reviewed and updated by the Supplier annually, or from
                    time to time to reflect:

                    (i)     emerging changes in Good Industry Practice;



10-404788-3                                          175
                      (ii)    any change or proposed change to the Supplier system, the Services and/or
                              associated processes;

                      (iii)   any new perceived or changed threats to the Supplier system; and

                      (iv)    a reasonable request by the Authority.

              (b)     The Supplier will provide the Authority with the results of such reviews as soon as
                      reasonably practicable after their completion and amend the Security Plan at no
                      additional cost to the Authority.

              (c)     Any change or amendment which the Supplier proposes to make to the Security Plan
                      (as a result of an Authority request or change to schedule 3 (Services) or otherwise
                      shall be subject to the Change Control Procedure and shall not be implemented until
                      approved in writing by the Authority.

5             Audit and Testing

5.1           The Supplier shall conduct tests of the processes and countermeasures contained in the
              Security Plan (Security Tests) on an annual basis or as otherwise agreed by the parties.
              The date, timing, content and conduct of such Security Tests shall be agreed in advance with
              the Authority.

5.2           The Authority shall be entitled to send a representative to witness the conduct of the Security
              Tests. The Supplier shall provide the Authority with the results of such tests (in a form
              approved by the Authority in advance) as soon as practicable after completion of each
              Security Test.

5.3           Without prejudice to any other right of audit or access granted to the Authority pursuant to this
              Framework Agreement, the Authority shall be entitled at any time and without giving notice to
              the Supplier to carry out such tests (including penetration tests) as it may deem necessary in
              relation to the Security Plan and the Supplier's compliance with and implementation of the
              Security Plan. The Authority may notify the Supplier of the results of such tests after
              completion of each such test. Security Tests shall be designed and implemented so as to
              minimise the impact on the delivery Services. If such tests impact adversely on its ability to
              deliver the Services to the agreed Service Levels, the Supplier shall be granted relief against
              any resultant under-performance for the period of the tests.

5.4           For the purposes of this paragraph 5.4, a weakness means a vulnerability in security and a
              potential security failure means a possible breach of the Security Plan or security
              requirements. Where any Security Test carried out pursuant to paragraphs 5.2 or 5.3 above
              reveals any actual or potential security failure or weaknesses, the Supplier shall promptly
              notify the Authority of any changes to the Security Plan (and the implementation thereof)
              which the Supplier proposes to make in order to correct such failure or weakness. Subject to
              the Authority's approval in accordance with paragraph 4.2(b), the Supplier shall implement
              such changes to the Security Plan in accordance with the timetable agreed with the Authority
              or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change
              to the Security Plan to address a non-compliance with the Security Policy or security
              requirements, the change to the Security Plan shall be at no additional cost to the Authority.




10-404788-3                                             176
6             Compliance with ISO/IEC 27001

6.1           The Supplier shall obtain independent certification of the Security Plan to ISO 27001 as soon
              as reasonably practicable and will maintain such certification for the duration of the
              Framework Agreement.

6.2           The Supplier shall carry out such regular security audits as may be required by the British
              Standards Institute in order to maintain delivery of the Services in compliance with security
              aspects of ISO 27001 and shall promptly provide to the Authority any associated security
              audit reports and shall otherwise notify the Authority of the results of such security audits.

6.3           If it is the Authority's reasonable opinion that compliance with the principles and practices of
              ISO 27001 is not being achieved by the Supplier, then the Authority shall notify the Supplier of
              the same and give the Supplier a reasonable time (having regard to the extent of any non-
              compliance and any other relevant circumstances) to become compliant with the principles
              and practices of ISO 27001. If the Supplier does not become compliant within the required
              time then the Authority has the right to obtain an independent audit against these standards in
              whole or in part.

6.4           If, as a result of any such independent audit as described in paragraph 6.3 the Supplier is
              found to be non-compliant with the principles and practices of ISO 27001 then the Supplier
              shall, at its own expense, undertake those actions required in order to achieve the necessary
              compliance and shall reimburse in full the costs incurred by the Authority in obtaining such
              audit.

7             Breach of security

7.1           Either party shall notify the other immediately upon becoming aware of any Breach of Security
              including, but not limited to an actual, potential or attempted breach, or threat to, the Security
              Plan.

7.2           Upon becoming aware of any of the circumstances referred to in paragraph 6.1, the Supplier
              shall:

              (a)     immediately take all reasonable steps necessary to:

                      (i)     remedy such breach or protect the Solution against any such potential or
                              attempted breach or threat; and

                      (ii)    prevent an equivalent breach in the future,

                      such steps shall include any action or changes reasonably required by the Authority.
                      In the event that such action is taken in response to a breach that is determined by
                      the Authority acting reasonably not to be covered by the obligations of the Supplier
                      under this Framework Agreement, then the Supplier shall be entitled to refer the
                      matter to the Agreement Change Procedure.

              (b)     as soon as reasonably practicable provide to the Authority full details (using such
                      reporting mechanism as may be specified by the Authority from time to time) of such
                      actual, potential or attempted breach and of the steps taken in respect thereof.




10-404788-3                                             177
                                                     Appendix 1

                                                   Security Policy

1             Introduction

1.1           Purpose

              The purpose of this document is to describe the Suppliers Security Policy for the NHS Lone
              Worker Framework Agreement. It describes the principles of how the Services will be adhered
              to in relation to people, property and assets.

              The Supplier has taken a strategic decision to work towards ISO/IEC27002 and ISO/IEC27001
              in order to achieve a more effective and robust Information Security Management System
              (ISMS). As an integral part of the Policy, the Security Plan should be referred to alongside this
              Policy.

1.2           Scope

              The scope of this document is confined to a description of the Security Policy for the Supplier's
              Remote Monitoring Services and the steps to be taken to activate the appropriate standards.

1.3           Background

              The Supplier Centre in Pontefract has a security requirement to ensure that Services are
              delivered in accordance with ISO/IEC27002 and ISO/IEC27001.

2             Definitions

              For the purposes of this Policy the following definitions shall apply:

               Breach of Security       The occurrence of unauthorised access to or use of any
                                        Authority premises, the Services, the Solution or any ICT or
                                        data (including the Authority's Data) used by the Authority or the
                                        Supplier in connection with this Agreement.

               IT Security Officers     IT competent and security aware users

               Protectively Marked      Protectively Marked or sensitive logical information which is
                                        embedded encryption

               Security Plan            Supplier Security Plan for the Lone Worker Services

               Security Policy          Supplier Security Policy for Lone Worker Services

               Security Tests           Tests (security) of the processes and countermeasures
                                        contained in the Security Plan




3             Principles and the wider aspects of security

3.1           The Supplier will ensure the integrity, confidentiality and availability of information and security
              of the Alarm Receiving Centre and the confidentiality of Authority Data.

3.2           The Supplier will ensure security of the Services, and will further:
10-404788-3                                              178
              (a)     Abide by and comply with Industry Best Practice (British Standards) and regulatory
                      and legislative requirements.

              (b)     Ensure compliance with this framework document (the Security Policy)

              (c)     Mitigate against any security and risk threats to the Solution.

              (d)     Comply with ISO/IEC27002 and ISO/IEC27001

3.3           Acceptable levels of security and risk will be maintained in relation to:

              (a)     Loss of integrity or Authority Data;

              (b)     Loss of confidentiality of Authority Data;

              (c)     Unauthorised access to, use of, or interference with Authority Data by any persons or
                      organisation;

              (d)     Unauthorised access to network elements, buildings, and tools used by the Supplier in
                      the provision of the Services;

              (e)     Use of the Solution or Services by any third party in order to gain unauthorised access
                      to any computer resource or Authority Data;

              (f)     Loss of availability of Authority Data due to any failure or compromise of the Services;

              (g)     The Service Desk personnel will validate all Users who contact the Service Desk
                      before accepting requests for change (RFCs); and

              (h)     Devices will be processed and delivered to the Authority and Users under secure
                      conditions.

4             The Security Plan

4.1           Content

              (a)     The Security Plan sets out the security measures to be implemented and maintained
                      in relation to all aspects of the Services and all processes associated with the delivery
                      of the Services and shall at all times comply with and specify security measures and
                      procedures which are sufficient to ensure that the Services comply with:

                      (i)      The provisions of this Security Policy;

                      (ii)     The provisions of the BSA Framework Agreement Schedule 14 relating to
                               Security;

                      (iii)    ISO/IEC27002 and ISO/IEC27001;

                      (iv)     The data protection compliance guidance produced by the Authority;

                      (v)      Any other extant national information security requirements and guidance, as
                               provided by IT Security Officers; and

                      (vi)     Appropriate ICT standards for technical countermeasures which are included
                               in the Solution.


10-404788-3                                              179
              (b)     The references to standards, guidance and policies set out in paragraph 3.2 shall be
                      deemed to be references to such items as developed and updated and to any
                      successor to or replacement for such standards, guidance and policies, from time to
                      time.

              (c)     In the event of any inconsistency in the provisions of the above standards, guidance
                      and policies, the Supplier shall notify the Authority of such inconsistency immediately
                      upon becoming aware of the same, and the Authority shall, as soon as practicable,
                      advise the Supplier which provision shall be required to comply with.

              (d)     The Security Plan is structured in accordance with ISO/IEC27002 and ISO/IEC27001,
                      cross-referencing where necessary to other schedules of this Framework Agreement
                      which cover specific areas included within that standard.

              (e)     The Security Plan is written in plain English, in language which is readily
                      comprehensible to the staff of the Supplier and the Authority engaged in the Services,
                      and does not reference any other documents which are not either in the possession of
                      the Authority or otherwise specified in this schedule.

4.2           Amendment and revision

              (a)     The Supplier will ensure that the Security Plan is fully reviewed and updated at least
                      annually, or from time to time to reflect:

                      (i)     Emerging changes and developments in industry best practice.

                      (ii)    Any and all changes or proposed changes to Supplier systems, the Services
                              and/or associated processes.

                      (iii)   Any new perceived or changed threats to Supplier systems.

                      (iv)    A reasonable request by the Authority.

              (b)     The Supplier will provide the Authority with the results of such reviews as soon as
                      reasonably practicable after their completion, and amend the Security Plan at no
                      additional cost to the Authority.

              (c)     Any change or amendment which the Supplier proposes to make to the Security Plan
                      (as a result of an Authority request or change to schedule 3 (Services) or this
                      schedule of the Framework Agreement), shall be subject to the Change Control
                      Procedure and shall not be implemented until approved in writing by the Authority.

5             Auditing and testing of the Security Plan

5.1           The Supplier will conduct tests of the processes and countermeasures contained in the
              Security Plan on an annual basis, or as otherwise agreed by the parties. The date, timing,
              content and conduct of such Security Tests shall be agreed in advance with the Authority.

5.2           The Authority shall be entitled to send a representative to witness the conduct of the Security
              Tests. The Supplier shall provide the Authority with the results of such tests (in a form
              approved by the Authority in advance) as soon as practicable after completion of each
              Security Test.

5.3           Without prejudice to any other right of audit or access granted to the Authority pursuant to this
              Framework Agreement, the Authority shall be entitled at any time and without giving notice to

10-404788-3                                            180
              the Supplier to carry out such tests (including penetration tests) as it may deem necessary in
              relation to the Security Plan and the Supplier's compliance with and implementation of the
              Security Plan. The Authority may notify the Supplier of the results of such tests after
              completion of each such test. Security Tests shall be designed and implemented so as to
              minimise the impact on the delivery Services. If such tests impact adversely on its ability to
              deliver the Services to the agreed Service Levels, the Supplier shall be granted relief against
              any resultant under-performance for the period of the tests.

5.4           For the purposes of this paragraph, a weakness means vulnerability in security and a potential
              security failure means a possible breach of the Security Plan or security requirements. Where
              any Security Test carried out, pursuant to paragraphs 5.2 or 5.3 above, reveals any actual or
              potential security failure or weaknesses, the Supplier shall promptly notify the Authority of any
              changes to the Security Plan (and the implementation thereof) which the Supplier proposes to
              make in order to correct such failure or weakness. Subject to the Authority's approval in
              accordance with paragraph 4.2(c) above, the Supplier shall implement such changes to the
              Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as
              soon as reasonably possible. For the avoidance of doubt, where the change to the Security
              Plan to address a non-compliance with the Security Policy or security requirements, the
              change to the Security Plan shall be at no additional cost to the Authority.

6             Conformance to ISO standards (27001 and 27002)

6.1           The Supplier will obtain third party independent certification of the Security Plan to ISO 27001
              standard as soon as reasonably practicable, and will maintain such certification for the
              duration of the Framework Agreement.

6.2           If sections of the Security Policy do not conform to industry best practice as described in ISO
              27002 and, as a result, the Supplier reasonably believes that its certification to ISO 27001
              would fail in regard to the said sections, the Supplier shall promptly notify the Authority of this
              and the Authority in its absolute discretion may waive the requirement for certification in
              respect of the relevant parts.

6.3           The Supplier will carry out such regular security audits as may be required by the British
              Standards Institute in order to maintain delivery of the Services in compliance with security
              aspects of ISO 27001, and shall promptly provide to the Authority any associated security
              audit reports and shall otherwise notify the Authority of the results of such security audits.

6.4           If it is the Authority's reasonable opinion that compliance with the principles and practices of
              ISO 27001 is not being achieved by the Supplier, then the Authority shall notify the Supplier of
              the same and give the Supplier a reasonable time (having regard to the extent of any non-
              compliance and any other relevant circumstances) to become compliant with the principles
              and practices of ISO 27001. If the Supplier does not become compliant within the required
              time then the Authority has the right to obtain an independent audit against these standards in
              whole or in part.

6.5           If, as a result of any such independent audit as described in paragraph 6.4, the Supplier is
              found to be non-compliant with the principles and practices of ISO 27001 then the Supplier
              shall, at its own expense, undertake those actions required in order to achieve the necessary
              compliance and shall reimburse in full the costs incurred by the Authority in obtaining such
              audit.




10-404788-3                                             181
7             Breaches of security

7.1           Either party shall notify the other immediately upon becoming aware of any Breach of Security
              including, but not limited to an actual, potential or attempted breach, or threat to, the Security
              Plan

7.2           Upon becoming aware of any of the circumstances referred to in paragraph 7.1 the Supplier
              shall immediately take all reasonable steps necessary to:

              (a)     Remedy such breach or protect the Solution against any such potential or attempted
                      breach or threat;

              (b)     Prevent an equivalent breach in the future. Such steps shall include any action or
                      changes reasonably required by the Authority. In the event that such action is taken
                      in response to a breach that is determined by the Authority acting reasonably not to be
                      covered by the obligations of the Supplier under this Framework Agreement, then the
                      Supplier shall be entitled to refer the matter to the Agreement Change Procedure; and

              (c)     As soon as reasonably practicable the Supplier will provide to the Authority full details
                      (using such reporting mechanism as may be specified by the Authority from time to
                      time) of such actual, potential or attempted breach and of the steps taken in respect
                      thereof.

8             Continuous improvement

              The Supplier shall continually improve the effectiveness of the ISMS through the use of the
              information security policy, information security objectives, audit results, analysis of monitored
              events, corrective and preventive actions and management review.

9             Corrective actions

9.1           The Supplier shall take action to eliminate the cause of nonconformities with the ISMS
              requirements in order to prevent recurrence. The documented procedure for corrective action
              shall define requirements for:

              (i)     Identifying nonconformities;

              (j)     Determining the causes of nonconformities;

              (k)     Evaluating the need for actions to ensure that nonconformities do not recur;

              (l)     Determining and implementing the corrective action needed;

              (m)     Recording results of action taken (see paragraph 5.4); and

              (n)     Reviewing of corrective action taken.




10-404788-3                                             182
                                                    Appendix 2

                                     Draft Security Plan from Supplier's Bid

1             Table of Contents

              1       Introduction

              2       Scope

              3       Outputs

              4       ISO 27001 accredited certification and service standards

              5       Amendments and revision

              6       Auditing and testing of the security plan

2             Introduction

2.1           The following security plan illustrates how the Supplier will meet the requirement of the
              Framework Agreement. The Security Plan sets out the security measures to be implemented
              and maintained by the Supplier in relation to all aspects of the Services and all processes
              associated with the delivery of the Services and shall, at all times, comply with and specify
              security measures and procedures which are sufficient to ensure that the Services comply
              with:

              (a)     the provisions of this schedule;

              (b)     the provisions of schedule 3 (Services) relating to security;

              (c)     ISO/IEC27002 and ISO/IEC27001;

              (d)     the data protection compliance guidance produced by the Authority;

              (e)     the minimum set of security measures and standards required where the system will
                      be handling protectively marked or sensitive information;

              (f)     any other extant national information security requirements and guidance, as provided
                      by IT Security Officers; and

              (g)     appropriate ICT standards for technical countermeasures which are included in the
                      Solution.

2.2           The references to standards, guidance and policies set out in paragraph 2.1 shall be deemed
              to be references to such items as developed and updated and to any successor to or
              replacement for such standards, guidance and policies, from time to time.

2.3           In the event of any inconsistency in the provisions of the above standards, guidance and
              policies, the Supplier shall notify the Authority of such inconsistency immediately upon
              becoming aware of the same, and the Authority shall, as soon as practicable, advise the
              Supplier which provision the Supplier shall be required to comply with.

2.4           The Security Plan shall be structured in accordance with ISO/IEC27002 and ISO/IEC27001,
              cross-referencing if necessary to other schedules of this Framework Agreement which cover
              specific areas included within that standard.
10-404788-3                                              183
2.5     The Security Plan shall be written in plain English, in language which is readily
        comprehensible to the personnel of the Supplier and the Authority engaged in the Services,
        and shall not reference any other documents which are not either in the possession of the
        Authority or otherwise specified in this schedule.

3       Amendment and Revision

3.1     The Security Plan shall be fully reviewed and updated by the Supplier annually, or from time to
        time to reflect:

        (a)     emerging changes in Good Industry Practice;

        (b)     any change or proposed change to the Supplier System, the Services and/or
                associated processes;

        (c)     any new perceived or changed threats to the Supplier System; and

        (d)     a reasonable request by the Authority.

3.2     The Supplier shall provide the Authority with the results of such reviews as soon as
        reasonably practicable after their and amend the Security Plan at no additional cost to the
        Authority.

3.3     Any change or amendment which the Supplier proposes to make to the Security Plan (as a
        result of an Authority request or change to the schedule 3 (Services) or otherwise shall be
        subject to the Change Control Procedure and shall not be implemented until Approved in
        writing by the Authority.

3.4     The security plan shall approach the service provision by focusing on two stated tenets of the
        Invitation to Participate in Dialogue:

        (a)     Outputs; and

        (b)     Standards.

3.5     The Security Plan sets out the security measures to be implemented and maintained by the
        Supplier in relation to all aspects of the Services and all processes associated with the
        delivery of the Services, and shall at all times comply with and specify security measures and
        procedures.

4       Scope

4.1     The Service shall operate as a managed Service with a single point of contact for all Service
        Desk interactions with the Supplier, irrespective of whether this is in relation to a subscription,
        un-subscription, a fault, issue, problem, query, request, addition or change in subscription of a
        Service.

4.2     The Alarm Receiving Centre (ARC) shall have a discrete contact number which will be
        available 24 hours a day, 365 days per year to manage incidents and alarms. The Alarm
        Monitoring Service (AMS) centre (or virtual centre) shall further be capable of monitoring every
        geographical location where Users need to operate within England. The Services provided by
        the Supplier shall support a range of User profiles to support the needs of different situations
        arising from the diverse User groups.

4.3         It is appreciated that a range of Devices shall be required to support the needs of different
            situations arising from the diverse User groups and range of Authority bodies. The Device or
10-404788-3                                          184
              application shall enable Users to signal for assistance from the emergency services. A range
              of tracking options shall be available (from no tracking, basic tracking, through to more
              accurate tracking).

5             Outputs

5.1           In terms of deliverable outputs, there are a number of areas which shall receive specific
              attention; as follows:

              (a)    End to end Service

                     (i)     The Supplier shall provide full life-cycle management (including
                             commissioning, configuration, administration, moves, changes, account
                             administration, Service Desk support, maintenance, Technology Refresh and
                             disposal). The Supplier shall process applications for Devices from Customers
                             against agreed criteria to ensure eligibility and suitability of the Service.

                     (ii)    The supplied solution shall be capable of indicating three levels of alert for
                             Lone Workers:

                             (A)     At work - the standard risk experienced by all workers in a normal
                                     days activity;

                             (B)     Heightened risk – this equates to a situation where an individual
                                     perceives a heightened sense of risk in a work environment e.g. a
                                     home visit; and

                             (C)     Incident - an incident is happening or has happened e.g. physical
                                     attack, verbal abuse etc.

                     (iii)   The above levels shall be referred to as Green, Amber and Red in line with
                             risk measurement status.

                     (iv)    The agreed solution shall support the use of a range of User Devices to
                             support diverse User groups and a variety of tracking options (from basic
                             tracking to more accurate tracking).

                     (v)     The Services provided shall further support the provision of tailored User
                             profiles to meet the needs of different situations arising from the diverse User
                             groups and range of NHS bodies included in the scope.

              (b)    Alarm Management Service (AMS)

                     (i)     The Alarm Management Service shall be made up of the ARC and the
                             Service Desk.

                     (ii)    The Supplier shall provide an ARC which shall be available 24 hours a day,
                             365 days per year. The Supplier shall support a range of User profiles to
                             support the needs of different situations arising from the diverse User groups
                             and range of Authority bodies. The User profiles shall allow bespoke
                             escalation procedures e.g. escalation to colleagues instead of emergency
                             response from the Police. The default profile shall result in escalation to the
                             Emergency Services if appropriate.




10-404788-3                                           185
                    (iii)      The ARC shall be able to listen to and record events in a way that is legally
                               admissible in prosecution cases that arise from incidents.

              (c)   Training

                    (i)        The Supplier shall carry out all initial Device User training in order that all
                               Users shall receive a uniform level of training.

                    (ii)       Within the Security Plan there shall be contingency plans for any re scaling of
                               training requirements, with the Supplier being in a position to re-engage at
                               short notice.

              (d)   Information security management

                    (i)        The policy, practices and procedures to be implemented by the Supplier shall
                               be based upon ITIL Best Practice guidance. ITIL underpins the foundations of
                               ISO/IEC 20000 (Service Management Standard, previously BS15000). The
                               Supplier shall work towards this standard, in a de facto manner, by ensuring
                               that ITIL V3 disciplines are adhered to. The Supplier shall operate under ITIL
                               V3, with appropriate Supplier personnel attending further accreditation
                               courses over the next 2 months. In a service environment such as this, with
                               critical Services being delivered, Security Management, in physical, logical
                               and software / application security and the availability, integrity and
                               confidentiality of information is key. All ICT shall comply with the Authority
                               STEP policy, and in order to achieve this, the Supplier shall undertake the
                               initial process to seek ISO/IEC 27001 accreditation. The accreditation
                               process is under way with a full gap analysis being undertaken before
                               application begins formally.

                    (ii)       All Users shall be fully trained in security policies and procedures and
                               provided with regular updates. Security incidents, vulnerabilities and system
                               faults shall be promptly reported through the dedicated Service Desk function.
                               Sensitive ICT facilities shall be protected from unauthorised access through
                               the use of physical controls. Critical ICT equipment including items such as
                               cabling shall be protected against physical damage.

                    (iii)      Documented operating procedures shall be produced including logs and
                               controls for:

                               (A)     Secure disposal of backup media, documents, voice recordings and
                                       test data;

                               (B)     Secure disposal and maintenance of ICT equipment;

                               (C)     Securely handling, transporting and storing of backup media and
                                       system documentation;

                               (D)     Any information and / or software exchanges between organisations;

                               (E)     Removal of ICT assets from site, and

                               (F)     Secure management of failover/contingent ICT equipment.

                    (iv)       Any changes to the agreed security policies and standards shall be approved
                               by the Authority as part of the Service Transition phase detailed below.

10-404788-3                                            186
                            Specific reference to this agreement process shall be incorporated into the
                            release management protocols. Conversely, should the Authority propose any
                            changes to the security policies and standards, the Supplier shall agree these
                            changes, and after consultation with the Authority implement them in line with
                            the defined process.

              (e)   Protectively Marked or Sensitive Information

                    The Suppliers Security Plan shall be in accordance with the Manual of Protective
                    Security, and shall conform to the following requirements:

                    (i)     Scope of the document;

                    (ii)    Service security environment;

                    (iii)   Use of the security Framework;

                    (iv)    Threats to services and clients;

                    (v)     Security control objectives; and

                    (vi)    Service functional security requirements.

              (f)   Service monitoring and management

                    (i)     There shall be one single point of contact for Users for assistance for all
                            enquiries (Service Desk Transactions). This service shall effectively be 24
                            hours per day, 7 days per week (reduced service levels outside of normal
                            hours). The Service Desk team shall have dedicated personnel performing all
                            administrative tasks relating to implementing new Users and ongoing support
                            for existing Users. Supplier Personnel shall be able to access all associated
                            systems to ensure quick and effective resolution of all issues, managing all
                            enquiries and queries through to resolution, engaging with the ARC and
                            Service Maintenance functions as necessary.

                    (ii)    All communications with Users, regardless of the nature and method of
                            communication shall be recorded, managed and where necessary tracked via
                            the Client Relationship Management (CRM) system, through to resolution.
                            The CRM system shall enable the generation of reports and analysis of key
                            metrics such as volumes of calls, time to resolution from initial
                            communication, types of queries, etc. This shall enable the Supplier to
                            monitor performance and proactively identify and improve issues. It also
                            provides all information relating to interactions with Users, enabling all
                            Supplier Personnel to deal with queries without a reduction in the level of
                            knowledge and hence service to that User.

                    (iii)   Specific ongoing support tasks performed by Service Desk staff:

                            (A)     Queries from a Device usage nature from a User (how to use
                                    properly, suspected faulty Devices, network coverage concerns);

                            (B)     Queries relating to changes in User details, points of contact details,
                                    reallocation of Devices. These shall be tracked and confirmed with
                                    User/Customer via the request for change process;


10-404788-3                                          187
                            (C)     Issuing of reports to Customers and the Authority, highlighting key
                                    elements from the report data (Device inactivity, incorrect usage, etc).
                                    This enables the Service Desk Personnel to proactively work with
                                    Users to maximise their overall usage of Devices. For example, the
                                    Service Desk shall highlight Device inactivity that is explained by the
                                    fact the User has left the Customer organisation and hence the User
                                    details require deletion and the Device reallocating;

                            (D)     Proactively calling Users when they are struggling with Devices via
                                    the alarms coming through to the ARC e.g. Repeated false alarms;

                            (E)     Proactively updating Users on the progress of enquiries, ensuring
                                    confirmation from the User, before closing a transaction;

                            (F)     Specific new Customer implementation tasks performed by Service
                                    Desk Personnel shall include;

                            (G)     Liaise with Authorised Customer Representatives to organise and
                                    collect User information;

                            (H)     Liaise with Authorised Customer Representatives to set up effective
                                    and robust escalation points of contact for all Users;

                            (I)     Set up Users on alarm handling software and organise go-live dates;

                            (J)     Organise training programme;

                            (K)     Ensure Devices are despatched to the correct place at the correct
                                    time;

                            (L)     Proactively call Users in the early days, post training, to ensure Users
                                    are comfortable and confident with the Device.

                    (iv)    Service Desk Personnel shall work closely with the service maintenance
                            personnel on Device queries; Device returns; Device loan swap outs etc. The
                            Service Desk shall be covered 24/7 with the non-core hours between 8pm
                            and 6am and weekends/Bank Holidays covered by the ARC. All internal
                            communications shall be logged against the specific Customer/User to ensure
                            full tracking and transparency.

                    (v)     Any change to a User, User account or User Device shall be controlled via the
                            Supplier request for change process.

              (g)   Reporting

                    All reporting of Service Desk transactions shall be driven through the CRM system
                    with full flexibility on what and how issues are reported.

              (h)   Functional services

                    (i)     Disaster Recovery

                    The Supplier's ARC shall be accredited with BS 5979 Cat II, which assures Users that
                    there shall be a disaster recovery procedure in place. The plan shall involve the
                    duplication of the Supplier's server capability at another BS5979 Cat II site to ensure
                    no operational downtime in the event of catastrophic failure on the primary Supplier
10-404788-3                                           188
              site. The Supplier shall continue to test this on an annual basis. There shall be 5
              elements to the business continuity plan once service disruption is experienced:

              (a)     An incident management process;

              (b)     A crisis management team;

              (c)     A disaster recovery technical plan;

              (d)     A business continuity strategy; and

              (e)     Physical security.

              The Suppliers ARC shall be accredited the BS 5979 Cat II, which by nature assures
              that physical security includes:

              (a)     Dual thickness walls;

              (b)     Access control;

              (c)     Airlock;

              (d)     Independent air supply system;

              (e)     Gas detectors;

              (f)     CCTV internal;

              (g)     Blast proof windows;

              (h)     Secure server room;

              (i)     Secure telephone system;

              (j)     Firewalls providing secure encrypted MPLS between sites; and

              (k)     The risk assessment process.

                      (A)        The Supplier shall work with the Authority to provide a standardised
                                 risk assessment tool to inform the decision as to whether a Device is
                                 needed, and if so, which type of Device.

                      (B)        The risk assessment tool shall have the ability to deal with budgetary
                                 constraints at an Authority level, providing a sound rationale for not
                                 only identifying the Device variant required per User group, but also
                                 prioritising User groups within the organisation.

              The intellectual property rights for such a tool may be owned by the Authority to
              enable the Authority to offer this as an added service/tool to existing and new
              Customers.

              (iii)   Account Management

                      (A)        Account Management is an integral part of the Suppliers Security
                                 Plan, and as such there shall be a dedicated team of Account
                                 Managers accessible 24 hours per day.

10-404788-3                                      189
                     (B)     The tasks which the Supplier Account Managers shall undertake are
                             as follows:

              (iv)   Pre-mobilisation which includes:

                     (A)     Oversee all the implementation tasks;

                     (B)     Review the Lone Worker policies and procedures for each customer;

                     (C)     Identify Quarterly Business Reporting dates and attendees for each
                             customer;

                     (D)     Meet with staff representatives; and

                     (E)     Identify and meet the appropriate contact in the customer‟s Accounts
                             department.

              (v)    Implementation/Mobilisation which includes:

                     (A)     Manage and deliver the implementation project;

                     (B)     Establish Gant chart and share with customer‟s representative;

                     (C)     Task Trainer;

                     (D)     Task Service Desk administrator;

                     (E)     Agree deliverables with customer;

                     (F)     Oversee deployment of Devices;

                     (G)     Oversee training of Users; and

                     (H)     Report to Customer Relationship Manager on achievement of
                             deliverables.

              (vi)   Post-Implementation

                     (A)     Carry out Quarterly Business Reviews (QBRs) with customer;

                     (B)     Review reporting;

                     (C)     Identify additional training needs;

                     (D)     Manage deployment for Devices for New Starters/Leavers;

                     (E)     Conduct Incident Reviews;

                     (F)     Confirm invoice details monthly;

                     (G)     Maintain the CRM database on Users;

                     (H)     Oversee resolution of any issues raised through the Service Desk;
                             and

                     (I)     Support any specific marketing tasks identified.

10-404788-3                                   190
              (i)   Project Management

                    (i)     In relation to project management there are two further areas to consider.
                            Firstly, there is the project management approach taken to deliver the
                            Framework Agreement overall. Secondly there is the project management
                            approach taken for individual clients when delivering the Services

                    (ii)    The approach is a pragmatic, based on several years of implementation
                            experience. The process is divided into four distinct stages:

                    1.      Pre-training

                    2.      Training

                    3.      Initial phase post-training

                    4.      Ongoing phase post-training.

                    (iii)   Phase 1: Pre-Training

                            (A)     Assess how the solution will complement existing lone worker
                                    procedures and protocols and assist, where necessary, with any
                                    modifications or updates to these procedures and protocols.

                            (B)     Understand the working environment and risks faced by each User
                                    group and propose the most appropriate Device variant and
                                    associated Device set-up functionality per User.

                            (C)     Through a combination of checking network coverage „maps‟ and
                                    obtaining local knowledge from Users, we determine the combination
                                    of GSM network operator SIM cards with which to commence service
                                    delivery.

                            (D)     Work through the necessary points of contact and alarm escalation
                                    procedures per User.

                            (E)     Jointly with the Customer, engage with the local/regional Police forces
                                    to clarify Police response processes.

                            (F)     Clarify the personal information required from Users and coordinate
                                    the necessary collection of this information.

                            (G)     Create the model for implementation. Areas covered here include
                                    resource levels for the organisation (internal trainers, administrators,
                                    project team and project managers for instance), training schedules
                                    (who gets trained, by whom, where and when) and the proposed
                                    frequency of project meetings.

                            (H)     Create and continuously update the project plan. The information
                                    generated from the implementation model is then dropped into a
                                    Gantt Chart; this is used to manage the project.

                    (iv)    Phase 2: Training. This includes the following:

                            (A)     The Supplier shall project manage the delivery of Devices (each
                                    Device is registered against an individual), the actual training
10-404788-3                                        191
                                       sessions (and content thereof) and coordinate „go-live‟ dates. Quality
                                       face to face training will be offered to all Users.

                      (v)     Phase 3: Initial Phase Post-Training:

                              (A)      This covers the early stages of adoption of the Devices by Users.
                                       The Supplier shall coordinate frequent meetings and conference calls
                                       to analyse User activity levels, ensure correct usage of Devices,
                                       discuss any network coverage problems and solve any issues arising
                                       with escalation „points of contact‟. Key to this is the circulation of
                                       activity data prior to the discussions. This is an assurance to jointly
                                       tackle issues quickly and ensure a successful implementation;

                              (B)      The frequency of these discussions are only reduced once both
                                       parties are satisfied the main issues have been dealt with
                                       successfully. All discussions are recorded and circulated, highlighting
                                       actions where necessary, to ensure transparency and the tracking
                                       and completion of actions in a timely manner.

                      (vi)    Phase 4: Ongoing Phase Post-Training

                              (A)      The Supplier shall issue monthly activity reports. The Supplier shall
                                       highlight ongoing User issues, general activity level issues, network
                                       coverage issues. The Supplier shall further agree with the Customer
                                       the frequency of contract review meetings to discuss the issues
                                       raised in these reports and any others through the contract until
                                       completion.

6             ISO 27001 accredited certification and Service standards

6.1           The Supplier is currently preparing for ISO 27000 accredited certification. A gap analysis
              exercise has taken place, and the Supplier is now in a position to provide details of the
              standard and its applicability to relationships with the Authority, and further inform interested
              parties of the progress made, and the projected efforts required to attain accredited
              certification of the 27000 standard.

6.2           The ISO body of standards is divided between three distinct sections.

              (a)     ISO 27701;

              (b)     ISO 27002; and

              (c)     ISO 27005.

6.3           ISO 27001 is that part of the standard which reflects on the Information Security Management
              System (ISMS) requirements. During the certification phase the implementation and
              management of the ISMS will be audited against 27001.

6.4           ISO 27002 is a Code of Practice which is intended to provide a framework for international
              best practice in information security management and systems interoperability. It also provides
              guidance to which an external auditor may look, on how to implement certifiable ISMS. It does
              not, as the standard is currently written, provide the best for an international certification
              scheme.



10-404788-3                                            192
6.5           ISO 27005 this International Standard provides guidelines for information security risk
              management, and it supports the general concepts specified in ISO/IEC 27001, and is
              designed to assist the satisfactory implementation of information security based on a risk
              management approach.

6.6           The approach to the implementation of an Information Security Management Systems will be
              based on the recognised Plan; Do; Check; Act concept which is recognised throughout all
              standards within the ISO family of standards.

6.7           Of critical importance to the accreditation of ISO 27001 certification is the ability of the
              Supplier to provide a structured approach to the implementation of the ISMS. The standard
              sets out in paragraph 6.2, the required structured approach to the establishment of an ISMS,
              and there are six recognised steps which the Supplier will follow:

              (a)    Define the scope of the ISMS;

              (b)    Define the Information Security Policy at board level;

              (c)    Define a systematic approach to risk assessment and the risk acceptance criteria;

              (d)    Carry out a risk assessment to identify, within the context of the policy and ISMS
                     scope, the important information assets of the organisation and the risks to them. At
                     this stage an assessment of all risk is established;

              (e)    Identify and evaluate options for the treatment of the risks, selecting where required,
                     the control objectives and controls to be implemented; and

              (f)    Prepare a Statement of Applicability.




6.8           Application of the PDCA cycle to a process approach means that, following the basic
              principles of process design, there needs to be both inputs to and outputs from the process.
              An ISMS takes, as its input the information security requirements and expectations of the
              interested parties (Authority and Supplier), and through the necessary actions and processes
              produce information security outcomes that meet those requirements and expectations. This
              means that the PDCA model is applied at two levels:

              (a)    The strategic level, in terms of the development of the ISMS itself; and

10-404788-3                                           193
              (b)     At the tactical level, in terms of each of the processes within the ISMS.

6.9           At the strategic level, the application of the PDCA cycle is applied to the development of the
              ISMS. The correspondence between the PDCA cycle and the stages identified in the Standard
              for the implementation and development of the ISMS as seen below is currently being adapted
              by the Supplier in order that 27000 accredited certification may be achieved.

              (a)     Plan (Establish the ISMS)

                      (i)     Define the scope of the ISMS;

                      (ii)    Define the Information Security Policy at board level;

                      (iii)   Define a systematic approach to the risk assessment;

                      (iv)    Carry out a risk assessment to identify, within the context of the policy and
                              ISMS scope, the important information assets of the organisation, and risks to
                              them;

                      (v)     Identify and evaluate options for the treatment of these risks;

                      (vi)    Select for each approach, the control objectives and controls to be
                              implemented; and

                      (vii)   Prepare a statement of applicability.

              (b)     Do (Implement and operate the ISMS)

                      (i)     Formulate the risk treatment plan, its documentation, including planned
                              processes and detailed procedures;

                      (ii)    Implement the risk treatment plan and planned controls;

                      (iii)   Provide appropriate training for affected staff, as well as awareness
                              programmes;

                      (iv)    Manage all operations and resources within the ISMS; and

                      (v)     Implement procedures that enable prompt detection of, and response to,
                              security incidents.

              (c)     Check (Monitor and review the ISMS)

                      (i)     Monitor, review test and audit the above. Monitoring, reviewing, testing and
                              audit has to be an ongoing process that covers the whole system, and a
                              certification body will want to see evidence of at least one cycle of tests and
                              audits on the ISMS, having been completed prior to a certification visit.

              (d)     Act (Maintain and improve the ISMS)

                      (i)     Testing and audit outcomes will be reviewed by management, as will the
                              ISMS in the light of the changing risk environment, advancing technology or
                              other risk related circumstances; improvements to the ISMS will be identified,
                              documented and implemented; and



10-404788-3                                            194
                             (ii)    Thereafter the ISMS will be subject to ongoing review, further testing and
                                     improvement implementation, a process recognised as continuous
                                     improvement.



                                             Fig 1.0 ISMS Project Roadmap



                  Risk Assessment                         Prepare Documentation              Monitor/Review

Board Policy                         Board Approval                               Training




  Agree Scope                                 SOA                        Incident Response Procedure

                        Asset Inventory               Implement ISMS                             Identify, Implement and Improve



                      Plan                             Do                         Check                       Act




                Figure 1.0 shows the ISMS project roadmap, based on the PDCA concept which will be
                adopted by the Supplier




  6.10          In terms of deliverable standards, there are a number of areas which will receive specific
                attention; as follows:

                (a)          Service management standards. The entire service architecture shall be managed,
                             adhering to the ITIL processes operated by the Supplier.

                (b)          The Supplier has a contract management team with the capacity and depth to be able
                             to assist the BSA and CFSMS to develop the appropriate strategies necessary to
                             translate developing business requirements across the Authority into firm deliverables,
                             whether they are ICT strategies, the delivery framework or overall service capabilities,
                             in line with STEP where applicable to this Framework Agreement. The shape of the
                             contract management team is as follows:

                             (i)     Framework Manager / Contract Director;

                             (ii)    Operations Manager (deputy Contract Director);

                             (iii)   Service Maintenance Manager;

                             (iv)    User Training Manager;

                             (v)     Service Desk Supervisor;

                             (vi)    National Account Manager; and


  10-404788-3                                                   195
                     (vii)   ARC Manager.

              (c)    In addition the Partnership Board, which will sit above the Contract Management
                     Team and work in a strategic way to align the Supplier's objectives with those of the
                     Authority, shall be a powerful tool for meeting Authority aspirations for the Services.
                     The Supplier expects and anticipates meeting the Authority regularly to discuss their
                     developing ideas for improving service delivery; for enhancing the „sales‟ of the
                     Services across the Authority; for meeting Customer expectations, queries and
                     concerns; for ensuring that personnel and their representatives are fully briefed on a
                     programmed basis throughout the year on the Services; and to help inform
                     government on the outcomes of this important „pump-priming‟ project.

              (d)    The Supplier proposes that members of the Partnership Board from the Suppliers side
                     contain at least the following:

                     (i)     Director for Operations, Reliance;

                     (ii)    Director, Reliance ARC; and

                     (iii)   Contract Manager.

              (e)    Continual Service Improvement is the anchor which holds these processes together.
                     It is imperative for the Supplier to deliver consistent, repeatable process activities to
                     safeguard the Services quality. However, the continuous search for improvements as
                     part of the promised Services quality is equally important. As technology develops
                     and as Best Practice and legislation is updated, the need for a supplier to the
                     Authority to be pro-active in its improvements is paramount. The following, on-going
                     processes form the basis for annual service plans:

                     (i)     Measurement and Control;

                     (ii)    Service Measurement;

                     (iii)   Service Assessment and Analysis; and

                     (iv)    Service Level Management.

7             Amendment and revision

7.1           The Supplier shall ensure that the Security Plan is fully reviewed and updated annually, or
              from time to time to reflect:

              (a)    Emerging changes and developments in industry best practice;

              (b)    Any and all changes or proposed changes to the Supplier Systems, the Services
                     and/or associated processes;

              (c)    Any new perceived or changed threats to the Supplier System;

              (d)    A reasonable request by the Authority;

              (e)    The Supplier will provide the Authority with the results of such reviews as soon as
                     reasonably practicable after their completion, and amend the Security Plan at no
                     additional cost to the Authority; and



10-404788-3                                           196
              (f)     Any change or amendment which the Supplier proposes to make to the Security Plan
                      (as a result of an Authority request or change to the schedule 3 (Services) or
                      otherwise, shall be subject to the Change Control Procedure and shall not be
                      implemented until approved in writing by the Authority.

8             Auditing and testing of the Security Plan

8.1           The Supplier shall conduct tests of the processes and countermeasures contained in the
              Security Plan on an annual basis, or as otherwise agreed by the Authority and the Supplier.
              The date, timing, content and conduct of such Security Tests shall be agreed in advance with
              the Authority.

8.2           The Authority shall be entitled to send a representative to witness the conduct of the Security
              Tests. The Supplier shall provide the Authority with the results of such tests (in a form
              approved by the Authority in advance) as soon as practicable after completion of each
              Security Test.

8.3           Without prejudice to any other right of audit or access granted to the Authority pursuant to this
              Framework Agreement, the Authority shall be entitled at any time, and without giving notice to
              the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in
              relation to the Security Plan and the Supplier's compliance with and implementation of the
              Security Plan. The Authority may notify the Supplier of the results of such tests after
              completion of each such test. Security Tests shall be designed and implemented so as to
              minimise the impact on the delivery Services. If such tests impact adversely on its ability to
              deliver the Services to the agreed Service Levels, the Supplier shall be granted relief against
              any resultant under-performance for the period of the tests.

8.4           For the purposes of this paragraph 8.4, a weakness means vulnerability in security and a
              potential security failure means a possible breach of the Security Plan or security
              requirements. Where any Security Test carried out pursuant to paragraphs 8.2 or 8.3 above
              reveals any actual or potential security failure or weaknesses, the Supplier shall promptly
              notify the Authority of any changes to the Security Plan (and the implementation thereof)
              which the Supplier proposes to make in order to correct such failure or weakness. Subject to
              the Authority's approval in accordance with paragraph 3.3(c) above, the Supplier shall
              implement such changes to the Security Plan in accordance with the timetable agreed with the
              Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where
              the change to the Security Plan to address a non-compliance with the Security Policy or
              security requirements, the change to the Security Plan shall be at no additional cost to the
              Authority.

9             Reviewers Comments

9.1           In terms of the gap analysis, it is suggested that the remainder of the project is structured as
              follows:

              (a)     Project Team: To be formed at the earliest opportunity. Taking into consideration
                      that the 27001 standard is technically neutral, it is imperative that the Project Team
                      should be chaired by a senior executive or board member who is designated as
                      responsible for the implementation of the ISMS. Members of the team will be selected
                      from across the organisation. Key functions that should be represented are
                      quality/process management; Human Resources; Training; IT/Facilities Management;
                      Operations and Business Administration and Health & Safety. The team should be
                      guided by a member with knowledge of ISO standards.


10-404788-3                                            197
              (b)   Information Security Policy: Once the Project Team and management structure
                    have been agreed, consideration of a board level Information Security Policy should
                    be the next phase. The definition of the Information Security Policy is a requirement
                    set out in clause 4.2.1 of the standard. Initially, the Information Security Policy should
                    be a short statement no more than two A4 pages however, the policy will go through a
                    number of stages of development, particularly as a result of the risk assessment, and
                    the final version of the policy must satisfy clause 5.1.1 of the standard.

              (c)   The risk assessment: ISO 27002 is clear in its introduction, that risk is a systematic
                    study of assets, threats, vulnerabilities and impacts to assess the probability and
                    consequence of risk. In terms of the ARC certification this equates to a systematic and
                    methodical consideration of:

                    (i)     The business harm likely to result from a range of business failures; and

                    (ii)    The realistic likelihood of such failures occurring.

              (d)   The risk assessment should be carried out by a qualified and experienced risk
                    assessor who has knowledge of qualitative risk assessment and management, and
                    has the ability to identify the following areas of risk in line with clause 4.2.1d of the
                    standard.

                    (i)     Assets within the scope;

                    (ii)    Threats;

                    (iii)   Vulnerabilities;

                    (iv)    Likelihood;

                    (v)     Impact; and

                    (vi)    Treatment of risk.

              (e)   Required documentation: Notwithstanding the production of the Information Security
                    Policy, there are number of other documents, constituting the ISMS manual, which
                    must be produced to meet the requirements of the standard:

                    (i)     The risk assessment report, to include risk treatment;

                    (ii)    Control objectives and procedures to support the ISMS manual;

                    (iii)   The Statement of Applicability;

                    (iv)    Evidence of the actions undertaken by the organisations top management
                            team (minutes of all meetings);

                    (v)     A description of the management framework;

                    (vi)    Procedures that govern the management and review of the ISMS; and

                    (vii)   All business continuity and crisis management documentation.




10-404788-3                                            198
10            Third party accredited certification:

10.1          Selection of auditors. There are two key issues which need to be taken into consideration
              relation to the overall policy of 27001 auditor selection:

              (a)     The ISMS must be fully integrated into the organisation, with a recognition that
                      standards such as ISO 9001 and 14001 have a synergy with 27001; and

              (b)     There must be an agreement with potential third party auditors that the operations and
                      business drivers of the ARC are unique, and the ISMS audit should take this into
                      consideration when the initial audit takes place.

10.2          The audit. Once a certification body has been selected and terms agreed, the organisation
              (the ARC) can concentrate on the actual process of certification. The process will familiar to
              the ARC as it is already in possession of ISO 9001 certification. The certification body will
              want to go through a two stage process.

              (a)     The first stage will be a pre certification visit, which enables the auditors to become
                      acquainted with the culture of the ARC; to carry out an initial document review; to
                      assure themselves that the ISMS is sufficiently well developed to be capable of
                      withstanding a formal audit and to obtain enough information about the ARC and the
                      intended scope of the certification to plan the audit effectively.

              (b)     The second stage will consist of two parts. The first part involves testing the
                      organisations documented processes (the ISMS) against the requirements of the
                      standard. The second part will test actual compliance by the organisation with its
                      ISMS.

              (c)     The above Security Plan sets out to meet the requirements of the NHS Lone Worker
                      Protection Project, and is the basis for the bid for services at the ARC, Pontefract. An
                      essential element of the bid is the requirement by the NHS Security Management
                      Services (SMS) for the preferred supplier to have achieved ISO 27001 accredited
                      certification. The lead time for stage one of the auditing process is generally 08 to 12
                      weeks, and to that end it is imperative that Reliance Hightech take immediate steps to
                      implement an ISMS, having considered the above report and remarks.




10-404788-3                                            199
                                                     Appendix 3

                         Reliance High Tech Security Plan for Lone Worker Support

1             Introduction

1.1           The following Security Plan will focus on lone worker support services areas relating to the
              Reliance Alarm Receiving Centre (ARC), Pontefract and the Disaster Recovery Centre (DRC)
              at Wythenshaw, Manchester, concentrating on:

              (a)     Physical security;

              (b)     Integrity of all data communications.

              The security guidelines and standards relating to the Alarm Receiving Centre at Pontefract will
              be replicated throughout all Reliance (and any third party) locations providing lone worker
              support.

2             Physical security

2.1           Both centers are accredited to BS 5979 Cat II, which assures Users that there is a disaster
              recovery procedure in place. The plan involves the duplication of the Reliance server
              capability at another BS5979 Cat II site to ensure no operational downtime in the event of
              catastrophic failure on the primary site. The BS 5979 accreditation is assessed and re
              certificated annually. This Reliance does, and shall continue to test this on an annual basis.

2.2           There are four elements to the recovery plan once service disruption is experienced:

              (a)     An incident management process;

              (b)     A crisis management team;

              (c)     A disaster recovery technical plan;

              (d)     A business continuity strategy.

2.3           The physical risk assessments take into consideration the following threats:

              (a)     Unauthorised intrusion;

              (b)     Burglary;

              (c)     Robbery;

              (d)     Espionage;

              (e)     Sabotage;

              (f)     Offences against the person;

              (g)     Criminal damage and arson;

              (h)     Terrorism.

2.4           As a result of such risk assessments, all necessary control measures and mitigation strategies
              are considered before the agreed counter measures are introduced. The risk is never static,

10-404788-3                                             200
              and as part of the ARC continuous improvement strategy, the dynamic risk assessment is
              constantly monitored. To further enhance security of the ARC and its operations, Reliance is in
              the process of achieving ISO 27000 certification.

3             The ARC

3.1           The ARC is accredited to BS 5979 Cat II, which by its nature assures that physical security
              includes the following strategies:

              (a)     Crime Prevention Through Environmental Design

                      Environmental protection considers security of the site in question by encapsulating
                      the following issues:

                      (i)     a crime pattern analysis of the area surrounding the ARC to focus on crime
                              pattern by type and volume, and including where possible, crime clear up
                              rates.

                              Crime in the area of South Yorkshire for the period 2007/2008 is as follows:


                               Crime by type             Volume                         Increase/ Decrease

                               Burglary                  19,647                         -8%

                               Violence against the      24,453                         -11%
                               person

                               Robbery                   1,283                          -6%

                               Vehicle crime             23,542                         -14%

                               Fraud                     4,197                          -4%



                      (ii)    Police and other emergency services response times.

                              The ARC is located within the vicinity of the centre of Pontefract, and this in
                              itself assures good emergency services response. Added to this is the fact
                              that the ARC is co located with a key BT hub, and complies with OFTEL
                              regulation, providing an extra dimension to the physical and technical security
                              arrangements currently in place.

                              There is formal internal and external CCTV coverage which is monitored from
                              within the ARC. Further, employees are encouraged to monitor the situation
                              whilst within and outside the location.

                      (iii)   Territoriality. Encouraging staff and management to assume responsibility of
                              their working area and the general ARC environment.

                      (iv)    Adjoining buildings. Taking into consideration adjacent and adjoining buildings
                              which may impact the integrity of the ARC

                              With the exception of the BT hub, the ARC is not impacted by any other
                              adjoining buildings.




10-404788-3                                            201
                    (v)      Road communications. In and around the area of the ARC, road
                             communications are quite congested, and it would therefore be difficult for a
                             potential aggressor to guarantee and effective and fast escape.

              (b)   Situational Crime Prevention

                    In terms of situational crime prevention, the following tenets are taken into
                    consideration:

                    (vi)     Increasing the efforts of potential offenders: Target hardening; control of
                             access; control of tools and weapons;

                    (vii)    Increasing the risk to offenders being apprehended: More effective
                             surveillance techniques in terms of formal and informal surveillance;

                    (viii)   Reducing rewards to successful offenders: Preventing offenders from
                             benefiting if attacking the ARC; and

                    (ix)     Removing excuses from ARC staff: Setting very clear and concise
                             guidelines for all staff and management.

              (c)   Perimeter protection

                    The Reliance ARC shares property with the main BT exchange, and as such there is
                    open access to the car park, via a main gate which is the responsibility of British
                    Telecom.

                    Surrounding the car park area, and rear of the compound is a two meter high steel
                    palisade fence which is in a good state of repair and well maintained.

                    Lighting in and around the compound consists of wall mounted HID flood lights, and
                    pole mounted high pressure sodium lighting unit with sufficient lux value to illuminate
                    the area.

              (d)   Main building

                    The ARC is located on the first floor in a brick and concrete re enforced two story
                    building. Access to the building is via a controlled environment in which visitors are
                    allowed entry remotely from within once identification has been visually and verbally
                    verified. Non authorized personnel will be escorted to the centre via a controlled a
                    dual air locking system, and once inside they will sign in and be issued a visitors pass.
                    Thereafter all visitors will be escorted whilst on the premises, surrendering their
                    passes upon exiting the premises. Further, access is denied to visitors who have no
                    confirmed appointment.

                    Authorized personnel will use a proximity card reader system to access the building
                    and restricted areas within.

                    Access to the building is via a ground floor entrance, which has a single re enforced
                    single leaf inward swinging unit, which has duel point internal locking mechanisms,
                    and is linked to the alarm system.

                    The electronic access control facility is managed by the ARC Operations Manager,
                    with users being authorized and deleted under his stewardship.


10-404788-3                                          202
                     The ARC is manned twenty four hours per day, three hundred and sixty days per year
                     by trained and vetted (see section f) operators, supervised by qualified managers.

              (e)    Internal physical protection

                     In terms of internal protection, the ARC and DRC have the following control measures
                     in place:

                     (x)       Duel thickness walls;

                     (xi)      A independent and controlled air supply;

                     (xii)     A gas detection system;

                     (xiii)    Stand by power (uninterruptible power supply, and a stand by generator);

                     (xiv)     Blast resistant window protection;

                     (xv)      An internal, centrally located server room which is alarmed and access
                               controlled;

                     (xvi)     Internal CCTV;

                     (xvii)    A secure telecommunications system;

                     (xviii)   Firewalls providing secure encrypted MPLS between sites; and

                     (xix)     An Association of Police Officers (ACPO) standard Intruder Detection System
                               (IDS).

              (f)    Personnel

                     All personnel operating within the ARC are Security Industry Authority (SIA) licensed.
                     That is to say that all operators are ten year vetted, and have passed the required SIA
                     training course which guarantees competence.

4             Integrity of all data communications managed within the RMC

4.1           Overview

              The Alarm Receiving Centre (ARC) provides services to third parties via a number of
              mediums; namely IP, PSTN and ISDN connectivity. Current information security is achieved
              by the use of best working practices.

4.2           Service / Assets

              Detailed below are the current services / assets that the ARC provides as a business
              structure:

              (a)    Bi-directional communications with customers systems

                     The ARC receives connections from disparate customer systems in the form of alarm
                     activations. The activations received at the ARC are passed through a hardware
                     firewall and received by the hosting system within the ARC. Current connections are
                     as follows:


10-404788-3                                              203
                    (i)     Six ADSL connections; and

                    (ii)    One leased line.

                    Protection of Assets – Full backups of the systems configurations take place on a
                    weekly basis with sequential backups taken daily. Multiple routes for IP connectivity
                    with internal resilience for all systems are currently in place. Duplicate
                    critical equipment is stored on site to minimise service loss in the event of equipment
                    failure.

              (b)   Email

                    The ARC provides access to email via the parent company IT department which is
                    currently hosted off site in the Reliance head office. External email accounts in web
                    based form are currently allowed. Current connections are as follows:

                    (i)     One leased line connection into Group Information Technology (IT).

                    Protection of Assets – The email protection is currently under control of Group IT,
                    external email accounts provide resilience but only by exception.

              (c)   Internet Provision

                    The ARC allows all employees‟ access to the internet via the parent company IT
                    department‟s proxy servers via the leased line connections.

                    Protection of Assets – The internet provision is currently under control of Group IT.

                    Reliance IT, which provides support the Reliance Group have no formal ISO
                    certification in place but work on best practice. User accounts are controlled via
                    requests from the individual operating companies, domain rights are controlled on a
                    specific application basis, password control is enforced with the use of alpha and
                    numeric characters, change of password is every 30 days. Control of mobile
                    communications is via VPN with triple DES encryption.

              (d)   Domain Control

                    Domain control is provided via Reliance IT hosted off site in the head office in
                    Uxbridge. Current connections are as follows:

                    (i)     One leased line connection into Group IT.

                    Protection of Assets – The Domain protection is currently under control of Group IT.

              (e)   User Accounts

                    User accounts are created and maintained via Reliance IT hosted off site in the head
                    office in Uxbridge. Current connections are as follows:-

                    (i)     One leased line connection into Group IT.

                    Protection of Assets – The user account protection is currently under control of Group
                    IT.




10-404788-3                                          204
              (f)   Passwords Control

                    Password control are created and maintained via Reliance IT hosted off site in the
                    head office in Uxbridge. Current connections are as follows:

                    One leased line connection into Group IT.

                    Protection of Assets – The password control protection is currently under control of
                    Group IT.

              (g)   Threats to the internal Systems

                    Currently perceived threats into the ARC.

                    (i)      Virus / Malware;

                    (ii)     External Hack;

                    (iii)    Failure of hardware;

                    (iv)     Failure of Software;

                    (v)      Failure of connections to Group;

                    (vi)     Failure of Internet ;

                    (vii)    Internal espionage; and

                    (viii)   Human Error.

                    Counter measures for perceived threats:

                    (i)      Virus / Malware etc

                             Failure scenario – a new virus / malware not in the current list of definitions is
                             received into the secure network.

                             Control: All computer systems incorporate antivirus software with definitions
                             updated daily and pushed to the desktop. The firewall monitors the secure
                             network and incorporates Intrusion Prevention System (IPS) software that
                             protects the network from malicious applications. This inline, network-based
                             defence identifies, classifies, and stops known and unknown threats to your
                             network, including:

                             (A)      Worms

                             (B)      Network viruses

                             (C)      System intrusion attempts

                             (D)      Application misuse




10-404788-3                                             205
              (ii)    External Hack

                      Failure Scenario - Access to the secure network could be gained if the hack
                      assumed the IP address of a customer site, and the hack was on an allowed
                      port.

                      Control: The secure internal network only allows connections from trusted
                      sources i.e. customer sites on individual system ports.

              (i)     Failure of Hardware

                      Failure Scenario – Multiple failures (2+) of servers, failures of both primary
                      and secondary systems with insufficient spares holding to reinstate all servers
                      before replacements can be sourced.

                      Control: Images of machines taken, server information/application/ database/
                      system backed up and dual running of systems where required to provide
                      agreed level of service to customers.

              (ii)    Failure of Software

                      Failure Scenario – Unforeseen error in software and manufacturer unable to
                      provide solution within agreed service level resolution.

                      Control: Backups of database and licensing information taken weekly,
                      manufactures software on hardcopy is also held at the RMC.

              (iii)   Failure of Connection to Group

                      Failure Scenario – Both leaded line and ADSL connection are lost.

                      Control: Current Domain connections are hosted via Reliance Group via a
                      leased line there is a backup of ADSL connection.

              (iv)    Failure of External Network Connectivity

                      Failure Scenario – The BT exchange loses connection / BT systems fail.

                      Control: There are redundant connections to the Internet provided via four
                      ADSL connections each provided by separate ISP‟s.

              (v)     Internal Espionage

                      Failure Scenario – Unknown external influences coerce the employees into
                      espionage or identity theft leads to failure of BS7858.

                      Control: All employees to the ARC are screened in accordance with
                      BS7858:2008 incorporating personal credit checks to mitigate potential
                      threats from external influences for espionage.

              (vi)    Human Error

                      Failure Scenario – Unexpected removal of information due to error by the
                      individual



10-404788-3                                   206
                            Control: Training is deployed to all new staff and the ARC employs continual
                            improvement methodology from ISO9001 with regular reviews to highlight
                            area of development for the individual.

                    (vii)   Control of removable media

                            Failure Scenario – Unauthorized employee uses removable media on site.

                            Control: All USB memory devices on stationary operational systems are
                            checked for virus/malware on insertion with auto play been disabled. Only
                            authorized personnel are allowed to use removable media. Database access
                            unless through the client application is restricted with reporting functionality
                            only carried out by authorised personnel. Even though MP3 players are larger
                            than a small memory sticks the ability to store large amounts of information on
                            the small memory stick is still valid and so classified in the same risk category
                            as mp3 players.

              (h)   Encryption

                    Failure Scenario – Information is gleaned form a snoop on the IP transmission.

                    Control: VPN tunnels with encryption are used on some point to point connections
                    with customer systems. Encryption between the ARC and ARC DR incorporates
                    IPSec DES encryption.

              (i)   Remote access

                    Failure scenario - remote access by trainers, account management staff or head office
                    staff

                    Control: Remote access to the Group network is available to all Reliance users with
                    the VPN client installed on their laptop. This is protected with IKE 3DES SHA1
                    encryption, and an issued certificate, user name and password- The Service Desk
                    software and e-mail system is hosted on the Group Network, both applications have
                    additional basic authentication.

                    Remote access to the Remote Monitoring Services network is protected by an
                    additional firewall. This is a dedicated network that the ARC runs from, and traffic
                    policies exist relating to what data can come to and from the Group network. Remote
                    connections to this network exist via IPSEC tunnels to the DR site and Monitor
                    Computer Systems (The software supplier) for remote support.




10-404788-3                                          207
                                                    Schedule 15

                                       Marketing and Communications

1             Initial Marketing & Communications

1.1           Publicity & Communications

              (a)    On contract award the Supplier shall provide a dedicated marketing and
                     communications team to work with the Authority to promote the Service;

              (b)    The Authority and Customer have an obligation to promote the delivery of the
                     Framework Agreement which the Supplier shall support. The Authority and the
                     Supplier will undertake a national publicity campaign when the Agreement Framework
                     is signed. At commencement and throughout the contract period for delivery Services,
                     the Customer and Supplier shall publicise widely to patients, service users,
                     stakeholders and the public, the use of lone worker services by NHS staff. The
                     Customer will support the Supplier marketing and publicity strategy and ensure that
                     NHS facilities to which the public access contain information on the use of lone worker
                     services in that health body.

              (c)    The Supplier shall:

                     (i)     Work in partnership with the Authority to establish and agree the specific
                             publicity and communication requirements for the Service; and

                     (ii)    Collate all the available contact details for marketing and publicity purposes to
                             Stakeholders including but not limited to:

                             (A)     Users;

                             (B)     Customers;

                             (C)     Authorities;

                             (D)     Representative bodies; such as UNISON, RCN etc.

                     (iii)   Create and maintain a dedicated web site for the Service specific to the
                             Authority‟s needs with detailed information for Customers and Users. The
                             website will act as the central point of information for all marketing and
                             communications activity and to ensure that relevant material is available
                             online for all interested parties. The website will include but not be limited to:

                             (A)     A User interface for enquiries;

                             (B)     Frequently Asked Questions;

                             (C)     News and Bulletins;

                             (D)     Updates and new Customer listings;

                             (E)     Web conference training;

                             (F)     Authority Funding Guidance;
10-404788-3                                            208
                             (G)     Details of Events, Seminars and Roadshows;

                             (H)     Case Studies;

                             (I)     User Group Forums; and

                             (J)     Service Video.

                     (iv)    Create a Press Briefing Pack providing full details of the Service with relevant
                             information on the Supplier and Authority.

                     (v)     Distribute Press releases and marketing material including electronic direct
                             marketing to all interested parties promoting the Service.

                     (vi)    The Authority will accept and test the content of all Supplier materials and
                             images, as defined in the Implementation Plan in accordance with the
                             Operational Change Procedure as detailed in schedule 8 (Agreement Change
                             Procedure). Any further amendments shall be in accordance with the same
                             procedure (Operational Change Procedure - schedule 8). Supplier materials
                             and images will be compliant with NHS branding requirements.

1.2           Marketing Campaign

              (a)    The Supplier shall deliver a marketing campaign which ensures effective
                     communication which meets the diverse needs of all relevant parties. In particular the
                     following key messages will be incorporated into all activity:

                     (i)     Users – demonstrating the Authority‟s commitment to take appropriate steps
                             to better protect their personal security and safety, while they are in lone
                             working situations;

                     (ii)    Customers – delivering a targeted sales strategy to ensure the maximum
                             adoption of the Service to include identifying and working with „early adopters‟
                             to exceed the target of 30,000 devices deployed within the first 12 months;

                     (iii)   Stakeholders – demonstrating the partnership approach taken between the
                             Supplier and the Authority to ensure adoption of the Service so as to aid the
                             development of a wider pro-security culture;

                     (iv)    General Public – raising awareness to support the overall objective of
                             safeguarding NHS Staff; by engendering public and community support
                             against the small minority of persons who present risks to staff. Consistent
                             with the publicity requirements identified in the QC‟s advice.

              (b)    As part of the initial marketing campaign the Supplier shall liaise with the Authority to
                     ensure that the correct messages are being transmitted at all times to ensure that an
                     effective balance is achieved between securing the required deterrent effect and
                     ensuring that staff are not put at any further risk. In particular, the Supplier shall
                     ensure that at all times communications does not:

                     (i)     Scare Users, Customers or the public by overplaying the risks to lone
                             workers;

                     (ii)    Use violent or threatening imagery;

                     (iii)   Imply that technology alone can solve all problems; and
10-404788-3                                           209
                     (iv)     Give the impression that the service will absolve managers of all their legal
                              obligations to protect workers.

              (c)    The Supplier shall:

                     (i)      Ensure a presence in all relevant media publications during the initial ramp up
                              period by means of news articles, editorials and press releases;

                     (ii)     Create marketing collateral including cases studies, brochures, flyers and
                              electronic direct marketing material about the Service;

                     (iii)    Design and produce posters and an exhibition stand for attending events to
                              promote the Service;

                     (iv)     Identify relevant conference, exhibition and seminar events for networking,
                              sponsorship and exhibiting purposes and attend these events where
                              appropriate to ensure publicity generation;

                     (v)      Create and maintain a publicity library recording details of relevant material
                              published in journals, websites and news articles which can be referred to for
                              future use by all interested parties;

                     (vi)     Create and maintain a library of PowerPoint presentations to assist and
                              support the marketing campaign; specific to the audience;

                     (vii)    Effect introductions to all interested parties, advising them of the services
                              about to be provided;

                     (viii)   Develop an email newsletter service for potential customers as part of an
                              electronic direct marketing campaign;

                     (ix)     Research existing forums and User groups to identify suitable locations and
                              events to host road show events promoting the service. The Supplier will then
                              organise and host events for prospective customers on a regional basis;

                     (x)      Monitor the results of initial ramp up marketing activity and arrange visits to
                              interested parties who have responded to the initial PR launch;

                     (xi)     Provide quarterly management information reports on marketing and
                              communication activity undertaken and the results achieved; and

                     (xii)    Commit to maintaining awareness as a key element of the Publicity
                              requirement and ensure that any Marketing needed will increase/expand to
                              address take-up.

2             Ongoing Marketing & Communications

2.1           Publicity & Communications. The Supplier shall:

              (d)    Deliver marketing material, in partnership with Customers and the Authority, to raise
                     awareness of the Service over the long term, but especially to ensure the early take
                     up of the Service by „early adopters‟;

              (e)    Seek permission from the Authority to publicise appropriate incidents; (for example a
                     sanction pursued against an offender) that clearly demonstrates the problems
                     encountered by lone workers and the measures put in place to protect them;
10-404788-3                                        210
              (f)   Provide information and material as appropriate about the Service and how it provides
                    a solution to the problems faced by staff. For example supplying audio recordings of
                    verbal abuse which lead to a successful prosecution; which can then be used to
                    generate publicity about the solution so that future offenders may be deterred from
                    assaulting staff. As part of this process the Supplier will play a key role in identifying
                    appropriate material for both local and national publicity to help create a strong
                    deterrent effect, in respect of protecting users;

              (g)   Maintain a consistent and reoccurring set of communications to maintain a high profile
                    over the long term. This will be achieved by collation of newsworthy articles,
                    advertising, editorials and promoting real life case studies which have been approved
                    by the Authority;

              (h)   Shift the publicity and communications activity after the initial 12 months towards
                    those Trusts and Bodies who have not yet sought to acquire the Service. Direct
                    approaches will be made to establish the causes, such as:

                    (i)     Why they have put off making a buying decision;

                    (ii)    Their reasons for not benefiting from the available funding; and

                    (iii)   Any lack of understanding with regard to the Service.

              (i)   Adapt publicity and communications activity in response to this feedback with the help
                    of specific case studies other marketing collateral to demonstrate successful
                    implementations with clear indications of the benefits achieved;

              (j)   Identify and allocate resources that can be used as part of the ongoing marketing
                    activity through relationships with interested parties including but not limited to the
                    following:

                    (i)     Staff and Employee Representative Bodies – attendance at national
                            conferences with exhibition material and speeches communicating the
                            benefits of the service;

                    (ii)    Crime & Disorder Partnerships – publicity and communications activity with all
                            partnerships in England, providing literature and information on the service;

                    (iii)   Emergency Services – liaison and attendance at relevant events such as
                            ACPO conference, Ambex and the Emergency Services show;

                    (iv)    Local Security Management Specialists – attendance at quarterly regional
                            LSMS meetings in England to communicate services available and the
                            benefits;

                    (v)     Health & Safety Executive – attendance at national and regional events and
                            safety awareness days with promotional material;

                    (vi)    Patients Association Patient Advice and Liaison Service (PALS)/Charity
                            Groups – production of publicity and communications material specifically for
                            public consumption advising of the Services and the benefits of improved
                            safety and care;




10-404788-3                                           211
                      (vii)    Award Events – submission of case studies and evidence for relevant award
                               ceremonies related to safety and innovation which can raise the profile of the
                               Service; and

                      (viii)   Supplier organised road show events at existing Customer locations, inviting
                               nearby regional bodies to attend and see the Service in operation and hear
                               the experiences of current users.

2.2           Marketing Campaign. After the initial launch of the contract the Supplier shall undertake the
              following regular activity as part of the marketing campaign:

              (a)     Weekly updates to the Website, with news and events information to ensure all
                      interested parties are kept updated on the latest information about the Services;

              (b)     Monitoring of website usage, hits and reacting to expressions of interest received to
                      electronic direct marketing activity to ensure maximum awareness of the Service;

              (c)     Visits to interested Customers by their sales representative‟s staff to provide all
                      additional material and information needed;

              (d)     Press release updates, advertising and editorials issued to ensure market positioning
                      throughout the contract period containing information on the latest developments in
                      the Service and any new product solutions available to Customers;

              (e)     Focused newsletter distribution and electronic direct marketing campaigns on those
                      potential customers identified as most likely to take up the Service;

              (f)     Sponsorship and promotion at seminars, conferences and exhibitions identified as
                      relevant to the service which could help raise general awareness;

              (g)     Provision of meeting dates for User group and road show events with existing and
                      prospective customers on a national and regional basis to ensure maximum exposure;

              (h)     Collation of the details of incidents received and monitored by the ARC which are
                      suitable for marketing campaign activity;

              (i)     Liaison with the Authority to discuss such PR activity relating to real life incidents and
                      their suitability for use in marketing activity;

              (j)     Maintenance of a publicity library of relevant news articles and publications for use by
                      all interested parties;

              (k)     Monitoring the effectiveness of marketing campaign activity to target audiences and
                      then adjusting activity and material accordingly in response to feedback in order to
                      support the contract objectives;

              (l)     Ongoing maintenance and review of the Customer relationship management database
                      and adherence to data protection laws. Ensuring that all information held is relevant,
                      current and necessary. This activity will include the removal of contact details for
                      persons who have requested removal from future marketing campaign activity; and

              (m)     Monitoring environmental impact of the publicity and communications activity by
                      seeking to reduce waste and minimising unnecessary use of paper and printing
                      materials. This will include ensuring that as much of the marketing material as


10-404788-3                                             212
                     possible is available in electronic format for distribution by email or on the website to
                     download.

              The marketing campaign specified above will be provided by the Supplier up to a maximum
              expenditure as specified in schedule 5 (Maximum Charges).




10-404788-3                                           213
                                                  Schedule 16

                                             Part 1- Exit Assistance

1             Introduction

1.1           This schedule details the agreed exit assistance services that will be provided by the Supplier
              on termination or expiry of the Agreement, and Contract(s).

2             Exit Assistance in Preparation for Exit and/or on Termination or Expiry of the
              Framework Agreement

2.1           At any time during or on exit of the Agreement the Supplier shall provide at the request of the
              Authority, on up to 3 separate occasions and in the format required by the Authority the
              following items at no charge to the Authority:

              (a)     Twelve months of data, where the Agreement is terminated before there is twelve
                      months of data the Supplier should provide data for the entire period of the
                      Agreement. Data to be cut on a monthly basis detailing:

                      (i)     Customer numbers;

                      (ii)    the total number and average duration of Red Alerts;

                      (iii)   the total number and average duration of Amber Alerts;

                      (iv)    the total number of Status Checks;

                      (v)     the total number of Service Desk calls broken down by type of call and their
                              average duration; and

                      (vi)    the total number of cases referred to second line technical support and their
                              average duration.

              (b)     Using at least 12 months of data, the Supplier shall provide a report when requested
                      by the Authority, on up to 3 separate occasions, providing the following information:

                      (i)     the average product life of each current Device;

                      (ii)    total yearly number of Device failures (broken down by type and model of
                              Device) and the reason for failure;

                      (iii)   total yearly number of Devices that are replaced as a result of (1) loss; (2)
                              damage; or (3) theft.

              (c)     Contracting information which details the:

                      (i)     current Customer contracting entities;

                      (ii)    Authorised Customer      Representative    contact   details   for   the current
                              Customers;

                      (iii)   the remaining term for the current Contract(s) (broken down by Customer), to
                              include information on number of remaining Contract extension(s).



10-404788-3                                            214
2.2           The Supplier shall agree with the Authority a handover plan for all of the Supplier's
              responsibilities as set out in the Security Plan, in Appendix 1 of schedule 14 (Security Policy).
              The Supplier will cooperate fully in the execution of the agreed plan, and provide skills and
              expertise of a suitable standard.

2.3           In addition to the exit assistance services detailed in paragraph 2.1 and 2.2 the Supplier shall
              provide any additional termination assistance as requested by the Authority, and such
              assistance shall be chargeable at rates calculated in accordance with the principles detailed in
              paragraph 9 of schedule 5 (Maximum Charges).

3             Exit Assistance in Preparation for Exit and/or on Termination or Expiry of a Customer
              Contract

3.1           At any time during or on exit of a Contract the Supplier shall provide at the request of a
              Customer, on up to 3 separate occasions and in the format required by the Customer, the
              following items at no additional charge to the Customer:

              (a)     Twelve months of Customer data, where Contract(s) are terminated before there is
                      twelve months of data the Supplier should provide consolidated Customer data for the
                      entire period of the Contract cut on a monthly basis, which details for that Customer:

                      (i)     the total number and average duration of Red Alerts;

                      (ii)    the total number and average duration of Amber Alerts;

                      (iii)   the total number of Status Checks;

                      (iv)    the total number of Service Desk calls broken down by type of call and their
                              average duration; and

                      (v)     the total number of cases referred to Supplier second line technical support
                              and their average duration.

              (b)     Using at least 12 months of data the Supplier shall provide a report when requested
                      by the Customer, on up to 3 separate occasions, providing the following information:

                      (i)     the average product life of each current Device;

                      (ii)    total yearly number of Device failures (broken down by type and model of
                              Device) and the reason for failure;

                      (iii)   total yearly number of Devices that are replaced as a result of (1) loss; (2)
                              damage; or (3) theft.

              (c)     Contracting information which details for that Customer an aggregated list containing
                      information for each remaining Contract, which shall include the:

                      (i)     expiry date;

                      (ii)    number of remaining Contract extension(s);

                      (iii)   names of Users assigned to each Contract;

                      (iv)    name of the Authorised Customer Representative; and

                      (v)     name of the Customer department.
10-404788-3                                            215
3.2           Six months prior to Contract expiry, or immediately in the case of early termination, the
              Supplier shall contact the Customer to agree the means by which the Customer requires
              recordings to be transferred from the Supplier to the Customer. The Authority shall have the
              right to specify at its sole discretion, and the Supplier shall ensure that:

              (a)     recordings are transferred to the Customer or a specified third party in the format
                      specified by the Customer; or

              (b)     recordings are retained by the Supplier for the period of time required by the Contract.
                      There shall be no additional cost associated with this requirement as this has been
                      built into the Maximum Charges pricing.

3.3           In addition to the exit assistance services detailed in paragraph 3.1 and 3.2 the Supplier shall
              provide additional termination assistance as requested by the Customer, such assistance shall
              be chargeable at the rates calculated in accordance with the principles detailed in paragraph 9
              of the Maximum Charges schedule of the Agreement or 2-3 of the Contract.

3.4           On expiry or termination of a Contract, the Customer shall use reasonable endeavours to
              collect Devices from Users, and return them to the Supplier, for disposal in accordance with
              the Waste Electrical and Electronic Equipment Regulations 2006 (WEEE).

3.5           Within 45 days of expiry or termination of a Contract the Supplier may contact the Customer,
              once only, providing details to the Customer of those Devices not yet returned to the Supplier
              pursuant to paragraph 3.4, and requesting the return of the same. Thereafter the Supplier
              accepts that it will have no further claim in relation to the Devices, but shall accept any
              Devices that may be returned by Customers for disposal in accordance with WEEE.

                                              Part 2– Staff Transfer

1             Definitions

For the purposes of this Part 2 the following definitions shall apply:

Employee Liabilities means all claims, including claims for redundancy payments, unlawful deduction
of wages, unfair, wrongful or constructive dismissal compensation, compensation for sex, race or
disability discrimination, claims for equal pay, compensation for less favourable treatment of part-time
workers, and any claims (whether in tort, contract or statute or otherwise), demands, actions,
proceedings and any award, compensation, damages, tribunal awards, fine, loss, order, penalty,
disbursement, payment made by way of settlement and costs and expenses reasonably incurred in
connection with a claim or investigation (including any investigation by the Equality and Human Rights
Commission or other enforcement, regulatory or supervisory body and of implementing any
requirements which may arise from such investigation), and any legal costs and expenses

Employment Regulations means the Transfer of Undertakings (Protection of Employment)
Regulations 2006 (SI 2006/246) as amended or replaced or any other Regulations implementing the
Council Directive 77/187/EEC on the approximation of the laws of the Member States relating to the
safeguarding of employees' rights in the event of transfers of undertakings, businesses or parts of
undertakings or businesses

Final Staff List means the relevant list of all Supplier Personnel engaged in or wholly or mainly
assigned to, the provision of the Services or any part of the Services at the date of the Service
Transfer




10-404788-3                                            216
Provisional Staff List means a list prepared and updated by the Supplier of all Supplier Personnel
who are engaged in or wholly or mainly assigned to, the provision of the Services or any part of the
Services as at the date of such list

Relevant Transfer has the meaning given to it in the Employment Regulations

Replacement Contractor means any third party service provider of Replacement Services appointed
by the Authority from time to time

Replacement Services any services which are substantially similar to any of the Services and which
the Authority receives in substitution for any of the Services following the expiry or termination of this
Agreement whether in whole or in part, whether those services are provided by the Authority internally
and/or by any third party

Staffing Information means in relation to all persons named on the Provisional Staff List, such
information as the Authority may reasonably request (subject to Data Protection Requirements), but
including in an anonymised format:

(a)           their ages, dates of commencement of employment or engagement and gender

(b)           details of whether they be employed, self employed contractors or consultants, agency
              workers or otherwise

(c)           the identity of the employer or relevant contracting party

(d)           their relevant contractual notice periods and any other terms relating to termination of
              employment, including redundancy procedures, and redundancy payments

(e)           the wages, salaries, profit sharing

(f)           details of other employment related benefits, including (without limitation) medical insurance,
              life assurance, pension or other retirement benefit schemes, share option schemes and
              company car schedules applicable to them

(g)           any outstanding or potential contractual, statutory or other liabilities in respect of such
              individuals (including in respect of personal injury claims)

(h)           details of any such individuals on long term sickness absence, parental leave, maternity leave
              or other authorised long term absence

(i)           copies of all relevant documents and materials relating to such information, including copies of
              relevant contracts of employment (or relevant standard contracts if applied generally in respect
              of such employees) and

(j)           any other "employee liability information" as such term is defined in Regulation 11 of the
              Employment Regulations

Service Transfer means has the meaning given in paragraph 3 of schedule 16 part 2 (Staff Transfer)

Service Transfer Date means the date of a Service Transfer

Supplier Party means the Supplier's agents and contractors, including each Sub-Contractor

Transferring Employee means those Supplier Personnel who are listed on the Provisional Staff List
(or who are added in accordance with paragraph 4.6 of this schedule) and who are wholly or mainly

10-404788-3                                             217
assigned to the Services (or the relevant part thereof) immediately before the relevant Service
Transfer Date

2             Purpose of this schedule

              This schedule sets out the parties respective right and obligations in relation to the application
              of the Employment Regulations to this Framework Agreement

3             Application of the employment regulations on termination or at the end of the term

              The Framework Agreement envisages that, subsequent to the commencement of the
              provision of the Services, the identity of the provider of the Services (or any part of the
              Services) may change (whether as a result of termination of this Framework Agreement, or
              part, or otherwise) resulting in the Services or related services being undertaken by the
              Authority or a Replacement Contractor. Such change in the identity of the supplier of such
              services shall be a "Service Transfer". The parties acknowledge that a Service Transfer will be
              a Relevant Transfer and in such event, the Authority, or a Replacement Contractor, would
              inherit liabilities in respect of the Transferring Employees. Accordingly, the Employment
              Regulations will apply.

4             Pre-service transfer obligations

4.1           The Supplier agrees, subject to compliance with the Data Protection Requirements that within
              20 Working Days of the earliest of:

              (a)     receipt of a notification from the Authority of a Service Transfer or intended Service
                      Transfer; or

              (b)     receipt of the giving of notice of early termination of this Framework Agreement or any
                      part thereof; or

              (c)     the date which is 12 months before the end of the Term; or

              (d)     receipt of a written request of the Authority at any time (provided that the Authority
                      shall only be entitled to make one such request in any six month period),

              it will provide the Provisional Staff List and the Staffing Information to the Authority or, at the
              direction of the Authority, to a Replacement Contractor and it will provide an updated
              Provisional Staff List at such intervals as are reasonably requested by the Authority.

4.2           At least 14 Working Days prior to the Service Transfer Date, the Supplier shall prepare
              (subject to compliance with Data Protection Requirements) and provide, or as appropriate
              procure that the Supplier Party shall prepare and provide, to the Authority or, at the direction of
              the Authority, the Replacement Contractor, the Final Staff List and the Staffing Information,
              which shall be complete and accurate in all material respects. The Final Staff List shall identify
              which of the Supplier Personnel named shall be Transferring Employees. The Final Staff List
              will be suitably anonymised so as to comply with Data Protection Requirements.

4.3           Subject to compliance with the Data Protection Requirements, the Authority shall be permitted
              to use and disclose the Provisional Staff List, the Final Staff List and the Staffing Information
              for informing any tenderer or other prospective Replacement Contractor for any services which
              are substantially the same type of services (or any part thereof) as the Services, provided that
              the Authority imposes on such third party obligations of confidence that are no less onerous
              than the Authority has to the Supplier in relation to that information.


10-404788-3                                             218
4.4           Upon reasonable request by the Authority and subject to compliance with the Data Protection
              Requirements, the Supplier shall provide, and shall procure that each Supplier Party shall
              provide, the Authority or at the request of the Authority, the Replacement Contractor, with
              access (on reasonable notice and during normal working hours) to such employment records
              as the Authority reasonably requests and will allow the Authority or the Replacement
              Contractor to have copies of any such documents.

4.5           The Supplier warrants that the Provisional Staff List, the Final Staff List and the Staffing
              Information will be true and accurate in all material respects.

4.6           In respect of each Service Transfer, from the date of the earliest event referred to in
              paragraphs 4.1(a) to 4.1(c) above, the Supplier agrees that it will not, and agrees to procure
              that each Supplier Party will not, other than in the ordinary course of business, assign any
              person to the provision of the Services (or the relevant part) which is the subject of a Service
              Transfer who is not listed in the Provisional Staff List and will not, other than in the ordinary
              course of business, without the prior written consent of the Authority (such consent not to be
              unreasonably withheld or delayed):

              (a)     increase the total number of employees listed on the Provisional Staff List save for
                      fulfilling assignments and projects previously scheduled and agreed;

              (b)     make, propose or permit any material changes to the terms and conditions of
                      employment of any employees listed on the Provisional Staff List,

              (c)     increase the proportion of working time spent on the Services (or the relevant part) by
                      any of the Supplier Personnel save for fulfilling assignments and projects previously
                      scheduled and agreed;

              (d)     introduce any new contractual or customary practice concerning the making of any
                      lump sum payment on the termination of employment of any employees listed on the
                      Provisional Staff List;

              (e)     replace any Supplier Personnel listed on the Provisional Staff List or deploy any other
                      person to perform the Services (or the relevant part) or terminate or give notice to
                      terminate the employment or contracts of any persons on the Provisional Staff List
                      save for:

                      (i)     the execution of assigned operations as detailed in 4.6(a) and 4.6(c); and/or

                      (ii)    replacing voluntary resignations or staff terminated by due disciplinary
                              process to satisfy the fulfilment of previously agreed work streams provided
                              that any replacement is employed on the same terms and conditions of
                              employment as the person he/she replaces; and

              (f)     the Supplier will promptly notify or as appropriate will procure that the Supplier Party
                      will promptly notify the Authority or, at the direction of the Authority, the Replacement
                      Contractor of any notice to terminate employment given by the Supplier or any
                      Supplier Party or received from any persons listed on the Provisional Staff List
                      regardless of when such notice takes effect.

4.7           Within 7 Working Days following the Service Transfer Date, the Supplier will provide to the
              Authority or any Replacement Contractor, in respect of each person on the Final Staff List who
              is a Transferring Employee:

              (a)     the most recent month's copy pay slip data;
10-404788-3                                            219
              (b)    details of cumulative pay for tax and pension purposes;

              (c)    details of cumulative tax paid;

              (d)    tax code;

              (e)    details of any voluntary deductions from pay; and

              (f)    bank/building society account details for payroll purposes.

5             The Supplier's indemnity

5.1           In connection with a Relevant Transfer under paragraph 3 of this schedule, the parties agree
              that:

              (a)    the Supplier will, and shall procure that any Supplier Party will, perform and discharge
                     all its obligations in respect of all the Transferring Employees and their representatives
                     for its own account up to and including the Service Transfer Date. The Supplier will
                     indemnify the Authority and any Replacement Contractor against all Employee
                     Liabilities arising from the Supplier's, or any Supplier Party's, failure to perform and
                     discharge any such obligation and against any Employee Liabilities arising from or as
                     a result of

                     (i)     any act or omission by the Supplier or any Supplier Party occurring on or
                             before the Service Transfer Date or any other matter, event or circumstance
                             occurring or having its origin before the Service Transfer Date save simply for
                             accrual of service before that date;

                     (ii)    all emoluments and outgoings in relation to the Transferring Employees
                             (including without limitation all wages, bonuses, PAYE, national insurance
                             contributions, pension contributions and otherwise) payable in respect of any
                             period on or before the Service Transfer Date;

                     (iii)   any claim arising out of the provision of, or proposal by the Supplier or any
                             Supplier Party to offer any change to any benefit, term or condition or working
                             condition of any Transferring Employee arising on or before the Service
                             Transfer Date;

                     (iv)    any claim made by or in respect of any person employed or formerly
                             employed by the Supplier or any Supplier Party other than a Transferring
                             Employee for which it is alleged the Authority or any Replacement Contractor
                             may be liable by virtue of this Framework Agreement and/or the Employment
                             Regulations;

              (b)    the Supplier will indemnify the Authority and any Replacement Contractor against all
                     Employee Liabilities arising from:

                     (i)     any act or omission of the Supplier or any Supplier Party in relation to its
                             obligations under Regulation 13 of the Employment Regulations, or in respect
                             of an award of compensation under Regulation 15 of the Employment
                             Regulations except to the extent that the liability arises from the Authority or a
                             Replacement Contractor's failure to comply with Regulation 13(4) of the
                             Employment Regulations;



10-404788-3                                            220
                      (ii)    any breach by the Supplier or any Supplier Party of any and/or all of its
                              obligations under paragraph 4 of this schedule; and/or

                      (iii)   any statement communicated to or action done by the Supplier or any
                              Supplier Party to, or in respect of, any Transferring Employee on or before the
                              Service Transfer Date regarding the Service Transfer which has not been
                              agreed in advance with the Authority in writing subject to the timely availability
                              of the Authority.

5.2           The Supplier will indemnify the Authority and any Replacement Contractor in respect of any
              Employee Liabilities arising from any act or omission of the Supplier or any Supplier Party in
              relation to any other Supplier Personnel who is not a Transferring Employee during any period
              whether before, on or after the Service Transfer Date.

5.3           If any person who is not a Transferring Employee claims or it is determined that his contract of
              employment has been transferred from the Supplier or any Supplier Party to the Authority, or a
              Replacement Contractor pursuant to a Relevant Transfer, or claims that his employment
              would have so transferred had he not resigned, then:

              (a)     the Authority or the Replacement Contractor will, within 20 Working Days of becoming
                      aware of that fact, give notice in writing to the Supplier;

              (b)     the Supplier may offer (or may procure that a Supplier Party may offer) employment to
                      such person within 20 Working Days of the notification by the Authority or the
                      Replacement Contractor;

              (c)     if such offer of employment is accepted, the Authority or the Replacement Contractor
                      shall immediately release the person from his employment;

              (d)     if after that period has elapsed, no such offer of employment has been made or such
                      offer has been made but not accepted, the Authority or the Replacement Contractor
                      may within 15 Working Days give notice to terminate the employment of such person;

              (e)     Subject to the Authority or the Replacement Contractor acting in this way or in such
                      other way as may be agreed between the Supplier and the Authority or the
                      Replacement Contractor, the Supplier will indemnify the Authority and the
                      Replacement Contractor against:

                      (i)     all Employment Liabilities arising out of such termination or otherwise arising
                              out of the employment of such person by the Authority or a Replacement
                              Contractor; and/or

                      (ii)    any direct employment costs (if any) associated with the employment of such
                              person by the Authority or the Replacement Contractor up to the date of
                              termination of such persons employment.

              (f)     If such person is neither re-employed by the Supplier or any Supplier Party nor
                      dismissed by the Authority or the Replacement Contractor within the time scales set
                      out in this paragraph 5.3, such person will be treated as a Transferring Employee.

6             The Authority's indemnities

6.1           Subject to paragraphs 5 and 7, the Authority shall indemnify the Supplier and any Supplier
              Party against all Employee Liabilities arising from the Authority's or the Replacement


10-404788-3                                            221
              Contractor's failure to perform and discharge any obligation and against any Employee
              Liabilities in respect of the Transferring Employee arising from or as a result of:

              (a)     any act or omission by the Authority or the Replacement Contractor relating to a
                      Transferring Employee occurring on or after the Service Transfer Date;

              (b)     all emoluments and outgoings in relation to the Transferring Employees (including
                      without limitation all wages, bonuses, PAYE, national insurance contributions, pension
                      contribution and otherwise) payable after the Service Transfer Date;

              (c)     any claim arising out of the provision of, or proposal by the Authority or any
                      Replacement Contractor to offer any change to any benefit, term or condition or
                      working condition of any Transferring Employee arising after the Service Transfer
                      Date;

              (d)     any failure by the Authority or any Replacement Contractor to comply with the
                      obligations imposed on a transferee by Regulation 13(4) of the Employment
                      Regulations in respect of the transfer of any Transferring Employees on the Service
                      Transfer Date except to the extent such failure is caused by or related to an act or
                      omission of the Supplier or any Supplier Party.

7             Mutual obligations

7.1           The parties shall co-operate to ensure that any requirement to inform and consult with the
              employees and or employee representatives in relation to a Relevant Transfer will be fulfilled.

7.2           The Authority will assume (or will procure that the Replacement Contractor, as the case may
              be, will assume) the outstanding obligations of the Supplier and any Supplier Party in relation
              to the Transferring Employees in respect of accrued holiday entitlements and accrued holiday
              remuneration to the Service Transfer Date. In consideration, the Supplier will or will procure
              that any Supplier Party will pay to the Authority (or the Replacement Contractor as the case
              may be) within 14 days of the Service Transfer Date the full amount necessary to enable the
              Authority or the Replacement Contractor to meet the cost of providing any such untaken
              holiday entitlements and remuneration as at the Service Transfer Date. The Authority or the
              Replacement Contractor, as the case may be, will reimburse the Supplier and any Supplier
              Party any amount paid by the Supplier or the Supplier Party before the Service Transfer Date
              in respect of holidays taken in excess of any Transferring Employee's entitlement to paid
              holiday in respect of the period ending on the Service Transfer Date.

8             Third party rights

              The parties agree that the Contracts (Right of Third Parties) Act 1999 shall apply to
              paragraphs 4, 5, 6, 7 and 10 of this schedule to the extent necessary that any Replacement
              Contractor and Supplier Party shall have the right to enforce the obligations owed to, and
              indemnities given to, the Replacement Contractor by the Supplier or the Authority to the
              Supplier Party.

9             Provisions where transfer regulations do not apply

9.1           The following provisions shall apply in the event of a Service Transfer to which the
              Employment Regulations do not apply:

              (a)     the Authority or the Replacement Contractor can, in its discretion, make to any of the
                      employees listed on the Provisional Staff List or any Supplier Personnel assigned to
                      the Services an offer, in writing, to employ that employee under a new contract of
10-404788-3                                            222
                      employment to take effect on the day after the termination referred to in paragraph
                      9.1(f) below of this schedule or at the earliest reasonable opportunity;

              (b)     when the offer has been made by the Authority or Replacement Contractor and
                      accepted by any employee or worker, the Supplier shall, and shall procure that any
                      Supplier Party shall, permit the employee or worker to leave its employment, as soon
                      as practicable depending on the business needs of the Supplier, which could be
                      without the employee or worker having worked his full notice period, if the employee
                      so requests and where operational obligations allow;

              (c)     if the employee does not accept an offer of employment made by the Authority or
                      Replacement Contractor, the employee shall remain employed by the Supplier (or the
                      Supplier Party, as the case may be) and all Employee Liabilities in relation to the
                      employee shall remain with the Supplier or the relevant Supplier Party;

              (d)     if the Authority or the Replacement Contractor does not make an offer to any
                      employee on the Provisional Staff List or any Supplier Personnel, then that employee
                      and all Employee Liabilities in relation to that employee remains with the Supplier or
                      relevant Supplier Party.

10            Conduct of claims

10.1          This paragraph 10 shall apply to the conduct, by a party from whom an indemnity is sought
              under this schedule, of claims made by a third person against a party having (or claiming to
              have) the benefit of the indemnity. The party having, or claiming to have, the benefit of the
              indemnity is referred to as the "Beneficiary" and the party giving the indemnity is referred to as
              the "Indemnifier".

10.2          If the Beneficiary receives any notice, demand, letter or other document concerning any claim
              for which it appears that the Beneficiary is, or may become entitled to, indemnification under
              this schedule ("Claim"), the Beneficiary shall given notice to the Indemnifier as soon as
              reasonably practicable and in any event within 10 Working Days of receipt of the same.

10.3          Subject to paragraphs 10.4 and 10.5, on the giving of a notice by the Beneficiary pursuant to
              paragraph 10.2 above, where it appears that the Beneficiary is or may be entitled to
              indemnification from the Indemnifier in respect of all (but not part only) of the liability arising
              out of the Claim, the Indemnifier shall (subject to providing the Beneficiary with a secured
              indemnity to its reasonable satisfaction against all costs and expenses that it may incur by
              reason of such action) be entitled to dispute the Claim in the name of the Beneficiary at the
              Indemnified own expense and take conduct of any defence, dispute, compromise or appeal of
              the Claim and of any incidental negotiations relating to the Claim. If the Indemnifier does elect
              to conduct the Claim, the Beneficiary shall give the Indemnifier all reasonable co-operation,
              access and assistance for the purposes of such Claim and, subject to paragraph 10.5 below,
              the Beneficiary shall not make any admission which could be prejudicial to the defence or
              settlement of the Claim without the prior written consent of the Indemnifier.

10.4          With respect to any Claim conducted by the Indemnifier pursuant to paragraph 10.3 above:

              (a)     the Indemnifier shall keep the Beneficiary fully informed and consult with it about
                      material elements of the conduct of the Claim;

              (b)     the Indemnifier shall not bring the name of the Beneficiary into disrepute;

              (c)     the Indemnifier shall not pay or settle such Claim without the prior written consent of
                      the Beneficiary, such consent not to be unreasonably withheld or delayed; and
10-404788-3                                             223
              (d)     the Indemnifier shall conduct the Claim with all due diligence.

10.5          The Beneficiary shall be entitled to have conduct of the Claim and shall be free to pay or settle
              any Claim on such terms as it thinks fit and without prejudice to its rights and remedies under
              this Agreement if:

              (a)     the Indemnifier is not entitled to take conduct of the Claim in accordance with
                      paragraph 10.3 above;

              (b)     the Indemnifier fails to notify the Beneficiary of its intention to take conduct of the
                      relevant Claim within 10 Working Days of the notice from the Beneficiary under
                      paragraph 10.2 above or if the Indemnifier notifies the Beneficiary that it does not
                      intend to take conduct of the Claim; or

              (c)     the Indemnifier fails to comply in any material respect with the provisions of paragraph
                      10.4 above.

11            Sensitive claims

11.1          With respect to any Claim for which the Authority or the Supplier or the Supplier Party are the
              Beneficiary and the conduct of which the Authority or Supplier acting reasonably, considers is
              likely to have an adverse impact on the general public's perception of the Authority or the
              Supplier or the Supplier Party ("Sensitive Claim"), the Indemnifier shall only be entitled to
              take conduct of any defence, dispute, compromise or appeal of the Sensitive Claim with the
              Beneficiary's prior written consent. If the Beneficiary withholds such consent and elects to
              conduct the defence, dispute, compromise or appeal of the Sensitive Claim itself, it shall
              conduct the Sensitive Claim with all due diligence and if any failure to do so results in an
              increase in the amount recoverable by the Beneficiary in respect of an indemnity under this
              Agreement, the Indemnifier shall only be liable to indemnify the Beneficiary in respect of that
              amount which would have been recoverable by the Beneficiary had it conducted the Sensitive
              Claim with all due diligence.

11.2          The Beneficiary shall be free at any time to give written notice to the Indemnifier that it is
              retaining or taking over (as the case may be) the conduct of any Claim, to which paragraph
              10.3 above applies notwithstanding that it does not have the right to do so pursuant to
              paragraph 10.3 if, in the reasonable opinion of the Beneficiary the Claim is, or has become, a
              Sensitive Claim. In such cases, the provisions of paragraph 11.1 above shall apply.

12            Recovery of sums

12.1          If the Indemnifier pays to the Beneficiary an amount in respect of an indemnity and the
              Beneficiary subsequently recovers (whether by payment, discount, credit, saving, relief or
              other benefit or otherwise) a sum which is directly referable to the fact, matter, event or
              circumstances giving rise to the Claim, the Beneficiary shall forthwith repay to the Indemnifier
              whichever is the lesser of

              (a)     an amount equal to the sum recovered (or the value of the discount, credit, saving,
                      relief, other benefit or amount otherwise obtained) less any out-of-pocket costs and
                      expenses properly incurred by the Beneficiary in recovering or obtaining the same;
                      and

              (b)     the amount paid to the Beneficiary by the Indemnifier in respect of the Claim under the
                      relevant indemnify,



10-404788-3                                            224
              provided that there shall be no obligation on the Beneficiary to pursue such recovery and that
              the Indemnifier is repaid only to the extent that the amount of such recovery aggregated with
              any sum recovered from the Indemnifier exceeds any loss sustained by the Beneficiary
              (including for this purpose any indirect Losses sustained by the Beneficiary which may be
              excluded by this Agreement from being recovered from the Indemnifier).

13            Insurance

13.1          Any person taking any of the steps contemplated by paragraphs 10.2 to 11.1 shall comply with
              the requirements of any insurer who may have an obligation to provide an indemnity in respect
              of any liability arising under this Agreement

14            Mitigation

14.1          Each of the Authority and the Supplier shall at all times take all reasonable steps to minimise
              and mitigate any loss for which the relevant party is entitled to bring a claim against the other
              party pursuant to the indemnities in this schedule.

15            Taxation

15.1          If any payment by one party under an indemnity in this Agreement is subject to income tax or
              corporation tax (or any tax replacing either or both of them) in the hands of the recipient (or a
              withholding made by the paying party in respect of tax), the recipient may demand in writing to
              the party making the payment that the payment shall be increased by such amount as would
              ensure that, after taking into account any such tax payable in respect of such additional
              amount, the recipient receives and retains a net sum equal to the amount it would have
              otherwise received had the payment not been subject to such tax or withholding.




10-404788-3                                            225
                                                    Schedule 17

                                           Standards and Regulations

1             User Devices;

1.1           All Device variants shall comply with the following standards:

              (a)     European and International Standards

              (b)     Approved GSM Telecommunications modules

              (c)     R&TTE – Radio and Telecommunication Terminal Equipment Directive

              (d)     FCC – Federal Communications Commission (USA)

              (e)     UL – Underwriters Laboratories Inc

              (f)     IC – Industry Canada

              (g)     GCF – Global Certification Forum

              (h)     PTCRB – North American Type Certification Review Board

              (i)     CE – European Consumer Goods Quality Control

              (j)     Local GSM network operator certifications

              (k)     Devices tested and passed for SAR and EMC Compliance to European and
                      International standards

              (l)     All Devices shall incorporate approved battery modules with integrated safety circuits

              (m)     All Devices shall conform with CE specification where applicable and shall be CE
                      marked

              (n)     Devices shall conform to EN55022 Emissions and susceptibility and the EEC low
                      voltage directive

              User provided mobile phone handsets supported by the Supplier shall meet the mandatory
              requirements listed below:

              (o)     No flip phones

              (p)     No key locks to be deployed

              (q)     No touch screen phones

              (r)     No phones where speed dials cannot be easily set up by the User

              (s)     No „qwerty‟ keyboard based phones

1.2           Device Disposal

              The Supplier shall dispose of returned Devices in accordance with the Waste Electrical and
              Electronic Equipment Regulations 2006 (WEEE) where applicable.

10-404788-3                                            226
1.3           ARC Building

              The ARC building shall conform to BS5979 Cat ii accredited by the Security Systems and
              Alarm Inspection Board (SSAIB) which is a UKAS approved board.

1.4           User/Customer Communications and Data

              The handling of the communications and data by the Supplier shall comply with the following
              standards:

              (a)     ISO/IEC27002 and ISO/IEC27001

              (b)     Data Protection Act 1998

              (c)     Regulation of Investigatory Powers Act 2000 (RIPA)

              (d)     Telecommunications (Lawful Business Practices) (Interception of       Communications)
                      Regulations 2000

              (e)     Telecommunications    (Data       Protection    and     Privacy)   Regulations     1999
                      Human Rights Act 1998

              (f)     The Suppliers Data Protection obligation‟s in clause 22 and 23 of the Agreement and
                      20 and 21 of the Contract

              (g)     BS7858: security screening of individuals employed in a security environment

1.5           Account Management

              The Supplier shall manage the Services adhering to the Information Technology Infrastructure
              Library (ITIL) framework of best practice approaches, intended to facilitate the delivery of high
              quality information technology (IT) services.

1.6           Networks

              The Supplier shall monitor that any Network provider supporting the Service, adhere to, as a
              minimum the following standards:

              ISO 9001:2000 Quality management systems & processes

              BS 25999 Business Continuity Management

              ISO 14001 Environmental management system

              ISO 9001 Registration upgraded from the 1994 to 2000 version.

1.7           Service Desk

              The Service Desk shall be located in the ARC building, which shall conform to BS5979 Cat ii
              accredited by the Security Systems and Alarm Inspection Board (SSAIB) which is a UKAS
              approved board.

              The Supplier shall also conform to the following Call Centre Association (CCA) standards:

              (a)     Training and staff development


10-404788-3                                            227
              (b)    Internal communication and dispute resolution

              (c)    Compliance with legislative requirements (e.g. Data Protection, Health & Safety, Equal
                     Opportunities, etc.)

              (d)    Customer feedback procedures

              (e)    Performance level monitoring

              (f)    Complaints handling

2             Compliance with European and International Standards

2.1           All Device variants shall use approved GSM Telecommunications modules, and shall meet the
              following standards:

              (a)    R&TTE – Radio and Telecommunication Terminal Equipment Directive

              (b)    FCC – Federal Communications Commission (USA)

              (c)    UL – Underwriters Laboratories Inc

              (d)    IC – Industry Canada

              (e)    GCF – Global Certification Forum

              (f)    PTCRB – North American Type Certification Review Board

              (g)    CE – European Consumer Goods Quality Control

              (h)    Local GSM network operator certifications

2.2           The Supplier shall provide Devices that meet the Standard Absorption Rate (SAR) and
              Electromagnetic Compatibility (EMC) Compliance to European and International standards,
              and shall retain compliance as and when Standards are revised. (FCC approvals test reports
              available on request). Devices shall incorporate approved battery modules with integrated
              safety circuits.

2.3            All User Devices shall be designed to conform with CE specification, where applicable, and
              shall be CE marked. User Devices shall also conform to EN55022 Emissions and
              susceptibility and the EEC low voltage directive.




10-404788-3                                          228
                                                  Schedule 18

                                           Insurance Requirements

1             Introduction

1.1           This Schedule 18 sets out the Insurance Requirements with which the Supplier shall comply
              with in its provision of the Ordered Services.

2             Requirements

2.1           The Supplier shall, during the Term and until the expiry or earlier termination of this
              Agreement:

              (a)    maintain in force the following insurance policies:

                     (i)     public liability insurance for a minimum amount of £5 million on an each and
                             every claims basis;

                     (ii)    employer‟s liability insurance for a minimum amount of £10 million on an each
                             and every claims basis; and

                     (iii)   product liability insurance for a minimum amount of £10 million on an each
                             and every claims basis,

                     (together “the Supplier Policies”);

              (b)    do nothing to invalidate any of the Supplier Policies;

              (c)    on reasonable request from the Authority produce to the Authority such documentary
                     evidence of such insurance including copies of broker letters or cover notes relating to
                     such insurance and payment of premiums for the Supplier Policies as the Authority
                     may reasonably require; and

              (d)    procure that the terms of the Supplier Policies shall not be altered in such a way as to
                     diminish the benefit of the Supplier Policies as provided at the Effective Date.




10-404788-3                                            229

				
DOCUMENT INFO